diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 8ee82508be..1b492df6ae 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -4,7 +4,7 @@ on: tags: - "v*" env: - GO_VERSION: "1.16" + GO_VERSION: "1.17" GH_USER: "aqua-bot" jobs: release: diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 9d73eb8155..8e63e8883c 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -10,7 +10,7 @@ on: - 'LICENSE' pull_request: env: - GO_VERSION: "1.16" + GO_VERSION: "1.17" jobs: test: name: Test diff --git a/go.mod b/go.mod index 6b8ec5a2ba..5f66d5e892 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ require ( github.com/Masterminds/sprig v2.22.0+incompatible github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46 github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986 - github.com/aquasecurity/fanal v0.0.0-20211001165956-9cea0606a6f1 + github.com/aquasecurity/fanal v0.0.0-20211003152019-761279c3f9c6 github.com/aquasecurity/go-dep-parser v0.0.0-20210919151457-76db061b9305 github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798 diff --git a/go.sum b/go.sum index 37fbfddc5a..25476f145e 100644 --- a/go.sum +++ b/go.sum @@ -202,8 +202,8 @@ github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6 github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986 h1:2a30xLN2sUZcMXl50hg+PJCIDdJgIvIbVcKqLJ/ZrtM= github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986/go.mod h1:NT+jyeCzXk6vXR5MTkdn4z64TgGfE5HMLC8qfj5unl8= -github.com/aquasecurity/fanal v0.0.0-20211001165956-9cea0606a6f1 h1:WBmDGVe27yNPxqHuciYOG3D6Mwe16lgs9jmCo+gRGL4= -github.com/aquasecurity/fanal v0.0.0-20211001165956-9cea0606a6f1/go.mod h1:FyKpqN6I6emeoEFdU3BKHyTpr47g2gwzIdJQDbm/Z+0= +github.com/aquasecurity/fanal v0.0.0-20211003152019-761279c3f9c6 h1:RKgiEqKpv22QY3+p46EEoKmkpoS4toH1CNV0A6aKPro= +github.com/aquasecurity/fanal v0.0.0-20211003152019-761279c3f9c6/go.mod h1:FyKpqN6I6emeoEFdU3BKHyTpr47g2gwzIdJQDbm/Z+0= github.com/aquasecurity/go-dep-parser v0.0.0-20210919151457-76db061b9305 h1:xsniAD6IrP+stY8tkytxE2tk8czkzSN3XaUvzoi1hCk= github.com/aquasecurity/go-dep-parser v0.0.0-20210919151457-76db061b9305/go.mod h1:Zc7Eo6tFl9l4XcqsWeabD7jHnXRBK/LdgZuu9GTSVLU= github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce h1:QgBRgJvtEOBtUXilDb1MLi1p1MWoyFDXAu5DEUl5nwM= diff --git a/integration/client_server_test.go b/integration/client_server_test.go index 61ddf543ef..b6c80b435b 100644 --- a/integration/client_server_test.go +++ b/integration/client_server_test.go @@ -23,10 +23,9 @@ import ( "github.com/aquasecurity/trivy/pkg/report" ) -type args struct { +type csArgs struct { Format string TemplatePath string - Version string IgnoreUnfixed bool Severity []string IgnoreIDs []string @@ -36,24 +35,22 @@ type args struct { } func TestClientServer(t *testing.T) { - cases := []struct { - name string - testArgs args - golden string - wantErr string + tests := []struct { + name string + args csArgs + golden string + wantErr string }{ { name: "alpine 3.10 integration", - testArgs: args{ - Version: "dev", - Input: "testdata/fixtures/images/alpine-310.tar.gz", + args: csArgs{ + Input: "testdata/fixtures/images/alpine-310.tar.gz", }, golden: "testdata/alpine-310.json.golden", }, { name: "alpine 3.10 integration with --ignore-unfixed option", - testArgs: args{ - Version: "dev", + args: csArgs{ IgnoreUnfixed: true, Input: "testdata/fixtures/images/alpine-310.tar.gz", }, @@ -61,8 +58,7 @@ func TestClientServer(t *testing.T) { }, { name: "alpine 3.10 integration with medium and high severity", - testArgs: args{ - Version: "dev", + args: csArgs{ IgnoreUnfixed: true, Severity: []string{"MEDIUM", "HIGH"}, Input: "testdata/fixtures/images/alpine-310.tar.gz", @@ -71,64 +67,30 @@ func TestClientServer(t *testing.T) { }, { name: "alpine 3.10 integration with .trivyignore", - testArgs: args{ - Version: "dev", + args: csArgs{ IgnoreUnfixed: false, IgnoreIDs: []string{"CVE-2019-1549", "CVE-2019-1563"}, Input: "testdata/fixtures/images/alpine-310.tar.gz", }, golden: "testdata/alpine-310-ignore-cveids.json.golden", }, - { - name: "alpine 3.10 integration with gitlab template", - testArgs: args{ - Format: "template", - TemplatePath: "@../contrib/gitlab.tpl", - Version: "dev", - Input: "testdata/fixtures/images/alpine-310.tar.gz", - }, - golden: "testdata/alpine-310.gitlab.golden", - }, - { - name: "alpine 3.10 integration with gitlab-codequality template", - testArgs: args{ - Format: "template", - TemplatePath: "@../contrib/gitlab-codequality.tpl", - Version: "dev", - Input: "testdata/fixtures/images/alpine-310.tar.gz", - }, - golden: "testdata/alpine-310.gitlab-codequality.golden", - }, - { - name: "alpine 3.10 integration with sarif template", - testArgs: args{ - Format: "template", - TemplatePath: "@../contrib/sarif.tpl", - Version: "dev", - Input: "testdata/fixtures/images/alpine-310.tar.gz", - }, - golden: "testdata/alpine-310.sarif.golden", - }, { name: "alpine 3.9 integration", - testArgs: args{ - Version: "dev", - Input: "testdata/fixtures/images/alpine-39.tar.gz", + args: csArgs{ + Input: "testdata/fixtures/images/alpine-39.tar.gz", }, golden: "testdata/alpine-39.json.golden", }, { name: "debian buster integration", - testArgs: args{ - Version: "dev", - Input: "testdata/fixtures/images/debian-buster.tar.gz", + args: csArgs{ + Input: "testdata/fixtures/images/debian-buster.tar.gz", }, golden: "testdata/debian-buster.json.golden", }, { name: "debian buster integration with --ignore-unfixed option", - testArgs: args{ - Version: "dev", + args: csArgs{ IgnoreUnfixed: true, Input: "testdata/fixtures/images/debian-buster.tar.gz", }, @@ -136,24 +98,21 @@ func TestClientServer(t *testing.T) { }, { name: "debian stretch integration", - testArgs: args{ - Version: "dev", - Input: "testdata/fixtures/images/debian-stretch.tar.gz", + args: csArgs{ + Input: "testdata/fixtures/images/debian-stretch.tar.gz", }, golden: "testdata/debian-stretch.json.golden", }, { name: "ubuntu 18.04 integration", - testArgs: args{ - Version: "dev", - Input: "testdata/fixtures/images/ubuntu-1804.tar.gz", + args: csArgs{ + Input: "testdata/fixtures/images/ubuntu-1804.tar.gz", }, golden: "testdata/ubuntu-1804.json.golden", }, { name: "ubuntu 18.04 integration with --ignore-unfixed option", - testArgs: args{ - Version: "dev", + args: csArgs{ IgnoreUnfixed: true, Input: "testdata/fixtures/images/ubuntu-1804.tar.gz", }, @@ -161,24 +120,21 @@ func TestClientServer(t *testing.T) { }, { name: "ubuntu 16.04 integration", - testArgs: args{ - Version: "dev", - Input: "testdata/fixtures/images/ubuntu-1604.tar.gz", + args: csArgs{ + Input: "testdata/fixtures/images/ubuntu-1604.tar.gz", }, golden: "testdata/ubuntu-1604.json.golden", }, { name: "centos 7 integration", - testArgs: args{ - Version: "dev", - Input: "testdata/fixtures/images/centos-7.tar.gz", + args: csArgs{ + Input: "testdata/fixtures/images/centos-7.tar.gz", }, golden: "testdata/centos-7.json.golden", }, { name: "centos 7 integration with --ignore-unfixed option", - testArgs: args{ - Version: "dev", + args: csArgs{ IgnoreUnfixed: true, Input: "testdata/fixtures/images/centos-7.tar.gz", }, @@ -186,8 +142,7 @@ func TestClientServer(t *testing.T) { }, { name: "centos 7 integration with low and high severity", - testArgs: args{ - Version: "dev", + args: csArgs{ IgnoreUnfixed: true, Severity: []string{"LOW", "HIGH"}, Input: "testdata/fixtures/images/centos-7.tar.gz", @@ -196,32 +151,28 @@ func TestClientServer(t *testing.T) { }, { name: "centos 6 integration", - testArgs: args{ - Version: "dev", - Input: "testdata/fixtures/images/centos-6.tar.gz", + args: csArgs{ + Input: "testdata/fixtures/images/centos-6.tar.gz", }, golden: "testdata/centos-6.json.golden", }, { name: "ubi 7 integration", - testArgs: args{ - Version: "dev", - Input: "testdata/fixtures/images/ubi-7.tar.gz", + args: csArgs{ + Input: "testdata/fixtures/images/ubi-7.tar.gz", }, golden: "testdata/ubi-7.json.golden", }, { name: "distroless base integration", - testArgs: args{ - Version: "dev", - Input: "testdata/fixtures/images/distroless-base.tar.gz", + args: csArgs{ + Input: "testdata/fixtures/images/distroless-base.tar.gz", }, golden: "testdata/distroless-base.json.golden", }, { name: "distroless base integration with --ignore-unfixed option", - testArgs: args{ - Version: "dev", + args: csArgs{ IgnoreUnfixed: true, Input: "testdata/fixtures/images/distroless-base.tar.gz", }, @@ -229,116 +180,152 @@ func TestClientServer(t *testing.T) { }, { name: "distroless python27 integration", - testArgs: args{ - Version: "dev", - Input: "testdata/fixtures/images/distroless-python27.tar.gz", + args: csArgs{ + Input: "testdata/fixtures/images/distroless-python27.tar.gz", }, golden: "testdata/distroless-python27.json.golden", }, { name: "amazon 1 integration", - testArgs: args{ - Version: "dev", - Input: "testdata/fixtures/images/amazon-1.tar.gz", + args: csArgs{ + Input: "testdata/fixtures/images/amazon-1.tar.gz", }, golden: "testdata/amazon-1.json.golden", }, { name: "amazon 2 integration", - testArgs: args{ - Version: "dev", - Input: "testdata/fixtures/images/amazon-2.tar.gz", + args: csArgs{ + Input: "testdata/fixtures/images/amazon-2.tar.gz", }, golden: "testdata/amazon-2.json.golden", }, { name: "oracle 6 integration", - testArgs: args{ - Version: "dev", - Input: "testdata/fixtures/images/oraclelinux-6-slim.tar.gz", + args: csArgs{ + Input: "testdata/fixtures/images/oraclelinux-6-slim.tar.gz", }, golden: "testdata/oraclelinux-6-slim.json.golden", }, { name: "oracle 7 integration", - testArgs: args{ - Version: "dev", - Input: "testdata/fixtures/images/oraclelinux-7-slim.tar.gz", + args: csArgs{ + Input: "testdata/fixtures/images/oraclelinux-7-slim.tar.gz", }, golden: "testdata/oraclelinux-7-slim.json.golden", }, { name: "oracle 8 integration", - testArgs: args{ - Version: "dev", - Input: "testdata/fixtures/images/oraclelinux-8-slim.tar.gz", + args: csArgs{ + Input: "testdata/fixtures/images/oraclelinux-8-slim.tar.gz", }, golden: "testdata/oraclelinux-8-slim.json.golden", }, { name: "opensuse leap 15.1 integration", - testArgs: args{ - Version: "dev", - Input: "testdata/fixtures/images/opensuse-leap-151.tar.gz", + args: csArgs{ + Input: "testdata/fixtures/images/opensuse-leap-151.tar.gz", }, golden: "testdata/opensuse-leap-151.json.golden", }, { name: "opensuse leap 42.3 integration", - testArgs: args{ - Version: "dev", - Input: "testdata/fixtures/images/opensuse-leap-423.tar.gz", + args: csArgs{ + Input: "testdata/fixtures/images/opensuse-leap-423.tar.gz", }, golden: "testdata/opensuse-leap-423.json.golden", }, { name: "photon 1.0 integration", - testArgs: args{ - Version: "dev", - Input: "testdata/fixtures/images/photon-10.tar.gz", + args: csArgs{ + Input: "testdata/fixtures/images/photon-10.tar.gz", }, golden: "testdata/photon-10.json.golden", }, { name: "photon 2.0 integration", - testArgs: args{ - Version: "dev", - Input: "testdata/fixtures/images/photon-20.tar.gz", + args: csArgs{ + Input: "testdata/fixtures/images/photon-20.tar.gz", }, golden: "testdata/photon-20.json.golden", }, { name: "photon 3.0 integration", - testArgs: args{ - Version: "dev", - Input: "testdata/fixtures/images/photon-30.tar.gz", + args: csArgs{ + Input: "testdata/fixtures/images/photon-30.tar.gz", }, golden: "testdata/photon-30.json.golden", }, { name: "buxybox with Cargo.lock integration", - testArgs: args{ - Version: "dev", - Input: "testdata/fixtures/images/busybox-with-lockfile.tar.gz", + args: csArgs{ + Input: "testdata/fixtures/images/busybox-with-lockfile.tar.gz", }, golden: "testdata/busybox-with-lockfile.json.golden", }, + } + + app, addr, cacheDir := setup(t, setupOptions{}) + + for _, c := range tests { + t.Run(c.name, func(t *testing.T) { + osArgs, outputFile := setupClient(t, c.args, addr, cacheDir, c.golden) + + // Run Trivy client + err := app.Run(osArgs) + require.NoError(t, err) + + compareReports(t, c.golden, outputFile) + }) + } +} + +func TestClientServerWithTemplate(t *testing.T) { + tests := []struct { + name string + args csArgs + golden string + }{ + { + name: "alpine 3.10 integration with gitlab template", + args: csArgs{ + Format: "template", + TemplatePath: "@../contrib/gitlab.tpl", + Input: "testdata/fixtures/images/alpine-310.tar.gz", + }, + golden: "testdata/alpine-310.gitlab.golden", + }, + { + name: "alpine 3.10 integration with gitlab-codequality template", + args: csArgs{ + Format: "template", + TemplatePath: "@../contrib/gitlab-codequality.tpl", + Input: "testdata/fixtures/images/alpine-310.tar.gz", + }, + golden: "testdata/alpine-310.gitlab-codequality.golden", + }, + { + name: "alpine 3.10 integration with sarif template", + args: csArgs{ + Format: "template", + TemplatePath: "@../contrib/sarif.tpl", + Input: "testdata/fixtures/images/alpine-310.tar.gz", + }, + golden: "testdata/alpine-310.sarif.golden", + }, { name: "alpine 3.10 integration with ASFF template", - testArgs: args{ + args: csArgs{ Format: "template", TemplatePath: "@../contrib/asff.tpl", - Version: "dev", Input: "testdata/fixtures/images/alpine-310.tar.gz", }, golden: "testdata/alpine-310.asff.golden", }, { name: "alpine 3.10 integration with html template", - testArgs: args{ + args: csArgs{ Format: "template", TemplatePath: "@../contrib/html.tpl", - Version: "dev", Input: "testdata/fixtures/images/alpine-310.tar.gz", }, golden: "testdata/alpine-310.html.golden", @@ -347,36 +334,40 @@ func TestClientServer(t *testing.T) { app, addr, cacheDir := setup(t, setupOptions{}) - for _, c := range cases { - t.Run(c.name, func(t *testing.T) { + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { report.Now = func() time.Time { return time.Date(2020, 8, 10, 7, 28, 17, 958601, time.UTC) } - os.Setenv("AWS_REGION", "test-region") - os.Setenv("AWS_ACCOUNT_ID", "123456789012") - osArgs, outputFile, cleanup := setupClient(t, c.testArgs, addr, cacheDir, c.golden) - defer cleanup() + t.Setenv("AWS_REGION", "test-region") + t.Setenv("AWS_ACCOUNT_ID", "123456789012") + osArgs, outputFile := setupClient(t, tt.args, addr, cacheDir, tt.golden) // Run Trivy client err := app.Run(osArgs) require.NoError(t, err) - compare(t, c.golden, outputFile) + want, err := os.ReadFile(tt.golden) + require.NoError(t, err) + + got, err := os.ReadFile(outputFile) + require.NoError(t, err) + + assert.EqualValues(t, string(want), string(got)) }) } } func TestClientServerWithToken(t *testing.T) { cases := []struct { - name string - testArgs args - golden string - wantErr string + name string + args csArgs + golden string + wantErr string }{ { name: "alpine 3.10 integration with token", - testArgs: args{ - Version: "dev", + args: csArgs{ Input: "testdata/fixtures/images/alpine-310.tar.gz", ClientToken: "token", ClientTokenHeader: "Trivy-Token", @@ -385,8 +376,7 @@ func TestClientServerWithToken(t *testing.T) { }, { name: "invalid token", - testArgs: args{ - Version: "dev", + args: csArgs{ Input: "testdata/fixtures/images/distroless-base.tar.gz", ClientToken: "invalidtoken", ClientTokenHeader: "Trivy-Token", @@ -395,8 +385,7 @@ func TestClientServerWithToken(t *testing.T) { }, { name: "invalid token header", - testArgs: args{ - Version: "dev", + args: csArgs{ Input: "testdata/fixtures/images/distroless-base.tar.gz", ClientToken: "valid-token", ClientTokenHeader: "Trivy-Token", @@ -411,12 +400,10 @@ func TestClientServerWithToken(t *testing.T) { token: serverToken, tokenHeader: serverTokenHeader, }) - defer os.RemoveAll(cacheDir) for _, c := range cases { t.Run(c.name, func(t *testing.T) { - osArgs, outputFile, cleanup := setupClient(t, c.testArgs, addr, cacheDir, c.golden) - defer cleanup() + osArgs, outputFile := setupClient(t, c.args, addr, cacheDir, c.golden) // Run Trivy client err := app.Run(osArgs) @@ -429,7 +416,7 @@ func TestClientServerWithToken(t *testing.T) { assert.NoError(t, err, c.name) } - compare(t, c.golden, outputFile) + compareReports(t, c.golden, outputFile) }) } } @@ -444,29 +431,26 @@ func TestClientServerWithRedis(t *testing.T) { defer os.RemoveAll(cacheDir) // Test parameters - testArgs := args{ - Version: "dev", - Input: "testdata/fixtures/images/centos-7.tar.gz", + testArgs := csArgs{ + Input: "testdata/fixtures/images/centos-7.tar.gz", } golden := "testdata/centos-7.json.golden" t.Run("centos 7", func(t *testing.T) { - osArgs, outputFile, cleanup := setupClient(t, testArgs, addr, cacheDir, golden) - defer cleanup() + osArgs, outputFile := setupClient(t, testArgs, addr, cacheDir, golden) // Run Trivy client err := app.Run(osArgs) require.NoError(t, err) - compare(t, golden, outputFile) + compareReports(t, golden, outputFile) }) // Terminate the Redis container require.NoError(t, redisC.Terminate(ctx)) t.Run("sad path", func(t *testing.T) { - osArgs, _, cleanup := setupClient(t, testArgs, addr, cacheDir, golden) - defer cleanup() + osArgs, _ := setupClient(t, testArgs, addr, cacheDir, golden) // Run Trivy client err := app.Run(osArgs) @@ -524,7 +508,7 @@ func setupServer(addr, token, tokenHeader, cacheDir, cacheBackend string) []stri return osArgs } -func setupClient(t *testing.T, c args, addr string, cacheDir string, golden string) ([]string, string, func()) { +func setupClient(t *testing.T, c csArgs, addr string, cacheDir string, golden string) ([]string, string) { t.Helper() osArgs := []string{"trivy", "--cache-dir", cacheDir, "client", "--remote", "http://" + addr} @@ -546,13 +530,9 @@ func setupClient(t *testing.T, c args, addr string, cacheDir string, golden stri ) } - var err error - var ignoreTmpDir string if len(c.IgnoreIDs) != 0 { - ignoreTmpDir, err = os.MkdirTemp("", "ignore") - require.NoError(t, err, "failed to create a temp dir") - trivyIgnore := filepath.Join(ignoreTmpDir, ".trivyignore") - err = os.WriteFile(trivyIgnore, []byte(strings.Join(c.IgnoreIDs, "\n")), 0444) + trivyIgnore := filepath.Join(t.TempDir(), ".trivyignore") + err := os.WriteFile(trivyIgnore, []byte(strings.Join(c.IgnoreIDs, "\n")), 0444) require.NoError(t, err, "failed to write .trivyignore") osArgs = append(osArgs, []string{"--ignorefile", trivyIgnore}...) } @@ -564,24 +544,14 @@ func setupClient(t *testing.T, c args, addr string, cacheDir string, golden stri } // Setup the output file - var outputFile string + outputFile := filepath.Join(t.TempDir(), "output.json") if *update { outputFile = golden - } else { - output, _ := os.CreateTemp("", "integration") - assert.Nil(t, output.Close()) - outputFile = output.Name() - } - - cleanup := func() { - _ = os.Remove(ignoreTmpDir) - if !*update { - _ = os.Remove(outputFile) - } } osArgs = append(osArgs, []string{"--output", outputFile}...) - return osArgs, outputFile, cleanup + + return osArgs, outputFile } func setupRedis(t *testing.T, ctx context.Context) (testcontainers.Container, string) { @@ -611,18 +581,3 @@ func setupRedis(t *testing.T, ctx context.Context) (testcontainers.Container, st addr := fmt.Sprintf("redis://%s:%s", ip, p.Port()) return redis, addr } - -func compare(t *testing.T, wantFile, gotFile string) { - t.Helper() - // Compare want and got - want, err := os.ReadFile(wantFile) - assert.NoError(t, err) - got, err := os.ReadFile(gotFile) - assert.NoError(t, err) - - if strings.HasSuffix(wantFile, ".json.golden") { - assert.JSONEq(t, string(want), string(got)) - } else { - assert.EqualValues(t, string(want), string(got)) - } -} diff --git a/integration/docker_engine_test.go b/integration/docker_engine_test.go index b08fa0ef9e..ee14aec417 100644 --- a/integration/docker_engine_test.go +++ b/integration/docker_engine_test.go @@ -7,6 +7,7 @@ import ( "context" "io" "os" + "path/filepath" "strings" "testing" @@ -28,220 +29,220 @@ func TestRun_WithDockerEngine(t *testing.T) { severity []string ignoreIDs []string testfile string - expectedOutputFile string - expectedError string + wantOutputFile string + wantError string }{ // All of these cases should pass for either // $ trivy // $ trivy image { - name: "happy path, valid image path, alpine:3.10", - imageTag: "alpine:3.10", - expectedOutputFile: "testdata/alpine-310.json.golden", - testfile: "testdata/fixtures/images/alpine-310.tar.gz", + name: "happy path, valid image path, alpine:3.10", + imageTag: "alpine:3.10", + wantOutputFile: "testdata/alpine-310.json.golden", + testfile: "testdata/fixtures/images/alpine-310.tar.gz", }, { name: "happy path, valid image path, with image subcommand, alpine:3.10", withImageSubcommand: true, imageTag: "alpine:3.10", - expectedOutputFile: "testdata/alpine-310.json.golden", + wantOutputFile: "testdata/alpine-310.json.golden", testfile: "testdata/fixtures/images/alpine-310.tar.gz", }, { - name: "happy path, valid image path, alpine:3.10, ignore unfixed", - ignoreUnfixed: true, - imageTag: "alpine:3.10", - expectedOutputFile: "testdata/alpine-310-ignore-unfixed.json.golden", - testfile: "testdata/fixtures/images/alpine-310.tar.gz", + name: "happy path, valid image path, alpine:3.10, ignore unfixed", + ignoreUnfixed: true, + imageTag: "alpine:3.10", + wantOutputFile: "testdata/alpine-310-ignore-unfixed.json.golden", + testfile: "testdata/fixtures/images/alpine-310.tar.gz", }, { - name: "happy path, valid image path, alpine:3.10, ignore unfixed, with medium and high severity", - ignoreUnfixed: true, - severity: []string{"MEDIUM", "HIGH"}, - imageTag: "alpine:3.10", - expectedOutputFile: "testdata/alpine-310-medium-high.json.golden", - testfile: "testdata/fixtures/images/alpine-310.tar.gz", + name: "happy path, valid image path, alpine:3.10, ignore unfixed, with medium and high severity", + ignoreUnfixed: true, + severity: []string{"MEDIUM", "HIGH"}, + imageTag: "alpine:3.10", + wantOutputFile: "testdata/alpine-310-medium-high.json.golden", + testfile: "testdata/fixtures/images/alpine-310.tar.gz", }, { - name: "happy path, valid image path, alpine:3.10, with .trivyignore", - imageTag: "alpine:3.10", - ignoreIDs: []string{"CVE-2019-1549", "CVE-2019-1563"}, - expectedOutputFile: "testdata/alpine-310-ignore-cveids.json.golden", - testfile: "testdata/fixtures/images/alpine-310.tar.gz", + name: "happy path, valid image path, alpine:3.10, with .trivyignore", + imageTag: "alpine:3.10", + ignoreIDs: []string{"CVE-2019-1549", "CVE-2019-1563"}, + wantOutputFile: "testdata/alpine-310-ignore-cveids.json.golden", + testfile: "testdata/fixtures/images/alpine-310.tar.gz", }, { - name: "happy path, valid image path, alpine:3.9", - imageTag: "alpine:3.9", - expectedOutputFile: "testdata/alpine-39.json.golden", - testfile: "testdata/fixtures/images/alpine-39.tar.gz", + name: "happy path, valid image path, alpine:3.9", + imageTag: "alpine:3.9", + wantOutputFile: "testdata/alpine-39.json.golden", + testfile: "testdata/fixtures/images/alpine-39.tar.gz", }, { - name: "happy path, valid image path, amazonlinux:1", - imageTag: "amazonlinux:1", - expectedOutputFile: "testdata/amazon-1.json.golden", - testfile: "testdata/fixtures/images/amazon-1.tar.gz", + name: "happy path, valid image path, amazonlinux:1", + imageTag: "amazonlinux:1", + wantOutputFile: "testdata/amazon-1.json.golden", + testfile: "testdata/fixtures/images/amazon-1.tar.gz", }, { - name: "happy path, valid image path, amazonlinux:2", - imageTag: "amazonlinux:2", - expectedOutputFile: "testdata/amazon-2.json.golden", - testfile: "testdata/fixtures/images/amazon-2.tar.gz", + name: "happy path, valid image path, amazonlinux:2", + imageTag: "amazonlinux:2", + wantOutputFile: "testdata/amazon-2.json.golden", + testfile: "testdata/fixtures/images/amazon-2.tar.gz", }, { - name: "happy path, valid image path, centos:6", - imageTag: "centos:6", - expectedOutputFile: "testdata/centos-6.json.golden", - testfile: "testdata/fixtures/images/centos-6.tar.gz", + name: "happy path, valid image path, centos:6", + imageTag: "centos:6", + wantOutputFile: "testdata/centos-6.json.golden", + testfile: "testdata/fixtures/images/centos-6.tar.gz", }, { - name: "happy path, valid image path, centos:7", - imageTag: "centos:7", - expectedOutputFile: "testdata/centos-7.json.golden", - testfile: "testdata/fixtures/images/centos-7.tar.gz", + name: "happy path, valid image path, centos:7", + imageTag: "centos:7", + wantOutputFile: "testdata/centos-7.json.golden", + testfile: "testdata/fixtures/images/centos-7.tar.gz", }, { - name: "happy path, valid image path, centos:7, with --ignore-unfixed option", - imageTag: "centos:7", - ignoreUnfixed: true, - expectedOutputFile: "testdata/centos-7-ignore-unfixed.json.golden", - testfile: "testdata/fixtures/images/centos-7.tar.gz", + name: "happy path, valid image path, centos:7, with --ignore-unfixed option", + imageTag: "centos:7", + ignoreUnfixed: true, + wantOutputFile: "testdata/centos-7-ignore-unfixed.json.golden", + testfile: "testdata/fixtures/images/centos-7.tar.gz", }, { - name: "happy path, valid image path, centos:7, with --ignore-unfixed option, with low and high severity", - imageTag: "centos:7", - ignoreUnfixed: true, - severity: []string{"LOW", "HIGH"}, - expectedOutputFile: "testdata/centos-7-low-high.json.golden", - testfile: "testdata/fixtures/images/centos-7.tar.gz", + name: "happy path, valid image path, centos:7, with --ignore-unfixed option, with low and high severity", + imageTag: "centos:7", + ignoreUnfixed: true, + severity: []string{"LOW", "HIGH"}, + wantOutputFile: "testdata/centos-7-low-high.json.golden", + testfile: "testdata/fixtures/images/centos-7.tar.gz", }, { - name: "happy path, valid image path, debian:buster", - imageTag: "debian:buster", - expectedOutputFile: "testdata/debian-buster.json.golden", - testfile: "testdata/fixtures/images/debian-buster.tar.gz", + name: "happy path, valid image path, debian:buster", + imageTag: "debian:buster", + wantOutputFile: "testdata/debian-buster.json.golden", + testfile: "testdata/fixtures/images/debian-buster.tar.gz", }, { - name: "happy path, valid image path, debian:buster, with --ignore-unfixed option", - ignoreUnfixed: true, - imageTag: "debian:buster", - expectedOutputFile: "testdata/debian-buster-ignore-unfixed.json.golden", - testfile: "testdata/fixtures/images/debian-buster.tar.gz", + name: "happy path, valid image path, debian:buster, with --ignore-unfixed option", + ignoreUnfixed: true, + imageTag: "debian:buster", + wantOutputFile: "testdata/debian-buster-ignore-unfixed.json.golden", + testfile: "testdata/fixtures/images/debian-buster.tar.gz", }, { - name: "happy path, valid image path, debian:stretch", - imageTag: "debian:stretch", - expectedOutputFile: "testdata/debian-stretch.json.golden", - testfile: "testdata/fixtures/images/debian-stretch.tar.gz", + name: "happy path, valid image path, debian:stretch", + imageTag: "debian:stretch", + wantOutputFile: "testdata/debian-stretch.json.golden", + testfile: "testdata/fixtures/images/debian-stretch.tar.gz", }, { - name: "happy path, valid image path, distroless:base", - imageTag: "gcr.io/distroless/base:latest", - expectedOutputFile: "testdata/distroless-base.json.golden", - testfile: "testdata/fixtures/images/distroless-base.tar.gz", + name: "happy path, valid image path, distroless:base", + imageTag: "gcr.io/distroless/base:latest", + wantOutputFile: "testdata/distroless-base.json.golden", + testfile: "testdata/fixtures/images/distroless-base.tar.gz", }, { - name: "happy path, valid image path, distroless:base", - imageTag: "gcr.io/distroless/base:latest", - expectedOutputFile: "testdata/distroless-base.json.golden", - testfile: "testdata/fixtures/images/distroless-base.tar.gz", + name: "happy path, valid image path, distroless:base", + imageTag: "gcr.io/distroless/base:latest", + wantOutputFile: "testdata/distroless-base.json.golden", + testfile: "testdata/fixtures/images/distroless-base.tar.gz", }, { - name: "happy path, valid image path, distroless:base, with --ignore-unfixed option", - imageTag: "gcr.io/distroless/base:latest", - ignoreUnfixed: true, - expectedOutputFile: "testdata/distroless-base-ignore-unfixed.json.golden", - testfile: "testdata/fixtures/images/distroless-base.tar.gz", + name: "happy path, valid image path, distroless:base, with --ignore-unfixed option", + imageTag: "gcr.io/distroless/base:latest", + ignoreUnfixed: true, + wantOutputFile: "testdata/distroless-base-ignore-unfixed.json.golden", + testfile: "testdata/fixtures/images/distroless-base.tar.gz", }, { - name: "happy path, valid image path, distroless:python2.7", - imageTag: "gcr.io/distroless/python2.7:latest", - expectedOutputFile: "testdata/distroless-python27.json.golden", - testfile: "testdata/fixtures/images/distroless-python27.tar.gz", + name: "happy path, valid image path, distroless:python2.7", + imageTag: "gcr.io/distroless/python2.7:latest", + wantOutputFile: "testdata/distroless-python27.json.golden", + testfile: "testdata/fixtures/images/distroless-python27.tar.gz", }, { - name: "happy path, valid image path, oraclelinux:6-slim", - imageTag: "oraclelinux:6-slim", - expectedOutputFile: "testdata/oraclelinux-6-slim.json.golden", - testfile: "testdata/fixtures/images/oraclelinux-6-slim.tar.gz", + name: "happy path, valid image path, oraclelinux:6-slim", + imageTag: "oraclelinux:6-slim", + wantOutputFile: "testdata/oraclelinux-6-slim.json.golden", + testfile: "testdata/fixtures/images/oraclelinux-6-slim.tar.gz", }, { - name: "happy path, valid image path, oraclelinux:7-slim", - imageTag: "oraclelinux:7-slim", - expectedOutputFile: "testdata/oraclelinux-7-slim.json.golden", - testfile: "testdata/fixtures/images/oraclelinux-7-slim.tar.gz", + name: "happy path, valid image path, oraclelinux:7-slim", + imageTag: "oraclelinux:7-slim", + wantOutputFile: "testdata/oraclelinux-7-slim.json.golden", + testfile: "testdata/fixtures/images/oraclelinux-7-slim.tar.gz", }, { - name: "happy path, valid image path, oraclelinux:8-slim", - imageTag: "oraclelinux:8-slim", - expectedOutputFile: "testdata/oraclelinux-8-slim.json.golden", - testfile: "testdata/fixtures/images/oraclelinux-8-slim.tar.gz", + name: "happy path, valid image path, oraclelinux:8-slim", + imageTag: "oraclelinux:8-slim", + wantOutputFile: "testdata/oraclelinux-8-slim.json.golden", + testfile: "testdata/fixtures/images/oraclelinux-8-slim.tar.gz", }, { - name: "happy path, valid image path, ubuntu:16.04", - imageTag: "ubuntu:16.04", - expectedOutputFile: "testdata/ubuntu-1604.json.golden", - testfile: "testdata/fixtures/images/ubuntu-1604.tar.gz", + name: "happy path, valid image path, ubuntu:16.04", + imageTag: "ubuntu:16.04", + wantOutputFile: "testdata/ubuntu-1604.json.golden", + testfile: "testdata/fixtures/images/ubuntu-1604.tar.gz", }, { - name: "happy path, valid image path, ubuntu:18.04", - imageTag: "ubuntu:18.04", - expectedOutputFile: "testdata/ubuntu-1804.json.golden", - testfile: "testdata/fixtures/images/ubuntu-1804.tar.gz", + name: "happy path, valid image path, ubuntu:18.04", + imageTag: "ubuntu:18.04", + wantOutputFile: "testdata/ubuntu-1804.json.golden", + testfile: "testdata/fixtures/images/ubuntu-1804.tar.gz", }, { - name: "happy path, valid image path, ubuntu:18.04, with --ignore-unfixed option", - imageTag: "ubuntu:18.04", - ignoreUnfixed: true, - expectedOutputFile: "testdata/ubuntu-1804-ignore-unfixed.json.golden", - testfile: "testdata/fixtures/images/ubuntu-1804.tar.gz", + name: "happy path, valid image path, ubuntu:18.04, with --ignore-unfixed option", + imageTag: "ubuntu:18.04", + ignoreUnfixed: true, + wantOutputFile: "testdata/ubuntu-1804-ignore-unfixed.json.golden", + testfile: "testdata/fixtures/images/ubuntu-1804.tar.gz", }, { - name: "happy path, valid image path, registry.redhat.io/ubi7", - imageTag: "registry.redhat.io/ubi7", - expectedOutputFile: "testdata/ubi-7.json.golden", - testfile: "testdata/fixtures/images/ubi-7.tar.gz", + name: "happy path, valid image path, registry.redhat.io/ubi7", + imageTag: "registry.redhat.io/ubi7", + wantOutputFile: "testdata/ubi-7.json.golden", + testfile: "testdata/fixtures/images/ubi-7.tar.gz", }, { - name: "happy path, valid image path, opensuse leap 15.1", - imageTag: "opensuse/leap:latest", - expectedOutputFile: "testdata/opensuse-leap-151.json.golden", - testfile: "testdata/fixtures/images/opensuse-leap-151.tar.gz", + name: "happy path, valid image path, opensuse leap 15.1", + imageTag: "opensuse/leap:latest", + wantOutputFile: "testdata/opensuse-leap-151.json.golden", + testfile: "testdata/fixtures/images/opensuse-leap-151.tar.gz", }, { - name: "happy path, valid image path, opensuse leap 42.3", - imageTag: "opensuse/leap:42.3", - expectedOutputFile: "testdata/opensuse-leap-423.json.golden", - testfile: "testdata/fixtures/images/opensuse-leap-423.tar.gz", + name: "happy path, valid image path, opensuse leap 42.3", + imageTag: "opensuse/leap:42.3", + wantOutputFile: "testdata/opensuse-leap-423.json.golden", + testfile: "testdata/fixtures/images/opensuse-leap-423.tar.gz", }, { - name: "happy path, valid image path, photon 1.0", - imageTag: "photon:1.0-20190823", - expectedOutputFile: "testdata/photon-10.json.golden", - testfile: "testdata/fixtures/images/photon-10.tar.gz", + name: "happy path, valid image path, photon 1.0", + imageTag: "photon:1.0-20190823", + wantOutputFile: "testdata/photon-10.json.golden", + testfile: "testdata/fixtures/images/photon-10.tar.gz", }, { - name: "happy path, valid image path, photon 2.0", - imageTag: "photon:2.0-20190726", - expectedOutputFile: "testdata/photon-20.json.golden", - testfile: "testdata/fixtures/images/photon-20.tar.gz", + name: "happy path, valid image path, photon 2.0", + imageTag: "photon:2.0-20190726", + wantOutputFile: "testdata/photon-20.json.golden", + testfile: "testdata/fixtures/images/photon-20.tar.gz", }, { - name: "happy path, valid image path, photon 3.0", - imageTag: "photon:3.0-20190823", - expectedOutputFile: "testdata/photon-30.json.golden", - testfile: "testdata/fixtures/images/photon-30.tar.gz", + name: "happy path, valid image path, photon 3.0", + imageTag: "photon:3.0-20190823", + wantOutputFile: "testdata/photon-30.json.golden", + testfile: "testdata/fixtures/images/photon-30.tar.gz", }, { - name: "buxybox with Cargo.lock integration", - imageTag: "busy-cargo:latest", - expectedOutputFile: "testdata/busybox-with-lockfile.json.golden", - testfile: "testdata/fixtures/images/busybox-with-lockfile.tar.gz", + name: "buxybox with Cargo.lock integration", + imageTag: "busy-cargo:latest", + wantOutputFile: "testdata/busybox-with-lockfile.json.golden", + testfile: "testdata/fixtures/images/busybox-with-lockfile.tar.gz", }, { - name: "sad path, invalid image", - invalidImage: true, - testfile: "badimage:latest", - expectedError: "unable to inspect the image (index.docker.io/library/badimage:latest)", + name: "sad path, invalid image", + invalidImage: true, + testfile: "badimage:latest", + wantError: "unable to inspect the image (index.docker.io/library/badimage:latest)", }, } @@ -276,9 +277,8 @@ func TestRun_WithDockerEngine(t *testing.T) { require.NoError(t, err, tc.name) } - of, err := os.CreateTemp("", "integration-docker-engine-output-file-*") - require.NoError(t, err, tc.name) - defer os.Remove(of.Name()) + tmpDir := t.TempDir() + output := filepath.Join(tmpDir, "result.json") // run trivy app := commands.NewApp("dev") @@ -288,7 +288,7 @@ func TestRun_WithDockerEngine(t *testing.T) { trivyArgs = append(trivyArgs, "image") } - trivyArgs = append(trivyArgs, []string{"--skip-update", "--format=json", "--output", of.Name()}...) + trivyArgs = append(trivyArgs, []string{"--skip-update", "--format=json", "--output", output}...) if tc.ignoreUnfixed { trivyArgs = append(trivyArgs, "--ignore-unfixed") @@ -308,20 +308,18 @@ func TestRun_WithDockerEngine(t *testing.T) { err = app.Run(trivyArgs) switch { - case tc.expectedError != "": + case tc.wantError != "": require.NotNil(t, err) - assert.Contains(t, err.Error(), tc.expectedError, tc.name) + assert.Contains(t, err.Error(), tc.wantError, tc.name) return default: assert.NoError(t, err, tc.name) } // check for vulnerability output info - got, err := io.ReadAll(of) - assert.NoError(t, err, tc.name) - want, err := os.ReadFile(tc.expectedOutputFile) - assert.NoError(t, err, tc.name) - assert.JSONEq(t, string(want), string(got), tc.name) + got := readReport(t, output) + want := readReport(t, tc.wantOutputFile) + assert.Equal(t, want, got) // cleanup _, err = cli.ImageRemove(ctx, tc.testfile, types.ImageRemoveOptions{ diff --git a/integration/fs_test.go b/integration/fs_test.go index 58ea5ed808..b64ad80220 100644 --- a/integration/fs_test.go +++ b/integration/fs_test.go @@ -6,11 +6,11 @@ package integration import ( "io" "os" + "path/filepath" "strings" "testing" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" "github.com/aquasecurity/trivy/pkg/commands" ) @@ -118,15 +118,9 @@ func TestFilesystem(t *testing.T) { } // Setup the output file - var outputFile string + outputFile := filepath.Join(t.TempDir(), "output.json") if *update { outputFile = tt.golden - } else { - output, err := os.CreateTemp("", "integration") - require.NoError(t, err) - assert.Nil(t, output.Close()) - defer os.Remove(output.Name()) - outputFile = output.Name() } osArgs = append(osArgs, "--output", outputFile) @@ -140,12 +134,10 @@ func TestFilesystem(t *testing.T) { assert.Nil(t, app.Run(osArgs)) // Compare want and got - want, err := os.ReadFile(tt.golden) - assert.NoError(t, err) - got, err := os.ReadFile(outputFile) - assert.NoError(t, err) + want := readReport(t, tt.golden) + got := readReport(t, outputFile) - assert.JSONEq(t, string(want), string(got)) + assert.Equal(t, want, got) }) } } diff --git a/integration/integration_test.go b/integration/integration_test.go index 6c31bf1529..8346e1dae6 100644 --- a/integration/integration_test.go +++ b/integration/integration_test.go @@ -15,9 +15,11 @@ import ( "testing" "time" + "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "github.com/aquasecurity/trivy-db/pkg/db" + "github.com/aquasecurity/trivy/pkg/report" ) var update = flag.Bool("update", false, "update golden files") @@ -85,3 +87,29 @@ func waitPort(ctx context.Context, addr string) error { } } } + +func readReport(t *testing.T, filePath string) report.Report { + t.Helper() + + f, err := os.Open(filePath) + require.NoError(t, err, filePath) + defer f.Close() + + var res report.Report + err = json.NewDecoder(f).Decode(&res) + require.NoError(t, err, filePath) + + // We don't compare history because the nano-seconds in "created" don't match + res.Metadata.ImageConfig.History = nil + + // We don't compare repo tags because the archive doesn't support it + res.Metadata.RepoTags = nil + + return res +} + +func compareReports(t *testing.T, wantFile, gotFile string) { + want := readReport(t, wantFile) + got := readReport(t, gotFile) + assert.Equal(t, want, got) +} diff --git a/integration/registry_test.go b/integration/registry_test.go index e69f0b6476..de5bb11d3b 100644 --- a/integration/registry_test.go +++ b/integration/registry_test.go @@ -26,7 +26,6 @@ import ( _ "github.com/aquasecurity/fanal/analyzer" testdocker "github.com/aquasecurity/trivy/integration/docker" "github.com/aquasecurity/trivy/pkg/commands" - "github.com/aquasecurity/trivy/pkg/report" ) const ( @@ -193,7 +192,7 @@ func TestRegistry(t *testing.T) { require.NoError(t, err) // 2. Scan it - resultFile, cleanup, err := scan(t, imageRef, baseDir, tc.golden, tc.option) + resultFile, err := scan(t, imageRef, baseDir, tc.golden, tc.option) if tc.wantErr != "" { require.NotNil(t, err) @@ -202,57 +201,40 @@ func TestRegistry(t *testing.T) { } else { require.NoError(t, err) } - defer cleanup() - // 3. Compare want and got - golden, err := os.Open(tc.golden) - assert.NoError(t, err) + // 3. Read want and got + want := readReport(t, tc.golden) + got := readReport(t, resultFile) - var want report.Results - err = json.NewDecoder(golden).Decode(&want) - require.NoError(t, err) + // 4 Update some dynamic fields + want.ArtifactName = s + for i := range want.Results { + want.Results[i].Target = fmt.Sprintf("%s (alpine 3.10.2)", s) + } + want.Metadata.RepoDigests = []string{ + fmt.Sprintf("%s/alpine@sha256:acd3ca9941a85e8ed16515bfc5328e4e2f8c128caa72959a58a127b7801ee01f", registryURL.Host), + } - result, err := os.Open(resultFile) - assert.NoError(t, err) - - var got report.Results - err = json.NewDecoder(result).Decode(&got) - require.NoError(t, err) - - assert.Equal(t, want[0].Vulnerabilities, got[0].Vulnerabilities) - assert.Equal(t, want[0].Vulnerabilities, got[0].Vulnerabilities) + // 5. Compare want and got + assert.Equal(t, want, got) }) } } -func scan(t *testing.T, imageRef name.Reference, baseDir, goldenFile string, opt registryOption) (string, func(), error) { - cleanup := func() {} - +func scan(t *testing.T, imageRef name.Reference, baseDir, goldenFile string, opt registryOption) (string, error) { // Set up testing DB cacheDir := gunzipDB(t) // Setup the output file - var outputFile string - if *update && goldenFile != "" { + outputFile := filepath.Join(t.TempDir(), "output.json") + if *update { outputFile = goldenFile - } else { - output, err := os.CreateTemp("", "integration") - if err != nil { - return "", cleanup, err - } - defer output.Close() - - outputFile = output.Name() - cleanup = func() { - os.Remove(outputFile) - } } // Setup env - if err := setupEnv(imageRef, baseDir, opt); err != nil { - return "", cleanup, err + if err := setupEnv(t, imageRef, baseDir, opt); err != nil { + return "", err } - defer unsetEnv() // Setup CLI App app := commands.NewApp("dev") @@ -262,15 +244,13 @@ func scan(t *testing.T, imageRef name.Reference, baseDir, goldenFile string, opt // Run Trivy if err := app.Run(osArgs); err != nil { - return "", cleanup, err + return "", err } - return outputFile, cleanup, nil + return outputFile, nil } -func setupEnv(imageRef name.Reference, baseDir string, opt registryOption) error { - if err := os.Setenv("TRIVY_INSECURE", "true"); err != nil { - return err - } +func setupEnv(t *testing.T, imageRef name.Reference, baseDir string, opt registryOption) error { + t.Setenv("TRIVY_INSECURE", "true") if opt.Username != "" && opt.Password != "" { if opt.RegistryToken { @@ -279,26 +259,10 @@ func setupEnv(imageRef name.Reference, baseDir string, opt registryOption) error if err != nil { return err } - if err := os.Setenv("TRIVY_REGISTRY_TOKEN", token); err != nil { - return err - } + t.Setenv("TRIVY_REGISTRY_TOKEN", token) } else { - if err := os.Setenv("TRIVY_USERNAME", opt.Username); err != nil { - return err - } - if err := os.Setenv("TRIVY_PASSWORD", opt.Password); err != nil { - return err - } - } - } - return nil -} - -func unsetEnv() error { - envs := []string{"TRIVY_INSECURE", "TRIVY_USERNAME", "TRIVY_PASSWORD", "TRIVY_REGISTRY_TOKEN"} - for _, e := range envs { - if err := os.Unsetenv(e); err != nil { - return err + t.Setenv("TRIVY_USERNAME", opt.Username) + t.Setenv("TRIVY_PASSWORD", opt.Password) } } return nil diff --git a/integration/standalone_tar_test.go b/integration/standalone_tar_test.go index bf6ad35557..782e432073 100644 --- a/integration/standalone_tar_test.go +++ b/integration/standalone_tar_test.go @@ -6,6 +6,7 @@ package integration import ( "io" "os" + "path/filepath" "strings" "testing" @@ -381,7 +382,6 @@ func TestRun_WithTar(t *testing.T) { for _, c := range cases { t.Run(c.name, func(t *testing.T) { - osArgs := []string{"trivy"} osArgs = append(osArgs, "--cache-dir", cacheDir) if c.testArgs.WithImageSubcommand { @@ -423,14 +423,9 @@ func TestRun_WithTar(t *testing.T) { } // Setup the output file - var outputFile string + outputFile := filepath.Join(t.TempDir(), "output.json") if *update { outputFile = c.golden - } else { - output, _ := os.CreateTemp("", "integration") - assert.Nil(t, output.Close()) - defer os.Remove(output.Name()) - outputFile = output.Name() } osArgs = append(osArgs, []string{"--output", outputFile}...) @@ -439,12 +434,7 @@ func TestRun_WithTar(t *testing.T) { assert.Nil(t, app.Run(osArgs)) // Compare want and got - want, err := os.ReadFile(c.golden) - assert.NoError(t, err) - got, err := os.ReadFile(outputFile) - assert.NoError(t, err) - - assert.JSONEq(t, string(want), string(got)) + compareReports(t, c.golden, outputFile) }) } } diff --git a/integration/testdata/alpine-310-ignore-cveids.json.golden b/integration/testdata/alpine-310-ignore-cveids.json.golden index d975e50427..c0991bca8d 100644 --- a/integration/testdata/alpine-310-ignore-cveids.json.golden +++ b/integration/testdata/alpine-310-ignore-cveids.json.golden @@ -1,173 +1,223 @@ -[ - { - "Target": "testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2)", - "Class": "os-pkgs", - "Type": "alpine", - "Vulnerabilities": [ - { - "VulnerabilityID": "CVE-2019-1551", - "PkgName": "libcrypto1.1", - "InstalledVersion": "1.1.1c-r0", - "FixedVersion": "1.1.1d-r2", - "Layer": { - "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" +{ + "SchemaVersion": 2, + "ArtifactName": "testdata/fixtures/images/alpine-310.tar.gz", + "ArtifactType": "container_image", + "Metadata": { + "OS": { + "Family": "alpine", + "Name": "3.10.2", + "EOSL": true + }, + "ImageID": "sha256:961769676411f082461f9ef46626dd7a2d1e2b2a38e6a44364bcbecf51e66dd4", + "DiffIDs": [ + "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" + ], + "ImageConfig": { + "architecture": "amd64", + "container": "0a80155a31551fcc1a36fccbbda79fcd3f0b1c7d270653d00310e6e2217c57e6", + "created": "2019-08-20T20:19:55.211423266Z", + "docker_version": "18.06.1-ce", + "history": [ + { + "created": "2019-08-20T20:19:55.062606894Z", + "created_by": "/bin/sh -c #(nop) ADD file:fe64057fbb83dccb960efabbf1cd8777920ef279a7fa8dbca0a8801c651bdf7c in / " }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", - "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64", - "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.8 - } - }, - "References": [ - "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98", - "https://github.com/openssl/openssl/pull/10575", - "https://seclists.org/bugtraq/2019/Dec/39", - "https://seclists.org/bugtraq/2019/Dec/46", - "https://security.netapp.com/advisory/ntap-20191210-0001/", - "https://www.debian.org/security/2019/dsa-4594", - "https://www.openssl.org/news/secadv/20191206.txt", - "https://www.tenable.com/security/tns-2019-09" - ], - "PublishedDate": "2019-12-06T18:15:00Z", - "LastModifiedDate": "2019-12-25T11:15:00Z" + { + "created": "2019-08-20T20:19:55.211423266Z", + "created_by": "/bin/sh -c #(nop) CMD [\"/bin/sh\"]", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" + ] }, - { - "VulnerabilityID": "CVE-2019-1547", - "PkgName": "libcrypto1.1", - "InstalledVersion": "1.1.1c-r0", - "FixedVersion": "1.1.1d-r0", - "Layer": { - "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1547", - "Title": "openssl: side-channel weak encryption vulnerability", - "Description": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", - "Severity": "LOW", - "CweIDs": [ - "CWE-311" + "config": { + "Cmd": [ + "/bin/sh" ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 1.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.5 - } - }, - "References": [ - "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", - "https://arxiv.org/abs/1909.01785", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a", - "https://seclists.org/bugtraq/2019/Sep/25", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://www.openssl.org/news/secadv/20190910.txt" + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-12T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1551", - "PkgName": "libssl1.1", - "InstalledVersion": "1.1.1c-r0", - "FixedVersion": "1.1.1d-r2", - "Layer": { - "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", - "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64", - "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.8 - } - }, - "References": [ - "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98", - "https://github.com/openssl/openssl/pull/10575", - "https://seclists.org/bugtraq/2019/Dec/39", - "https://seclists.org/bugtraq/2019/Dec/46", - "https://security.netapp.com/advisory/ntap-20191210-0001/", - "https://www.debian.org/security/2019/dsa-4594", - "https://www.openssl.org/news/secadv/20191206.txt", - "https://www.tenable.com/security/tns-2019-09" - ], - "PublishedDate": "2019-12-06T18:15:00Z", - "LastModifiedDate": "2019-12-25T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1547", - "PkgName": "libssl1.1", - "InstalledVersion": "1.1.1c-r0", - "FixedVersion": "1.1.1d-r0", - "Layer": { - "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1547", - "Title": "openssl: side-channel weak encryption vulnerability", - "Description": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", - "Severity": "LOW", - "CweIDs": [ - "CWE-311" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 1.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.5 - } - }, - "References": [ - "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", - "https://arxiv.org/abs/1909.01785", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a", - "https://seclists.org/bugtraq/2019/Sep/25", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-12T16:15:00Z" + "Image": "sha256:06f4121dff4d0123ce11bd2e44f48da9ba9ddcd23ae376ea1f363f63ea0849b5", + "ArgsEscaped": true } - ] - } -] \ No newline at end of file + } + }, + "Results": [ + { + "Target": "testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2)", + "Class": "os-pkgs", + "Type": "alpine", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2019-1551", + "PkgName": "libcrypto1.1", + "InstalledVersion": "1.1.1c-r0", + "FixedVersion": "1.1.1d-r2", + "Layer": { + "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", + "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64", + "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98", + "https://github.com/openssl/openssl/pull/10575", + "https://seclists.org/bugtraq/2019/Dec/39", + "https://seclists.org/bugtraq/2019/Dec/46", + "https://security.netapp.com/advisory/ntap-20191210-0001/", + "https://www.debian.org/security/2019/dsa-4594", + "https://www.openssl.org/news/secadv/20191206.txt", + "https://www.tenable.com/security/tns-2019-09" + ], + "PublishedDate": "2019-12-06T18:15:00Z", + "LastModifiedDate": "2019-12-25T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1547", + "PkgName": "libcrypto1.1", + "InstalledVersion": "1.1.1c-r0", + "FixedVersion": "1.1.1d-r0", + "Layer": { + "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1547", + "Title": "openssl: side-channel weak encryption vulnerability", + "Description": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", + "Severity": "LOW", + "CweIDs": [ + "CWE-311" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 1.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", + "https://arxiv.org/abs/1909.01785", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a", + "https://seclists.org/bugtraq/2019/Sep/25", + "https://security.netapp.com/advisory/ntap-20190919-0002/", + "https://www.openssl.org/news/secadv/20190910.txt" + ], + "PublishedDate": "2019-09-10T17:15:00Z", + "LastModifiedDate": "2019-09-12T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1551", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.1c-r0", + "FixedVersion": "1.1.1d-r2", + "Layer": { + "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", + "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64", + "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98", + "https://github.com/openssl/openssl/pull/10575", + "https://seclists.org/bugtraq/2019/Dec/39", + "https://seclists.org/bugtraq/2019/Dec/46", + "https://security.netapp.com/advisory/ntap-20191210-0001/", + "https://www.debian.org/security/2019/dsa-4594", + "https://www.openssl.org/news/secadv/20191206.txt", + "https://www.tenable.com/security/tns-2019-09" + ], + "PublishedDate": "2019-12-06T18:15:00Z", + "LastModifiedDate": "2019-12-25T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1547", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.1c-r0", + "FixedVersion": "1.1.1d-r0", + "Layer": { + "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1547", + "Title": "openssl: side-channel weak encryption vulnerability", + "Description": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", + "Severity": "LOW", + "CweIDs": [ + "CWE-311" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 1.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", + "https://arxiv.org/abs/1909.01785", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a", + "https://seclists.org/bugtraq/2019/Sep/25", + "https://security.netapp.com/advisory/ntap-20190919-0002/", + "https://www.openssl.org/news/secadv/20190910.txt" + ], + "PublishedDate": "2019-09-10T17:15:00Z", + "LastModifiedDate": "2019-09-12T16:15:00Z" + } + ] + } + ] +} \ No newline at end of file diff --git a/integration/testdata/alpine-310-ignore-unfixed.json.golden b/integration/testdata/alpine-310-ignore-unfixed.json.golden index f2054794b3..da8f4b2fc9 100644 --- a/integration/testdata/alpine-310-ignore-unfixed.json.golden +++ b/integration/testdata/alpine-310-ignore-unfixed.json.golden @@ -1,325 +1,375 @@ -[ - { - "Target": "testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2)", - "Class": "os-pkgs", - "Type": "alpine", - "Vulnerabilities": [ - { - "VulnerabilityID": "CVE-2019-1549", - "PkgName": "libcrypto1.1", - "InstalledVersion": "1.1.1c-r0", - "FixedVersion": "1.1.1d-r0", - "Layer": { - "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" +{ + "SchemaVersion": 2, + "ArtifactName": "testdata/fixtures/images/alpine-310.tar.gz", + "ArtifactType": "container_image", + "Metadata": { + "OS": { + "Family": "alpine", + "Name": "3.10.2", + "EOSL": true + }, + "ImageID": "sha256:961769676411f082461f9ef46626dd7a2d1e2b2a38e6a44364bcbecf51e66dd4", + "DiffIDs": [ + "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" + ], + "ImageConfig": { + "architecture": "amd64", + "container": "0a80155a31551fcc1a36fccbbda79fcd3f0b1c7d270653d00310e6e2217c57e6", + "created": "2019-08-20T20:19:55.211423266Z", + "docker_version": "18.06.1-ce", + "history": [ + { + "created": "2019-08-20T20:19:55.062606894Z", + "created_by": "/bin/sh -c #(nop) ADD file:fe64057fbb83dccb960efabbf1cd8777920ef279a7fa8dbca0a8801c651bdf7c in / " }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1549", - "Title": "openssl: information disclosure in fork()", - "Description": "OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-330" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.8 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://support.f5.com/csp/article/K44070243", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-19T17:15:00Z" + { + "created": "2019-08-20T20:19:55.211423266Z", + "created_by": "/bin/sh -c #(nop) CMD [\"/bin/sh\"]", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" + ] }, - { - "VulnerabilityID": "CVE-2019-1551", - "PkgName": "libcrypto1.1", - "InstalledVersion": "1.1.1c-r0", - "FixedVersion": "1.1.1d-r2", - "Layer": { - "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", - "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64", - "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" + "config": { + "Cmd": [ + "/bin/sh" ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.8 - } - }, - "References": [ - "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98", - "https://github.com/openssl/openssl/pull/10575", - "https://seclists.org/bugtraq/2019/Dec/39", - "https://seclists.org/bugtraq/2019/Dec/46", - "https://security.netapp.com/advisory/ntap-20191210-0001/", - "https://www.debian.org/security/2019/dsa-4594", - "https://www.openssl.org/news/secadv/20191206.txt", - "https://www.tenable.com/security/tns-2019-09" + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ], - "PublishedDate": "2019-12-06T18:15:00Z", - "LastModifiedDate": "2019-12-25T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1563", - "PkgName": "libcrypto1.1", - "InstalledVersion": "1.1.1c-r0", - "FixedVersion": "1.1.1d-r0", - "Layer": { - "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", - "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey", - "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-311" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 3.7 - } - }, - "References": [ - "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", - "https://seclists.org/bugtraq/2019/Sep/25", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-12T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1547", - "PkgName": "libcrypto1.1", - "InstalledVersion": "1.1.1c-r0", - "FixedVersion": "1.1.1d-r0", - "Layer": { - "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1547", - "Title": "openssl: side-channel weak encryption vulnerability", - "Description": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", - "Severity": "LOW", - "CweIDs": [ - "CWE-311" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 1.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.5 - } - }, - "References": [ - "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", - "https://arxiv.org/abs/1909.01785", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a", - "https://seclists.org/bugtraq/2019/Sep/25", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-12T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1549", - "PkgName": "libssl1.1", - "InstalledVersion": "1.1.1c-r0", - "FixedVersion": "1.1.1d-r0", - "Layer": { - "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1549", - "Title": "openssl: information disclosure in fork()", - "Description": "OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-330" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.8 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://support.f5.com/csp/article/K44070243", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-19T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1551", - "PkgName": "libssl1.1", - "InstalledVersion": "1.1.1c-r0", - "FixedVersion": "1.1.1d-r2", - "Layer": { - "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", - "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64", - "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.8 - } - }, - "References": [ - "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98", - "https://github.com/openssl/openssl/pull/10575", - "https://seclists.org/bugtraq/2019/Dec/39", - "https://seclists.org/bugtraq/2019/Dec/46", - "https://security.netapp.com/advisory/ntap-20191210-0001/", - "https://www.debian.org/security/2019/dsa-4594", - "https://www.openssl.org/news/secadv/20191206.txt", - "https://www.tenable.com/security/tns-2019-09" - ], - "PublishedDate": "2019-12-06T18:15:00Z", - "LastModifiedDate": "2019-12-25T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1563", - "PkgName": "libssl1.1", - "InstalledVersion": "1.1.1c-r0", - "FixedVersion": "1.1.1d-r0", - "Layer": { - "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", - "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey", - "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-311" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 3.7 - } - }, - "References": [ - "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", - "https://seclists.org/bugtraq/2019/Sep/25", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-12T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1547", - "PkgName": "libssl1.1", - "InstalledVersion": "1.1.1c-r0", - "FixedVersion": "1.1.1d-r0", - "Layer": { - "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1547", - "Title": "openssl: side-channel weak encryption vulnerability", - "Description": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", - "Severity": "LOW", - "CweIDs": [ - "CWE-311" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 1.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.5 - } - }, - "References": [ - "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", - "https://arxiv.org/abs/1909.01785", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a", - "https://seclists.org/bugtraq/2019/Sep/25", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-12T16:15:00Z" + "Image": "sha256:06f4121dff4d0123ce11bd2e44f48da9ba9ddcd23ae376ea1f363f63ea0849b5", + "ArgsEscaped": true } - ] - } -] \ No newline at end of file + } + }, + "Results": [ + { + "Target": "testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2)", + "Class": "os-pkgs", + "Type": "alpine", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2019-1549", + "PkgName": "libcrypto1.1", + "InstalledVersion": "1.1.1c-r0", + "FixedVersion": "1.1.1d-r0", + "Layer": { + "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1549", + "Title": "openssl: information disclosure in fork()", + "Description": "OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-330" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/", + "https://security.netapp.com/advisory/ntap-20190919-0002/", + "https://support.f5.com/csp/article/K44070243", + "https://www.openssl.org/news/secadv/20190910.txt" + ], + "PublishedDate": "2019-09-10T17:15:00Z", + "LastModifiedDate": "2019-09-19T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1551", + "PkgName": "libcrypto1.1", + "InstalledVersion": "1.1.1c-r0", + "FixedVersion": "1.1.1d-r2", + "Layer": { + "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", + "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64", + "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98", + "https://github.com/openssl/openssl/pull/10575", + "https://seclists.org/bugtraq/2019/Dec/39", + "https://seclists.org/bugtraq/2019/Dec/46", + "https://security.netapp.com/advisory/ntap-20191210-0001/", + "https://www.debian.org/security/2019/dsa-4594", + "https://www.openssl.org/news/secadv/20191206.txt", + "https://www.tenable.com/security/tns-2019-09" + ], + "PublishedDate": "2019-12-06T18:15:00Z", + "LastModifiedDate": "2019-12-25T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1563", + "PkgName": "libcrypto1.1", + "InstalledVersion": "1.1.1c-r0", + "FixedVersion": "1.1.1d-r0", + "Layer": { + "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", + "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey", + "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-311" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", + "https://seclists.org/bugtraq/2019/Sep/25", + "https://security.netapp.com/advisory/ntap-20190919-0002/", + "https://www.openssl.org/news/secadv/20190910.txt" + ], + "PublishedDate": "2019-09-10T17:15:00Z", + "LastModifiedDate": "2019-09-12T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1547", + "PkgName": "libcrypto1.1", + "InstalledVersion": "1.1.1c-r0", + "FixedVersion": "1.1.1d-r0", + "Layer": { + "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1547", + "Title": "openssl: side-channel weak encryption vulnerability", + "Description": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", + "Severity": "LOW", + "CweIDs": [ + "CWE-311" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 1.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", + "https://arxiv.org/abs/1909.01785", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a", + "https://seclists.org/bugtraq/2019/Sep/25", + "https://security.netapp.com/advisory/ntap-20190919-0002/", + "https://www.openssl.org/news/secadv/20190910.txt" + ], + "PublishedDate": "2019-09-10T17:15:00Z", + "LastModifiedDate": "2019-09-12T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1549", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.1c-r0", + "FixedVersion": "1.1.1d-r0", + "Layer": { + "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1549", + "Title": "openssl: information disclosure in fork()", + "Description": "OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-330" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/", + "https://security.netapp.com/advisory/ntap-20190919-0002/", + "https://support.f5.com/csp/article/K44070243", + "https://www.openssl.org/news/secadv/20190910.txt" + ], + "PublishedDate": "2019-09-10T17:15:00Z", + "LastModifiedDate": "2019-09-19T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1551", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.1c-r0", + "FixedVersion": "1.1.1d-r2", + "Layer": { + "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", + "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64", + "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98", + "https://github.com/openssl/openssl/pull/10575", + "https://seclists.org/bugtraq/2019/Dec/39", + "https://seclists.org/bugtraq/2019/Dec/46", + "https://security.netapp.com/advisory/ntap-20191210-0001/", + "https://www.debian.org/security/2019/dsa-4594", + "https://www.openssl.org/news/secadv/20191206.txt", + "https://www.tenable.com/security/tns-2019-09" + ], + "PublishedDate": "2019-12-06T18:15:00Z", + "LastModifiedDate": "2019-12-25T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1563", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.1c-r0", + "FixedVersion": "1.1.1d-r0", + "Layer": { + "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", + "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey", + "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-311" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", + "https://seclists.org/bugtraq/2019/Sep/25", + "https://security.netapp.com/advisory/ntap-20190919-0002/", + "https://www.openssl.org/news/secadv/20190910.txt" + ], + "PublishedDate": "2019-09-10T17:15:00Z", + "LastModifiedDate": "2019-09-12T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1547", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.1c-r0", + "FixedVersion": "1.1.1d-r0", + "Layer": { + "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1547", + "Title": "openssl: side-channel weak encryption vulnerability", + "Description": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", + "Severity": "LOW", + "CweIDs": [ + "CWE-311" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 1.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", + "https://arxiv.org/abs/1909.01785", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a", + "https://seclists.org/bugtraq/2019/Sep/25", + "https://security.netapp.com/advisory/ntap-20190919-0002/", + "https://www.openssl.org/news/secadv/20190910.txt" + ], + "PublishedDate": "2019-09-10T17:15:00Z", + "LastModifiedDate": "2019-09-12T16:15:00Z" + } + ] + } + ] +} \ No newline at end of file diff --git a/integration/testdata/alpine-310-medium-high.json.golden b/integration/testdata/alpine-310-medium-high.json.golden index 3291aad06f..bbe42b2d8c 100644 --- a/integration/testdata/alpine-310-medium-high.json.golden +++ b/integration/testdata/alpine-310-medium-high.json.golden @@ -1,245 +1,295 @@ -[ - { - "Target": "testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2)", - "Class": "os-pkgs", - "Type": "alpine", - "Vulnerabilities": [ - { - "VulnerabilityID": "CVE-2019-1549", - "PkgName": "libcrypto1.1", - "InstalledVersion": "1.1.1c-r0", - "FixedVersion": "1.1.1d-r0", - "Layer": { - "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" +{ + "SchemaVersion": 2, + "ArtifactName": "testdata/fixtures/images/alpine-310.tar.gz", + "ArtifactType": "container_image", + "Metadata": { + "OS": { + "Family": "alpine", + "Name": "3.10.2", + "EOSL": true + }, + "ImageID": "sha256:961769676411f082461f9ef46626dd7a2d1e2b2a38e6a44364bcbecf51e66dd4", + "DiffIDs": [ + "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" + ], + "ImageConfig": { + "architecture": "amd64", + "container": "0a80155a31551fcc1a36fccbbda79fcd3f0b1c7d270653d00310e6e2217c57e6", + "created": "2019-08-20T20:19:55.211423266Z", + "docker_version": "18.06.1-ce", + "history": [ + { + "created": "2019-08-20T20:19:55.062606894Z", + "created_by": "/bin/sh -c #(nop) ADD file:fe64057fbb83dccb960efabbf1cd8777920ef279a7fa8dbca0a8801c651bdf7c in / " }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1549", - "Title": "openssl: information disclosure in fork()", - "Description": "OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-330" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.8 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://support.f5.com/csp/article/K44070243", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-19T17:15:00Z" + { + "created": "2019-08-20T20:19:55.211423266Z", + "created_by": "/bin/sh -c #(nop) CMD [\"/bin/sh\"]", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" + ] }, - { - "VulnerabilityID": "CVE-2019-1551", - "PkgName": "libcrypto1.1", - "InstalledVersion": "1.1.1c-r0", - "FixedVersion": "1.1.1d-r2", - "Layer": { - "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", - "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64", - "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" + "config": { + "Cmd": [ + "/bin/sh" ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.8 - } - }, - "References": [ - "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98", - "https://github.com/openssl/openssl/pull/10575", - "https://seclists.org/bugtraq/2019/Dec/39", - "https://seclists.org/bugtraq/2019/Dec/46", - "https://security.netapp.com/advisory/ntap-20191210-0001/", - "https://www.debian.org/security/2019/dsa-4594", - "https://www.openssl.org/news/secadv/20191206.txt", - "https://www.tenable.com/security/tns-2019-09" + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ], - "PublishedDate": "2019-12-06T18:15:00Z", - "LastModifiedDate": "2019-12-25T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1563", - "PkgName": "libcrypto1.1", - "InstalledVersion": "1.1.1c-r0", - "FixedVersion": "1.1.1d-r0", - "Layer": { - "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", - "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey", - "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-311" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 3.7 - } - }, - "References": [ - "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", - "https://seclists.org/bugtraq/2019/Sep/25", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-12T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1549", - "PkgName": "libssl1.1", - "InstalledVersion": "1.1.1c-r0", - "FixedVersion": "1.1.1d-r0", - "Layer": { - "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1549", - "Title": "openssl: information disclosure in fork()", - "Description": "OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-330" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.8 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://support.f5.com/csp/article/K44070243", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-19T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1551", - "PkgName": "libssl1.1", - "InstalledVersion": "1.1.1c-r0", - "FixedVersion": "1.1.1d-r2", - "Layer": { - "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", - "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64", - "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.8 - } - }, - "References": [ - "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98", - "https://github.com/openssl/openssl/pull/10575", - "https://seclists.org/bugtraq/2019/Dec/39", - "https://seclists.org/bugtraq/2019/Dec/46", - "https://security.netapp.com/advisory/ntap-20191210-0001/", - "https://www.debian.org/security/2019/dsa-4594", - "https://www.openssl.org/news/secadv/20191206.txt", - "https://www.tenable.com/security/tns-2019-09" - ], - "PublishedDate": "2019-12-06T18:15:00Z", - "LastModifiedDate": "2019-12-25T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1563", - "PkgName": "libssl1.1", - "InstalledVersion": "1.1.1c-r0", - "FixedVersion": "1.1.1d-r0", - "Layer": { - "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", - "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey", - "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-311" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 3.7 - } - }, - "References": [ - "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", - "https://seclists.org/bugtraq/2019/Sep/25", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-12T11:15:00Z" + "Image": "sha256:06f4121dff4d0123ce11bd2e44f48da9ba9ddcd23ae376ea1f363f63ea0849b5", + "ArgsEscaped": true } - ] - } -] \ No newline at end of file + } + }, + "Results": [ + { + "Target": "testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2)", + "Class": "os-pkgs", + "Type": "alpine", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2019-1549", + "PkgName": "libcrypto1.1", + "InstalledVersion": "1.1.1c-r0", + "FixedVersion": "1.1.1d-r0", + "Layer": { + "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1549", + "Title": "openssl: information disclosure in fork()", + "Description": "OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-330" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/", + "https://security.netapp.com/advisory/ntap-20190919-0002/", + "https://support.f5.com/csp/article/K44070243", + "https://www.openssl.org/news/secadv/20190910.txt" + ], + "PublishedDate": "2019-09-10T17:15:00Z", + "LastModifiedDate": "2019-09-19T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1551", + "PkgName": "libcrypto1.1", + "InstalledVersion": "1.1.1c-r0", + "FixedVersion": "1.1.1d-r2", + "Layer": { + "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", + "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64", + "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98", + "https://github.com/openssl/openssl/pull/10575", + "https://seclists.org/bugtraq/2019/Dec/39", + "https://seclists.org/bugtraq/2019/Dec/46", + "https://security.netapp.com/advisory/ntap-20191210-0001/", + "https://www.debian.org/security/2019/dsa-4594", + "https://www.openssl.org/news/secadv/20191206.txt", + "https://www.tenable.com/security/tns-2019-09" + ], + "PublishedDate": "2019-12-06T18:15:00Z", + "LastModifiedDate": "2019-12-25T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1563", + "PkgName": "libcrypto1.1", + "InstalledVersion": "1.1.1c-r0", + "FixedVersion": "1.1.1d-r0", + "Layer": { + "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", + "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey", + "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-311" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", + "https://seclists.org/bugtraq/2019/Sep/25", + "https://security.netapp.com/advisory/ntap-20190919-0002/", + "https://www.openssl.org/news/secadv/20190910.txt" + ], + "PublishedDate": "2019-09-10T17:15:00Z", + "LastModifiedDate": "2019-09-12T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1549", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.1c-r0", + "FixedVersion": "1.1.1d-r0", + "Layer": { + "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1549", + "Title": "openssl: information disclosure in fork()", + "Description": "OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-330" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/", + "https://security.netapp.com/advisory/ntap-20190919-0002/", + "https://support.f5.com/csp/article/K44070243", + "https://www.openssl.org/news/secadv/20190910.txt" + ], + "PublishedDate": "2019-09-10T17:15:00Z", + "LastModifiedDate": "2019-09-19T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1551", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.1c-r0", + "FixedVersion": "1.1.1d-r2", + "Layer": { + "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", + "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64", + "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98", + "https://github.com/openssl/openssl/pull/10575", + "https://seclists.org/bugtraq/2019/Dec/39", + "https://seclists.org/bugtraq/2019/Dec/46", + "https://security.netapp.com/advisory/ntap-20191210-0001/", + "https://www.debian.org/security/2019/dsa-4594", + "https://www.openssl.org/news/secadv/20191206.txt", + "https://www.tenable.com/security/tns-2019-09" + ], + "PublishedDate": "2019-12-06T18:15:00Z", + "LastModifiedDate": "2019-12-25T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1563", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.1c-r0", + "FixedVersion": "1.1.1d-r0", + "Layer": { + "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", + "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey", + "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-311" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", + "https://seclists.org/bugtraq/2019/Sep/25", + "https://security.netapp.com/advisory/ntap-20190919-0002/", + "https://www.openssl.org/news/secadv/20190910.txt" + ], + "PublishedDate": "2019-09-10T17:15:00Z", + "LastModifiedDate": "2019-09-12T11:15:00Z" + } + ] + } + ] +} \ No newline at end of file diff --git a/integration/testdata/alpine-310-registry.json.golden b/integration/testdata/alpine-310-registry.json.golden index c76d8ae5b6..d3c3c0cae0 100644 --- a/integration/testdata/alpine-310-registry.json.golden +++ b/integration/testdata/alpine-310-registry.json.golden @@ -1,333 +1,383 @@ -[ - { - "Target": "localhost:32779/alpine:3.10 (alpine 3.10.2)", - "Class": "os-pkgs", - "Type": "alpine", - "Vulnerabilities": [ - { - "VulnerabilityID": "CVE-2019-1549", - "PkgName": "libcrypto1.1", - "InstalledVersion": "1.1.1c-r0", - "FixedVersion": "1.1.1d-r0", - "Layer": { - "Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609", - "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" +{ + "SchemaVersion": 2, + "ArtifactName": "testdata/fixtures/images/alpine-310.tar.gz", + "ArtifactType": "container_image", + "Metadata": { + "OS": { + "Family": "alpine", + "Name": "3.10.2", + "EOSL": true + }, + "ImageID": "sha256:961769676411f082461f9ef46626dd7a2d1e2b2a38e6a44364bcbecf51e66dd4", + "DiffIDs": [ + "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" + ], + "ImageConfig": { + "architecture": "amd64", + "container": "0a80155a31551fcc1a36fccbbda79fcd3f0b1c7d270653d00310e6e2217c57e6", + "created": "2019-08-20T20:19:55.211423266Z", + "docker_version": "18.06.1-ce", + "history": [ + { + "created": "2019-08-20T20:19:55.062606894Z", + "created_by": "/bin/sh -c #(nop) ADD file:fe64057fbb83dccb960efabbf1cd8777920ef279a7fa8dbca0a8801c651bdf7c in / " }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1549", - "Title": "openssl: information disclosure in fork()", - "Description": "OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-330" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.8 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://support.f5.com/csp/article/K44070243", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-19T17:15:00Z" + { + "created": "2019-08-20T20:19:55.211423266Z", + "created_by": "/bin/sh -c #(nop) CMD [\"/bin/sh\"]", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" + ] }, - { - "VulnerabilityID": "CVE-2019-1551", - "PkgName": "libcrypto1.1", - "InstalledVersion": "1.1.1c-r0", - "FixedVersion": "1.1.1d-r2", - "Layer": { - "Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609", - "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", - "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64", - "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" + "config": { + "Cmd": [ + "/bin/sh" ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.8 - } - }, - "References": [ - "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98", - "https://github.com/openssl/openssl/pull/10575", - "https://seclists.org/bugtraq/2019/Dec/39", - "https://seclists.org/bugtraq/2019/Dec/46", - "https://security.netapp.com/advisory/ntap-20191210-0001/", - "https://www.debian.org/security/2019/dsa-4594", - "https://www.openssl.org/news/secadv/20191206.txt", - "https://www.tenable.com/security/tns-2019-09" + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ], - "PublishedDate": "2019-12-06T18:15:00Z", - "LastModifiedDate": "2019-12-25T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1563", - "PkgName": "libcrypto1.1", - "InstalledVersion": "1.1.1c-r0", - "FixedVersion": "1.1.1d-r0", - "Layer": { - "Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609", - "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", - "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey", - "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-311" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 3.7 - } - }, - "References": [ - "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", - "https://seclists.org/bugtraq/2019/Sep/25", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-12T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1547", - "PkgName": "libcrypto1.1", - "InstalledVersion": "1.1.1c-r0", - "FixedVersion": "1.1.1d-r0", - "Layer": { - "Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609", - "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1547", - "Title": "openssl: side-channel weak encryption vulnerability", - "Description": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", - "Severity": "LOW", - "CweIDs": [ - "CWE-311" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 1.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.5 - } - }, - "References": [ - "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", - "https://arxiv.org/abs/1909.01785", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a", - "https://seclists.org/bugtraq/2019/Sep/25", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-12T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1549", - "PkgName": "libssl1.1", - "InstalledVersion": "1.1.1c-r0", - "FixedVersion": "1.1.1d-r0", - "Layer": { - "Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609", - "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1549", - "Title": "openssl: information disclosure in fork()", - "Description": "OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-330" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.8 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://support.f5.com/csp/article/K44070243", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-19T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1551", - "PkgName": "libssl1.1", - "InstalledVersion": "1.1.1c-r0", - "FixedVersion": "1.1.1d-r2", - "Layer": { - "Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609", - "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", - "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64", - "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.8 - } - }, - "References": [ - "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98", - "https://github.com/openssl/openssl/pull/10575", - "https://seclists.org/bugtraq/2019/Dec/39", - "https://seclists.org/bugtraq/2019/Dec/46", - "https://security.netapp.com/advisory/ntap-20191210-0001/", - "https://www.debian.org/security/2019/dsa-4594", - "https://www.openssl.org/news/secadv/20191206.txt", - "https://www.tenable.com/security/tns-2019-09" - ], - "PublishedDate": "2019-12-06T18:15:00Z", - "LastModifiedDate": "2019-12-25T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1563", - "PkgName": "libssl1.1", - "InstalledVersion": "1.1.1c-r0", - "FixedVersion": "1.1.1d-r0", - "Layer": { - "Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609", - "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", - "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey", - "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-311" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 3.7 - } - }, - "References": [ - "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", - "https://seclists.org/bugtraq/2019/Sep/25", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-12T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1547", - "PkgName": "libssl1.1", - "InstalledVersion": "1.1.1c-r0", - "FixedVersion": "1.1.1d-r0", - "Layer": { - "Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609", - "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1547", - "Title": "openssl: side-channel weak encryption vulnerability", - "Description": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", - "Severity": "LOW", - "CweIDs": [ - "CWE-311" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 1.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.5 - } - }, - "References": [ - "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", - "https://arxiv.org/abs/1909.01785", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a", - "https://seclists.org/bugtraq/2019/Sep/25", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-12T16:15:00Z" + "Image": "sha256:06f4121dff4d0123ce11bd2e44f48da9ba9ddcd23ae376ea1f363f63ea0849b5", + "ArgsEscaped": true } - ] - } -] \ No newline at end of file + } + }, + "Results": [ + { + "Target": "testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2)", + "Class": "os-pkgs", + "Type": "alpine", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2019-1549", + "PkgName": "libcrypto1.1", + "InstalledVersion": "1.1.1c-r0", + "FixedVersion": "1.1.1d-r0", + "Layer": { + "Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609", + "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1549", + "Title": "openssl: information disclosure in fork()", + "Description": "OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-330" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/", + "https://security.netapp.com/advisory/ntap-20190919-0002/", + "https://support.f5.com/csp/article/K44070243", + "https://www.openssl.org/news/secadv/20190910.txt" + ], + "PublishedDate": "2019-09-10T17:15:00Z", + "LastModifiedDate": "2019-09-19T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1551", + "PkgName": "libcrypto1.1", + "InstalledVersion": "1.1.1c-r0", + "FixedVersion": "1.1.1d-r2", + "Layer": { + "Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609", + "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", + "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64", + "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98", + "https://github.com/openssl/openssl/pull/10575", + "https://seclists.org/bugtraq/2019/Dec/39", + "https://seclists.org/bugtraq/2019/Dec/46", + "https://security.netapp.com/advisory/ntap-20191210-0001/", + "https://www.debian.org/security/2019/dsa-4594", + "https://www.openssl.org/news/secadv/20191206.txt", + "https://www.tenable.com/security/tns-2019-09" + ], + "PublishedDate": "2019-12-06T18:15:00Z", + "LastModifiedDate": "2019-12-25T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1563", + "PkgName": "libcrypto1.1", + "InstalledVersion": "1.1.1c-r0", + "FixedVersion": "1.1.1d-r0", + "Layer": { + "Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609", + "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", + "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey", + "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-311" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", + "https://seclists.org/bugtraq/2019/Sep/25", + "https://security.netapp.com/advisory/ntap-20190919-0002/", + "https://www.openssl.org/news/secadv/20190910.txt" + ], + "PublishedDate": "2019-09-10T17:15:00Z", + "LastModifiedDate": "2019-09-12T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1547", + "PkgName": "libcrypto1.1", + "InstalledVersion": "1.1.1c-r0", + "FixedVersion": "1.1.1d-r0", + "Layer": { + "Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609", + "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1547", + "Title": "openssl: side-channel weak encryption vulnerability", + "Description": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", + "Severity": "LOW", + "CweIDs": [ + "CWE-311" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 1.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", + "https://arxiv.org/abs/1909.01785", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a", + "https://seclists.org/bugtraq/2019/Sep/25", + "https://security.netapp.com/advisory/ntap-20190919-0002/", + "https://www.openssl.org/news/secadv/20190910.txt" + ], + "PublishedDate": "2019-09-10T17:15:00Z", + "LastModifiedDate": "2019-09-12T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1549", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.1c-r0", + "FixedVersion": "1.1.1d-r0", + "Layer": { + "Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609", + "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1549", + "Title": "openssl: information disclosure in fork()", + "Description": "OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-330" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/", + "https://security.netapp.com/advisory/ntap-20190919-0002/", + "https://support.f5.com/csp/article/K44070243", + "https://www.openssl.org/news/secadv/20190910.txt" + ], + "PublishedDate": "2019-09-10T17:15:00Z", + "LastModifiedDate": "2019-09-19T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1551", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.1c-r0", + "FixedVersion": "1.1.1d-r2", + "Layer": { + "Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609", + "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", + "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64", + "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98", + "https://github.com/openssl/openssl/pull/10575", + "https://seclists.org/bugtraq/2019/Dec/39", + "https://seclists.org/bugtraq/2019/Dec/46", + "https://security.netapp.com/advisory/ntap-20191210-0001/", + "https://www.debian.org/security/2019/dsa-4594", + "https://www.openssl.org/news/secadv/20191206.txt", + "https://www.tenable.com/security/tns-2019-09" + ], + "PublishedDate": "2019-12-06T18:15:00Z", + "LastModifiedDate": "2019-12-25T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1563", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.1c-r0", + "FixedVersion": "1.1.1d-r0", + "Layer": { + "Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609", + "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", + "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey", + "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-311" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", + "https://seclists.org/bugtraq/2019/Sep/25", + "https://security.netapp.com/advisory/ntap-20190919-0002/", + "https://www.openssl.org/news/secadv/20190910.txt" + ], + "PublishedDate": "2019-09-10T17:15:00Z", + "LastModifiedDate": "2019-09-12T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1547", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.1c-r0", + "FixedVersion": "1.1.1d-r0", + "Layer": { + "Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609", + "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1547", + "Title": "openssl: side-channel weak encryption vulnerability", + "Description": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", + "Severity": "LOW", + "CweIDs": [ + "CWE-311" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 1.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", + "https://arxiv.org/abs/1909.01785", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a", + "https://seclists.org/bugtraq/2019/Sep/25", + "https://security.netapp.com/advisory/ntap-20190919-0002/", + "https://www.openssl.org/news/secadv/20190910.txt" + ], + "PublishedDate": "2019-09-10T17:15:00Z", + "LastModifiedDate": "2019-09-12T16:15:00Z" + } + ] + } + ] +} \ No newline at end of file diff --git a/integration/testdata/alpine-310.json.golden b/integration/testdata/alpine-310.json.golden index f2054794b3..da8f4b2fc9 100644 --- a/integration/testdata/alpine-310.json.golden +++ b/integration/testdata/alpine-310.json.golden @@ -1,325 +1,375 @@ -[ - { - "Target": "testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2)", - "Class": "os-pkgs", - "Type": "alpine", - "Vulnerabilities": [ - { - "VulnerabilityID": "CVE-2019-1549", - "PkgName": "libcrypto1.1", - "InstalledVersion": "1.1.1c-r0", - "FixedVersion": "1.1.1d-r0", - "Layer": { - "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" +{ + "SchemaVersion": 2, + "ArtifactName": "testdata/fixtures/images/alpine-310.tar.gz", + "ArtifactType": "container_image", + "Metadata": { + "OS": { + "Family": "alpine", + "Name": "3.10.2", + "EOSL": true + }, + "ImageID": "sha256:961769676411f082461f9ef46626dd7a2d1e2b2a38e6a44364bcbecf51e66dd4", + "DiffIDs": [ + "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" + ], + "ImageConfig": { + "architecture": "amd64", + "container": "0a80155a31551fcc1a36fccbbda79fcd3f0b1c7d270653d00310e6e2217c57e6", + "created": "2019-08-20T20:19:55.211423266Z", + "docker_version": "18.06.1-ce", + "history": [ + { + "created": "2019-08-20T20:19:55.062606894Z", + "created_by": "/bin/sh -c #(nop) ADD file:fe64057fbb83dccb960efabbf1cd8777920ef279a7fa8dbca0a8801c651bdf7c in / " }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1549", - "Title": "openssl: information disclosure in fork()", - "Description": "OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-330" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.8 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://support.f5.com/csp/article/K44070243", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-19T17:15:00Z" + { + "created": "2019-08-20T20:19:55.211423266Z", + "created_by": "/bin/sh -c #(nop) CMD [\"/bin/sh\"]", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" + ] }, - { - "VulnerabilityID": "CVE-2019-1551", - "PkgName": "libcrypto1.1", - "InstalledVersion": "1.1.1c-r0", - "FixedVersion": "1.1.1d-r2", - "Layer": { - "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", - "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64", - "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" + "config": { + "Cmd": [ + "/bin/sh" ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.8 - } - }, - "References": [ - "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98", - "https://github.com/openssl/openssl/pull/10575", - "https://seclists.org/bugtraq/2019/Dec/39", - "https://seclists.org/bugtraq/2019/Dec/46", - "https://security.netapp.com/advisory/ntap-20191210-0001/", - "https://www.debian.org/security/2019/dsa-4594", - "https://www.openssl.org/news/secadv/20191206.txt", - "https://www.tenable.com/security/tns-2019-09" + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ], - "PublishedDate": "2019-12-06T18:15:00Z", - "LastModifiedDate": "2019-12-25T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1563", - "PkgName": "libcrypto1.1", - "InstalledVersion": "1.1.1c-r0", - "FixedVersion": "1.1.1d-r0", - "Layer": { - "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", - "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey", - "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-311" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 3.7 - } - }, - "References": [ - "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", - "https://seclists.org/bugtraq/2019/Sep/25", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-12T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1547", - "PkgName": "libcrypto1.1", - "InstalledVersion": "1.1.1c-r0", - "FixedVersion": "1.1.1d-r0", - "Layer": { - "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1547", - "Title": "openssl: side-channel weak encryption vulnerability", - "Description": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", - "Severity": "LOW", - "CweIDs": [ - "CWE-311" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 1.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.5 - } - }, - "References": [ - "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", - "https://arxiv.org/abs/1909.01785", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a", - "https://seclists.org/bugtraq/2019/Sep/25", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-12T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1549", - "PkgName": "libssl1.1", - "InstalledVersion": "1.1.1c-r0", - "FixedVersion": "1.1.1d-r0", - "Layer": { - "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1549", - "Title": "openssl: information disclosure in fork()", - "Description": "OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-330" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.8 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://support.f5.com/csp/article/K44070243", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-19T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1551", - "PkgName": "libssl1.1", - "InstalledVersion": "1.1.1c-r0", - "FixedVersion": "1.1.1d-r2", - "Layer": { - "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", - "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64", - "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.8 - } - }, - "References": [ - "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98", - "https://github.com/openssl/openssl/pull/10575", - "https://seclists.org/bugtraq/2019/Dec/39", - "https://seclists.org/bugtraq/2019/Dec/46", - "https://security.netapp.com/advisory/ntap-20191210-0001/", - "https://www.debian.org/security/2019/dsa-4594", - "https://www.openssl.org/news/secadv/20191206.txt", - "https://www.tenable.com/security/tns-2019-09" - ], - "PublishedDate": "2019-12-06T18:15:00Z", - "LastModifiedDate": "2019-12-25T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1563", - "PkgName": "libssl1.1", - "InstalledVersion": "1.1.1c-r0", - "FixedVersion": "1.1.1d-r0", - "Layer": { - "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", - "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey", - "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-311" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 3.7 - } - }, - "References": [ - "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", - "https://seclists.org/bugtraq/2019/Sep/25", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-12T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1547", - "PkgName": "libssl1.1", - "InstalledVersion": "1.1.1c-r0", - "FixedVersion": "1.1.1d-r0", - "Layer": { - "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1547", - "Title": "openssl: side-channel weak encryption vulnerability", - "Description": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", - "Severity": "LOW", - "CweIDs": [ - "CWE-311" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 1.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.5 - } - }, - "References": [ - "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", - "https://arxiv.org/abs/1909.01785", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a", - "https://seclists.org/bugtraq/2019/Sep/25", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-12T16:15:00Z" + "Image": "sha256:06f4121dff4d0123ce11bd2e44f48da9ba9ddcd23ae376ea1f363f63ea0849b5", + "ArgsEscaped": true } - ] - } -] \ No newline at end of file + } + }, + "Results": [ + { + "Target": "testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2)", + "Class": "os-pkgs", + "Type": "alpine", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2019-1549", + "PkgName": "libcrypto1.1", + "InstalledVersion": "1.1.1c-r0", + "FixedVersion": "1.1.1d-r0", + "Layer": { + "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1549", + "Title": "openssl: information disclosure in fork()", + "Description": "OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-330" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/", + "https://security.netapp.com/advisory/ntap-20190919-0002/", + "https://support.f5.com/csp/article/K44070243", + "https://www.openssl.org/news/secadv/20190910.txt" + ], + "PublishedDate": "2019-09-10T17:15:00Z", + "LastModifiedDate": "2019-09-19T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1551", + "PkgName": "libcrypto1.1", + "InstalledVersion": "1.1.1c-r0", + "FixedVersion": "1.1.1d-r2", + "Layer": { + "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", + "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64", + "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98", + "https://github.com/openssl/openssl/pull/10575", + "https://seclists.org/bugtraq/2019/Dec/39", + "https://seclists.org/bugtraq/2019/Dec/46", + "https://security.netapp.com/advisory/ntap-20191210-0001/", + "https://www.debian.org/security/2019/dsa-4594", + "https://www.openssl.org/news/secadv/20191206.txt", + "https://www.tenable.com/security/tns-2019-09" + ], + "PublishedDate": "2019-12-06T18:15:00Z", + "LastModifiedDate": "2019-12-25T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1563", + "PkgName": "libcrypto1.1", + "InstalledVersion": "1.1.1c-r0", + "FixedVersion": "1.1.1d-r0", + "Layer": { + "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", + "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey", + "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-311" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", + "https://seclists.org/bugtraq/2019/Sep/25", + "https://security.netapp.com/advisory/ntap-20190919-0002/", + "https://www.openssl.org/news/secadv/20190910.txt" + ], + "PublishedDate": "2019-09-10T17:15:00Z", + "LastModifiedDate": "2019-09-12T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1547", + "PkgName": "libcrypto1.1", + "InstalledVersion": "1.1.1c-r0", + "FixedVersion": "1.1.1d-r0", + "Layer": { + "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1547", + "Title": "openssl: side-channel weak encryption vulnerability", + "Description": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", + "Severity": "LOW", + "CweIDs": [ + "CWE-311" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 1.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", + "https://arxiv.org/abs/1909.01785", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a", + "https://seclists.org/bugtraq/2019/Sep/25", + "https://security.netapp.com/advisory/ntap-20190919-0002/", + "https://www.openssl.org/news/secadv/20190910.txt" + ], + "PublishedDate": "2019-09-10T17:15:00Z", + "LastModifiedDate": "2019-09-12T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1549", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.1c-r0", + "FixedVersion": "1.1.1d-r0", + "Layer": { + "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1549", + "Title": "openssl: information disclosure in fork()", + "Description": "OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-330" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/", + "https://security.netapp.com/advisory/ntap-20190919-0002/", + "https://support.f5.com/csp/article/K44070243", + "https://www.openssl.org/news/secadv/20190910.txt" + ], + "PublishedDate": "2019-09-10T17:15:00Z", + "LastModifiedDate": "2019-09-19T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1551", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.1c-r0", + "FixedVersion": "1.1.1d-r2", + "Layer": { + "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", + "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64", + "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98", + "https://github.com/openssl/openssl/pull/10575", + "https://seclists.org/bugtraq/2019/Dec/39", + "https://seclists.org/bugtraq/2019/Dec/46", + "https://security.netapp.com/advisory/ntap-20191210-0001/", + "https://www.debian.org/security/2019/dsa-4594", + "https://www.openssl.org/news/secadv/20191206.txt", + "https://www.tenable.com/security/tns-2019-09" + ], + "PublishedDate": "2019-12-06T18:15:00Z", + "LastModifiedDate": "2019-12-25T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1563", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.1c-r0", + "FixedVersion": "1.1.1d-r0", + "Layer": { + "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", + "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey", + "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-311" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", + "https://seclists.org/bugtraq/2019/Sep/25", + "https://security.netapp.com/advisory/ntap-20190919-0002/", + "https://www.openssl.org/news/secadv/20190910.txt" + ], + "PublishedDate": "2019-09-10T17:15:00Z", + "LastModifiedDate": "2019-09-12T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1547", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.1c-r0", + "FixedVersion": "1.1.1d-r0", + "Layer": { + "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1547", + "Title": "openssl: side-channel weak encryption vulnerability", + "Description": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", + "Severity": "LOW", + "CweIDs": [ + "CWE-311" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 1.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", + "https://arxiv.org/abs/1909.01785", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a", + "https://seclists.org/bugtraq/2019/Sep/25", + "https://security.netapp.com/advisory/ntap-20190919-0002/", + "https://www.openssl.org/news/secadv/20190910.txt" + ], + "PublishedDate": "2019-09-10T17:15:00Z", + "LastModifiedDate": "2019-09-12T16:15:00Z" + } + ] + } + ] +} \ No newline at end of file diff --git a/integration/testdata/alpine-39.json.golden b/integration/testdata/alpine-39.json.golden index 07e5590fef..67920b552e 100644 --- a/integration/testdata/alpine-39.json.golden +++ b/integration/testdata/alpine-39.json.golden @@ -1,385 +1,435 @@ -[ - { - "Target": "testdata/fixtures/images/alpine-39.tar.gz (alpine 3.9.4)", - "Class": "os-pkgs", - "Type": "alpine", - "Vulnerabilities": [ - { - "VulnerabilityID": "CVE-2019-1549", - "PkgName": "libcrypto1.1", - "InstalledVersion": "1.1.1b-r1", - "FixedVersion": "1.1.1d-r0", - "Layer": { - "DiffID": "sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81" +{ + "SchemaVersion": 2, + "ArtifactName": "testdata/fixtures/images/alpine-39.tar.gz", + "ArtifactType": "container_image", + "Metadata": { + "OS": { + "Family": "alpine", + "Name": "3.9.4", + "EOSL": true + }, + "ImageID": "sha256:055936d3920576da37aa9bc460d70c5f212028bda1c08c0879aedf03d7a66ea1", + "DiffIDs": [ + "sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81" + ], + "ImageConfig": { + "architecture": "amd64", + "container": "c10d36fa368a7ea673683682666758adf35efe98e10989505f4f566b5b18538f", + "created": "2019-05-11T00:07:03.510395965Z", + "docker_version": "18.06.1-ce", + "history": [ + { + "created": "2019-05-11T00:07:03.358250803Z", + "created_by": "/bin/sh -c #(nop) ADD file:a86aea1f3a7d68f6ae03397b99ea77f2e9ee901c5c59e59f76f93adbb4035913 in / " }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1549", - "Title": "openssl: information disclosure in fork()", - "Description": "OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-330" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.8 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://support.f5.com/csp/article/K44070243", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-19T17:15:00Z" + { + "created": "2019-05-11T00:07:03.510395965Z", + "created_by": "/bin/sh -c #(nop) CMD [\"/bin/sh\"]", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81" + ] }, - { - "VulnerabilityID": "CVE-2019-1551", - "PkgName": "libcrypto1.1", - "InstalledVersion": "1.1.1b-r1", - "FixedVersion": "1.1.1d-r2", - "Layer": { - "DiffID": "sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", - "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64", - "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" + "config": { + "Cmd": [ + "/bin/sh" ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.8 - } - }, - "References": [ - "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98", - "https://github.com/openssl/openssl/pull/10575", - "https://seclists.org/bugtraq/2019/Dec/39", - "https://seclists.org/bugtraq/2019/Dec/46", - "https://security.netapp.com/advisory/ntap-20191210-0001/", - "https://www.debian.org/security/2019/dsa-4594", - "https://www.openssl.org/news/secadv/20191206.txt", - "https://www.tenable.com/security/tns-2019-09" + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ], - "PublishedDate": "2019-12-06T18:15:00Z", - "LastModifiedDate": "2019-12-25T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1563", - "PkgName": "libcrypto1.1", - "InstalledVersion": "1.1.1b-r1", - "FixedVersion": "1.1.1d-r0", - "Layer": { - "DiffID": "sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", - "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey", - "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-311" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 3.7 - } - }, - "References": [ - "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", - "https://seclists.org/bugtraq/2019/Sep/25", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-12T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1547", - "PkgName": "libcrypto1.1", - "InstalledVersion": "1.1.1b-r1", - "FixedVersion": "1.1.1d-r0", - "Layer": { - "DiffID": "sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1547", - "Title": "openssl: side-channel weak encryption vulnerability", - "Description": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", - "Severity": "LOW", - "CweIDs": [ - "CWE-311" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 1.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.5 - } - }, - "References": [ - "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", - "https://arxiv.org/abs/1909.01785", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a", - "https://seclists.org/bugtraq/2019/Sep/25", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-12T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1549", - "PkgName": "libssl1.1", - "InstalledVersion": "1.1.1b-r1", - "FixedVersion": "1.1.1d-r0", - "Layer": { - "DiffID": "sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1549", - "Title": "openssl: information disclosure in fork()", - "Description": "OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-330" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.8 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://support.f5.com/csp/article/K44070243", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-19T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1551", - "PkgName": "libssl1.1", - "InstalledVersion": "1.1.1b-r1", - "FixedVersion": "1.1.1d-r2", - "Layer": { - "DiffID": "sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", - "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64", - "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.8 - } - }, - "References": [ - "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98", - "https://github.com/openssl/openssl/pull/10575", - "https://seclists.org/bugtraq/2019/Dec/39", - "https://seclists.org/bugtraq/2019/Dec/46", - "https://security.netapp.com/advisory/ntap-20191210-0001/", - "https://www.debian.org/security/2019/dsa-4594", - "https://www.openssl.org/news/secadv/20191206.txt", - "https://www.tenable.com/security/tns-2019-09" - ], - "PublishedDate": "2019-12-06T18:15:00Z", - "LastModifiedDate": "2019-12-25T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1563", - "PkgName": "libssl1.1", - "InstalledVersion": "1.1.1b-r1", - "FixedVersion": "1.1.1d-r0", - "Layer": { - "DiffID": "sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", - "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey", - "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-311" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 3.7 - } - }, - "References": [ - "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", - "https://seclists.org/bugtraq/2019/Sep/25", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-12T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1547", - "PkgName": "libssl1.1", - "InstalledVersion": "1.1.1b-r1", - "FixedVersion": "1.1.1d-r0", - "Layer": { - "DiffID": "sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1547", - "Title": "openssl: side-channel weak encryption vulnerability", - "Description": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", - "Severity": "LOW", - "CweIDs": [ - "CWE-311" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 1.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.5 - } - }, - "References": [ - "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", - "https://arxiv.org/abs/1909.01785", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a", - "https://seclists.org/bugtraq/2019/Sep/25", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-12T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-14697", - "PkgName": "musl", - "InstalledVersion": "1.1.20-r4", - "FixedVersion": "1.1.20-r5", - "Layer": { - "DiffID": "sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14697", - "Description": "musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2019/08/06/4", - "https://www.openwall.com/lists/musl/2019/08/06/1" - ], - "PublishedDate": "2019-08-06T16:15:00Z", - "LastModifiedDate": "2019-08-14T17:28:00Z" - }, - { - "VulnerabilityID": "CVE-2019-14697", - "PkgName": "musl-utils", - "InstalledVersion": "1.1.20-r4", - "FixedVersion": "1.1.20-r5", - "Layer": { - "DiffID": "sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14697", - "Description": "musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2019/08/06/4", - "https://www.openwall.com/lists/musl/2019/08/06/1" - ], - "PublishedDate": "2019-08-06T16:15:00Z", - "LastModifiedDate": "2019-08-14T17:28:00Z" + "Image": "sha256:09f2bbe58e774849d74dc1391c2e01731896c745c4aba1ecf69a283bdb4b537a", + "ArgsEscaped": true } - ] - } -] \ No newline at end of file + } + }, + "Results": [ + { + "Target": "testdata/fixtures/images/alpine-39.tar.gz (alpine 3.9.4)", + "Class": "os-pkgs", + "Type": "alpine", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2019-1549", + "PkgName": "libcrypto1.1", + "InstalledVersion": "1.1.1b-r1", + "FixedVersion": "1.1.1d-r0", + "Layer": { + "DiffID": "sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1549", + "Title": "openssl: information disclosure in fork()", + "Description": "OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-330" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/", + "https://security.netapp.com/advisory/ntap-20190919-0002/", + "https://support.f5.com/csp/article/K44070243", + "https://www.openssl.org/news/secadv/20190910.txt" + ], + "PublishedDate": "2019-09-10T17:15:00Z", + "LastModifiedDate": "2019-09-19T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1551", + "PkgName": "libcrypto1.1", + "InstalledVersion": "1.1.1b-r1", + "FixedVersion": "1.1.1d-r2", + "Layer": { + "DiffID": "sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", + "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64", + "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98", + "https://github.com/openssl/openssl/pull/10575", + "https://seclists.org/bugtraq/2019/Dec/39", + "https://seclists.org/bugtraq/2019/Dec/46", + "https://security.netapp.com/advisory/ntap-20191210-0001/", + "https://www.debian.org/security/2019/dsa-4594", + "https://www.openssl.org/news/secadv/20191206.txt", + "https://www.tenable.com/security/tns-2019-09" + ], + "PublishedDate": "2019-12-06T18:15:00Z", + "LastModifiedDate": "2019-12-25T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1563", + "PkgName": "libcrypto1.1", + "InstalledVersion": "1.1.1b-r1", + "FixedVersion": "1.1.1d-r0", + "Layer": { + "DiffID": "sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", + "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey", + "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-311" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", + "https://seclists.org/bugtraq/2019/Sep/25", + "https://security.netapp.com/advisory/ntap-20190919-0002/", + "https://www.openssl.org/news/secadv/20190910.txt" + ], + "PublishedDate": "2019-09-10T17:15:00Z", + "LastModifiedDate": "2019-09-12T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1547", + "PkgName": "libcrypto1.1", + "InstalledVersion": "1.1.1b-r1", + "FixedVersion": "1.1.1d-r0", + "Layer": { + "DiffID": "sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1547", + "Title": "openssl: side-channel weak encryption vulnerability", + "Description": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", + "Severity": "LOW", + "CweIDs": [ + "CWE-311" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 1.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", + "https://arxiv.org/abs/1909.01785", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a", + "https://seclists.org/bugtraq/2019/Sep/25", + "https://security.netapp.com/advisory/ntap-20190919-0002/", + "https://www.openssl.org/news/secadv/20190910.txt" + ], + "PublishedDate": "2019-09-10T17:15:00Z", + "LastModifiedDate": "2019-09-12T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1549", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.1b-r1", + "FixedVersion": "1.1.1d-r0", + "Layer": { + "DiffID": "sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1549", + "Title": "openssl: information disclosure in fork()", + "Description": "OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-330" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/", + "https://security.netapp.com/advisory/ntap-20190919-0002/", + "https://support.f5.com/csp/article/K44070243", + "https://www.openssl.org/news/secadv/20190910.txt" + ], + "PublishedDate": "2019-09-10T17:15:00Z", + "LastModifiedDate": "2019-09-19T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1551", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.1b-r1", + "FixedVersion": "1.1.1d-r2", + "Layer": { + "DiffID": "sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", + "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64", + "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98", + "https://github.com/openssl/openssl/pull/10575", + "https://seclists.org/bugtraq/2019/Dec/39", + "https://seclists.org/bugtraq/2019/Dec/46", + "https://security.netapp.com/advisory/ntap-20191210-0001/", + "https://www.debian.org/security/2019/dsa-4594", + "https://www.openssl.org/news/secadv/20191206.txt", + "https://www.tenable.com/security/tns-2019-09" + ], + "PublishedDate": "2019-12-06T18:15:00Z", + "LastModifiedDate": "2019-12-25T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1563", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.1b-r1", + "FixedVersion": "1.1.1d-r0", + "Layer": { + "DiffID": "sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", + "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey", + "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-311" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", + "https://seclists.org/bugtraq/2019/Sep/25", + "https://security.netapp.com/advisory/ntap-20190919-0002/", + "https://www.openssl.org/news/secadv/20190910.txt" + ], + "PublishedDate": "2019-09-10T17:15:00Z", + "LastModifiedDate": "2019-09-12T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1547", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.1b-r1", + "FixedVersion": "1.1.1d-r0", + "Layer": { + "DiffID": "sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1547", + "Title": "openssl: side-channel weak encryption vulnerability", + "Description": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", + "Severity": "LOW", + "CweIDs": [ + "CWE-311" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 1.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", + "https://arxiv.org/abs/1909.01785", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a", + "https://seclists.org/bugtraq/2019/Sep/25", + "https://security.netapp.com/advisory/ntap-20190919-0002/", + "https://www.openssl.org/news/secadv/20190910.txt" + ], + "PublishedDate": "2019-09-10T17:15:00Z", + "LastModifiedDate": "2019-09-12T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-14697", + "PkgName": "musl", + "InstalledVersion": "1.1.20-r4", + "FixedVersion": "1.1.20-r5", + "Layer": { + "DiffID": "sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14697", + "Description": "musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2019/08/06/4", + "https://www.openwall.com/lists/musl/2019/08/06/1" + ], + "PublishedDate": "2019-08-06T16:15:00Z", + "LastModifiedDate": "2019-08-14T17:28:00Z" + }, + { + "VulnerabilityID": "CVE-2019-14697", + "PkgName": "musl-utils", + "InstalledVersion": "1.1.20-r4", + "FixedVersion": "1.1.20-r5", + "Layer": { + "DiffID": "sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14697", + "Description": "musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2019/08/06/4", + "https://www.openwall.com/lists/musl/2019/08/06/1" + ], + "PublishedDate": "2019-08-06T16:15:00Z", + "LastModifiedDate": "2019-08-14T17:28:00Z" + } + ] + } + ] +} \ No newline at end of file diff --git a/integration/testdata/amazon-1.json.golden b/integration/testdata/amazon-1.json.golden index d4a66f07cc..ceabefcd39 100644 --- a/integration/testdata/amazon-1.json.golden +++ b/integration/testdata/amazon-1.json.golden @@ -1,670 +1,719 @@ -[ - { - "Target": "testdata/fixtures/images/amazon-1.tar.gz (amazon AMI release 2018.03)", - "Class": "os-pkgs", - "Type": "amazon", - "Vulnerabilities": [ - { - "VulnerabilityID": "CVE-2019-5481", - "PkgName": "curl", - "InstalledVersion": "7.61.1-11.91.amzn1", - "FixedVersion": "7.61.1-12.93.amzn1", - "Layer": { - "DiffID": "sha256:984fe1509738f6f00f34d9be7398b07ebeb8b98dda077ff6be2cdb87111b73cf" +{ + "SchemaVersion": 2, + "ArtifactName": "testdata/fixtures/images/amazon-1.tar.gz", + "ArtifactType": "container_image", + "Metadata": { + "OS": { + "Family": "amazon", + "Name": "AMI release 2018.03" + }, + "ImageID": "sha256:961c4ee06269351d858969ea0426878675ed708d3a140246eabbc0bfc352bffa", + "DiffIDs": [ + "sha256:984fe1509738f6f00f34d9be7398b07ebeb8b98dda077ff6be2cdb87111b73cf" + ], + "ImageConfig": { + "architecture": "amd64", + "container": "ef1b126795001e9b4bdc14a01180e4d8146282d279f53e05adfaa8195ecda20e", + "created": "2019-09-05T23:37:46.854286502Z", + "docker_version": "18.06.1-ce", + "history": [ + { + "created": "2019-09-05T23:37:46.575366692Z", + "created_by": "/bin/sh -c #(nop) ADD file:45ed06ba8960dec70e01e809fe38df2718d4b16aa2b0f88835522d8366de71e3 in / " }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5481", - "Title": "curl: double free due to subsequent call of realloc()", - "Description": "Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", - "https://curl.haxx.se/docs/CVE-2019-5481.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5481", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", - "https://usn.ubuntu.com/usn/usn-4129-1" - ], - "PublishedDate": "2019-09-16T19:15:00Z", - "LastModifiedDate": "2019-09-18T00:15:00Z" + { + "created": "2019-09-05T23:37:46.854286502Z", + "created_by": "/bin/sh -c #(nop) CMD [\"/bin/bash\"]", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:984fe1509738f6f00f34d9be7398b07ebeb8b98dda077ff6be2cdb87111b73cf" + ] }, - { - "VulnerabilityID": "CVE-2019-5482", - "PkgName": "curl", - "InstalledVersion": "7.61.1-11.91.amzn1", - "FixedVersion": "7.61.1-12.93.amzn1", - "Layer": { - "DiffID": "sha256:984fe1509738f6f00f34d9be7398b07ebeb8b98dda077ff6be2cdb87111b73cf" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5482", - "Title": "curl: heap buffer overflow in function tftp_receive_packet()", - "Description": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-120" + "config": { + "Cmd": [ + "/bin/bash" ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 6.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", - "https://curl.haxx.se/docs/CVE-2019-5482.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", - "https://usn.ubuntu.com/usn/usn-4129-1", - "https://usn.ubuntu.com/usn/usn-4129-2" + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ], - "PublishedDate": "2019-09-16T19:15:00Z", - "LastModifiedDate": "2019-09-18T00:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-18218", - "PkgName": "file-libs", - "InstalledVersion": "5.34-3.37.amzn1", - "FixedVersion": "5.37-8.48.amzn1", - "Layer": { - "DiffID": "sha256:984fe1509738f6f00f34d9be7398b07ebeb8b98dda077ff6be2cdb87111b73cf" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18218", - "Title": "file: heap-based buffer overflow in cdf_read_property_info in cdf.c", - "Description": "cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16780", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18218", - "https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84", - "https://lists.debian.org/debian-lts-announce/2019/10/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CV6PFCEYHYALMTT45QE2U5C5TEJZQPXJ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VBK6XOJR6OVWT2FUEBO7V7KCOSSLAP52/", - "https://usn.ubuntu.com/4172-1/", - "https://usn.ubuntu.com/4172-2/", - "https://usn.ubuntu.com/usn/usn-4172-1", - "https://usn.ubuntu.com/usn/usn-4172-2", - "https://www.debian.org/security/2019/dsa-4550" - ], - "PublishedDate": "2019-10-21T05:15:00Z", - "LastModifiedDate": "2019-10-26T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10739", - "PkgName": "glibc", - "InstalledVersion": "2.17-260.175.amzn1", - "FixedVersion": "2.17-292.178.amzn1", - "Layer": { - "DiffID": "sha256:984fe1509738f6f00f34d9be7398b07ebeb8b98dda077ff6be2cdb87111b73cf" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10739", - "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4.6, - "V3Score": 5.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-10739.html", - "http://linux.oracle.com/errata/ELSA-2019-3513.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html", - "http://www.securityfocus.com/bid/106672", - "https://access.redhat.com/errata/RHSA-2019:2118", - "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20018" - ], - "PublishedDate": "2019-01-21T19:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10739", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-260.175.amzn1", - "FixedVersion": "2.17-292.178.amzn1", - "Layer": { - "DiffID": "sha256:984fe1509738f6f00f34d9be7398b07ebeb8b98dda077ff6be2cdb87111b73cf" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10739", - "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4.6, - "V3Score": 5.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-10739.html", - "http://linux.oracle.com/errata/ELSA-2019-3513.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html", - "http://www.securityfocus.com/bid/106672", - "https://access.redhat.com/errata/RHSA-2019:2118", - "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20018" - ], - "PublishedDate": "2019-01-21T19:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5481", - "PkgName": "libcurl", - "InstalledVersion": "7.61.1-11.91.amzn1", - "FixedVersion": "7.61.1-12.93.amzn1", - "Layer": { - "DiffID": "sha256:984fe1509738f6f00f34d9be7398b07ebeb8b98dda077ff6be2cdb87111b73cf" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5481", - "Title": "curl: double free due to subsequent call of realloc()", - "Description": "Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", - "https://curl.haxx.se/docs/CVE-2019-5481.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5481", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", - "https://usn.ubuntu.com/usn/usn-4129-1" - ], - "PublishedDate": "2019-09-16T19:15:00Z", - "LastModifiedDate": "2019-09-18T00:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5482", - "PkgName": "libcurl", - "InstalledVersion": "7.61.1-11.91.amzn1", - "FixedVersion": "7.61.1-12.93.amzn1", - "Layer": { - "DiffID": "sha256:984fe1509738f6f00f34d9be7398b07ebeb8b98dda077ff6be2cdb87111b73cf" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5482", - "Title": "curl: heap buffer overflow in function tftp_receive_packet()", - "Description": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-120" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 6.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", - "https://curl.haxx.se/docs/CVE-2019-5482.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", - "https://usn.ubuntu.com/usn/usn-4129-1", - "https://usn.ubuntu.com/usn/usn-4129-2" - ], - "PublishedDate": "2019-09-16T19:15:00Z", - "LastModifiedDate": "2019-09-18T00:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-12290", - "PkgName": "libidn2", - "InstalledVersion": "0.16-1.2.amzn1", - "FixedVersion": "2.3.0-1.4.amzn1", - "Layer": { - "DiffID": "sha256:984fe1509738f6f00f34d9be7398b07ebeb8b98dda077ff6be2cdb87111b73cf" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12290", - "Description": "GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V2Score": 5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12290", - "https://gitlab.com/libidn/libidn2/commit/241e8f486134793cb0f4a5b0e5817a97883401f5", - "https://gitlab.com/libidn/libidn2/commit/614117ef6e4c60e1950d742e3edf0a0ef8d389de", - "https://gitlab.com/libidn/libidn2/merge_requests/71", - "https://usn.ubuntu.com/4168-1/", - "https://usn.ubuntu.com/usn/usn-4168-1" - ], - "PublishedDate": "2019-10-22T16:15:00Z", - "LastModifiedDate": "2019-10-29T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-18224", - "PkgName": "libidn2", - "InstalledVersion": "0.16-1.2.amzn1", - "FixedVersion": "2.3.0-1.4.amzn1", - "Layer": { - "DiffID": "sha256:984fe1509738f6f00f34d9be7398b07ebeb8b98dda077ff6be2cdb87111b73cf" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18224", - "Title": "libidn2: heap-based buffer overflow in idn2_to_ascii_4i in lib/lookup.c", - "Description": "idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.6 - } - }, - "References": [ - "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12420", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18224", - "https://github.com/libidn/libidn2/commit/e4d1558aa2c1c04a05066ee8600f37603890ba8c", - "https://github.com/libidn/libidn2/compare/libidn2-2.1.0...libidn2-2.1.1", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDQVQ2XPV5BTZUFINT7AFJSKNNBVURNJ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MINU5RKDFE6TKAFY5DRFN3WSFDS4DYVS/", - "https://usn.ubuntu.com/4168-1/", - "https://usn.ubuntu.com/usn/usn-4168-1" - ], - "PublishedDate": "2019-10-21T17:15:00Z", - "LastModifiedDate": "2019-10-29T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9511", - "PkgName": "libnghttp2", - "InstalledVersion": "1.21.1-1.4.amzn1", - "FixedVersion": "1.31.1-2.5.amzn1", - "Layer": { - "DiffID": "sha256:984fe1509738f6f00f34d9be7398b07ebeb8b98dda077ff6be2cdb87111b73cf" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9511", - "Title": "HTTP/2: large amount of data requests leads to denial of service", - "Description": "Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-400" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 7.8, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9511.html", - "http://linux.oracle.com/errata/ELSA-2019-2925.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511", - "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", - "https://kb.cert.org/vuls/id/605641/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/", - "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", - "https://seclists.org/bugtraq/2019/Aug/40", - "https://security.netapp.com/advisory/ntap-20190823-0002/", - "https://security.netapp.com/advisory/ntap-20190823-0005/", - "https://support.f5.com/csp/article/K02591030", - "https://usn.ubuntu.com/4099-1/", - "https://usn.ubuntu.com/usn/usn-4099-1", - "https://www.debian.org/security/2019/dsa-4505", - "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/", - "https://www.synology.com/security/advisory/Synology_SA_19_33" - ], - "PublishedDate": "2019-08-13T21:15:00Z", - "LastModifiedDate": "2019-08-23T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9513", - "PkgName": "libnghttp2", - "InstalledVersion": "1.21.1-1.4.amzn1", - "FixedVersion": "1.31.1-2.5.amzn1", - "Layer": { - "DiffID": "sha256:984fe1509738f6f00f34d9be7398b07ebeb8b98dda077ff6be2cdb87111b73cf" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9513", - "Title": "HTTP/2: flood using PRIORITY frames results in excessive resource consumption", - "Description": "Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-400" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 7.8, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9513.html", - "http://linux.oracle.com/errata/ELSA-2019-2925.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513", - "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", - "https://kb.cert.org/vuls/id/605641/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/", - "https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/", - "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", - "https://seclists.org/bugtraq/2019/Aug/40", - "https://security.netapp.com/advisory/ntap-20190823-0002/", - "https://security.netapp.com/advisory/ntap-20190823-0005/", - "https://support.f5.com/csp/article/K02591030", - "https://usn.ubuntu.com/4099-1/", - "https://usn.ubuntu.com/usn/usn-4099-1", - "https://www.debian.org/security/2019/dsa-4505", - "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/", - "https://www.synology.com/security/advisory/Synology_SA_19_33" - ], - "PublishedDate": "2019-08-13T21:15:00Z", - "LastModifiedDate": "2019-08-23T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1563", - "PkgName": "openssl", - "InstalledVersion": "1:1.0.2k-16.150.amzn1", - "FixedVersion": "1:1.0.2k-16.151.amzn1", - "Layer": { - "DiffID": "sha256:984fe1509738f6f00f34d9be7398b07ebeb8b98dda077ff6be2cdb87111b73cf" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", - "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey", - "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", - "Severity": "LOW", - "CweIDs": [ - "CWE-311" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 3.7 - } - }, - "References": [ - "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", - "https://seclists.org/bugtraq/2019/Sep/25", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-12T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-16056", - "PkgName": "python27", - "InstalledVersion": "2.7.16-1.129.amzn1", - "FixedVersion": "2.7.16-1.130.amzn1", - "Layer": { - "DiffID": "sha256:984fe1509738f6f00f34d9be7398b07ebeb8b98dda077ff6be2cdb87111b73cf" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16056", - "Title": "python: email.utils.parseaddr wrongly parses email addresses", - "Description": "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugs.python.org/issue34155", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16056", - "https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00018.html", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00019.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K4KZEFP6E4YPYB52AF4WXCUDSGQOTF37/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/", - "https://usn.ubuntu.com/usn/usn-4151-1", - "https://usn.ubuntu.com/usn/usn-4151-2" - ], - "PublishedDate": "2019-09-06T18:15:00Z", - "LastModifiedDate": "2019-09-11T05:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-16935", - "PkgName": "python27", - "InstalledVersion": "2.7.16-1.129.amzn1", - "FixedVersion": "2.7.16-1.131.amzn1", - "Layer": { - "DiffID": "sha256:984fe1509738f6f00f34d9be7398b07ebeb8b98dda077ff6be2cdb87111b73cf" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16935", - "Title": "python: XSS vulnerability in the documentation XML-RPC server in server_title field", - "Description": "The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-79" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V3Score": 6.1 - } - }, - "References": [ - "https://bugs.python.org/issue38243", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16935", - "https://github.com/python/cpython/blob/35c0809158be7feae4c4f877a08b93baea2d8291/Lib/xmlrpc/server.py#L897", - "https://github.com/python/cpython/blob/e007860b8b3609ce0bc62b1780efaa06241520bd/Lib/DocXMLRPCServer.py#L213", - "https://github.com/python/cpython/pull/16373", - "https://security.netapp.com/advisory/ntap-20191017-0004/", - "https://usn.ubuntu.com/4151-1/", - "https://usn.ubuntu.com/4151-2/", - "https://usn.ubuntu.com/usn/usn-4151-1", - "https://usn.ubuntu.com/usn/usn-4151-2" - ], - "PublishedDate": "2019-09-28T02:15:00Z", - "LastModifiedDate": "2019-10-09T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-16056", - "PkgName": "python27-libs", - "InstalledVersion": "2.7.16-1.129.amzn1", - "FixedVersion": "2.7.16-1.130.amzn1", - "Layer": { - "DiffID": "sha256:984fe1509738f6f00f34d9be7398b07ebeb8b98dda077ff6be2cdb87111b73cf" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16056", - "Title": "python: email.utils.parseaddr wrongly parses email addresses", - "Description": "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugs.python.org/issue34155", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16056", - "https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00018.html", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00019.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K4KZEFP6E4YPYB52AF4WXCUDSGQOTF37/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/", - "https://usn.ubuntu.com/usn/usn-4151-1", - "https://usn.ubuntu.com/usn/usn-4151-2" - ], - "PublishedDate": "2019-09-06T18:15:00Z", - "LastModifiedDate": "2019-09-11T05:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-16935", - "PkgName": "python27-libs", - "InstalledVersion": "2.7.16-1.129.amzn1", - "FixedVersion": "2.7.16-1.131.amzn1", - "Layer": { - "DiffID": "sha256:984fe1509738f6f00f34d9be7398b07ebeb8b98dda077ff6be2cdb87111b73cf" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16935", - "Title": "python: XSS vulnerability in the documentation XML-RPC server in server_title field", - "Description": "The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-79" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V3Score": 6.1 - } - }, - "References": [ - "https://bugs.python.org/issue38243", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16935", - "https://github.com/python/cpython/blob/35c0809158be7feae4c4f877a08b93baea2d8291/Lib/xmlrpc/server.py#L897", - "https://github.com/python/cpython/blob/e007860b8b3609ce0bc62b1780efaa06241520bd/Lib/DocXMLRPCServer.py#L213", - "https://github.com/python/cpython/pull/16373", - "https://security.netapp.com/advisory/ntap-20191017-0004/", - "https://usn.ubuntu.com/4151-1/", - "https://usn.ubuntu.com/4151-2/", - "https://usn.ubuntu.com/usn/usn-4151-1", - "https://usn.ubuntu.com/usn/usn-4151-2" - ], - "PublishedDate": "2019-09-28T02:15:00Z", - "LastModifiedDate": "2019-10-09T16:15:00Z" + "Image": "sha256:8db654f611aca1693ac658bd981ee35e4b6517e6ef74fa608c4b3b3595a986c8", + "ArgsEscaped": true } - ] - } -] \ No newline at end of file + } + }, + "Results": [ + { + "Target": "testdata/fixtures/images/amazon-1.tar.gz (amazon AMI release 2018.03)", + "Class": "os-pkgs", + "Type": "amazon", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2019-5481", + "PkgName": "curl", + "InstalledVersion": "7.61.1-11.91.amzn1", + "FixedVersion": "7.61.1-12.93.amzn1", + "Layer": { + "DiffID": "sha256:984fe1509738f6f00f34d9be7398b07ebeb8b98dda077ff6be2cdb87111b73cf" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5481", + "Title": "curl: double free due to subsequent call of realloc()", + "Description": "Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.7 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", + "https://curl.haxx.se/docs/CVE-2019-5481.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5481", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", + "https://usn.ubuntu.com/usn/usn-4129-1" + ], + "PublishedDate": "2019-09-16T19:15:00Z", + "LastModifiedDate": "2019-09-18T00:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5482", + "PkgName": "curl", + "InstalledVersion": "7.61.1-11.91.amzn1", + "FixedVersion": "7.61.1-12.93.amzn1", + "Layer": { + "DiffID": "sha256:984fe1509738f6f00f34d9be7398b07ebeb8b98dda077ff6be2cdb87111b73cf" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5482", + "Title": "curl: heap buffer overflow in function tftp_receive_packet()", + "Description": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-120" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 6.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", + "https://curl.haxx.se/docs/CVE-2019-5482.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", + "https://usn.ubuntu.com/usn/usn-4129-1", + "https://usn.ubuntu.com/usn/usn-4129-2" + ], + "PublishedDate": "2019-09-16T19:15:00Z", + "LastModifiedDate": "2019-09-18T00:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-18218", + "PkgName": "file-libs", + "InstalledVersion": "5.34-3.37.amzn1", + "FixedVersion": "5.37-8.48.amzn1", + "Layer": { + "DiffID": "sha256:984fe1509738f6f00f34d9be7398b07ebeb8b98dda077ff6be2cdb87111b73cf" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18218", + "Title": "file: heap-based buffer overflow in cdf_read_property_info in cdf.c", + "Description": "cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16780", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18218", + "https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84", + "https://lists.debian.org/debian-lts-announce/2019/10/msg00032.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CV6PFCEYHYALMTT45QE2U5C5TEJZQPXJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VBK6XOJR6OVWT2FUEBO7V7KCOSSLAP52/", + "https://usn.ubuntu.com/4172-1/", + "https://usn.ubuntu.com/4172-2/", + "https://usn.ubuntu.com/usn/usn-4172-1", + "https://usn.ubuntu.com/usn/usn-4172-2", + "https://www.debian.org/security/2019/dsa-4550" + ], + "PublishedDate": "2019-10-21T05:15:00Z", + "LastModifiedDate": "2019-10-26T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10739", + "PkgName": "glibc", + "InstalledVersion": "2.17-260.175.amzn1", + "FixedVersion": "2.17-292.178.amzn1", + "Layer": { + "DiffID": "sha256:984fe1509738f6f00f34d9be7398b07ebeb8b98dda077ff6be2cdb87111b73cf" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10739", + "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 4.6, + "V3Score": 5.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-10739.html", + "http://linux.oracle.com/errata/ELSA-2019-3513.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html", + "http://www.securityfocus.com/bid/106672", + "https://access.redhat.com/errata/RHSA-2019:2118", + "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20018" + ], + "PublishedDate": "2019-01-21T19:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10739", + "PkgName": "glibc-common", + "InstalledVersion": "2.17-260.175.amzn1", + "FixedVersion": "2.17-292.178.amzn1", + "Layer": { + "DiffID": "sha256:984fe1509738f6f00f34d9be7398b07ebeb8b98dda077ff6be2cdb87111b73cf" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10739", + "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 4.6, + "V3Score": 5.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-10739.html", + "http://linux.oracle.com/errata/ELSA-2019-3513.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html", + "http://www.securityfocus.com/bid/106672", + "https://access.redhat.com/errata/RHSA-2019:2118", + "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20018" + ], + "PublishedDate": "2019-01-21T19:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5481", + "PkgName": "libcurl", + "InstalledVersion": "7.61.1-11.91.amzn1", + "FixedVersion": "7.61.1-12.93.amzn1", + "Layer": { + "DiffID": "sha256:984fe1509738f6f00f34d9be7398b07ebeb8b98dda077ff6be2cdb87111b73cf" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5481", + "Title": "curl: double free due to subsequent call of realloc()", + "Description": "Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.7 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", + "https://curl.haxx.se/docs/CVE-2019-5481.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5481", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", + "https://usn.ubuntu.com/usn/usn-4129-1" + ], + "PublishedDate": "2019-09-16T19:15:00Z", + "LastModifiedDate": "2019-09-18T00:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5482", + "PkgName": "libcurl", + "InstalledVersion": "7.61.1-11.91.amzn1", + "FixedVersion": "7.61.1-12.93.amzn1", + "Layer": { + "DiffID": "sha256:984fe1509738f6f00f34d9be7398b07ebeb8b98dda077ff6be2cdb87111b73cf" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5482", + "Title": "curl: heap buffer overflow in function tftp_receive_packet()", + "Description": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-120" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 6.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", + "https://curl.haxx.se/docs/CVE-2019-5482.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", + "https://usn.ubuntu.com/usn/usn-4129-1", + "https://usn.ubuntu.com/usn/usn-4129-2" + ], + "PublishedDate": "2019-09-16T19:15:00Z", + "LastModifiedDate": "2019-09-18T00:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-12290", + "PkgName": "libidn2", + "InstalledVersion": "0.16-1.2.amzn1", + "FixedVersion": "2.3.0-1.4.amzn1", + "Layer": { + "DiffID": "sha256:984fe1509738f6f00f34d9be7398b07ebeb8b98dda077ff6be2cdb87111b73cf" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12290", + "Description": "GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V2Score": 5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12290", + "https://gitlab.com/libidn/libidn2/commit/241e8f486134793cb0f4a5b0e5817a97883401f5", + "https://gitlab.com/libidn/libidn2/commit/614117ef6e4c60e1950d742e3edf0a0ef8d389de", + "https://gitlab.com/libidn/libidn2/merge_requests/71", + "https://usn.ubuntu.com/4168-1/", + "https://usn.ubuntu.com/usn/usn-4168-1" + ], + "PublishedDate": "2019-10-22T16:15:00Z", + "LastModifiedDate": "2019-10-29T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-18224", + "PkgName": "libidn2", + "InstalledVersion": "0.16-1.2.amzn1", + "FixedVersion": "2.3.0-1.4.amzn1", + "Layer": { + "DiffID": "sha256:984fe1509738f6f00f34d9be7398b07ebeb8b98dda077ff6be2cdb87111b73cf" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18224", + "Title": "libidn2: heap-based buffer overflow in idn2_to_ascii_4i in lib/lookup.c", + "Description": "idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.6 + } + }, + "References": [ + "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18224", + "https://github.com/libidn/libidn2/commit/e4d1558aa2c1c04a05066ee8600f37603890ba8c", + "https://github.com/libidn/libidn2/compare/libidn2-2.1.0...libidn2-2.1.1", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDQVQ2XPV5BTZUFINT7AFJSKNNBVURNJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MINU5RKDFE6TKAFY5DRFN3WSFDS4DYVS/", + "https://usn.ubuntu.com/4168-1/", + "https://usn.ubuntu.com/usn/usn-4168-1" + ], + "PublishedDate": "2019-10-21T17:15:00Z", + "LastModifiedDate": "2019-10-29T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9511", + "PkgName": "libnghttp2", + "InstalledVersion": "1.21.1-1.4.amzn1", + "FixedVersion": "1.31.1-2.5.amzn1", + "Layer": { + "DiffID": "sha256:984fe1509738f6f00f34d9be7398b07ebeb8b98dda077ff6be2cdb87111b73cf" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9511", + "Title": "HTTP/2: large amount of data requests leads to denial of service", + "Description": "Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-400" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 7.8, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9511.html", + "http://linux.oracle.com/errata/ELSA-2019-2925.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511", + "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", + "https://kb.cert.org/vuls/id/605641/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/", + "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", + "https://seclists.org/bugtraq/2019/Aug/40", + "https://security.netapp.com/advisory/ntap-20190823-0002/", + "https://security.netapp.com/advisory/ntap-20190823-0005/", + "https://support.f5.com/csp/article/K02591030", + "https://usn.ubuntu.com/4099-1/", + "https://usn.ubuntu.com/usn/usn-4099-1", + "https://www.debian.org/security/2019/dsa-4505", + "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/", + "https://www.synology.com/security/advisory/Synology_SA_19_33" + ], + "PublishedDate": "2019-08-13T21:15:00Z", + "LastModifiedDate": "2019-08-23T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9513", + "PkgName": "libnghttp2", + "InstalledVersion": "1.21.1-1.4.amzn1", + "FixedVersion": "1.31.1-2.5.amzn1", + "Layer": { + "DiffID": "sha256:984fe1509738f6f00f34d9be7398b07ebeb8b98dda077ff6be2cdb87111b73cf" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9513", + "Title": "HTTP/2: flood using PRIORITY frames results in excessive resource consumption", + "Description": "Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-400" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 7.8, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9513.html", + "http://linux.oracle.com/errata/ELSA-2019-2925.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513", + "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", + "https://kb.cert.org/vuls/id/605641/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/", + "https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/", + "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", + "https://seclists.org/bugtraq/2019/Aug/40", + "https://security.netapp.com/advisory/ntap-20190823-0002/", + "https://security.netapp.com/advisory/ntap-20190823-0005/", + "https://support.f5.com/csp/article/K02591030", + "https://usn.ubuntu.com/4099-1/", + "https://usn.ubuntu.com/usn/usn-4099-1", + "https://www.debian.org/security/2019/dsa-4505", + "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/", + "https://www.synology.com/security/advisory/Synology_SA_19_33" + ], + "PublishedDate": "2019-08-13T21:15:00Z", + "LastModifiedDate": "2019-08-23T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1563", + "PkgName": "openssl", + "InstalledVersion": "1:1.0.2k-16.150.amzn1", + "FixedVersion": "1:1.0.2k-16.151.amzn1", + "Layer": { + "DiffID": "sha256:984fe1509738f6f00f34d9be7398b07ebeb8b98dda077ff6be2cdb87111b73cf" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", + "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey", + "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", + "Severity": "LOW", + "CweIDs": [ + "CWE-311" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", + "https://seclists.org/bugtraq/2019/Sep/25", + "https://security.netapp.com/advisory/ntap-20190919-0002/", + "https://www.openssl.org/news/secadv/20190910.txt" + ], + "PublishedDate": "2019-09-10T17:15:00Z", + "LastModifiedDate": "2019-09-12T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-16056", + "PkgName": "python27", + "InstalledVersion": "2.7.16-1.129.amzn1", + "FixedVersion": "2.7.16-1.130.amzn1", + "Layer": { + "DiffID": "sha256:984fe1509738f6f00f34d9be7398b07ebeb8b98dda077ff6be2cdb87111b73cf" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16056", + "Title": "python: email.utils.parseaddr wrongly parses email addresses", + "Description": "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + } + }, + "References": [ + "https://bugs.python.org/issue34155", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16056", + "https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00018.html", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00019.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K4KZEFP6E4YPYB52AF4WXCUDSGQOTF37/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/", + "https://usn.ubuntu.com/usn/usn-4151-1", + "https://usn.ubuntu.com/usn/usn-4151-2" + ], + "PublishedDate": "2019-09-06T18:15:00Z", + "LastModifiedDate": "2019-09-11T05:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-16935", + "PkgName": "python27", + "InstalledVersion": "2.7.16-1.129.amzn1", + "FixedVersion": "2.7.16-1.131.amzn1", + "Layer": { + "DiffID": "sha256:984fe1509738f6f00f34d9be7398b07ebeb8b98dda077ff6be2cdb87111b73cf" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16935", + "Title": "python: XSS vulnerability in the documentation XML-RPC server in server_title field", + "Description": "The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://bugs.python.org/issue38243", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16935", + "https://github.com/python/cpython/blob/35c0809158be7feae4c4f877a08b93baea2d8291/Lib/xmlrpc/server.py#L897", + "https://github.com/python/cpython/blob/e007860b8b3609ce0bc62b1780efaa06241520bd/Lib/DocXMLRPCServer.py#L213", + "https://github.com/python/cpython/pull/16373", + "https://security.netapp.com/advisory/ntap-20191017-0004/", + "https://usn.ubuntu.com/4151-1/", + "https://usn.ubuntu.com/4151-2/", + "https://usn.ubuntu.com/usn/usn-4151-1", + "https://usn.ubuntu.com/usn/usn-4151-2" + ], + "PublishedDate": "2019-09-28T02:15:00Z", + "LastModifiedDate": "2019-10-09T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-16056", + "PkgName": "python27-libs", + "InstalledVersion": "2.7.16-1.129.amzn1", + "FixedVersion": "2.7.16-1.130.amzn1", + "Layer": { + "DiffID": "sha256:984fe1509738f6f00f34d9be7398b07ebeb8b98dda077ff6be2cdb87111b73cf" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16056", + "Title": "python: email.utils.parseaddr wrongly parses email addresses", + "Description": "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + } + }, + "References": [ + "https://bugs.python.org/issue34155", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16056", + "https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00018.html", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00019.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K4KZEFP6E4YPYB52AF4WXCUDSGQOTF37/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/", + "https://usn.ubuntu.com/usn/usn-4151-1", + "https://usn.ubuntu.com/usn/usn-4151-2" + ], + "PublishedDate": "2019-09-06T18:15:00Z", + "LastModifiedDate": "2019-09-11T05:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-16935", + "PkgName": "python27-libs", + "InstalledVersion": "2.7.16-1.129.amzn1", + "FixedVersion": "2.7.16-1.131.amzn1", + "Layer": { + "DiffID": "sha256:984fe1509738f6f00f34d9be7398b07ebeb8b98dda077ff6be2cdb87111b73cf" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16935", + "Title": "python: XSS vulnerability in the documentation XML-RPC server in server_title field", + "Description": "The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://bugs.python.org/issue38243", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16935", + "https://github.com/python/cpython/blob/35c0809158be7feae4c4f877a08b93baea2d8291/Lib/xmlrpc/server.py#L897", + "https://github.com/python/cpython/blob/e007860b8b3609ce0bc62b1780efaa06241520bd/Lib/DocXMLRPCServer.py#L213", + "https://github.com/python/cpython/pull/16373", + "https://security.netapp.com/advisory/ntap-20191017-0004/", + "https://usn.ubuntu.com/4151-1/", + "https://usn.ubuntu.com/4151-2/", + "https://usn.ubuntu.com/usn/usn-4151-1", + "https://usn.ubuntu.com/usn/usn-4151-2" + ], + "PublishedDate": "2019-09-28T02:15:00Z", + "LastModifiedDate": "2019-10-09T16:15:00Z" + } + ] + } + ] +} \ No newline at end of file diff --git a/integration/testdata/amazon-2.json.golden b/integration/testdata/amazon-2.json.golden index 1c7471c02e..5d809336f2 100644 --- a/integration/testdata/amazon-2.json.golden +++ b/integration/testdata/amazon-2.json.golden @@ -1,3509 +1,3558 @@ -[ - { - "Target": "testdata/fixtures/images/amazon-2.tar.gz (amazon 2 (Karoo))", - "Class": "os-pkgs", - "Type": "amazon", - "Vulnerabilities": [ - { - "VulnerabilityID": "CVE-2019-5481", - "PkgName": "curl", - "InstalledVersion": "7.61.1-9.amzn2.0.1", - "FixedVersion": "7.61.1-12.amzn2.0.1", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5481", - "Title": "curl: double free due to subsequent call of realloc()", - "Description": "Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", - "https://curl.haxx.se/docs/CVE-2019-5481.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5481", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", - "https://usn.ubuntu.com/usn/usn-4129-1" - ], - "PublishedDate": "2019-09-16T19:15:00Z", - "LastModifiedDate": "2019-09-18T00:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5482", - "PkgName": "curl", - "InstalledVersion": "7.61.1-9.amzn2.0.1", - "FixedVersion": "7.61.1-12.amzn2.0.1", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5482", - "Title": "curl: heap buffer overflow in function tftp_receive_packet()", - "Description": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-120" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 6.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", - "https://curl.haxx.se/docs/CVE-2019-5482.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", - "https://usn.ubuntu.com/usn/usn-4129-1", - "https://usn.ubuntu.com/usn/usn-4129-2" - ], - "PublishedDate": "2019-09-16T19:15:00Z", - "LastModifiedDate": "2019-09-18T00:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5435", - "PkgName": "curl", - "InstalledVersion": "7.61.1-9.amzn2.0.1", - "FixedVersion": "7.61.1-11.amzn2.0.2", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5435", - "Title": "curl: Integer overflows in curl_url_set() function", - "Description": "An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V2Score": 4.3, - "V3Score": 3.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "https://curl.haxx.se/docs/CVE-2019-5435.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5435", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/", - "https://security.netapp.com/advisory/ntap-20190606-0004/", - "https://usn.ubuntu.com/usn/usn-3993-1" - ], - "PublishedDate": "2019-05-28T19:29:00Z", - "LastModifiedDate": "2019-06-09T05:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5436", - "PkgName": "curl", - "InstalledVersion": "7.61.1-9.amzn2.0.1", - "FixedVersion": "7.61.1-11.amzn2.0.2", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5436", - "Title": "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function", - "Description": "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html", - "https://curl.haxx.se/docs/CVE-2019-5436.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/", - "https://security.netapp.com/advisory/ntap-20190606-0004/", - "https://usn.ubuntu.com/usn/usn-3993-1", - "https://usn.ubuntu.com/usn/usn-3993-2" - ], - "PublishedDate": "2019-05-28T19:29:00Z", - "LastModifiedDate": "2019-06-09T05:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16062", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.170-4.amzn2", - "FixedVersion": "0.176-2.amzn2", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16062", - "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file", - "Description": "dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16062.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23541", - "https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-08-29T03:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16402", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.170-4.amzn2", - "FixedVersion": "0.176-2.amzn2", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16402", - "Title": "elfutils: Double-free due to double decompression of sections in crafted ELF causes crash", - "Description": "libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.", - "Severity": "LOW", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16402.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16402", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23528", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-09-03T19:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16403", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.170-4.amzn2", - "FixedVersion": "0.176-2.amzn2", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16403", - "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash", - "Description": "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16403.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16403", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23529", - "https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-09-03T19:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18310", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.170-4.amzn2", - "FixedVersion": "0.176-2.amzn2", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18310", - "Title": "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl", - "Description": "An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18310.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23752", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-15T02:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18520", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.170-4.amzn2", - "FixedVersion": "0.176-2.amzn2", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18520", - "Title": "elfutils: eu-size cannot handle recursive ar files", - "Description": "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18520.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23787", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-19T17:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18521", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.170-4.amzn2", - "FixedVersion": "0.176-2.amzn2", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18521", - "Title": "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c", - "Description": "Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.", - "Severity": "LOW", - "CweIDs": [ - "CWE-369" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18521.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23786", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-19T17:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7149", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.170-4.amzn2", - "FixedVersion": "0.176-2.amzn2", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7149", - "Title": "elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw", - "Description": "A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7149.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7149", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24102", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-01-29T00:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7150", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.170-4.amzn2", - "FixedVersion": "0.176-2.amzn2", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7150", - "Title": "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c", - "Description": "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7150.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24103", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-01-29T00:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7664", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.170-4.amzn2", - "FixedVersion": "0.176-2.amzn2", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7664", - "Title": "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h", - "Description": "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7664.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24084" - ], - "PublishedDate": "2019-02-09T16:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7665", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.170-4.amzn2", - "FixedVersion": "0.176-2.amzn2", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7665", - "Title": "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c", - "Description": "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7665.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24089", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-02-09T16:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-18218", - "PkgName": "file-libs", - "InstalledVersion": "5.11-33.amzn2.0.2", - "FixedVersion": "5.11-35.amzn2.0.2", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18218", - "Title": "file: heap-based buffer overflow in cdf_read_property_info in cdf.c", - "Description": "cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16780", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18218", - "https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84", - "https://lists.debian.org/debian-lts-announce/2019/10/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CV6PFCEYHYALMTT45QE2U5C5TEJZQPXJ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VBK6XOJR6OVWT2FUEBO7V7KCOSSLAP52/", - "https://usn.ubuntu.com/4172-1/", - "https://usn.ubuntu.com/4172-2/", - "https://usn.ubuntu.com/usn/usn-4172-1", - "https://usn.ubuntu.com/usn/usn-4172-2", - "https://www.debian.org/security/2019/dsa-4550" - ], - "PublishedDate": "2019-10-21T05:15:00Z", - "LastModifiedDate": "2019-10-26T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-12450", - "PkgName": "glib2", - "InstalledVersion": "2.54.2-2.amzn2", - "FixedVersion": "2.56.1-4.amzn2", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12450", - "Title": "glib2: file_copy_fallback in gio/gfile.c in GNOME GLib does not properly restrict file permissions while a copy operation is in progress", - "Description": "file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-275" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", - "V3Score": 6.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-12450.html", - "http://linux.oracle.com/errata/ELSA-2019-3530.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12450", - "https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00013.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2W4WIOAGO3M743M5KZLVQZM3NGHQDYLI/", - "https://security.netapp.com/advisory/ntap-20190606-0003/", - "https://usn.ubuntu.com/4014-1/", - "https://usn.ubuntu.com/4014-2/", - "https://usn.ubuntu.com/usn/usn-4014-1", - "https://usn.ubuntu.com/usn/usn-4014-2" - ], - "PublishedDate": "2019-05-29T17:29:00Z", - "LastModifiedDate": "2019-06-11T14:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5481", - "PkgName": "libcurl", - "InstalledVersion": "7.61.1-9.amzn2.0.1", - "FixedVersion": "7.61.1-12.amzn2.0.1", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5481", - "Title": "curl: double free due to subsequent call of realloc()", - "Description": "Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", - "https://curl.haxx.se/docs/CVE-2019-5481.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5481", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", - "https://usn.ubuntu.com/usn/usn-4129-1" - ], - "PublishedDate": "2019-09-16T19:15:00Z", - "LastModifiedDate": "2019-09-18T00:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5482", - "PkgName": "libcurl", - "InstalledVersion": "7.61.1-9.amzn2.0.1", - "FixedVersion": "7.61.1-12.amzn2.0.1", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5482", - "Title": "curl: heap buffer overflow in function tftp_receive_packet()", - "Description": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-120" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 6.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", - "https://curl.haxx.se/docs/CVE-2019-5482.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", - "https://usn.ubuntu.com/usn/usn-4129-1", - "https://usn.ubuntu.com/usn/usn-4129-2" - ], - "PublishedDate": "2019-09-16T19:15:00Z", - "LastModifiedDate": "2019-09-18T00:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5435", - "PkgName": "libcurl", - "InstalledVersion": "7.61.1-9.amzn2.0.1", - "FixedVersion": "7.61.1-11.amzn2.0.2", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5435", - "Title": "curl: Integer overflows in curl_url_set() function", - "Description": "An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V2Score": 4.3, - "V3Score": 3.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "https://curl.haxx.se/docs/CVE-2019-5435.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5435", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/", - "https://security.netapp.com/advisory/ntap-20190606-0004/", - "https://usn.ubuntu.com/usn/usn-3993-1" - ], - "PublishedDate": "2019-05-28T19:29:00Z", - "LastModifiedDate": "2019-06-09T05:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5436", - "PkgName": "libcurl", - "InstalledVersion": "7.61.1-9.amzn2.0.1", - "FixedVersion": "7.61.1-11.amzn2.0.2", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5436", - "Title": "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function", - "Description": "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html", - "https://curl.haxx.se/docs/CVE-2019-5436.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/", - "https://security.netapp.com/advisory/ntap-20190606-0004/", - "https://usn.ubuntu.com/usn/usn-3993-1", - "https://usn.ubuntu.com/usn/usn-3993-2" - ], - "PublishedDate": "2019-05-28T19:29:00Z", - "LastModifiedDate": "2019-06-09T05:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-12290", - "PkgName": "libidn2", - "InstalledVersion": "2.0.4-1.amzn2.0.2", - "FixedVersion": "2.3.0-1.amzn2", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12290", - "Description": "GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V2Score": 5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12290", - "https://gitlab.com/libidn/libidn2/commit/241e8f486134793cb0f4a5b0e5817a97883401f5", - "https://gitlab.com/libidn/libidn2/commit/614117ef6e4c60e1950d742e3edf0a0ef8d389de", - "https://gitlab.com/libidn/libidn2/merge_requests/71", - "https://usn.ubuntu.com/4168-1/", - "https://usn.ubuntu.com/usn/usn-4168-1" - ], - "PublishedDate": "2019-10-22T16:15:00Z", - "LastModifiedDate": "2019-10-29T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-18224", - "PkgName": "libidn2", - "InstalledVersion": "2.0.4-1.amzn2.0.2", - "FixedVersion": "2.3.0-1.amzn2", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18224", - "Title": "libidn2: heap-based buffer overflow in idn2_to_ascii_4i in lib/lookup.c", - "Description": "idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.6 - } - }, - "References": [ - "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12420", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18224", - "https://github.com/libidn/libidn2/commit/e4d1558aa2c1c04a05066ee8600f37603890ba8c", - "https://github.com/libidn/libidn2/compare/libidn2-2.1.0...libidn2-2.1.1", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDQVQ2XPV5BTZUFINT7AFJSKNNBVURNJ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MINU5RKDFE6TKAFY5DRFN3WSFDS4DYVS/", - "https://usn.ubuntu.com/4168-1/", - "https://usn.ubuntu.com/usn/usn-4168-1" - ], - "PublishedDate": "2019-10-21T17:15:00Z", - "LastModifiedDate": "2019-10-29T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9511", - "PkgName": "libnghttp2", - "InstalledVersion": "1.31.1-1.amzn2.0.2", - "FixedVersion": "1.39.2-1.amzn2", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9511", - "Title": "HTTP/2: large amount of data requests leads to denial of service", - "Description": "Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-400" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 7.8, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9511.html", - "http://linux.oracle.com/errata/ELSA-2019-2925.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511", - "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", - "https://kb.cert.org/vuls/id/605641/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/", - "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", - "https://seclists.org/bugtraq/2019/Aug/40", - "https://security.netapp.com/advisory/ntap-20190823-0002/", - "https://security.netapp.com/advisory/ntap-20190823-0005/", - "https://support.f5.com/csp/article/K02591030", - "https://usn.ubuntu.com/4099-1/", - "https://usn.ubuntu.com/usn/usn-4099-1", - "https://www.debian.org/security/2019/dsa-4505", - "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/", - "https://www.synology.com/security/advisory/Synology_SA_19_33" - ], - "PublishedDate": "2019-08-13T21:15:00Z", - "LastModifiedDate": "2019-08-23T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9513", - "PkgName": "libnghttp2", - "InstalledVersion": "1.31.1-1.amzn2.0.2", - "FixedVersion": "1.39.2-1.amzn2", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9513", - "Title": "HTTP/2: flood using PRIORITY frames results in excessive resource consumption", - "Description": "Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-400" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 7.8, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9513.html", - "http://linux.oracle.com/errata/ELSA-2019-2925.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513", - "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", - "https://kb.cert.org/vuls/id/605641/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/", - "https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/", - "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", - "https://seclists.org/bugtraq/2019/Aug/40", - "https://security.netapp.com/advisory/ntap-20190823-0002/", - "https://security.netapp.com/advisory/ntap-20190823-0005/", - "https://support.f5.com/csp/article/K02591030", - "https://usn.ubuntu.com/4099-1/", - "https://usn.ubuntu.com/usn/usn-4099-1", - "https://www.debian.org/security/2019/dsa-4505", - "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/", - "https://www.synology.com/security/advisory/Synology_SA_19_33" - ], - "PublishedDate": "2019-08-13T21:15:00Z", - "LastModifiedDate": "2019-08-23T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3858", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.amzn2.2", - "FixedVersion": "1.4.3-12.amzn2.2.1", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3858", - "Title": "libssh2: Zero-byte allocation with a specially crafted SFTP packed leading to an out-of-bounds read", - "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3858.html", - "http://linux.oracle.com/errata/ELSA-2019-2136.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", - "http://www.openwall.com/lists/oss-security/2019/03/18/3", - "http://www.securityfocus.com/bid/107485", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3858", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3858", - "https://github.com/libssh2/libssh2/pull/316", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://seclists.org/bugtraq/2019/Mar/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3858.html" - ], - "PublishedDate": "2019-03-21T21:29:00Z", - "LastModifiedDate": "2019-04-15T12:31:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3861", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.amzn2.2", - "FixedVersion": "1.4.3-12.amzn2.2.1", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3861", - "Title": "libssh2: Out-of-bounds reads with specially crafted SSH packets", - "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3861.html", - "http://linux.oracle.com/errata/ELSA-2019-2136.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3861", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3861", - "https://github.com/libssh2/libssh2/pull/316", - "https://libssh2.org/CVE-2019-3861.html", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3861.html" - ], - "PublishedDate": "2019-03-25T19:29:00Z", - "LastModifiedDate": "2019-04-15T12:31:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3862", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.amzn2.2", - "FixedVersion": "1.4.3-12.amzn2.2.2", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3862", - "Title": "libssh2: Out-of-bounds memory comparison with specially crafted message channel request", - "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 7.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3862.html", - "http://linux.oracle.com/errata/ELSA-2019-4693.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", - "http://www.openwall.com/lists/oss-security/2019/03/18/3", - "http://www.securityfocus.com/bid/107485", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3862", - "https://github.com/libssh2/libssh2/pull/316", - "https://libssh2.org/CVE-2019-3862.html", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://seclists.org/bugtraq/2019/Mar/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3862.html" - ], - "PublishedDate": "2019-03-21T16:01:00Z", - "LastModifiedDate": "2019-04-15T12:31:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4658", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.amzn2.3.2", - "FixedVersion": "2.9.1-6.amzn2.3.3", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4658", - "Title": "libxml2: Use after free via namespace node in XPointer ranges", - "Description": "xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 10, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html", - "http://www.securityfocus.com/bid/93054", - "http://www.securitytracker.com/id/1036858", - "http://www.securitytracker.com/id/1038623", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658", - "https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b", - "https://github.com/sparklemotion/nokogiri/issues/1615", - "https://nvd.nist.gov/vuln/detail/CVE-2016-4658", - "https://security.gentoo.org/glsa/201701-37", - "https://support.apple.com/HT207141", - "https://support.apple.com/HT207142", - "https://support.apple.com/HT207143", - "https://support.apple.com/HT207170", - "https://usn.ubuntu.com/usn/usn-3235-1" - ], - "PublishedDate": "2016-09-25T10:59:00Z", - "LastModifiedDate": "2019-03-13T14:05:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16931", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.amzn2.3.2", - "FixedVersion": "2.9.1-6.amzn2.3.3", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16931", - "Title": "libxml2: Mishandling parameter-entity references", - "Description": "parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://xmlsoft.org/news.html", - "https://bugzilla.gnome.org/show_bug.cgi?id=766956", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16931", - "https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html" - ], - "PublishedDate": "2017-11-23T21:29:00Z", - "LastModifiedDate": "2018-02-04T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10684", - "PkgName": "ncurses", - "InstalledVersion": "6.0-8.20170212.amzn2.1.2", - "FixedVersion": "6.0-8.20170212.amzn2.1.3", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10684", - "Title": "ncurses: Stack-based buffer overflow in fmt_entry function in dump_entry.c", - "Description": "In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", - "V3Score": 5.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464687", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10684", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-06-29T23:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10685", - "PkgName": "ncurses", - "InstalledVersion": "6.0-8.20170212.amzn2.1.2", - "FixedVersion": "6.0-8.20170212.amzn2.1.3", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10685", - "Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function", - "Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-134" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464692", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-06-29T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11112", - "PkgName": "ncurses", - "InstalledVersion": "6.0-8.20170212.amzn2.1.2", - "FixedVersion": "6.0-8.20170212.amzn2.1.3", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11112", - "Title": "ncurses: Illegal address access in append_acs function", - "Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464686", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11113", - "PkgName": "ncurses", - "InstalledVersion": "6.0-8.20170212.amzn2.1.2", - "FixedVersion": "6.0-8.20170212.amzn2.1.3", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11113", - "Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function", - "Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464691", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2019-05-06T15:00:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10684", - "PkgName": "ncurses-base", - "InstalledVersion": "6.0-8.20170212.amzn2.1.2", - "FixedVersion": "6.0-8.20170212.amzn2.1.3", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10684", - "Title": "ncurses: Stack-based buffer overflow in fmt_entry function in dump_entry.c", - "Description": "In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", - "V3Score": 5.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464687", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10684", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-06-29T23:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10685", - "PkgName": "ncurses-base", - "InstalledVersion": "6.0-8.20170212.amzn2.1.2", - "FixedVersion": "6.0-8.20170212.amzn2.1.3", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10685", - "Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function", - "Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-134" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464692", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-06-29T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11112", - "PkgName": "ncurses-base", - "InstalledVersion": "6.0-8.20170212.amzn2.1.2", - "FixedVersion": "6.0-8.20170212.amzn2.1.3", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11112", - "Title": "ncurses: Illegal address access in append_acs function", - "Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464686", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11113", - "PkgName": "ncurses-base", - "InstalledVersion": "6.0-8.20170212.amzn2.1.2", - "FixedVersion": "6.0-8.20170212.amzn2.1.3", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11113", - "Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function", - "Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464691", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2019-05-06T15:00:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10684", - "PkgName": "ncurses-libs", - "InstalledVersion": "6.0-8.20170212.amzn2.1.2", - "FixedVersion": "6.0-8.20170212.amzn2.1.3", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10684", - "Title": "ncurses: Stack-based buffer overflow in fmt_entry function in dump_entry.c", - "Description": "In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", - "V3Score": 5.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464687", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10684", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-06-29T23:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10685", - "PkgName": "ncurses-libs", - "InstalledVersion": "6.0-8.20170212.amzn2.1.2", - "FixedVersion": "6.0-8.20170212.amzn2.1.3", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10685", - "Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function", - "Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-134" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464692", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-06-29T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11112", - "PkgName": "ncurses-libs", - "InstalledVersion": "6.0-8.20170212.amzn2.1.2", - "FixedVersion": "6.0-8.20170212.amzn2.1.3", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11112", - "Title": "ncurses: Illegal address access in append_acs function", - "Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464686", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11113", - "PkgName": "ncurses-libs", - "InstalledVersion": "6.0-8.20170212.amzn2.1.2", - "FixedVersion": "6.0-8.20170212.amzn2.1.3", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11113", - "Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function", - "Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464691", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2019-05-06T15:00:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11729", - "PkgName": "nss", - "InstalledVersion": "3.36.0-7.amzn2", - "FixedVersion": "3.44.0-7.amzn2", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", - "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", - "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11729.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss", - "InstalledVersion": "3.36.0-7.amzn2", - "FixedVersion": "3.44.0-7.amzn2", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0495", - "PkgName": "nss", - "InstalledVersion": "3.36.0-7.amzn2", - "FixedVersion": "3.44.0-4.amzn2.0.2", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", - "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", - "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0495.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://www.securitytracker.com/id/1041144", - "http://www.securitytracker.com/id/1041147", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1296", - "https://access.redhat.com/errata/RHSA-2019:1297", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", - "https://dev.gnupg.org/T4011", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", - "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", - "https://usn.ubuntu.com/3689-1/", - "https://usn.ubuntu.com/3689-2/", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/3850-1/", - "https://usn.ubuntu.com/3850-2/", - "https://usn.ubuntu.com/usn/usn-3689-1", - "https://usn.ubuntu.com/usn/usn-3689-2", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.debian.org/security/2018/dsa-4231", - "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-06-13T23:29:00Z", - "LastModifiedDate": "2019-05-30T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12404", - "PkgName": "nss", - "InstalledVersion": "3.36.0-7.amzn2", - "FixedVersion": "3.44.0-4.amzn2.0.2", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", - "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", - "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://cat.eyalro.net/", - "http://linux.oracle.com/cve/CVE-2018-12404.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", - "http://www.securityfocus.com/bid/107260", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2" - ], - "PublishedDate": "2019-05-02T17:29:00Z", - "LastModifiedDate": "2019-07-20T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11729", - "PkgName": "nss-softokn", - "InstalledVersion": "3.36.0-5.amzn2", - "FixedVersion": "3.44.0-8.amzn2", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", - "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", - "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11729.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-softokn", - "InstalledVersion": "3.36.0-5.amzn2", - "FixedVersion": "3.44.0-8.amzn2", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11729", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.36.0-5.amzn2", - "FixedVersion": "3.44.0-8.amzn2", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", - "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", - "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11729.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.36.0-5.amzn2", - "FixedVersion": "3.44.0-8.amzn2", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11729", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-7.amzn2", - "FixedVersion": "3.44.0-7.amzn2", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", - "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", - "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11729.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-7.amzn2", - "FixedVersion": "3.44.0-7.amzn2", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0495", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-7.amzn2", - "FixedVersion": "3.44.0-4.amzn2.0.2", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", - "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", - "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0495.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://www.securitytracker.com/id/1041144", - "http://www.securitytracker.com/id/1041147", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1296", - "https://access.redhat.com/errata/RHSA-2019:1297", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", - "https://dev.gnupg.org/T4011", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", - "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", - "https://usn.ubuntu.com/3689-1/", - "https://usn.ubuntu.com/3689-2/", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/3850-1/", - "https://usn.ubuntu.com/3850-2/", - "https://usn.ubuntu.com/usn/usn-3689-1", - "https://usn.ubuntu.com/usn/usn-3689-2", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.debian.org/security/2018/dsa-4231", - "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-06-13T23:29:00Z", - "LastModifiedDate": "2019-05-30T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12404", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-7.amzn2", - "FixedVersion": "3.44.0-4.amzn2.0.2", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", - "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", - "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://cat.eyalro.net/", - "http://linux.oracle.com/cve/CVE-2018-12404.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", - "http://www.securityfocus.com/bid/107260", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2" - ], - "PublishedDate": "2019-05-02T17:29:00Z", - "LastModifiedDate": "2019-07-20T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11729", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-7.amzn2", - "FixedVersion": "3.44.0-7.amzn2", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", - "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", - "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11729.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-7.amzn2", - "FixedVersion": "3.44.0-7.amzn2", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0495", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-7.amzn2", - "FixedVersion": "3.44.0-4.amzn2.0.2", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", - "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", - "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0495.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://www.securitytracker.com/id/1041144", - "http://www.securitytracker.com/id/1041147", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1296", - "https://access.redhat.com/errata/RHSA-2019:1297", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", - "https://dev.gnupg.org/T4011", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", - "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", - "https://usn.ubuntu.com/3689-1/", - "https://usn.ubuntu.com/3689-2/", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/3850-1/", - "https://usn.ubuntu.com/3850-2/", - "https://usn.ubuntu.com/usn/usn-3689-1", - "https://usn.ubuntu.com/usn/usn-3689-2", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.debian.org/security/2018/dsa-4231", - "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-06-13T23:29:00Z", - "LastModifiedDate": "2019-05-30T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12404", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-7.amzn2", - "FixedVersion": "3.44.0-4.amzn2.0.2", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", - "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", - "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://cat.eyalro.net/", - "http://linux.oracle.com/cve/CVE-2018-12404.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", - "http://www.securityfocus.com/bid/107260", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2" - ], - "PublishedDate": "2019-05-02T17:29:00Z", - "LastModifiedDate": "2019-07-20T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0734", - "PkgName": "openssl-libs", - "InstalledVersion": "1:1.0.2k-16.amzn2.1.1", - "FixedVersion": "1:1.0.2k-19.amzn2.0.1", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0734", - "Title": "openssl: timing side channel attack in the DSA signature algorithm", - "Description": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-320" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0734.html", - "http://linux.oracle.com/errata/ELSA-2019-3700.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html", - "http://www.securityfocus.com/bid/105758", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7", - "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", - "https://security.netapp.com/advisory/ntap-20181105-0002/", - "https://security.netapp.com/advisory/ntap-20190118-0002/", - "https://security.netapp.com/advisory/ntap-20190423-0002/", - "https://usn.ubuntu.com/3840-1/", - "https://usn.ubuntu.com/usn/usn-3840-1", - "https://www.debian.org/security/2018/dsa-4348", - "https://www.debian.org/security/2018/dsa-4355", - "https://www.openssl.org/news/secadv/20181030.txt", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "https://www.tenable.com/security/tns-2018-16", - "https://www.tenable.com/security/tns-2018-17" - ], - "PublishedDate": "2018-10-30T12:29:00Z", - "LastModifiedDate": "2019-06-11T22:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1559", - "PkgName": "openssl-libs", - "InstalledVersion": "1:1.0.2k-16.amzn2.1.1", - "FixedVersion": "1:1.0.2k-19.amzn2.0.1", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1559", - "Title": "openssl: 0-byte record padding oracle", - "Description": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", - "V3Score": 6.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-1559.html", - "http://linux.oracle.com/errata/ELSA-2019-2471.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html", - "http://www.securityfocus.com/bid/107174", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e", - "https://github.com/RUB-NDS/TLS-Padding-Oracles", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html", - "https://security.gentoo.org/glsa/201903-10", - "https://security.netapp.com/advisory/ntap-20190301-0001/", - "https://security.netapp.com/advisory/ntap-20190301-0002/", - "https://security.netapp.com/advisory/ntap-20190423-0002/", - "https://support.f5.com/csp/article/K18549143", - "https://usn.ubuntu.com/3899-1/", - "https://usn.ubuntu.com/usn/usn-3899-1", - "https://www.debian.org/security/2019/dsa-4400", - "https://www.openssl.org/news/secadv/20190226.txt", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "https://www.tenable.com/security/tns-2019-02", - "https://www.tenable.com/security/tns-2019-03" - ], - "PublishedDate": "2019-02-27T23:29:00Z", - "LastModifiedDate": "2019-05-22T00:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1060", - "PkgName": "python", - "InstalledVersion": "2.7.14-58.amzn2.0.4", - "FixedVersion": "2.7.16-1.amzn2.0.1", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1060", - "Title": "python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib", - "Description": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.", - "Severity": "HIGH", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-1060.html", - "http://linux.oracle.com/errata/ELSA-2018-3041.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html", - "http://www.securitytracker.com/id/1042001", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3041", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://access.redhat.com/errata/RHSA-2019:3725", - "https://bugs.python.org/issue32981", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1060", - "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1", - "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-final", - "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", - "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03951en_us", - "https://usn.ubuntu.com/3817-1/", - "https://usn.ubuntu.com/3817-2/", - "https://usn.ubuntu.com/usn/usn-3817-1", - "https://usn.ubuntu.com/usn/usn-3817-2", - "https://www.debian.org/security/2018/dsa-4306", - "https://www.debian.org/security/2018/dsa-4307", - "https://www.oracle.com/security-alerts/cpujan2020.html" - ], - "PublishedDate": "2018-06-18T14:29:00Z", - "LastModifiedDate": "2020-01-15T20:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1061", - "PkgName": "python", - "InstalledVersion": "2.7.14-58.amzn2.0.4", - "FixedVersion": "2.7.16-1.amzn2.0.1", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1061", - "Title": "python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib", - "Description": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.", - "Severity": "HIGH", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-1061.html", - "http://linux.oracle.com/errata/ELSA-2018-3041.html", - "http://www.securitytracker.com/id/1042001", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3041", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://bugs.python.org/issue32981", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1061", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1061", - "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1", - "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-final", - "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", - "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03951en_us", - "https://usn.ubuntu.com/3817-1/", - "https://usn.ubuntu.com/3817-2/", - "https://usn.ubuntu.com/usn/usn-3817-1", - "https://usn.ubuntu.com/usn/usn-3817-2", - "https://www.debian.org/security/2018/dsa-4306", - "https://www.debian.org/security/2018/dsa-4307" - ], - "PublishedDate": "2018-06-19T12:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20406", - "PkgName": "python", - "InstalledVersion": "2.7.14-58.amzn2.0.4", - "FixedVersion": "2.7.16-1.amzn2.0.1", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20406", - "Title": "python: Integer overflow in Modules/_pickle.c allows for memory exhaustion if serializing gigabytes of data", - "Description": "Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a \"resize to twice the size\" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 5.9 - } - }, - "References": [ - "https://bugs.python.org/issue34656", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20406", - "https://github.com/python/cpython/commit/a4ae828ee416a66d8c7bf5ee71d653c2cc6a26dd", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/", - "https://python-security.readthedocs.io/vuln/pickle-load-dos.html", - "https://security.netapp.com/advisory/ntap-20190416-0010/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2018-12-23T23:29:00Z", - "LastModifiedDate": "2019-04-16T06:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-10160", - "PkgName": "python", - "InstalledVersion": "2.7.14-58.amzn2.0.4", - "FixedVersion": "2.7.16-2.amzn2.0.1", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-10160", - "Title": "python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc", - "Description": "A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 9.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-10160.html", - "http://linux.oracle.com/errata/ELSA-2019-1587.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html", - "https://access.redhat.com/errata/RHSA-2019:1587", - "https://access.redhat.com/errata/RHSA-2019:1700", - "https://access.redhat.com/errata/RHSA-2019:2437", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10160", - "https://github.com/python/cpython/commit/250b62acc59921d399f0db47db3b462cd6037e09", - "https://github.com/python/cpython/commit/8d0ef0b5edeae52960c7ed05ae8a12388324f87e", - "https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de", - "https://github.com/python/cpython/commit/fd1771dbdd28709716bd531580c40ae5ed814468", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/", - "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html", - "https://security.netapp.com/advisory/ntap-20190617-0003/", - "https://usn.ubuntu.com/4127-1/", - "https://usn.ubuntu.com/4127-2/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-06-07T18:29:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5010", - "PkgName": "python", - "InstalledVersion": "2.7.14-58.amzn2.0.4", - "FixedVersion": "2.7.16-1.amzn2.0.1", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5010", - "Title": "python: NULL pointer dereference using a specially crafted X509 certificate", - "Description": "An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-5010.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "https://access.redhat.com/errata/RHSA-2019:3520", - "https://access.redhat.com/errata/RHSA-2019:3725", - "https://blog.talosintelligence.com/2019/01/vulnerability-spotlight-pythonorg.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010", - "https://github.com/python/cpython/pull/11569", - "https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0758", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-10-31T21:15:00Z", - "LastModifiedDate": "2019-11-06T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9636", - "PkgName": "python", - "InstalledVersion": "2.7.14-58.amzn2.0.4", - "FixedVersion": "2.7.16-1.amzn2.0.1", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9636", - "Title": "python: Information Disclosure due to urlsplit improper NFKC normalization", - "Description": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 9.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9636.html", - "http://linux.oracle.com/errata/ELSA-2019-1467.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", - "http://www.securityfocus.com/bid/107400", - "https://access.redhat.com/errata/RHBA-2019:0959", - "https://access.redhat.com/errata/RHSA-2019:0710", - "https://access.redhat.com/errata/RHSA-2019:0765", - "https://access.redhat.com/errata/RHSA-2019:0806", - "https://access.redhat.com/errata/RHSA-2019:0902", - "https://access.redhat.com/errata/RHSA-2019:0981", - "https://access.redhat.com/errata/RHSA-2019:0997", - "https://access.redhat.com/errata/RHSA-2019:1467", - "https://bugs.python.org/issue36216", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636", - "https://github.com/python/cpython/pull/12201", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/", - "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html", - "https://security.netapp.com/advisory/ntap-20190517-0001/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-08T21:29:00Z", - "LastModifiedDate": "2019-06-13T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-16056", - "PkgName": "python", - "InstalledVersion": "2.7.14-58.amzn2.0.4", - "FixedVersion": "2.7.16-4.amzn2", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16056", - "Title": "python: email.utils.parseaddr wrongly parses email addresses", - "Description": "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugs.python.org/issue34155", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16056", - "https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00018.html", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00019.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K4KZEFP6E4YPYB52AF4WXCUDSGQOTF37/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/", - "https://usn.ubuntu.com/usn/usn-4151-1", - "https://usn.ubuntu.com/usn/usn-4151-2" - ], - "PublishedDate": "2019-09-06T18:15:00Z", - "LastModifiedDate": "2019-09-11T05:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9948", - "PkgName": "python", - "InstalledVersion": "2.7.14-58.amzn2.0.4", - "FixedVersion": "2.7.16-3.amzn2.0.1", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9948", - "Title": "python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms", - "Description": "urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", - "V3Score": 7.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9948.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", - "http://www.securityfocus.com/bid/107549", - "https://bugs.python.org/issue35907", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948", - "https://github.com/python/cpython/pull/11842", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", - "https://security.netapp.com/advisory/ntap-20190404-0004/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-23T18:29:00Z", - "LastModifiedDate": "2019-06-19T02:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1060", - "PkgName": "python-libs", - "InstalledVersion": "2.7.14-58.amzn2.0.4", - "FixedVersion": "2.7.16-1.amzn2.0.1", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1060", - "Title": "python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib", - "Description": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.", - "Severity": "HIGH", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-1060.html", - "http://linux.oracle.com/errata/ELSA-2018-3041.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html", - "http://www.securitytracker.com/id/1042001", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3041", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://access.redhat.com/errata/RHSA-2019:3725", - "https://bugs.python.org/issue32981", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1060", - "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1", - "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-final", - "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", - "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03951en_us", - "https://usn.ubuntu.com/3817-1/", - "https://usn.ubuntu.com/3817-2/", - "https://usn.ubuntu.com/usn/usn-3817-1", - "https://usn.ubuntu.com/usn/usn-3817-2", - "https://www.debian.org/security/2018/dsa-4306", - "https://www.debian.org/security/2018/dsa-4307", - "https://www.oracle.com/security-alerts/cpujan2020.html" - ], - "PublishedDate": "2018-06-18T14:29:00Z", - "LastModifiedDate": "2020-01-15T20:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1061", - "PkgName": "python-libs", - "InstalledVersion": "2.7.14-58.amzn2.0.4", - "FixedVersion": "2.7.16-1.amzn2.0.1", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1061", - "Title": "python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib", - "Description": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.", - "Severity": "HIGH", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-1061.html", - "http://linux.oracle.com/errata/ELSA-2018-3041.html", - "http://www.securitytracker.com/id/1042001", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3041", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://bugs.python.org/issue32981", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1061", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1061", - "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1", - "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-final", - "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", - "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03951en_us", - "https://usn.ubuntu.com/3817-1/", - "https://usn.ubuntu.com/3817-2/", - "https://usn.ubuntu.com/usn/usn-3817-1", - "https://usn.ubuntu.com/usn/usn-3817-2", - "https://www.debian.org/security/2018/dsa-4306", - "https://www.debian.org/security/2018/dsa-4307" - ], - "PublishedDate": "2018-06-19T12:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20406", - "PkgName": "python-libs", - "InstalledVersion": "2.7.14-58.amzn2.0.4", - "FixedVersion": "2.7.16-1.amzn2.0.1", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20406", - "Title": "python: Integer overflow in Modules/_pickle.c allows for memory exhaustion if serializing gigabytes of data", - "Description": "Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a \"resize to twice the size\" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 5.9 - } - }, - "References": [ - "https://bugs.python.org/issue34656", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20406", - "https://github.com/python/cpython/commit/a4ae828ee416a66d8c7bf5ee71d653c2cc6a26dd", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/", - "https://python-security.readthedocs.io/vuln/pickle-load-dos.html", - "https://security.netapp.com/advisory/ntap-20190416-0010/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2018-12-23T23:29:00Z", - "LastModifiedDate": "2019-04-16T06:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-10160", - "PkgName": "python-libs", - "InstalledVersion": "2.7.14-58.amzn2.0.4", - "FixedVersion": "2.7.16-2.amzn2.0.1", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-10160", - "Title": "python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc", - "Description": "A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 9.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-10160.html", - "http://linux.oracle.com/errata/ELSA-2019-1587.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html", - "https://access.redhat.com/errata/RHSA-2019:1587", - "https://access.redhat.com/errata/RHSA-2019:1700", - "https://access.redhat.com/errata/RHSA-2019:2437", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10160", - "https://github.com/python/cpython/commit/250b62acc59921d399f0db47db3b462cd6037e09", - "https://github.com/python/cpython/commit/8d0ef0b5edeae52960c7ed05ae8a12388324f87e", - "https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de", - "https://github.com/python/cpython/commit/fd1771dbdd28709716bd531580c40ae5ed814468", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/", - "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html", - "https://security.netapp.com/advisory/ntap-20190617-0003/", - "https://usn.ubuntu.com/4127-1/", - "https://usn.ubuntu.com/4127-2/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-06-07T18:29:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5010", - "PkgName": "python-libs", - "InstalledVersion": "2.7.14-58.amzn2.0.4", - "FixedVersion": "2.7.16-1.amzn2.0.1", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5010", - "Title": "python: NULL pointer dereference using a specially crafted X509 certificate", - "Description": "An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-5010.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "https://access.redhat.com/errata/RHSA-2019:3520", - "https://access.redhat.com/errata/RHSA-2019:3725", - "https://blog.talosintelligence.com/2019/01/vulnerability-spotlight-pythonorg.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010", - "https://github.com/python/cpython/pull/11569", - "https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0758", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-10-31T21:15:00Z", - "LastModifiedDate": "2019-11-06T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9636", - "PkgName": "python-libs", - "InstalledVersion": "2.7.14-58.amzn2.0.4", - "FixedVersion": "2.7.16-1.amzn2.0.1", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9636", - "Title": "python: Information Disclosure due to urlsplit improper NFKC normalization", - "Description": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 9.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9636.html", - "http://linux.oracle.com/errata/ELSA-2019-1467.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", - "http://www.securityfocus.com/bid/107400", - "https://access.redhat.com/errata/RHBA-2019:0959", - "https://access.redhat.com/errata/RHSA-2019:0710", - "https://access.redhat.com/errata/RHSA-2019:0765", - "https://access.redhat.com/errata/RHSA-2019:0806", - "https://access.redhat.com/errata/RHSA-2019:0902", - "https://access.redhat.com/errata/RHSA-2019:0981", - "https://access.redhat.com/errata/RHSA-2019:0997", - "https://access.redhat.com/errata/RHSA-2019:1467", - "https://bugs.python.org/issue36216", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636", - "https://github.com/python/cpython/pull/12201", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/", - "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html", - "https://security.netapp.com/advisory/ntap-20190517-0001/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-08T21:29:00Z", - "LastModifiedDate": "2019-06-13T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-16056", - "PkgName": "python-libs", - "InstalledVersion": "2.7.14-58.amzn2.0.4", - "FixedVersion": "2.7.16-4.amzn2", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16056", - "Title": "python: email.utils.parseaddr wrongly parses email addresses", - "Description": "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugs.python.org/issue34155", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16056", - "https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00018.html", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00019.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K4KZEFP6E4YPYB52AF4WXCUDSGQOTF37/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/", - "https://usn.ubuntu.com/usn/usn-4151-1", - "https://usn.ubuntu.com/usn/usn-4151-2" - ], - "PublishedDate": "2019-09-06T18:15:00Z", - "LastModifiedDate": "2019-09-11T05:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9948", - "PkgName": "python-libs", - "InstalledVersion": "2.7.14-58.amzn2.0.4", - "FixedVersion": "2.7.16-3.amzn2.0.1", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9948", - "Title": "python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms", - "Description": "urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", - "V3Score": 7.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9948.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", - "http://www.securityfocus.com/bid/107549", - "https://bugs.python.org/issue35907", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948", - "https://github.com/python/cpython/pull/11842", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", - "https://security.netapp.com/advisory/ntap-20190404-0004/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-23T18:29:00Z", - "LastModifiedDate": "2019-06-19T02:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13734", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.amzn2.0.2", - "FixedVersion": "3.7.17-8.amzn2.1.1", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13734", - "Title": "sqlite: fts3: improve shadow table corruption detection", - "Description": "Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 8.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-13734.html", - "http://linux.oracle.com/errata/ELSA-2020-0273.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html", - "https://access.redhat.com/errata/RHSA-2019:4238", - "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", - "https://crbug.com/1025466", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13734", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/" - ], - "PublishedDate": "2019-12-10T22:15:00Z", - "LastModifiedDate": "2019-12-16T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-12735", - "PkgName": "vim-minimal", - "InstalledVersion": "2:7.4.160-4.amzn2.0.16", - "FixedVersion": "2:8.1.1602-1.amzn2", - "Layer": { - "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" - }, - "SeveritySource": "amazon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12735", - "Title": "vim/neovim: ':source!' command allows arbitrary command execution via modelines", - "Description": "getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-78" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 9.3, - "V3Score": 8.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 6.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-12735.html", - "http://linux.oracle.com/errata/ELSA-2019-1774.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00031.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00036.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00037.html", - "http://www.securityfocus.com/bid/108724", - "https://bugs.debian.org/930020", - "https://bugs.debian.org/930024", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12735", - "https://github.com/neovim/neovim/pull/10082", - "https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md", - "https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2BMDSHTF754TITC6AQJPCS5IRIDMMIM7/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRIRBC2YRGKPAWVRMZS4SZTGGCVRVZPR/", - "https://usn.ubuntu.com/4016-1/", - "https://usn.ubuntu.com/4016-2/", - "https://usn.ubuntu.com/usn/usn-4016-1", - "https://usn.ubuntu.com/usn/usn-4016-2", - "https://www.debian.org/security/2019/dsa-4467" - ], - "PublishedDate": "2019-06-05T14:29:00Z", - "LastModifiedDate": "2019-06-13T21:29:00Z" +{ + "SchemaVersion": 2, + "ArtifactName": "testdata/fixtures/images/amazon-2.tar.gz", + "ArtifactType": "container_image", + "Metadata": { + "OS": { + "Family": "amazon", + "Name": "2 (Karoo)" + }, + "ImageID": "sha256:b94321659aca6a89cb7650a5b864bc8ec4bf62c620b8f1a01530c2e90a88c391", + "DiffIDs": [ + "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + ], + "ImageConfig": { + "architecture": "amd64", + "container": "e020a5508b9f809b29659128692cd634e3d4fba3f2c13d2029d797317b5c3a56", + "created": "2019-05-23T22:20:00.121624838Z", + "docker_version": "18.06.1-ce", + "history": [ + { + "created": "2019-05-23T22:19:59.161963646Z", + "created_by": "/bin/sh -c #(nop) ADD file:3cf811fe5073384ff1d5f405992ef7e5e452ad6d4a4cb873eee65007382f3a4a in / " + }, + { + "created": "2019-05-23T22:20:00.121624838Z", + "created_by": "/bin/sh -c #(nop) CMD [\"/bin/bash\"]", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + ] + }, + "config": { + "Cmd": [ + "/bin/bash" + ], + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + ], + "Image": "sha256:648b8b37f8b5087423bec7f4331271253f8aff63154761a67c22cd0c3ba2661b", + "ArgsEscaped": true } - ] - } -] \ No newline at end of file + } + }, + "Results": [ + { + "Target": "testdata/fixtures/images/amazon-2.tar.gz (amazon 2 (Karoo))", + "Class": "os-pkgs", + "Type": "amazon", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2019-5481", + "PkgName": "curl", + "InstalledVersion": "7.61.1-9.amzn2.0.1", + "FixedVersion": "7.61.1-12.amzn2.0.1", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5481", + "Title": "curl: double free due to subsequent call of realloc()", + "Description": "Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.7 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", + "https://curl.haxx.se/docs/CVE-2019-5481.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5481", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", + "https://usn.ubuntu.com/usn/usn-4129-1" + ], + "PublishedDate": "2019-09-16T19:15:00Z", + "LastModifiedDate": "2019-09-18T00:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5482", + "PkgName": "curl", + "InstalledVersion": "7.61.1-9.amzn2.0.1", + "FixedVersion": "7.61.1-12.amzn2.0.1", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5482", + "Title": "curl: heap buffer overflow in function tftp_receive_packet()", + "Description": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-120" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 6.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", + "https://curl.haxx.se/docs/CVE-2019-5482.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", + "https://usn.ubuntu.com/usn/usn-4129-1", + "https://usn.ubuntu.com/usn/usn-4129-2" + ], + "PublishedDate": "2019-09-16T19:15:00Z", + "LastModifiedDate": "2019-09-18T00:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5435", + "PkgName": "curl", + "InstalledVersion": "7.61.1-9.amzn2.0.1", + "FixedVersion": "7.61.1-11.amzn2.0.2", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5435", + "Title": "curl: Integer overflows in curl_url_set() function", + "Description": "An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V2Score": 4.3, + "V3Score": 3.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "https://curl.haxx.se/docs/CVE-2019-5435.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5435", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/", + "https://security.netapp.com/advisory/ntap-20190606-0004/", + "https://usn.ubuntu.com/usn/usn-3993-1" + ], + "PublishedDate": "2019-05-28T19:29:00Z", + "LastModifiedDate": "2019-06-09T05:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5436", + "PkgName": "curl", + "InstalledVersion": "7.61.1-9.amzn2.0.1", + "FixedVersion": "7.61.1-11.amzn2.0.2", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5436", + "Title": "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function", + "Description": "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html", + "https://curl.haxx.se/docs/CVE-2019-5436.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/", + "https://security.netapp.com/advisory/ntap-20190606-0004/", + "https://usn.ubuntu.com/usn/usn-3993-1", + "https://usn.ubuntu.com/usn/usn-3993-2" + ], + "PublishedDate": "2019-05-28T19:29:00Z", + "LastModifiedDate": "2019-06-09T05:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16062", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.170-4.amzn2", + "FixedVersion": "0.176-2.amzn2", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16062", + "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file", + "Description": "dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16062.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://access.redhat.com/errata/RHSA-2019:2197", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23541", + "https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-08-29T03:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16402", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.170-4.amzn2", + "FixedVersion": "0.176-2.amzn2", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16402", + "Title": "elfutils: Double-free due to double decompression of sections in crafted ELF causes crash", + "Description": "libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.", + "Severity": "LOW", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16402.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16402", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23528", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-09-03T19:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16403", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.170-4.amzn2", + "FixedVersion": "0.176-2.amzn2", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16403", + "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash", + "Description": "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16403.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://access.redhat.com/errata/RHSA-2019:2197", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16403", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23529", + "https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-09-03T19:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18310", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.170-4.amzn2", + "FixedVersion": "0.176-2.amzn2", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18310", + "Title": "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl", + "Description": "An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-18310.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23752", + "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-10-15T02:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18520", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.170-4.amzn2", + "FixedVersion": "0.176-2.amzn2", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18520", + "Title": "elfutils: eu-size cannot handle recursive ar files", + "Description": "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-18520.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23787", + "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-10-19T17:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18521", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.170-4.amzn2", + "FixedVersion": "0.176-2.amzn2", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18521", + "Title": "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c", + "Description": "Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.", + "Severity": "LOW", + "CweIDs": [ + "CWE-369" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-18521.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23786", + "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-10-19T17:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7149", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.170-4.amzn2", + "FixedVersion": "0.176-2.amzn2", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7149", + "Title": "elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw", + "Description": "A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7149.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7149", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24102", + "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2019-01-29T00:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7150", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.170-4.amzn2", + "FixedVersion": "0.176-2.amzn2", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7150", + "Title": "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c", + "Description": "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7150.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24103", + "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2019-01-29T00:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7664", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.170-4.amzn2", + "FixedVersion": "0.176-2.amzn2", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7664", + "Title": "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h", + "Description": "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7664.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://access.redhat.com/errata/RHSA-2019:2197", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24084" + ], + "PublishedDate": "2019-02-09T16:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7665", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.170-4.amzn2", + "FixedVersion": "0.176-2.amzn2", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7665", + "Title": "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c", + "Description": "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7665.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24089", + "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2019-02-09T16:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-18218", + "PkgName": "file-libs", + "InstalledVersion": "5.11-33.amzn2.0.2", + "FixedVersion": "5.11-35.amzn2.0.2", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18218", + "Title": "file: heap-based buffer overflow in cdf_read_property_info in cdf.c", + "Description": "cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16780", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18218", + "https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84", + "https://lists.debian.org/debian-lts-announce/2019/10/msg00032.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CV6PFCEYHYALMTT45QE2U5C5TEJZQPXJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VBK6XOJR6OVWT2FUEBO7V7KCOSSLAP52/", + "https://usn.ubuntu.com/4172-1/", + "https://usn.ubuntu.com/4172-2/", + "https://usn.ubuntu.com/usn/usn-4172-1", + "https://usn.ubuntu.com/usn/usn-4172-2", + "https://www.debian.org/security/2019/dsa-4550" + ], + "PublishedDate": "2019-10-21T05:15:00Z", + "LastModifiedDate": "2019-10-26T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-12450", + "PkgName": "glib2", + "InstalledVersion": "2.54.2-2.amzn2", + "FixedVersion": "2.56.1-4.amzn2", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12450", + "Title": "glib2: file_copy_fallback in gio/gfile.c in GNOME GLib does not properly restrict file permissions while a copy operation is in progress", + "Description": "file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-275" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", + "V3Score": 6.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-12450.html", + "http://linux.oracle.com/errata/ELSA-2019-3530.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12450", + "https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00013.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2W4WIOAGO3M743M5KZLVQZM3NGHQDYLI/", + "https://security.netapp.com/advisory/ntap-20190606-0003/", + "https://usn.ubuntu.com/4014-1/", + "https://usn.ubuntu.com/4014-2/", + "https://usn.ubuntu.com/usn/usn-4014-1", + "https://usn.ubuntu.com/usn/usn-4014-2" + ], + "PublishedDate": "2019-05-29T17:29:00Z", + "LastModifiedDate": "2019-06-11T14:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5481", + "PkgName": "libcurl", + "InstalledVersion": "7.61.1-9.amzn2.0.1", + "FixedVersion": "7.61.1-12.amzn2.0.1", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5481", + "Title": "curl: double free due to subsequent call of realloc()", + "Description": "Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.7 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", + "https://curl.haxx.se/docs/CVE-2019-5481.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5481", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", + "https://usn.ubuntu.com/usn/usn-4129-1" + ], + "PublishedDate": "2019-09-16T19:15:00Z", + "LastModifiedDate": "2019-09-18T00:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5482", + "PkgName": "libcurl", + "InstalledVersion": "7.61.1-9.amzn2.0.1", + "FixedVersion": "7.61.1-12.amzn2.0.1", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5482", + "Title": "curl: heap buffer overflow in function tftp_receive_packet()", + "Description": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-120" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 6.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", + "https://curl.haxx.se/docs/CVE-2019-5482.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", + "https://usn.ubuntu.com/usn/usn-4129-1", + "https://usn.ubuntu.com/usn/usn-4129-2" + ], + "PublishedDate": "2019-09-16T19:15:00Z", + "LastModifiedDate": "2019-09-18T00:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5435", + "PkgName": "libcurl", + "InstalledVersion": "7.61.1-9.amzn2.0.1", + "FixedVersion": "7.61.1-11.amzn2.0.2", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5435", + "Title": "curl: Integer overflows in curl_url_set() function", + "Description": "An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V2Score": 4.3, + "V3Score": 3.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "https://curl.haxx.se/docs/CVE-2019-5435.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5435", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/", + "https://security.netapp.com/advisory/ntap-20190606-0004/", + "https://usn.ubuntu.com/usn/usn-3993-1" + ], + "PublishedDate": "2019-05-28T19:29:00Z", + "LastModifiedDate": "2019-06-09T05:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5436", + "PkgName": "libcurl", + "InstalledVersion": "7.61.1-9.amzn2.0.1", + "FixedVersion": "7.61.1-11.amzn2.0.2", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5436", + "Title": "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function", + "Description": "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html", + "https://curl.haxx.se/docs/CVE-2019-5436.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/", + "https://security.netapp.com/advisory/ntap-20190606-0004/", + "https://usn.ubuntu.com/usn/usn-3993-1", + "https://usn.ubuntu.com/usn/usn-3993-2" + ], + "PublishedDate": "2019-05-28T19:29:00Z", + "LastModifiedDate": "2019-06-09T05:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-12290", + "PkgName": "libidn2", + "InstalledVersion": "2.0.4-1.amzn2.0.2", + "FixedVersion": "2.3.0-1.amzn2", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12290", + "Description": "GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V2Score": 5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12290", + "https://gitlab.com/libidn/libidn2/commit/241e8f486134793cb0f4a5b0e5817a97883401f5", + "https://gitlab.com/libidn/libidn2/commit/614117ef6e4c60e1950d742e3edf0a0ef8d389de", + "https://gitlab.com/libidn/libidn2/merge_requests/71", + "https://usn.ubuntu.com/4168-1/", + "https://usn.ubuntu.com/usn/usn-4168-1" + ], + "PublishedDate": "2019-10-22T16:15:00Z", + "LastModifiedDate": "2019-10-29T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-18224", + "PkgName": "libidn2", + "InstalledVersion": "2.0.4-1.amzn2.0.2", + "FixedVersion": "2.3.0-1.amzn2", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18224", + "Title": "libidn2: heap-based buffer overflow in idn2_to_ascii_4i in lib/lookup.c", + "Description": "idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.6 + } + }, + "References": [ + "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18224", + "https://github.com/libidn/libidn2/commit/e4d1558aa2c1c04a05066ee8600f37603890ba8c", + "https://github.com/libidn/libidn2/compare/libidn2-2.1.0...libidn2-2.1.1", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDQVQ2XPV5BTZUFINT7AFJSKNNBVURNJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MINU5RKDFE6TKAFY5DRFN3WSFDS4DYVS/", + "https://usn.ubuntu.com/4168-1/", + "https://usn.ubuntu.com/usn/usn-4168-1" + ], + "PublishedDate": "2019-10-21T17:15:00Z", + "LastModifiedDate": "2019-10-29T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9511", + "PkgName": "libnghttp2", + "InstalledVersion": "1.31.1-1.amzn2.0.2", + "FixedVersion": "1.39.2-1.amzn2", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9511", + "Title": "HTTP/2: large amount of data requests leads to denial of service", + "Description": "Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-400" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 7.8, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9511.html", + "http://linux.oracle.com/errata/ELSA-2019-2925.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511", + "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", + "https://kb.cert.org/vuls/id/605641/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/", + "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", + "https://seclists.org/bugtraq/2019/Aug/40", + "https://security.netapp.com/advisory/ntap-20190823-0002/", + "https://security.netapp.com/advisory/ntap-20190823-0005/", + "https://support.f5.com/csp/article/K02591030", + "https://usn.ubuntu.com/4099-1/", + "https://usn.ubuntu.com/usn/usn-4099-1", + "https://www.debian.org/security/2019/dsa-4505", + "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/", + "https://www.synology.com/security/advisory/Synology_SA_19_33" + ], + "PublishedDate": "2019-08-13T21:15:00Z", + "LastModifiedDate": "2019-08-23T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9513", + "PkgName": "libnghttp2", + "InstalledVersion": "1.31.1-1.amzn2.0.2", + "FixedVersion": "1.39.2-1.amzn2", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9513", + "Title": "HTTP/2: flood using PRIORITY frames results in excessive resource consumption", + "Description": "Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-400" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 7.8, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9513.html", + "http://linux.oracle.com/errata/ELSA-2019-2925.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513", + "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", + "https://kb.cert.org/vuls/id/605641/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/", + "https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/", + "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", + "https://seclists.org/bugtraq/2019/Aug/40", + "https://security.netapp.com/advisory/ntap-20190823-0002/", + "https://security.netapp.com/advisory/ntap-20190823-0005/", + "https://support.f5.com/csp/article/K02591030", + "https://usn.ubuntu.com/4099-1/", + "https://usn.ubuntu.com/usn/usn-4099-1", + "https://www.debian.org/security/2019/dsa-4505", + "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/", + "https://www.synology.com/security/advisory/Synology_SA_19_33" + ], + "PublishedDate": "2019-08-13T21:15:00Z", + "LastModifiedDate": "2019-08-23T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3858", + "PkgName": "libssh2", + "InstalledVersion": "1.4.3-12.amzn2.2", + "FixedVersion": "1.4.3-12.amzn2.2.1", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3858", + "Title": "libssh2: Zero-byte allocation with a specially crafted SFTP packed leading to an out-of-bounds read", + "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-3858.html", + "http://linux.oracle.com/errata/ELSA-2019-2136.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", + "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", + "http://www.openwall.com/lists/oss-security/2019/03/18/3", + "http://www.securityfocus.com/bid/107485", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3858", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3858", + "https://github.com/libssh2/libssh2/pull/316", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", + "https://seclists.org/bugtraq/2019/Apr/25", + "https://seclists.org/bugtraq/2019/Mar/25", + "https://security.netapp.com/advisory/ntap-20190327-0005/", + "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", + "https://www.debian.org/security/2019/dsa-4431", + "https://www.libssh2.org/CVE-2019-3858.html" + ], + "PublishedDate": "2019-03-21T21:29:00Z", + "LastModifiedDate": "2019-04-15T12:31:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3861", + "PkgName": "libssh2", + "InstalledVersion": "1.4.3-12.amzn2.2", + "FixedVersion": "1.4.3-12.amzn2.2.1", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3861", + "Title": "libssh2: Out-of-bounds reads with specially crafted SSH packets", + "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-3861.html", + "http://linux.oracle.com/errata/ELSA-2019-2136.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3861", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3861", + "https://github.com/libssh2/libssh2/pull/316", + "https://libssh2.org/CVE-2019-3861.html", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", + "https://seclists.org/bugtraq/2019/Apr/25", + "https://security.netapp.com/advisory/ntap-20190327-0005/", + "https://www.debian.org/security/2019/dsa-4431", + "https://www.libssh2.org/CVE-2019-3861.html" + ], + "PublishedDate": "2019-03-25T19:29:00Z", + "LastModifiedDate": "2019-04-15T12:31:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3862", + "PkgName": "libssh2", + "InstalledVersion": "1.4.3-12.amzn2.2", + "FixedVersion": "1.4.3-12.amzn2.2.2", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3862", + "Title": "libssh2: Out-of-bounds memory comparison with specially crafted message channel request", + "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-3862.html", + "http://linux.oracle.com/errata/ELSA-2019-4693.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", + "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", + "http://www.openwall.com/lists/oss-security/2019/03/18/3", + "http://www.securityfocus.com/bid/107485", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3862", + "https://github.com/libssh2/libssh2/pull/316", + "https://libssh2.org/CVE-2019-3862.html", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", + "https://seclists.org/bugtraq/2019/Apr/25", + "https://seclists.org/bugtraq/2019/Mar/25", + "https://security.netapp.com/advisory/ntap-20190327-0005/", + "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", + "https://www.debian.org/security/2019/dsa-4431", + "https://www.libssh2.org/CVE-2019-3862.html" + ], + "PublishedDate": "2019-03-21T16:01:00Z", + "LastModifiedDate": "2019-04-15T12:31:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4658", + "PkgName": "libxml2", + "InstalledVersion": "2.9.1-6.amzn2.3.2", + "FixedVersion": "2.9.1-6.amzn2.3.3", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4658", + "Title": "libxml2: Use after free via namespace node in XPointer ranges", + "Description": "xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 10, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.3 + } + }, + "References": [ + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html", + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html", + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html", + "http://www.securityfocus.com/bid/93054", + "http://www.securitytracker.com/id/1036858", + "http://www.securitytracker.com/id/1038623", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658", + "https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b", + "https://github.com/sparklemotion/nokogiri/issues/1615", + "https://nvd.nist.gov/vuln/detail/CVE-2016-4658", + "https://security.gentoo.org/glsa/201701-37", + "https://support.apple.com/HT207141", + "https://support.apple.com/HT207142", + "https://support.apple.com/HT207143", + "https://support.apple.com/HT207170", + "https://usn.ubuntu.com/usn/usn-3235-1" + ], + "PublishedDate": "2016-09-25T10:59:00Z", + "LastModifiedDate": "2019-03-13T14:05:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16931", + "PkgName": "libxml2", + "InstalledVersion": "2.9.1-6.amzn2.3.2", + "FixedVersion": "2.9.1-6.amzn2.3.3", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16931", + "Title": "libxml2: Mishandling parameter-entity references", + "Description": "parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://xmlsoft.org/news.html", + "https://bugzilla.gnome.org/show_bug.cgi?id=766956", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16931", + "https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3", + "https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html" + ], + "PublishedDate": "2017-11-23T21:29:00Z", + "LastModifiedDate": "2018-02-04T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-10684", + "PkgName": "ncurses", + "InstalledVersion": "6.0-8.20170212.amzn2.1.2", + "FixedVersion": "6.0-8.20170212.amzn2.1.3", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10684", + "Title": "ncurses: Stack-based buffer overflow in fmt_entry function in dump_entry.c", + "Description": "In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", + "V3Score": 5.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464687", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10684", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-06-29T23:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-10685", + "PkgName": "ncurses", + "InstalledVersion": "6.0-8.20170212.amzn2.1.2", + "FixedVersion": "6.0-8.20170212.amzn2.1.3", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10685", + "Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function", + "Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-134" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464692", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-06-29T23:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11112", + "PkgName": "ncurses", + "InstalledVersion": "6.0-8.20170212.amzn2.1.2", + "FixedVersion": "6.0-8.20170212.amzn2.1.3", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11112", + "Title": "ncurses: Illegal address access in append_acs function", + "Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464686", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-07-08T17:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11113", + "PkgName": "ncurses", + "InstalledVersion": "6.0-8.20170212.amzn2.1.2", + "FixedVersion": "6.0-8.20170212.amzn2.1.3", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11113", + "Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function", + "Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464691", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-07-08T17:29:00Z", + "LastModifiedDate": "2019-05-06T15:00:00Z" + }, + { + "VulnerabilityID": "CVE-2017-10684", + "PkgName": "ncurses-base", + "InstalledVersion": "6.0-8.20170212.amzn2.1.2", + "FixedVersion": "6.0-8.20170212.amzn2.1.3", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10684", + "Title": "ncurses: Stack-based buffer overflow in fmt_entry function in dump_entry.c", + "Description": "In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", + "V3Score": 5.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464687", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10684", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-06-29T23:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-10685", + "PkgName": "ncurses-base", + "InstalledVersion": "6.0-8.20170212.amzn2.1.2", + "FixedVersion": "6.0-8.20170212.amzn2.1.3", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10685", + "Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function", + "Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-134" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464692", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-06-29T23:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11112", + "PkgName": "ncurses-base", + "InstalledVersion": "6.0-8.20170212.amzn2.1.2", + "FixedVersion": "6.0-8.20170212.amzn2.1.3", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11112", + "Title": "ncurses: Illegal address access in append_acs function", + "Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464686", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-07-08T17:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11113", + "PkgName": "ncurses-base", + "InstalledVersion": "6.0-8.20170212.amzn2.1.2", + "FixedVersion": "6.0-8.20170212.amzn2.1.3", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11113", + "Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function", + "Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464691", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-07-08T17:29:00Z", + "LastModifiedDate": "2019-05-06T15:00:00Z" + }, + { + "VulnerabilityID": "CVE-2017-10684", + "PkgName": "ncurses-libs", + "InstalledVersion": "6.0-8.20170212.amzn2.1.2", + "FixedVersion": "6.0-8.20170212.amzn2.1.3", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10684", + "Title": "ncurses: Stack-based buffer overflow in fmt_entry function in dump_entry.c", + "Description": "In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", + "V3Score": 5.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464687", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10684", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-06-29T23:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-10685", + "PkgName": "ncurses-libs", + "InstalledVersion": "6.0-8.20170212.amzn2.1.2", + "FixedVersion": "6.0-8.20170212.amzn2.1.3", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10685", + "Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function", + "Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-134" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464692", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-06-29T23:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11112", + "PkgName": "ncurses-libs", + "InstalledVersion": "6.0-8.20170212.amzn2.1.2", + "FixedVersion": "6.0-8.20170212.amzn2.1.3", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11112", + "Title": "ncurses: Illegal address access in append_acs function", + "Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464686", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-07-08T17:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11113", + "PkgName": "ncurses-libs", + "InstalledVersion": "6.0-8.20170212.amzn2.1.2", + "FixedVersion": "6.0-8.20170212.amzn2.1.3", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11113", + "Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function", + "Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464691", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-07-08T17:29:00Z", + "LastModifiedDate": "2019-05-06T15:00:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11729", + "PkgName": "nss", + "InstalledVersion": "3.36.0-7.amzn2", + "FixedVersion": "3.44.0-7.amzn2", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", + "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", + "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11729.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", + "https://access.redhat.com/errata/RHSA-2019:1951", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", + "https://usn.ubuntu.com/usn/usn-4054-1", + "https://usn.ubuntu.com/usn/usn-4060-1", + "https://usn.ubuntu.com/usn/usn-4060-2", + "https://usn.ubuntu.com/usn/usn-4064-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", + "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "https://www.mozilla.org/security/advisories/mfsa2019-22/", + "https://www.mozilla.org/security/advisories/mfsa2019-23/" + ], + "PublishedDate": "2019-07-23T14:15:00Z", + "LastModifiedDate": "2019-07-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11745", + "PkgName": "nss", + "InstalledVersion": "3.36.0-7.amzn2", + "FixedVersion": "3.44.0-7.amzn2", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", + "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", + "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11745.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", + "https://usn.ubuntu.com/4241-1/", + "https://usn.ubuntu.com/usn/usn-4203-1", + "https://usn.ubuntu.com/usn/usn-4203-2", + "https://usn.ubuntu.com/usn/usn-4216-1", + "https://usn.ubuntu.com/usn/usn-4216-2", + "https://usn.ubuntu.com/usn/usn-4241-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", + "https://www.mozilla.org/security/advisories/mfsa2019-36/", + "https://www.mozilla.org/security/advisories/mfsa2019-37/", + "https://www.mozilla.org/security/advisories/mfsa2019-38/" + ], + "PublishedDate": "2020-01-08T20:15:00Z", + "LastModifiedDate": "2020-01-16T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-0495", + "PkgName": "nss", + "InstalledVersion": "3.36.0-7.amzn2", + "FixedVersion": "3.44.0-4.amzn2.0.2", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", + "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", + "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-0495.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://www.securitytracker.com/id/1041144", + "http://www.securitytracker.com/id/1041147", + "https://access.redhat.com/errata/RHSA-2018:3221", + "https://access.redhat.com/errata/RHSA-2018:3505", + "https://access.redhat.com/errata/RHSA-2019:1296", + "https://access.redhat.com/errata/RHSA-2019:1297", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", + "https://dev.gnupg.org/T4011", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", + "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", + "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", + "https://usn.ubuntu.com/3689-1/", + "https://usn.ubuntu.com/3689-2/", + "https://usn.ubuntu.com/3692-1/", + "https://usn.ubuntu.com/3692-2/", + "https://usn.ubuntu.com/3850-1/", + "https://usn.ubuntu.com/3850-2/", + "https://usn.ubuntu.com/usn/usn-3689-1", + "https://usn.ubuntu.com/usn/usn-3689-2", + "https://usn.ubuntu.com/usn/usn-3692-1", + "https://usn.ubuntu.com/usn/usn-3692-2", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2", + "https://www.debian.org/security/2018/dsa-4231", + "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-06-13T23:29:00Z", + "LastModifiedDate": "2019-05-30T18:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12404", + "PkgName": "nss", + "InstalledVersion": "3.36.0-7.amzn2", + "FixedVersion": "3.44.0-4.amzn2.0.2", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", + "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", + "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://cat.eyalro.net/", + "http://linux.oracle.com/cve/CVE-2018-12404.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", + "http://www.securityfocus.com/bid/107260", + "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2" + ], + "PublishedDate": "2019-05-02T17:29:00Z", + "LastModifiedDate": "2019-07-20T12:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11729", + "PkgName": "nss-softokn", + "InstalledVersion": "3.36.0-5.amzn2", + "FixedVersion": "3.44.0-8.amzn2", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", + "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", + "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11729.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", + "https://access.redhat.com/errata/RHSA-2019:1951", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", + "https://usn.ubuntu.com/usn/usn-4054-1", + "https://usn.ubuntu.com/usn/usn-4060-1", + "https://usn.ubuntu.com/usn/usn-4060-2", + "https://usn.ubuntu.com/usn/usn-4064-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", + "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "https://www.mozilla.org/security/advisories/mfsa2019-22/", + "https://www.mozilla.org/security/advisories/mfsa2019-23/" + ], + "PublishedDate": "2019-07-23T14:15:00Z", + "LastModifiedDate": "2019-07-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11745", + "PkgName": "nss-softokn", + "InstalledVersion": "3.36.0-5.amzn2", + "FixedVersion": "3.44.0-8.amzn2", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", + "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", + "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11745.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", + "https://usn.ubuntu.com/4241-1/", + "https://usn.ubuntu.com/usn/usn-4203-1", + "https://usn.ubuntu.com/usn/usn-4203-2", + "https://usn.ubuntu.com/usn/usn-4216-1", + "https://usn.ubuntu.com/usn/usn-4216-2", + "https://usn.ubuntu.com/usn/usn-4241-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", + "https://www.mozilla.org/security/advisories/mfsa2019-36/", + "https://www.mozilla.org/security/advisories/mfsa2019-37/", + "https://www.mozilla.org/security/advisories/mfsa2019-38/" + ], + "PublishedDate": "2020-01-08T20:15:00Z", + "LastModifiedDate": "2020-01-16T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11729", + "PkgName": "nss-softokn-freebl", + "InstalledVersion": "3.36.0-5.amzn2", + "FixedVersion": "3.44.0-8.amzn2", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", + "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", + "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11729.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", + "https://access.redhat.com/errata/RHSA-2019:1951", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", + "https://usn.ubuntu.com/usn/usn-4054-1", + "https://usn.ubuntu.com/usn/usn-4060-1", + "https://usn.ubuntu.com/usn/usn-4060-2", + "https://usn.ubuntu.com/usn/usn-4064-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", + "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "https://www.mozilla.org/security/advisories/mfsa2019-22/", + "https://www.mozilla.org/security/advisories/mfsa2019-23/" + ], + "PublishedDate": "2019-07-23T14:15:00Z", + "LastModifiedDate": "2019-07-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11745", + "PkgName": "nss-softokn-freebl", + "InstalledVersion": "3.36.0-5.amzn2", + "FixedVersion": "3.44.0-8.amzn2", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", + "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", + "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11745.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", + "https://usn.ubuntu.com/4241-1/", + "https://usn.ubuntu.com/usn/usn-4203-1", + "https://usn.ubuntu.com/usn/usn-4203-2", + "https://usn.ubuntu.com/usn/usn-4216-1", + "https://usn.ubuntu.com/usn/usn-4216-2", + "https://usn.ubuntu.com/usn/usn-4241-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", + "https://www.mozilla.org/security/advisories/mfsa2019-36/", + "https://www.mozilla.org/security/advisories/mfsa2019-37/", + "https://www.mozilla.org/security/advisories/mfsa2019-38/" + ], + "PublishedDate": "2020-01-08T20:15:00Z", + "LastModifiedDate": "2020-01-16T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11729", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.36.0-7.amzn2", + "FixedVersion": "3.44.0-7.amzn2", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", + "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", + "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11729.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", + "https://access.redhat.com/errata/RHSA-2019:1951", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", + "https://usn.ubuntu.com/usn/usn-4054-1", + "https://usn.ubuntu.com/usn/usn-4060-1", + "https://usn.ubuntu.com/usn/usn-4060-2", + "https://usn.ubuntu.com/usn/usn-4064-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", + "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "https://www.mozilla.org/security/advisories/mfsa2019-22/", + "https://www.mozilla.org/security/advisories/mfsa2019-23/" + ], + "PublishedDate": "2019-07-23T14:15:00Z", + "LastModifiedDate": "2019-07-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11745", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.36.0-7.amzn2", + "FixedVersion": "3.44.0-7.amzn2", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", + "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", + "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11745.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", + "https://usn.ubuntu.com/4241-1/", + "https://usn.ubuntu.com/usn/usn-4203-1", + "https://usn.ubuntu.com/usn/usn-4203-2", + "https://usn.ubuntu.com/usn/usn-4216-1", + "https://usn.ubuntu.com/usn/usn-4216-2", + "https://usn.ubuntu.com/usn/usn-4241-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", + "https://www.mozilla.org/security/advisories/mfsa2019-36/", + "https://www.mozilla.org/security/advisories/mfsa2019-37/", + "https://www.mozilla.org/security/advisories/mfsa2019-38/" + ], + "PublishedDate": "2020-01-08T20:15:00Z", + "LastModifiedDate": "2020-01-16T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-0495", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.36.0-7.amzn2", + "FixedVersion": "3.44.0-4.amzn2.0.2", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", + "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", + "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-0495.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://www.securitytracker.com/id/1041144", + "http://www.securitytracker.com/id/1041147", + "https://access.redhat.com/errata/RHSA-2018:3221", + "https://access.redhat.com/errata/RHSA-2018:3505", + "https://access.redhat.com/errata/RHSA-2019:1296", + "https://access.redhat.com/errata/RHSA-2019:1297", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", + "https://dev.gnupg.org/T4011", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", + "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", + "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", + "https://usn.ubuntu.com/3689-1/", + "https://usn.ubuntu.com/3689-2/", + "https://usn.ubuntu.com/3692-1/", + "https://usn.ubuntu.com/3692-2/", + "https://usn.ubuntu.com/3850-1/", + "https://usn.ubuntu.com/3850-2/", + "https://usn.ubuntu.com/usn/usn-3689-1", + "https://usn.ubuntu.com/usn/usn-3689-2", + "https://usn.ubuntu.com/usn/usn-3692-1", + "https://usn.ubuntu.com/usn/usn-3692-2", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2", + "https://www.debian.org/security/2018/dsa-4231", + "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-06-13T23:29:00Z", + "LastModifiedDate": "2019-05-30T18:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12404", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.36.0-7.amzn2", + "FixedVersion": "3.44.0-4.amzn2.0.2", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", + "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", + "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://cat.eyalro.net/", + "http://linux.oracle.com/cve/CVE-2018-12404.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", + "http://www.securityfocus.com/bid/107260", + "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2" + ], + "PublishedDate": "2019-05-02T17:29:00Z", + "LastModifiedDate": "2019-07-20T12:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11729", + "PkgName": "nss-tools", + "InstalledVersion": "3.36.0-7.amzn2", + "FixedVersion": "3.44.0-7.amzn2", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", + "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", + "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11729.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", + "https://access.redhat.com/errata/RHSA-2019:1951", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", + "https://usn.ubuntu.com/usn/usn-4054-1", + "https://usn.ubuntu.com/usn/usn-4060-1", + "https://usn.ubuntu.com/usn/usn-4060-2", + "https://usn.ubuntu.com/usn/usn-4064-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", + "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "https://www.mozilla.org/security/advisories/mfsa2019-22/", + "https://www.mozilla.org/security/advisories/mfsa2019-23/" + ], + "PublishedDate": "2019-07-23T14:15:00Z", + "LastModifiedDate": "2019-07-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11745", + "PkgName": "nss-tools", + "InstalledVersion": "3.36.0-7.amzn2", + "FixedVersion": "3.44.0-7.amzn2", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", + "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", + "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11745.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", + "https://usn.ubuntu.com/4241-1/", + "https://usn.ubuntu.com/usn/usn-4203-1", + "https://usn.ubuntu.com/usn/usn-4203-2", + "https://usn.ubuntu.com/usn/usn-4216-1", + "https://usn.ubuntu.com/usn/usn-4216-2", + "https://usn.ubuntu.com/usn/usn-4241-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", + "https://www.mozilla.org/security/advisories/mfsa2019-36/", + "https://www.mozilla.org/security/advisories/mfsa2019-37/", + "https://www.mozilla.org/security/advisories/mfsa2019-38/" + ], + "PublishedDate": "2020-01-08T20:15:00Z", + "LastModifiedDate": "2020-01-16T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-0495", + "PkgName": "nss-tools", + "InstalledVersion": "3.36.0-7.amzn2", + "FixedVersion": "3.44.0-4.amzn2.0.2", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", + "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", + "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-0495.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://www.securitytracker.com/id/1041144", + "http://www.securitytracker.com/id/1041147", + "https://access.redhat.com/errata/RHSA-2018:3221", + "https://access.redhat.com/errata/RHSA-2018:3505", + "https://access.redhat.com/errata/RHSA-2019:1296", + "https://access.redhat.com/errata/RHSA-2019:1297", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", + "https://dev.gnupg.org/T4011", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", + "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", + "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", + "https://usn.ubuntu.com/3689-1/", + "https://usn.ubuntu.com/3689-2/", + "https://usn.ubuntu.com/3692-1/", + "https://usn.ubuntu.com/3692-2/", + "https://usn.ubuntu.com/3850-1/", + "https://usn.ubuntu.com/3850-2/", + "https://usn.ubuntu.com/usn/usn-3689-1", + "https://usn.ubuntu.com/usn/usn-3689-2", + "https://usn.ubuntu.com/usn/usn-3692-1", + "https://usn.ubuntu.com/usn/usn-3692-2", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2", + "https://www.debian.org/security/2018/dsa-4231", + "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-06-13T23:29:00Z", + "LastModifiedDate": "2019-05-30T18:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12404", + "PkgName": "nss-tools", + "InstalledVersion": "3.36.0-7.amzn2", + "FixedVersion": "3.44.0-4.amzn2.0.2", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", + "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", + "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://cat.eyalro.net/", + "http://linux.oracle.com/cve/CVE-2018-12404.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", + "http://www.securityfocus.com/bid/107260", + "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2" + ], + "PublishedDate": "2019-05-02T17:29:00Z", + "LastModifiedDate": "2019-07-20T12:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-0734", + "PkgName": "openssl-libs", + "InstalledVersion": "1:1.0.2k-16.amzn2.1.1", + "FixedVersion": "1:1.0.2k-19.amzn2.0.1", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0734", + "Title": "openssl: timing side channel attack in the DSA signature algorithm", + "Description": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-320" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-0734.html", + "http://linux.oracle.com/errata/ELSA-2019-3700.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html", + "http://www.securityfocus.com/bid/105758", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7", + "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", + "https://security.netapp.com/advisory/ntap-20181105-0002/", + "https://security.netapp.com/advisory/ntap-20190118-0002/", + "https://security.netapp.com/advisory/ntap-20190423-0002/", + "https://usn.ubuntu.com/3840-1/", + "https://usn.ubuntu.com/usn/usn-3840-1", + "https://www.debian.org/security/2018/dsa-4348", + "https://www.debian.org/security/2018/dsa-4355", + "https://www.openssl.org/news/secadv/20181030.txt", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "https://www.tenable.com/security/tns-2018-16", + "https://www.tenable.com/security/tns-2018-17" + ], + "PublishedDate": "2018-10-30T12:29:00Z", + "LastModifiedDate": "2019-06-11T22:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1559", + "PkgName": "openssl-libs", + "InstalledVersion": "1:1.0.2k-16.amzn2.1.1", + "FixedVersion": "1:1.0.2k-19.amzn2.0.1", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1559", + "Title": "openssl: 0-byte record padding oracle", + "Description": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 6.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-1559.html", + "http://linux.oracle.com/errata/ELSA-2019-2471.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html", + "http://www.securityfocus.com/bid/107174", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e", + "https://github.com/RUB-NDS/TLS-Padding-Oracles", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html", + "https://security.gentoo.org/glsa/201903-10", + "https://security.netapp.com/advisory/ntap-20190301-0001/", + "https://security.netapp.com/advisory/ntap-20190301-0002/", + "https://security.netapp.com/advisory/ntap-20190423-0002/", + "https://support.f5.com/csp/article/K18549143", + "https://usn.ubuntu.com/3899-1/", + "https://usn.ubuntu.com/usn/usn-3899-1", + "https://www.debian.org/security/2019/dsa-4400", + "https://www.openssl.org/news/secadv/20190226.txt", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "https://www.tenable.com/security/tns-2019-02", + "https://www.tenable.com/security/tns-2019-03" + ], + "PublishedDate": "2019-02-27T23:29:00Z", + "LastModifiedDate": "2019-05-22T00:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1060", + "PkgName": "python", + "InstalledVersion": "2.7.14-58.amzn2.0.4", + "FixedVersion": "2.7.16-1.amzn2.0.1", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1060", + "Title": "python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib", + "Description": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.", + "Severity": "HIGH", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-1060.html", + "http://linux.oracle.com/errata/ELSA-2018-3041.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html", + "http://www.securitytracker.com/id/1042001", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3041", + "https://access.redhat.com/errata/RHSA-2018:3505", + "https://access.redhat.com/errata/RHSA-2019:1260", + "https://access.redhat.com/errata/RHSA-2019:3725", + "https://bugs.python.org/issue32981", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1060", + "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1", + "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-final", + "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", + "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03951en_us", + "https://usn.ubuntu.com/3817-1/", + "https://usn.ubuntu.com/3817-2/", + "https://usn.ubuntu.com/usn/usn-3817-1", + "https://usn.ubuntu.com/usn/usn-3817-2", + "https://www.debian.org/security/2018/dsa-4306", + "https://www.debian.org/security/2018/dsa-4307", + "https://www.oracle.com/security-alerts/cpujan2020.html" + ], + "PublishedDate": "2018-06-18T14:29:00Z", + "LastModifiedDate": "2020-01-15T20:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1061", + "PkgName": "python", + "InstalledVersion": "2.7.14-58.amzn2.0.4", + "FixedVersion": "2.7.16-1.amzn2.0.1", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1061", + "Title": "python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib", + "Description": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.", + "Severity": "HIGH", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-1061.html", + "http://linux.oracle.com/errata/ELSA-2018-3041.html", + "http://www.securitytracker.com/id/1042001", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3041", + "https://access.redhat.com/errata/RHSA-2018:3505", + "https://access.redhat.com/errata/RHSA-2019:1260", + "https://bugs.python.org/issue32981", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1061", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1061", + "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1", + "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-final", + "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", + "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03951en_us", + "https://usn.ubuntu.com/3817-1/", + "https://usn.ubuntu.com/3817-2/", + "https://usn.ubuntu.com/usn/usn-3817-1", + "https://usn.ubuntu.com/usn/usn-3817-2", + "https://www.debian.org/security/2018/dsa-4306", + "https://www.debian.org/security/2018/dsa-4307" + ], + "PublishedDate": "2018-06-19T12:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20406", + "PkgName": "python", + "InstalledVersion": "2.7.14-58.amzn2.0.4", + "FixedVersion": "2.7.16-1.amzn2.0.1", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20406", + "Title": "python: Integer overflow in Modules/_pickle.c allows for memory exhaustion if serializing gigabytes of data", + "Description": "Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a \"resize to twice the size\" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://bugs.python.org/issue34656", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20406", + "https://github.com/python/cpython/commit/a4ae828ee416a66d8c7bf5ee71d653c2cc6a26dd", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/", + "https://python-security.readthedocs.io/vuln/pickle-load-dos.html", + "https://security.netapp.com/advisory/ntap-20190416-0010/", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2018-12-23T23:29:00Z", + "LastModifiedDate": "2019-04-16T06:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-10160", + "PkgName": "python", + "InstalledVersion": "2.7.14-58.amzn2.0.4", + "FixedVersion": "2.7.16-2.amzn2.0.1", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-10160", + "Title": "python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc", + "Description": "A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-255" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-10160.html", + "http://linux.oracle.com/errata/ELSA-2019-1587.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html", + "https://access.redhat.com/errata/RHSA-2019:1587", + "https://access.redhat.com/errata/RHSA-2019:1700", + "https://access.redhat.com/errata/RHSA-2019:2437", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10160", + "https://github.com/python/cpython/commit/250b62acc59921d399f0db47db3b462cd6037e09", + "https://github.com/python/cpython/commit/8d0ef0b5edeae52960c7ed05ae8a12388324f87e", + "https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de", + "https://github.com/python/cpython/commit/fd1771dbdd28709716bd531580c40ae5ed814468", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/", + "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html", + "https://security.netapp.com/advisory/ntap-20190617-0003/", + "https://usn.ubuntu.com/4127-1/", + "https://usn.ubuntu.com/4127-2/", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-06-07T18:29:00Z", + "LastModifiedDate": "2019-10-25T11:53:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5010", + "PkgName": "python", + "InstalledVersion": "2.7.14-58.amzn2.0.4", + "FixedVersion": "2.7.16-1.amzn2.0.1", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5010", + "Title": "python: NULL pointer dereference using a specially crafted X509 certificate", + "Description": "An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-5010.html", + "http://linux.oracle.com/errata/ELSA-2019-3520.html", + "https://access.redhat.com/errata/RHSA-2019:3520", + "https://access.redhat.com/errata/RHSA-2019:3725", + "https://blog.talosintelligence.com/2019/01/vulnerability-spotlight-pythonorg.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010", + "https://github.com/python/cpython/pull/11569", + "https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0758", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-10-31T21:15:00Z", + "LastModifiedDate": "2019-11-06T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9636", + "PkgName": "python", + "InstalledVersion": "2.7.14-58.amzn2.0.4", + "FixedVersion": "2.7.16-1.amzn2.0.1", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9636", + "Title": "python: Information Disclosure due to urlsplit improper NFKC normalization", + "Description": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-255" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9636.html", + "http://linux.oracle.com/errata/ELSA-2019-1467.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", + "http://www.securityfocus.com/bid/107400", + "https://access.redhat.com/errata/RHBA-2019:0959", + "https://access.redhat.com/errata/RHSA-2019:0710", + "https://access.redhat.com/errata/RHSA-2019:0765", + "https://access.redhat.com/errata/RHSA-2019:0806", + "https://access.redhat.com/errata/RHSA-2019:0902", + "https://access.redhat.com/errata/RHSA-2019:0981", + "https://access.redhat.com/errata/RHSA-2019:0997", + "https://access.redhat.com/errata/RHSA-2019:1467", + "https://bugs.python.org/issue36216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636", + "https://github.com/python/cpython/pull/12201", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/", + "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html", + "https://security.netapp.com/advisory/ntap-20190517-0001/", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-03-08T21:29:00Z", + "LastModifiedDate": "2019-06-13T16:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-16056", + "PkgName": "python", + "InstalledVersion": "2.7.14-58.amzn2.0.4", + "FixedVersion": "2.7.16-4.amzn2", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16056", + "Title": "python: email.utils.parseaddr wrongly parses email addresses", + "Description": "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + } + }, + "References": [ + "https://bugs.python.org/issue34155", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16056", + "https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00018.html", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00019.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K4KZEFP6E4YPYB52AF4WXCUDSGQOTF37/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/", + "https://usn.ubuntu.com/usn/usn-4151-1", + "https://usn.ubuntu.com/usn/usn-4151-2" + ], + "PublishedDate": "2019-09-06T18:15:00Z", + "LastModifiedDate": "2019-09-11T05:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9948", + "PkgName": "python", + "InstalledVersion": "2.7.14-58.amzn2.0.4", + "FixedVersion": "2.7.16-3.amzn2.0.1", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9948", + "Title": "python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms", + "Description": "urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-254" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9948.html", + "http://linux.oracle.com/errata/ELSA-2019-3520.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", + "http://www.securityfocus.com/bid/107549", + "https://bugs.python.org/issue35907", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948", + "https://github.com/python/cpython/pull/11842", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", + "https://security.netapp.com/advisory/ntap-20190404-0004/", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-03-23T18:29:00Z", + "LastModifiedDate": "2019-06-19T02:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1060", + "PkgName": "python-libs", + "InstalledVersion": "2.7.14-58.amzn2.0.4", + "FixedVersion": "2.7.16-1.amzn2.0.1", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1060", + "Title": "python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib", + "Description": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.", + "Severity": "HIGH", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-1060.html", + "http://linux.oracle.com/errata/ELSA-2018-3041.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html", + "http://www.securitytracker.com/id/1042001", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3041", + "https://access.redhat.com/errata/RHSA-2018:3505", + "https://access.redhat.com/errata/RHSA-2019:1260", + "https://access.redhat.com/errata/RHSA-2019:3725", + "https://bugs.python.org/issue32981", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1060", + "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1", + "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-final", + "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", + "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03951en_us", + "https://usn.ubuntu.com/3817-1/", + "https://usn.ubuntu.com/3817-2/", + "https://usn.ubuntu.com/usn/usn-3817-1", + "https://usn.ubuntu.com/usn/usn-3817-2", + "https://www.debian.org/security/2018/dsa-4306", + "https://www.debian.org/security/2018/dsa-4307", + "https://www.oracle.com/security-alerts/cpujan2020.html" + ], + "PublishedDate": "2018-06-18T14:29:00Z", + "LastModifiedDate": "2020-01-15T20:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1061", + "PkgName": "python-libs", + "InstalledVersion": "2.7.14-58.amzn2.0.4", + "FixedVersion": "2.7.16-1.amzn2.0.1", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1061", + "Title": "python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib", + "Description": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.", + "Severity": "HIGH", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-1061.html", + "http://linux.oracle.com/errata/ELSA-2018-3041.html", + "http://www.securitytracker.com/id/1042001", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3041", + "https://access.redhat.com/errata/RHSA-2018:3505", + "https://access.redhat.com/errata/RHSA-2019:1260", + "https://bugs.python.org/issue32981", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1061", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1061", + "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1", + "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-final", + "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", + "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03951en_us", + "https://usn.ubuntu.com/3817-1/", + "https://usn.ubuntu.com/3817-2/", + "https://usn.ubuntu.com/usn/usn-3817-1", + "https://usn.ubuntu.com/usn/usn-3817-2", + "https://www.debian.org/security/2018/dsa-4306", + "https://www.debian.org/security/2018/dsa-4307" + ], + "PublishedDate": "2018-06-19T12:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20406", + "PkgName": "python-libs", + "InstalledVersion": "2.7.14-58.amzn2.0.4", + "FixedVersion": "2.7.16-1.amzn2.0.1", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20406", + "Title": "python: Integer overflow in Modules/_pickle.c allows for memory exhaustion if serializing gigabytes of data", + "Description": "Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a \"resize to twice the size\" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://bugs.python.org/issue34656", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20406", + "https://github.com/python/cpython/commit/a4ae828ee416a66d8c7bf5ee71d653c2cc6a26dd", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/", + "https://python-security.readthedocs.io/vuln/pickle-load-dos.html", + "https://security.netapp.com/advisory/ntap-20190416-0010/", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2018-12-23T23:29:00Z", + "LastModifiedDate": "2019-04-16T06:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-10160", + "PkgName": "python-libs", + "InstalledVersion": "2.7.14-58.amzn2.0.4", + "FixedVersion": "2.7.16-2.amzn2.0.1", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-10160", + "Title": "python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc", + "Description": "A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-255" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-10160.html", + "http://linux.oracle.com/errata/ELSA-2019-1587.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html", + "https://access.redhat.com/errata/RHSA-2019:1587", + "https://access.redhat.com/errata/RHSA-2019:1700", + "https://access.redhat.com/errata/RHSA-2019:2437", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10160", + "https://github.com/python/cpython/commit/250b62acc59921d399f0db47db3b462cd6037e09", + "https://github.com/python/cpython/commit/8d0ef0b5edeae52960c7ed05ae8a12388324f87e", + "https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de", + "https://github.com/python/cpython/commit/fd1771dbdd28709716bd531580c40ae5ed814468", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/", + "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html", + "https://security.netapp.com/advisory/ntap-20190617-0003/", + "https://usn.ubuntu.com/4127-1/", + "https://usn.ubuntu.com/4127-2/", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-06-07T18:29:00Z", + "LastModifiedDate": "2019-10-25T11:53:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5010", + "PkgName": "python-libs", + "InstalledVersion": "2.7.14-58.amzn2.0.4", + "FixedVersion": "2.7.16-1.amzn2.0.1", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5010", + "Title": "python: NULL pointer dereference using a specially crafted X509 certificate", + "Description": "An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-5010.html", + "http://linux.oracle.com/errata/ELSA-2019-3520.html", + "https://access.redhat.com/errata/RHSA-2019:3520", + "https://access.redhat.com/errata/RHSA-2019:3725", + "https://blog.talosintelligence.com/2019/01/vulnerability-spotlight-pythonorg.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010", + "https://github.com/python/cpython/pull/11569", + "https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0758", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-10-31T21:15:00Z", + "LastModifiedDate": "2019-11-06T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9636", + "PkgName": "python-libs", + "InstalledVersion": "2.7.14-58.amzn2.0.4", + "FixedVersion": "2.7.16-1.amzn2.0.1", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9636", + "Title": "python: Information Disclosure due to urlsplit improper NFKC normalization", + "Description": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-255" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9636.html", + "http://linux.oracle.com/errata/ELSA-2019-1467.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", + "http://www.securityfocus.com/bid/107400", + "https://access.redhat.com/errata/RHBA-2019:0959", + "https://access.redhat.com/errata/RHSA-2019:0710", + "https://access.redhat.com/errata/RHSA-2019:0765", + "https://access.redhat.com/errata/RHSA-2019:0806", + "https://access.redhat.com/errata/RHSA-2019:0902", + "https://access.redhat.com/errata/RHSA-2019:0981", + "https://access.redhat.com/errata/RHSA-2019:0997", + "https://access.redhat.com/errata/RHSA-2019:1467", + "https://bugs.python.org/issue36216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636", + "https://github.com/python/cpython/pull/12201", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/", + "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html", + "https://security.netapp.com/advisory/ntap-20190517-0001/", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-03-08T21:29:00Z", + "LastModifiedDate": "2019-06-13T16:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-16056", + "PkgName": "python-libs", + "InstalledVersion": "2.7.14-58.amzn2.0.4", + "FixedVersion": "2.7.16-4.amzn2", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16056", + "Title": "python: email.utils.parseaddr wrongly parses email addresses", + "Description": "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + } + }, + "References": [ + "https://bugs.python.org/issue34155", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16056", + "https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00018.html", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00019.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K4KZEFP6E4YPYB52AF4WXCUDSGQOTF37/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/", + "https://usn.ubuntu.com/usn/usn-4151-1", + "https://usn.ubuntu.com/usn/usn-4151-2" + ], + "PublishedDate": "2019-09-06T18:15:00Z", + "LastModifiedDate": "2019-09-11T05:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9948", + "PkgName": "python-libs", + "InstalledVersion": "2.7.14-58.amzn2.0.4", + "FixedVersion": "2.7.16-3.amzn2.0.1", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9948", + "Title": "python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms", + "Description": "urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-254" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9948.html", + "http://linux.oracle.com/errata/ELSA-2019-3520.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", + "http://www.securityfocus.com/bid/107549", + "https://bugs.python.org/issue35907", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948", + "https://github.com/python/cpython/pull/11842", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", + "https://security.netapp.com/advisory/ntap-20190404-0004/", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-03-23T18:29:00Z", + "LastModifiedDate": "2019-06-19T02:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-13734", + "PkgName": "sqlite", + "InstalledVersion": "3.7.17-8.amzn2.0.2", + "FixedVersion": "3.7.17-8.amzn2.1.1", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13734", + "Title": "sqlite: fts3: improve shadow table corruption detection", + "Description": "Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-13734.html", + "http://linux.oracle.com/errata/ELSA-2020-0273.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html", + "https://access.redhat.com/errata/RHSA-2019:4238", + "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", + "https://crbug.com/1025466", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13734", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/" + ], + "PublishedDate": "2019-12-10T22:15:00Z", + "LastModifiedDate": "2019-12-16T12:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-12735", + "PkgName": "vim-minimal", + "InstalledVersion": "2:7.4.160-4.amzn2.0.16", + "FixedVersion": "2:8.1.1602-1.amzn2", + "Layer": { + "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" + }, + "SeveritySource": "amazon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12735", + "Title": "vim/neovim: ':source!' command allows arbitrary command execution via modelines", + "Description": "getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-78" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "V2Score": 9.3, + "V3Score": 8.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 6.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-12735.html", + "http://linux.oracle.com/errata/ELSA-2019-1774.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00031.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00036.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00037.html", + "http://www.securityfocus.com/bid/108724", + "https://bugs.debian.org/930020", + "https://bugs.debian.org/930024", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12735", + "https://github.com/neovim/neovim/pull/10082", + "https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md", + "https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2BMDSHTF754TITC6AQJPCS5IRIDMMIM7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRIRBC2YRGKPAWVRMZS4SZTGGCVRVZPR/", + "https://usn.ubuntu.com/4016-1/", + "https://usn.ubuntu.com/4016-2/", + "https://usn.ubuntu.com/usn/usn-4016-1", + "https://usn.ubuntu.com/usn/usn-4016-2", + "https://www.debian.org/security/2019/dsa-4467" + ], + "PublishedDate": "2019-06-05T14:29:00Z", + "LastModifiedDate": "2019-06-13T21:29:00Z" + } + ] + } + ] +} \ No newline at end of file diff --git a/integration/testdata/busybox-with-lockfile.json.golden b/integration/testdata/busybox-with-lockfile.json.golden index f19bcd7dba..48169f2935 100644 --- a/integration/testdata/busybox-with-lockfile.json.golden +++ b/integration/testdata/busybox-with-lockfile.json.golden @@ -1,136 +1,186 @@ -[ - { - "Target": "Cargo.lock", - "Class": "lang-pkgs", - "Type": "cargo", - "Vulnerabilities": [ - { - "VulnerabilityID": "RUSTSEC-2019-0001", - "PkgName": "ammonia", - "InstalledVersion": "1.9.0", - "FixedVersion": "\u003e= 2.1.0", - "Layer": { - "DiffID": "sha256:ea6f6933da66090da8bfe233d68f083792a68f944cd2d8f9fbb52da795813a4f" +{ + "SchemaVersion": 2, + "ArtifactName": "testdata/fixtures/images/busybox-with-lockfile.tar.gz", + "ArtifactType": "container_image", + "Metadata": { + "ImageID": "sha256:17c82adee8b5ffec7d6e30dba333bb37986add86afeb4a07754407bb049faedb", + "DiffIDs": [ + "sha256:a6d503001157aedc826853f9b67f26d35966221b158bff03849868ae4a821116", + "sha256:ea6f6933da66090da8bfe233d68f083792a68f944cd2d8f9fbb52da795813a4f" + ], + "ImageConfig": { + "architecture": "amd64", + "created": "2020-04-26T16:23:28.996276377Z", + "docker_version": "19.03.8", + "history": [ + { + "created": "2020-03-10T00:19:32.83969331Z", + "created_by": "/bin/sh -c #(nop) ADD file:450bea8cddb743ed282cb1ade3d1614033172b93ef531c69a4e49fda3016cef0 in / " }, - "PrimaryURL": "https://rustsec.org/advisories/RUSTSEC-2019-0001", - "Title": "Uncontrolled recursion leads to abort in HTML serialization", - "Description": "Affected versions of this crate did use recursion for serialization of HTML\nDOM trees.\n\nThis allows an attacker to cause abort due to stack overflow by providing\na pathologically nested input.\n\nThe flaw was corrected by serializing the DOM tree iteratively instead.", - "Severity": "UNKNOWN", - "References": [ - "https://github.com/rust-ammonia/ammonia/blob/master/CHANGELOG.md#210" + { + "created": "2020-03-10T00:19:33.019716493Z", + "created_by": "/bin/sh -c #(nop) CMD [\"sh\"]", + "empty_layer": true + }, + { + "created": "2020-04-26T16:23:28.996276377Z", + "created_by": "/bin/sh -c #(nop) ADD 343df0159abcc51b06b4e56bfd4c06d2003b88947ed93b0cec6214ae5985669e in . " + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:a6d503001157aedc826853f9b67f26d35966221b158bff03849868ae4a821116", + "sha256:ea6f6933da66090da8bfe233d68f083792a68f944cd2d8f9fbb52da795813a4f" ] }, - { - "VulnerabilityID": "RUSTSEC-2016-0001", - "PkgName": "openssl", - "InstalledVersion": "0.8.3", - "FixedVersion": "\u003e= 0.9.0", - "Layer": { - "DiffID": "sha256:ea6f6933da66090da8bfe233d68f083792a68f944cd2d8f9fbb52da795813a4f" - }, - "PrimaryURL": "https://rustsec.org/advisories/RUSTSEC-2016-0001", - "Title": "SSL/TLS MitM vulnerability due to insecure defaults", - "Description": "All versions of rust-openssl prior to 0.9.0 contained numerous insecure defaults\nincluding off-by-default certificate verification and no API to perform hostname\nverification.\n\nUnless configured correctly by a developer, these defaults could allow an attacker\nto perform man-in-the-middle attacks.\n\nThe problem was addressed in newer versions by enabling certificate verification\nby default and exposing APIs to perform hostname verification. Use the\n`SslConnector` and `SslAcceptor` types to take advantage of these new features\n(as opposed to the lower-level `SslContext` type).", - "Severity": "UNKNOWN", - "References": [ - "https://github.com/sfackler/rust-openssl/releases/tag/v0.9.0" - ] - }, - { - "VulnerabilityID": "RUSTSEC-2019-0035", - "PkgName": "rand_core", - "InstalledVersion": "0.3.1", - "FixedVersion": "\u003e= 0.4.2", - "Layer": { - "DiffID": "sha256:ea6f6933da66090da8bfe233d68f083792a68f944cd2d8f9fbb52da795813a4f" - }, - "PrimaryURL": "https://rustsec.org/advisories/RUSTSEC-2019-0035", - "Title": "Unaligned memory access", - "Description": "Affected versions of this crate violated alignment when casting byte slices to\ninteger slices, resulting in undefined behavior.\n\nThe flaw was corrected by Ralf Jung and Diggory Hardy.", - "Severity": "UNKNOWN", - "References": [ - "https://github.com/rust-random/rand/blob/master/rand_core/CHANGELOG.md#050---2019-06-06" - ] - }, - { - "VulnerabilityID": "RUSTSEC-2019-0035", - "PkgName": "rand_core", - "InstalledVersion": "0.4.0", - "FixedVersion": "\u003e= 0.4.2", - "Layer": { - "DiffID": "sha256:ea6f6933da66090da8bfe233d68f083792a68f944cd2d8f9fbb52da795813a4f" - }, - "PrimaryURL": "https://rustsec.org/advisories/RUSTSEC-2019-0035", - "Title": "Unaligned memory access", - "Description": "Affected versions of this crate violated alignment when casting byte slices to\ninteger slices, resulting in undefined behavior.\n\nThe flaw was corrected by Ralf Jung and Diggory Hardy.", - "Severity": "UNKNOWN", - "References": [ - "https://github.com/rust-random/rand/blob/master/rand_core/CHANGELOG.md#050---2019-06-06" - ] - }, - { - "VulnerabilityID": "RUSTSEC-2018-0018", - "PkgName": "smallvec", - "InstalledVersion": "0.6.9", - "FixedVersion": "\u003e= 0.6.13", - "Layer": { - "DiffID": "sha256:ea6f6933da66090da8bfe233d68f083792a68f944cd2d8f9fbb52da795813a4f" - }, - "PrimaryURL": "https://rustsec.org/advisories/RUSTSEC-2018-0018", - "Title": "smallvec creates uninitialized value of any type", - "Description": "Affected versions of this crate called `mem::uninitialized()` to create values of a user-supplied type `T`.\nThis is unsound e.g. if `T` is a reference type (which must be non-null and thus may not remain uninitialized).\n \nThe flaw was corrected by avoiding the use of `mem::uninitialized()`, using `MaybeUninit` instead.", - "Severity": "UNKNOWN", - "References": [ - "https://github.com/servo/rust-smallvec/issues/126" - ] - }, - { - "VulnerabilityID": "RUSTSEC-2019-0009", - "PkgName": "smallvec", - "InstalledVersion": "0.6.9", - "FixedVersion": "\u003e= 0.6.10", - "Layer": { - "DiffID": "sha256:ea6f6933da66090da8bfe233d68f083792a68f944cd2d8f9fbb52da795813a4f" - }, - "PrimaryURL": "https://rustsec.org/advisories/RUSTSEC-2019-0009", - "Title": "Double-free and use-after-free in SmallVec::grow()", - "Description": "Attempting to call `grow` on a spilled SmallVec with a value equal to the current capacity causes it to free the existing data. This performs a double free immediately and may lead to use-after-free on subsequent accesses to the SmallVec contents.\n\nAn attacker that controls the value passed to `grow` may exploit this flaw to obtain memory contents or gain remote code execution.\n\nCredits to @ehuss for discovering, reporting and fixing the bug.", - "Severity": "UNKNOWN", - "References": [ - "https://github.com/servo/rust-smallvec/issues/148" - ] - }, - { - "VulnerabilityID": "RUSTSEC-2019-0012", - "PkgName": "smallvec", - "InstalledVersion": "0.6.9", - "FixedVersion": "\u003e= 0.6.10", - "Layer": { - "DiffID": "sha256:ea6f6933da66090da8bfe233d68f083792a68f944cd2d8f9fbb52da795813a4f" - }, - "PrimaryURL": "https://rustsec.org/advisories/RUSTSEC-2019-0012", - "Title": "Memory corruption in SmallVec::grow()", - "Description": "Attempting to call `grow` on a spilled SmallVec with a value less than the current capacity causes corruption of memory allocator data structures.\n\nAn attacker that controls the value passed to `grow` may exploit this flaw to obtain memory contents or gain remote code execution.\n\nCredits to @ehuss for discovering, reporting and fixing the bug.", - "Severity": "UNKNOWN", - "References": [ - "https://github.com/servo/rust-smallvec/issues/149" - ] - }, - { - "VulnerabilityID": "RUSTSEC-2018-0017", - "PkgName": "tempdir", - "InstalledVersion": "0.3.7", - "Layer": { - "DiffID": "sha256:ea6f6933da66090da8bfe233d68f083792a68f944cd2d8f9fbb52da795813a4f" - }, - "PrimaryURL": "https://rustsec.org/advisories/RUSTSEC-2018-0017", - "Title": "`tempdir` crate has been deprecated; use `tempfile` instead", - "Description": "The [`tempdir`](https://crates.io/crates/tempdir) crate has been deprecated\nand the functionality is merged into [`tempfile`](https://crates.io/crates/tempfile).", - "Severity": "UNKNOWN", - "References": [ - "https://github.com/rust-lang-deprecated/tempdir/pull/46" - ] + "config": { + "Cmd": [ + "sh" + ], + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + ], + "Image": "sha256:83aa35aa1c79e4b6957e018da6e322bfca92bf3b4696a211b42502543c242d6f", + "ArgsEscaped": true } - ] - } -] \ No newline at end of file + } + }, + "Results": [ + { + "Target": "Cargo.lock", + "Class": "lang-pkgs", + "Type": "cargo", + "Vulnerabilities": [ + { + "VulnerabilityID": "RUSTSEC-2019-0001", + "PkgName": "ammonia", + "InstalledVersion": "1.9.0", + "FixedVersion": "\u003e= 2.1.0", + "Layer": { + "DiffID": "sha256:ea6f6933da66090da8bfe233d68f083792a68f944cd2d8f9fbb52da795813a4f" + }, + "PrimaryURL": "https://rustsec.org/advisories/RUSTSEC-2019-0001", + "Title": "Uncontrolled recursion leads to abort in HTML serialization", + "Description": "Affected versions of this crate did use recursion for serialization of HTML\nDOM trees.\n\nThis allows an attacker to cause abort due to stack overflow by providing\na pathologically nested input.\n\nThe flaw was corrected by serializing the DOM tree iteratively instead.", + "Severity": "UNKNOWN", + "References": [ + "https://github.com/rust-ammonia/ammonia/blob/master/CHANGELOG.md#210" + ] + }, + { + "VulnerabilityID": "RUSTSEC-2016-0001", + "PkgName": "openssl", + "InstalledVersion": "0.8.3", + "FixedVersion": "\u003e= 0.9.0", + "Layer": { + "DiffID": "sha256:ea6f6933da66090da8bfe233d68f083792a68f944cd2d8f9fbb52da795813a4f" + }, + "PrimaryURL": "https://rustsec.org/advisories/RUSTSEC-2016-0001", + "Title": "SSL/TLS MitM vulnerability due to insecure defaults", + "Description": "All versions of rust-openssl prior to 0.9.0 contained numerous insecure defaults\nincluding off-by-default certificate verification and no API to perform hostname\nverification.\n\nUnless configured correctly by a developer, these defaults could allow an attacker\nto perform man-in-the-middle attacks.\n\nThe problem was addressed in newer versions by enabling certificate verification\nby default and exposing APIs to perform hostname verification. Use the\n`SslConnector` and `SslAcceptor` types to take advantage of these new features\n(as opposed to the lower-level `SslContext` type).", + "Severity": "UNKNOWN", + "References": [ + "https://github.com/sfackler/rust-openssl/releases/tag/v0.9.0" + ] + }, + { + "VulnerabilityID": "RUSTSEC-2019-0035", + "PkgName": "rand_core", + "InstalledVersion": "0.3.1", + "FixedVersion": "\u003e= 0.4.2", + "Layer": { + "DiffID": "sha256:ea6f6933da66090da8bfe233d68f083792a68f944cd2d8f9fbb52da795813a4f" + }, + "PrimaryURL": "https://rustsec.org/advisories/RUSTSEC-2019-0035", + "Title": "Unaligned memory access", + "Description": "Affected versions of this crate violated alignment when casting byte slices to\ninteger slices, resulting in undefined behavior.\n\nThe flaw was corrected by Ralf Jung and Diggory Hardy.", + "Severity": "UNKNOWN", + "References": [ + "https://github.com/rust-random/rand/blob/master/rand_core/CHANGELOG.md#050---2019-06-06" + ] + }, + { + "VulnerabilityID": "RUSTSEC-2019-0035", + "PkgName": "rand_core", + "InstalledVersion": "0.4.0", + "FixedVersion": "\u003e= 0.4.2", + "Layer": { + "DiffID": "sha256:ea6f6933da66090da8bfe233d68f083792a68f944cd2d8f9fbb52da795813a4f" + }, + "PrimaryURL": "https://rustsec.org/advisories/RUSTSEC-2019-0035", + "Title": "Unaligned memory access", + "Description": "Affected versions of this crate violated alignment when casting byte slices to\ninteger slices, resulting in undefined behavior.\n\nThe flaw was corrected by Ralf Jung and Diggory Hardy.", + "Severity": "UNKNOWN", + "References": [ + "https://github.com/rust-random/rand/blob/master/rand_core/CHANGELOG.md#050---2019-06-06" + ] + }, + { + "VulnerabilityID": "RUSTSEC-2018-0018", + "PkgName": "smallvec", + "InstalledVersion": "0.6.9", + "FixedVersion": "\u003e= 0.6.13", + "Layer": { + "DiffID": "sha256:ea6f6933da66090da8bfe233d68f083792a68f944cd2d8f9fbb52da795813a4f" + }, + "PrimaryURL": "https://rustsec.org/advisories/RUSTSEC-2018-0018", + "Title": "smallvec creates uninitialized value of any type", + "Description": "Affected versions of this crate called `mem::uninitialized()` to create values of a user-supplied type `T`.\nThis is unsound e.g. if `T` is a reference type (which must be non-null and thus may not remain uninitialized).\n \nThe flaw was corrected by avoiding the use of `mem::uninitialized()`, using `MaybeUninit` instead.", + "Severity": "UNKNOWN", + "References": [ + "https://github.com/servo/rust-smallvec/issues/126" + ] + }, + { + "VulnerabilityID": "RUSTSEC-2019-0009", + "PkgName": "smallvec", + "InstalledVersion": "0.6.9", + "FixedVersion": "\u003e= 0.6.10", + "Layer": { + "DiffID": "sha256:ea6f6933da66090da8bfe233d68f083792a68f944cd2d8f9fbb52da795813a4f" + }, + "PrimaryURL": "https://rustsec.org/advisories/RUSTSEC-2019-0009", + "Title": "Double-free and use-after-free in SmallVec::grow()", + "Description": "Attempting to call `grow` on a spilled SmallVec with a value equal to the current capacity causes it to free the existing data. This performs a double free immediately and may lead to use-after-free on subsequent accesses to the SmallVec contents.\n\nAn attacker that controls the value passed to `grow` may exploit this flaw to obtain memory contents or gain remote code execution.\n\nCredits to @ehuss for discovering, reporting and fixing the bug.", + "Severity": "UNKNOWN", + "References": [ + "https://github.com/servo/rust-smallvec/issues/148" + ] + }, + { + "VulnerabilityID": "RUSTSEC-2019-0012", + "PkgName": "smallvec", + "InstalledVersion": "0.6.9", + "FixedVersion": "\u003e= 0.6.10", + "Layer": { + "DiffID": "sha256:ea6f6933da66090da8bfe233d68f083792a68f944cd2d8f9fbb52da795813a4f" + }, + "PrimaryURL": "https://rustsec.org/advisories/RUSTSEC-2019-0012", + "Title": "Memory corruption in SmallVec::grow()", + "Description": "Attempting to call `grow` on a spilled SmallVec with a value less than the current capacity causes corruption of memory allocator data structures.\n\nAn attacker that controls the value passed to `grow` may exploit this flaw to obtain memory contents or gain remote code execution.\n\nCredits to @ehuss for discovering, reporting and fixing the bug.", + "Severity": "UNKNOWN", + "References": [ + "https://github.com/servo/rust-smallvec/issues/149" + ] + }, + { + "VulnerabilityID": "RUSTSEC-2018-0017", + "PkgName": "tempdir", + "InstalledVersion": "0.3.7", + "Layer": { + "DiffID": "sha256:ea6f6933da66090da8bfe233d68f083792a68f944cd2d8f9fbb52da795813a4f" + }, + "PrimaryURL": "https://rustsec.org/advisories/RUSTSEC-2018-0017", + "Title": "`tempdir` crate has been deprecated; use `tempfile` instead", + "Description": "The [`tempdir`](https://crates.io/crates/tempdir) crate has been deprecated\nand the functionality is merged into [`tempfile`](https://crates.io/crates/tempfile).", + "Severity": "UNKNOWN", + "References": [ + "https://github.com/rust-lang-deprecated/tempdir/pull/46" + ] + } + ] + } + ] +} \ No newline at end of file diff --git a/integration/testdata/centos-6.json.golden b/integration/testdata/centos-6.json.golden index 919bb2a5b3..40b1b6e527 100644 --- a/integration/testdata/centos-6.json.golden +++ b/integration/testdata/centos-6.json.golden @@ -1,27252 +1,27324 @@ -[ - { - "Target": "testdata/fixtures/images/centos-6.tar.gz (centos 6.10)", - "Class": "os-pkgs", - "Type": "centos", - "Vulnerabilities": [ - { - "VulnerabilityID": "CVE-2015-5186", - "PkgName": "audit-libs", - "InstalledVersion": "2.4.5-6.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5186", - "Title": "Audit: log terminal emulator escape sequences handling", - "Description": "Audit before 2.4.4 in Linux does not sanitize escape characters in filenames.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2015/08/13/9", - "http://www.securityfocus.com/bid/76840", - "https://bugzilla.redhat.com/show_bug.cgi?id=1251621", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5186", - "https://people.redhat.com/sgrubb/audit/ChangeLog" - ], - "PublishedDate": "2017-09-06T21:29:00Z", - "LastModifiedDate": "2017-09-13T11:17:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9924", - "PkgName": "bash", - "InstalledVersion": "4.1.2-48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9924", - "Title": "bash: BASH_CMD is writable in restricted bash shells", - "Description": "rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/bash.git/tree/CHANGES?h=bash-4.4-testing#n65", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00049.html", - "https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1803441", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9924", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00028.html", - "https://lists.gnu.org/archive/html/bug-bash/2017-03/msg00077.html", - "https://security.netapp.com/advisory/ntap-20190411-0001/", - "https://usn.ubuntu.com/usn/usn-4058-1", - "https://usn.ubuntu.com/usn/usn-4058-2" - ], - "PublishedDate": "2019-03-22T08:29:00Z", - "LastModifiedDate": "2019-04-11T22:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-5743", - "PkgName": "bind-libs", - "InstalledVersion": "32:9.8.2-0.68.rc1.el6_10.1", - "FixedVersion": "32:9.8.2-0.68.rc1.el6_10.3", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5743", - "Title": "bind: Limiting simultaneous TCP clients is ineffective", - "Description": "By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.6, 9.12.0 -\u003e 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -\u003e 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -\u003e 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", - "V3Score": 8.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-5743.html", - "http://linux.oracle.com/errata/ELSA-2019-1492.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743", - "https://kb.isc.org/docs/cve-2018-5743", - "https://support.f5.com/csp/article/K74009656?utm_source=f5support\u0026amp;utm_medium=RSS", - "https://usn.ubuntu.com/usn/usn-3956-1", - "https://usn.ubuntu.com/usn/usn-3956-2", - "https://www.synology.com/security/advisory/Synology_SA_19_20" - ], - "PublishedDate": "2019-10-09T16:15:00Z", - "LastModifiedDate": "2019-12-18T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2011-0414", - "PkgName": "bind-libs", - "InstalledVersion": "32:9.8.2-0.68.rc1.el6_10.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-0414", - "Title": "bind: named lockup with IXFR or DDNS update and a high query rate", - "Description": "ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative server, allows remote attackers to cause a denial of service (deadlock and daemon hang) by sending a query at the time of (1) an IXFR transfer or (2) a DDNS update.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", - "V2Score": 7.1 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html", - "http://secunia.com/advisories/43439", - "http://secunia.com/advisories/43443", - "http://www.debian.org/security/2011/dsa-2208", - "http://www.isc.org/software/bind/advisories/cve-2011-0414", - "http://www.kb.cert.org/vuls/id/449980", - "http://www.kb.cert.org/vuls/id/559980", - "http://www.securitytracker.com/id?1025110", - "http://www.ubuntu.com/usn/USN-1070-1", - "http://www.vupen.com/english/advisories/2011/0466", - "http://www.vupen.com/english/advisories/2011/0489", - "https://bugzilla.redhat.com/show_bug.cgi?id=679496", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0414" - ], - "PublishedDate": "2011-02-23T19:00:00Z", - "LastModifiedDate": "2018-10-30T16:26:00Z" - }, - { - "VulnerabilityID": "CVE-2018-5741", - "PkgName": "bind-libs", - "InstalledVersion": "32:9.8.2-0.68.rc1.el6_10.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5741", - "Title": "bind: Incorrect documentation of krb5-subdomain and ms-subdomain update policies", - "Description": "To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-5741.html", - "http://linux.oracle.com/errata/ELSA-2019-2057.html", - "http://www.securityfocus.com/bid/105379", - "http://www.securitytracker.com/id/1041674", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5741", - "https://kb.isc.org/docs/cve-2018-5741", - "https://security.gentoo.org/glsa/201903-13", - "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03927en_us" - ], - "PublishedDate": "2019-01-16T20:29:00Z", - "LastModifiedDate": "2019-07-26T22:15:00Z" - }, - { - "VulnerabilityID": "CVE-2013-5661", - "PkgName": "bind-libs", - "InstalledVersion": "32:9.8.2-0.68.rc1.el6_10.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-5661", - "Title": "DNS response rate limiting can simplify cache poisoning attacks", - "Description": "Cache Poisoning issue exists in DNS Response Rate Limiting.", - "Severity": "LOW", - "CweIDs": [ - "CWE-290" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V2Score": 2.6 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V2Score": 2.6 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5661", - "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5661", - "https://security-tracker.debian.org/tracker/CVE-2013-5661" - ], - "PublishedDate": "2019-11-05T19:15:00Z", - "LastModifiedDate": "2019-11-08T19:04:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6170", - "PkgName": "bind-libs", - "InstalledVersion": "32:9.8.2-0.68.rc1.el6_10.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6170", - "Title": "bind: Improper restriction of zone size limit", - "Description": "ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4, - "V3Score": 6.5 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/07/06/3", - "http://www.securityfocus.com/bid/91611", - "http://www.securitytracker.com/id/1036241", - "https://bugzilla.redhat.com/show_bug.cgi?id=1353563", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6170", - "https://github.com/sischkg/xfer-limit/blob/master/README.md", - "https://kb.isc.org/article/AA-01390", - "https://kb.isc.org/article/AA-01390/0/Operational-Notification%3A-A-party-that-is-allowed-control-over-zone-data-can-overwhelm-a-server-by-transferring-huge-quantities-of-data.html", - "https://kb.isc.org/article/AA-01390/169/CVE-2016-6170", - "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html", - "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015073.html", - "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015075.html", - "https://security.gentoo.org/glsa/201610-07" - ], - "PublishedDate": "2016-07-06T14:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-5745", - "PkgName": "bind-libs", - "InstalledVersion": "32:9.8.2-0.68.rc1.el6_10.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5745", - "Title": "bind: An assertion failure if a trust anchor rolls over to an unsupported key algorithm when using managed-keys", - "Description": "\"managed-keys\" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. Versions affected: BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.5-P1, 9.12.0 -\u003e 9.12.3-P1, and versions 9.9.3-S1 -\u003e 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -\u003e 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745.", - "Severity": "LOW", - "CweIDs": [ - "CWE-327" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", - "V2Score": 3.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 4.9 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-5745.html", - "http://linux.oracle.com/errata/ELSA-2019-3552.html", - "https://access.redhat.com/errata/RHSA-2019:3552", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5745", - "https://kb.isc.org/docs/cve-2018-5745", - "https://usn.ubuntu.com/usn/usn-3893-1", - "https://usn.ubuntu.com/usn/usn-3893-2" - ], - "PublishedDate": "2019-10-09T16:15:00Z", - "LastModifiedDate": "2019-11-06T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-6465", - "PkgName": "bind-libs", - "InstalledVersion": "32:9.8.2-0.68.rc1.el6_10.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-6465", - "Title": "bind: Controls for zone transfers may not be properly applied to DLZs if the zones are writable", - "Description": "Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.5-P2, 9.12.0 -\u003e 9.12.3-P2, and versions 9.9.3-S1 -\u003e 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -\u003e 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465.", - "Severity": "LOW", - "CweIDs": [ - "CWE-732" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 3.7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-6465.html", - "http://linux.oracle.com/errata/ELSA-2019-3552.html", - "https://access.redhat.com/errata/RHSA-2019:3552", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6465", - "https://kb.isc.org/docs/cve-2019-6465", - "https://usn.ubuntu.com/usn/usn-3893-1", - "https://usn.ubuntu.com/usn/usn-3893-2" - ], - "PublishedDate": "2019-10-09T16:15:00Z", - "LastModifiedDate": "2019-12-16T16:57:00Z" - }, - { - "VulnerabilityID": "CVE-2018-5743", - "PkgName": "bind-utils", - "InstalledVersion": "32:9.8.2-0.68.rc1.el6_10.1", - "FixedVersion": "32:9.8.2-0.68.rc1.el6_10.3", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5743", - "Title": "bind: Limiting simultaneous TCP clients is ineffective", - "Description": "By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.6, 9.12.0 -\u003e 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -\u003e 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -\u003e 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", - "V3Score": 8.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-5743.html", - "http://linux.oracle.com/errata/ELSA-2019-1492.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743", - "https://kb.isc.org/docs/cve-2018-5743", - "https://support.f5.com/csp/article/K74009656?utm_source=f5support\u0026amp;utm_medium=RSS", - "https://usn.ubuntu.com/usn/usn-3956-1", - "https://usn.ubuntu.com/usn/usn-3956-2", - "https://www.synology.com/security/advisory/Synology_SA_19_20" - ], - "PublishedDate": "2019-10-09T16:15:00Z", - "LastModifiedDate": "2019-12-18T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2011-0414", - "PkgName": "bind-utils", - "InstalledVersion": "32:9.8.2-0.68.rc1.el6_10.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-0414", - "Title": "bind: named lockup with IXFR or DDNS update and a high query rate", - "Description": "ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative server, allows remote attackers to cause a denial of service (deadlock and daemon hang) by sending a query at the time of (1) an IXFR transfer or (2) a DDNS update.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", - "V2Score": 7.1 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html", - "http://secunia.com/advisories/43439", - "http://secunia.com/advisories/43443", - "http://www.debian.org/security/2011/dsa-2208", - "http://www.isc.org/software/bind/advisories/cve-2011-0414", - "http://www.kb.cert.org/vuls/id/449980", - "http://www.kb.cert.org/vuls/id/559980", - "http://www.securitytracker.com/id?1025110", - "http://www.ubuntu.com/usn/USN-1070-1", - "http://www.vupen.com/english/advisories/2011/0466", - "http://www.vupen.com/english/advisories/2011/0489", - "https://bugzilla.redhat.com/show_bug.cgi?id=679496", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0414" - ], - "PublishedDate": "2011-02-23T19:00:00Z", - "LastModifiedDate": "2018-10-30T16:26:00Z" - }, - { - "VulnerabilityID": "CVE-2018-5741", - "PkgName": "bind-utils", - "InstalledVersion": "32:9.8.2-0.68.rc1.el6_10.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5741", - "Title": "bind: Incorrect documentation of krb5-subdomain and ms-subdomain update policies", - "Description": "To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-5741.html", - "http://linux.oracle.com/errata/ELSA-2019-2057.html", - "http://www.securityfocus.com/bid/105379", - "http://www.securitytracker.com/id/1041674", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5741", - "https://kb.isc.org/docs/cve-2018-5741", - "https://security.gentoo.org/glsa/201903-13", - "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03927en_us" - ], - "PublishedDate": "2019-01-16T20:29:00Z", - "LastModifiedDate": "2019-07-26T22:15:00Z" - }, - { - "VulnerabilityID": "CVE-2013-5661", - "PkgName": "bind-utils", - "InstalledVersion": "32:9.8.2-0.68.rc1.el6_10.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-5661", - "Title": "DNS response rate limiting can simplify cache poisoning attacks", - "Description": "Cache Poisoning issue exists in DNS Response Rate Limiting.", - "Severity": "LOW", - "CweIDs": [ - "CWE-290" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V2Score": 2.6 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V2Score": 2.6 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5661", - "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5661", - "https://security-tracker.debian.org/tracker/CVE-2013-5661" - ], - "PublishedDate": "2019-11-05T19:15:00Z", - "LastModifiedDate": "2019-11-08T19:04:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6170", - "PkgName": "bind-utils", - "InstalledVersion": "32:9.8.2-0.68.rc1.el6_10.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6170", - "Title": "bind: Improper restriction of zone size limit", - "Description": "ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4, - "V3Score": 6.5 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/07/06/3", - "http://www.securityfocus.com/bid/91611", - "http://www.securitytracker.com/id/1036241", - "https://bugzilla.redhat.com/show_bug.cgi?id=1353563", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6170", - "https://github.com/sischkg/xfer-limit/blob/master/README.md", - "https://kb.isc.org/article/AA-01390", - "https://kb.isc.org/article/AA-01390/0/Operational-Notification%3A-A-party-that-is-allowed-control-over-zone-data-can-overwhelm-a-server-by-transferring-huge-quantities-of-data.html", - "https://kb.isc.org/article/AA-01390/169/CVE-2016-6170", - "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html", - "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015073.html", - "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015075.html", - "https://security.gentoo.org/glsa/201610-07" - ], - "PublishedDate": "2016-07-06T14:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-5745", - "PkgName": "bind-utils", - "InstalledVersion": "32:9.8.2-0.68.rc1.el6_10.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5745", - "Title": "bind: An assertion failure if a trust anchor rolls over to an unsupported key algorithm when using managed-keys", - "Description": "\"managed-keys\" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. Versions affected: BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.5-P1, 9.12.0 -\u003e 9.12.3-P1, and versions 9.9.3-S1 -\u003e 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -\u003e 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745.", - "Severity": "LOW", - "CweIDs": [ - "CWE-327" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", - "V2Score": 3.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 4.9 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-5745.html", - "http://linux.oracle.com/errata/ELSA-2019-3552.html", - "https://access.redhat.com/errata/RHSA-2019:3552", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5745", - "https://kb.isc.org/docs/cve-2018-5745", - "https://usn.ubuntu.com/usn/usn-3893-1", - "https://usn.ubuntu.com/usn/usn-3893-2" - ], - "PublishedDate": "2019-10-09T16:15:00Z", - "LastModifiedDate": "2019-11-06T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-6465", - "PkgName": "bind-utils", - "InstalledVersion": "32:9.8.2-0.68.rc1.el6_10.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-6465", - "Title": "bind: Controls for zone transfers may not be properly applied to DLZs if the zones are writable", - "Description": "Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.5-P2, 9.12.0 -\u003e 9.12.3-P2, and versions 9.9.3-S1 -\u003e 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -\u003e 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465.", - "Severity": "LOW", - "CweIDs": [ - "CWE-732" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 3.7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-6465.html", - "http://linux.oracle.com/errata/ELSA-2019-3552.html", - "https://access.redhat.com/errata/RHSA-2019:3552", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6465", - "https://kb.isc.org/docs/cve-2019-6465", - "https://usn.ubuntu.com/usn/usn-3893-1", - "https://usn.ubuntu.com/usn/usn-3893-2" - ], - "PublishedDate": "2019-10-09T16:15:00Z", - "LastModifiedDate": "2019-12-16T16:57:00Z" - }, - { - "VulnerabilityID": "CVE-2012-3509", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2012-3509", - "Title": "libiberty: integer overflow, leading to heap-buffer overflow by processing certain file headers via bfd binary", - "Description": "Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the \"addition of CHUNK_HEADER_SIZE to the length,\" which triggers a heap-based buffer overflow.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-189" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - } - }, - "References": [ - "http://gcc.gnu.org/bugzilla/show_bug.cgi?id=54411", - "http://gcc.gnu.org/ml/gcc-patches/2012-08/msg01986.html", - "http://security-tracker.debian.org/tracker/CVE-2012-3509", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:029", - "http://www.openwall.com/lists/oss-security/2012/08/29/3", - "http://www.securityfocus.com/bid/55281", - "http://www.ubuntu.com/usn/USN-2496-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3509", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/78135", - "https://usn.ubuntu.com/usn/usn-2496-1" - ], - "PublishedDate": "2012-09-05T23:55:00Z", - "LastModifiedDate": "2017-08-29T01:31:00Z" - }, - { - "VulnerabilityID": "CVE-2014-8484", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-8484", - "Title": "binutils: invalid read flaw in libbfd", - "Description": "The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a small S-record.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2014-8484.html", - "http://linux.oracle.com/errata/ELSA-2015-2079.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145328.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145742.html", - "http://openwall.com/lists/oss-security/2014/10/23/4", - "http://openwall.com/lists/oss-security/2014/10/23/5", - "http://openwall.com/lists/oss-security/2014/10/26/2", - "http://secunia.com/advisories/62241", - "http://secunia.com/advisories/62746", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:029", - "http://www.openwall.com/lists/oss-security/2014/10/26", - "http://www.openwall.com/lists/oss-security/2014/10/26/2", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "http://www.securityfocus.com/bid/70714", - "http://www.ubuntu.com/usn/USN-2496-1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1156272", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8484", - "https://security.gentoo.org/glsa/201612-24", - "https://sourceware.org/bugzilla/show_bug.cgi?id=17509", - "https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=bd25671c6f202c4a5108883caa2adb24ff6f361f", - "https://usn.ubuntu.com/usn/usn-2496-1" - ], - "PublishedDate": "2014-12-09T23:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-8485", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-8485", - "Title": "binutils: lack of range checking leading to controlled write in _bfd_elf_setup_sections()", - "Description": "The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-94" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - } - }, - "References": [ - "http://lcamtuf.blogspot.co.uk/2014/10/psa-dont-run-strings-on-untrusted-files.html", - "http://lcamtuf.blogspot.com.au/2014/10/psa-dont-run-strings-on-untrusted-files.html", - "http://linux.oracle.com/cve/CVE-2014-8485.html", - "http://linux.oracle.com/errata/ELSA-2015-2079.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145328.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145742.html", - "http://secunia.com/advisories/62241", - "http://secunia.com/advisories/62746", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:029", - "http://www.openwall.com/lists/oss-security/2014/10/26", - "http://www.openwall.com/lists/oss-security/2014/10/26/2", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "http://www.securityfocus.com/bid/70741", - "http://www.ubuntu.com/usn/USN-2496-1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1157276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8485", - "https://security.gentoo.org/glsa/201612-24", - "https://sourceware.org/bugzilla/show_bug.cgi?id=17510", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=493a33860c71cac998f1a56d6d87d6faa801fbaa", - "https://usn.ubuntu.com/usn/usn-2496-1" - ], - "PublishedDate": "2014-12-09T23:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-8737", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-8737", - "Title": "binutils: directory traversal vulnerability", - "Description": "Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-22" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P", - "V2Score": 3.6 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", - "V2Score": 2.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2014-8737.html", - "http://linux.oracle.com/errata/ELSA-2015-2079.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145256.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145352.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145746.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148427.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148438.html", - "http://secunia.com/advisories/62241", - "http://secunia.com/advisories/62746", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:029", - "http://www.openwall.com/lists/oss-security/2014/11/13/1", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "http://www.securityfocus.com/bid/70908", - "http://www.ubuntu.com/usn/USN-2496-1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1162655", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8737", - "https://security.gentoo.org/glsa/201612-24", - "https://sourceware.org/bugzilla/show_bug.cgi?id=17533", - "https://sourceware.org/bugzilla/show_bug.cgi?id=17552", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dd9b91de2149ee81d47f708e7b0bbf57da10ad42", - "https://usn.ubuntu.com/usn/usn-2496-1" - ], - "PublishedDate": "2014-12-09T23:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-6965", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6965", - "Title": "binutils: Heap-based buffer overflow in target_specific_reloc_handling in readelf", - "Description": "readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6965", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21137" - ], - "PublishedDate": "2017-03-17T09:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-6966", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6966", - "Title": "binutils: Use-after-free in target_specific_reloc_handling in readelf", - "Description": "readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6966", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21139" - ], - "PublishedDate": "2017-03-17T09:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1000876", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000876", - "Title": "binutils: integer overflow leads to heap-based buffer overflow in objdump", - "Description": "binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-1000876.html", - "http://linux.oracle.com/errata/ELSA-2019-2075.html", - "http://www.securityfocus.com/bid/106304", - "https://access.redhat.com/errata/RHSA-2019:2075", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000876", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23994", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3a551c7a1b80fca579461774860574eabfd7f18f" - ], - "PublishedDate": "2018-12-20T17:29:00Z", - "LastModifiedDate": "2019-08-06T15:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20673", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20673", - "Title": "libiberty: Integer overflow in demangle_template() function", - "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106454", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24039" - ], - "PublishedDate": "2019-01-04T18:29:00Z", - "LastModifiedDate": "2019-01-15T14:36:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9077", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9077", - "Title": "binutils: heap-based buffer overflow in function process_mips_specific in readelf.c", - "Description": "An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107139", - "https://security.netapp.com/advisory/ntap-20190314-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24243", - "https://support.f5.com/csp/article/K00056379" - ], - "PublishedDate": "2019-02-24T00:29:00Z", - "LastModifiedDate": "2019-05-24T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-8501", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-8501", - "Title": "binutils: out-of-bounds write when parsing specially crafted PE executable", - "Description": "The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2014-8501.html", - "http://linux.oracle.com/errata/ELSA-2015-2079.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145328.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145742.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148427.html", - "http://secunia.com/advisories/62241", - "http://secunia.com/advisories/62746", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:029", - "http://www.openwall.com/lists/oss-security/2014/10/26/3", - "http://www.openwall.com/lists/oss-security/2014/10/31", - "http://www.openwall.com/lists/oss-security/2014/10/31/1", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "http://www.securityfocus.com/bid/70866", - "http://www.ubuntu.com/usn/USN-2496-1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1162570", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8501", - "https://security.gentoo.org/glsa/201612-24", - "https://sourceware.org/bugzilla/show_bug.cgi?id=17512", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e1e19887abd24aeb15066b141cdff5541e0ec8e", - "https://usn.ubuntu.com/usn/usn-2496-1", - "https://usn.ubuntu.com/usn/usn-3367-1" - ], - "PublishedDate": "2014-12-09T23:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-8502", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-8502", - "Title": "binutils: heap overflow in objdump when parsing a crafted ELF/PE binary file (incomplete fix for CVE-2014-8485)", - "Description": "Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2014-8502.html", - "http://linux.oracle.com/errata/ELSA-2015-2079.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145328.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145742.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148427.html", - "http://secunia.com/advisories/62241", - "http://secunia.com/advisories/62746", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:029", - "http://www.openwall.com/lists/oss-security/2014/10/31", - "http://www.openwall.com/lists/oss-security/2014/10/31/1", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "http://www.securityfocus.com/bid/70869", - "http://www.ubuntu.com/usn/USN-2496-1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1162594", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8502", - "https://security.gentoo.org/glsa/201612-24", - "https://sourceware.org/bugzilla/show_bug.cgi?id=17512", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5a4b0ccc20ba30caef53b01bee2c0aaa5b855339", - "https://usn.ubuntu.com/usn/usn-2496-1" - ], - "PublishedDate": "2014-12-09T23:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-8503", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-8503", - "Title": "binutils: stack overflow in objdump when parsing specially crafted ihex file", - "Description": "Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted ihex file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2014-8503.html", - "http://linux.oracle.com/errata/ELSA-2015-2079.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145328.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145742.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148427.html", - "http://secunia.com/advisories/62241", - "http://secunia.com/advisories/62746", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:029", - "http://www.openwall.com/lists/oss-security/2014/10/31", - "http://www.openwall.com/lists/oss-security/2014/10/31/1", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "http://www.securityfocus.com/bid/70868", - "http://www.ubuntu.com/usn/USN-2496-1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1162607", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8503", - "https://security.gentoo.org/glsa/201612-24", - "https://sourceware.org/bugzilla/show_bug.cgi?id=17512", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=0102ea8cec5fc509bba6c91df61b7ce23a799d32", - "https://usn.ubuntu.com/usn/usn-2496-1" - ], - "PublishedDate": "2014-12-09T23:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-8504", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-8504", - "Title": "binutils: stack overflow in the SREC parser", - "Description": "Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 1.2 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2014-8504.html", - "http://linux.oracle.com/errata/ELSA-2015-2079.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145328.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145742.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148427.html", - "http://openwall.com/lists/oss-security/2014/10/27/4", - "http://openwall.com/lists/oss-security/2014/10/27/5", - "http://secunia.com/advisories/62241", - "http://secunia.com/advisories/62746", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:029", - "http://www.openwall.com/lists/oss-security/2014/10/27/4", - "http://www.openwall.com/lists/oss-security/2014/10/27/5", - "http://www.openwall.com/lists/oss-security/2014/10/31", - "http://www.openwall.com/lists/oss-security/2014/10/31/1", - "http://www.securityfocus.com/bid/70761", - "http://www.ubuntu.com/usn/USN-2496-1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1162621", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8504", - "https://security.gentoo.org/glsa/201612-24", - "https://sourceware.org/bugzilla/show_bug.cgi?id=17510", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=708d7d0d11f0f2d776171979aa3479e8e12a38a0", - "https://usn.ubuntu.com/usn/usn-2496-1" - ], - "PublishedDate": "2014-12-09T23:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-8738", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-8738", - "Title": "binutils: out of bounds memory write", - "Description": "The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2014-8738.html", - "http://linux.oracle.com/errata/ELSA-2015-2079.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148427.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148438.html", - "http://secunia.com/advisories/62241", - "http://secunia.com/advisories/62746", - "http://www.debian.org/security/2015/dsa-3123", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:029", - "http://www.openwall.com/lists/oss-security/2014/11/02/4", - "http://www.openwall.com/lists/oss-security/2014/11/05/7", - "http://www.openwall.com/lists/oss-security/2014/11/13/2", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "http://www.securityfocus.com/bid/71083", - "http://www.ubuntu.com/usn/USN-2496-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8738", - "https://security.gentoo.org/glsa/201612-24", - "https://sourceware.org/bugzilla/show_bug.cgi?id=17533", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bb0d867169d7e9743d229804106a8fbcab7f3b3f", - "https://usn.ubuntu.com/usn/usn-2496-1" - ], - "PublishedDate": "2015-01-15T15:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9939", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9939", - "Title": "binutils: buffer overflow in ihex.c", - "Description": "ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 1.2 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2015/07/31/6", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9939", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18750", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e27a9d5f22f9f7ead11738b1546d0b5c737266b", - "https://usn.ubuntu.com/usn/usn-3367-1" - ], - "PublishedDate": "2017-03-21T06:59:00Z", - "LastModifiedDate": "2017-03-22T19:12:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8538", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8538", - "Title": "libdwarf: Out-of-bounds read in dwarf_leb.c", - "Description": "dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV).", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", - "V2Score": 1.7 - } - }, - "References": [ - "http://sourceforge.net/p/libdwarf/code/ci/da724a0bc5eec8e9ec0b0cb0c238a80e34466459/", - "http://www.openwall.com/lists/oss-security/2015/12/09/2", - "http://www.openwall.com/lists/oss-security/2015/12/10/3", - "https://bugzilla.redhat.com/show_bug.cgi?id=1289385", - "https://bugzilla.redhat.com/show_bug.cgi?id=1291299", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8538" - ], - "PublishedDate": "2017-06-07T20:29:00Z", - "LastModifiedDate": "2017-06-14T18:17:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2226", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2226", - "Title": "gcc: Exploitable buffer overflow", - "Description": "Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190", - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V2Score": 6.8, - "V3Score": 3.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90103", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1", - "https://www.exploit-db.com/exploits/42386/" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-08-12T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4487", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4487", - "Title": "gcc: Invalid write due to a use-after-free to array btypevec", - "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"btypevec.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90025", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", - "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4488", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4488", - "Title": "gcc: Invalid write due to a use-after-free to array ktypevec", - "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"ktypevec.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 5.1, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90025", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", - "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4489", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4489", - "Title": "gcc: Invalid write due to integer overflow", - "Description": "Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the \"demangling of virtual tables.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90017", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4490", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4490", - "Title": "gcc: Write access violation", - "Description": "Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90019", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4491", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4491", - "Title": "gcc: Stack overflow due to infinite recursion in d_print_comp", - "Description": "The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90016", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4492", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4492", - "Title": "gcc: Read access violations", - "Description": "Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 4.4 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90014", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4493", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4493", - "Title": "gcc: Read access violations", - "Description": "The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90014", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12449", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12449", - "Title": "binutils: out of bounds heap read in _bfd_vms_save_sized_string function", - "Description": "The _bfd_vms_save_sized_string function in vms-misc.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12449", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21840" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2017-08-07T18:39:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12451", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12451", - "Title": "binutils: out of bounds stack read in _bfd_xcoff_read_ar_hdr function", - "Description": "The _bfd_xcoff_read_ar_hdr function in bfd/coff-rs6000.c and bfd/coff64-rs6000.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds stack read via a crafted COFF image file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12451", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21786" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2017-08-07T18:37:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12452", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12452", - "Title": "binutils: out of bounds heap read in bfd_mach_o_i386_canonicalize_one_reloc function", - "Description": "The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted mach-o file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12452", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21813" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2017-08-07T18:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12453", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12453", - "Title": "binutils: out of bounds heap read in __bfd_vms_slurp_eeom function", - "Description": "The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12453", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21813" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2017-08-07T18:35:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12454", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12454", - "Title": "binutils: Arbitrary memory read in _bfd_vms_slurp_egs function", - "Description": "The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an arbitrary memory read via a crafted vms alpha file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12454", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21813" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2017-08-07T13:05:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12455", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12455", - "Title": "binutils: out of bounds heap read in evax_bfd_print_emh function", - "Description": "The evax_bfd_print_emh function in vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12455", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21840" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2017-08-07T13:05:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12456", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12456", - "Title": "binutils: out of bounds heap read in read_symbol_stabs_debugging_inf function", - "Description": "The read_symbol_stabs_debugging_info function in rddbg.c in GNU Binutils 2.29 and earlier allows remote attackers to cause an out of bounds heap read via a crafted binary file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12456", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21813" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12457", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12457", - "Title": "binutils: NULL pointer dereference in bfd_make_section_with_flags function", - "Description": "The bfd_make_section_with_flags function in section.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a NULL dereference via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12457", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21840" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2017-08-07T13:20:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12458", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12458", - "Title": "binutils: out of bounds heap read in nlm_swap_auxiliary_headers_in function", - "Description": "The nlm_swap_auxiliary_headers_in function in bfd/nlmcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted nlm file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12458", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21840" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2017-08-07T14:23:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12799", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12799", - "Title": "binutils: Heap-based 1 byte buffer over-write in elf_read_notes function in bfd/elf.c", - "Description": "The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100292", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12799", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21933" - ], - "PublishedDate": "2017-08-10T18:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12967", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12967", - "Title": "binutils: Stack-based buffer over-read in getsym function in tekhex.c", - "Description": "The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100462", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12967", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21962" - ], - "PublishedDate": "2017-08-19T16:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13710", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13710", - "Title": "binutils: NULL pointer dereference in the setup_group function", - "Description": "The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a group section that is too small.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100499", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13710", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0c54f69295208331faab9bc5e995111a35672f9b", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d6f8dea6798528de0fc762409595251eeeb1f547" - ], - "PublishedDate": "2017-08-27T16:29:00Z", - "LastModifiedDate": "2017-08-30T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13716", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13716", - "Title": "binutils: Memory leak with the C++ symbol demangler routine in libiberty", - "Description": "The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).", - "Severity": "LOW", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 7.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13716", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22009" - ], - "PublishedDate": "2017-08-28T21:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13757", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13757", - "Title": "binutils: heap-based buffer over-read in elf_i386_get_synthetic_symtab in elf32-i386.c and elf_x86_64_get_synthetic_symtab in elf64-x86-64.c", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the PLT section size, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to elf_i386_get_synthetic_symtab in elf32-i386.c and elf_x86_64_get_synthetic_symtab in elf64-x86-64.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100532", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13757", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22018", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=90efb6422939ca031804266fba669f77c22a274a" - ], - "PublishedDate": "2017-08-29T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14128", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14128", - "Title": "binutils: Heap-based buffer over-read in the decode_line_info function", - "Description": "The decode_line_info function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (read_1_byte heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100623", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14128", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22059", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e8b60085eb3e6f2c41bc0c00c0d759fa7f72780" - ], - "PublishedDate": "2017-09-04T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14129", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14129", - "Title": "binutils: Heap-based buffer over-read in the read_section function", - "Description": "The read_section function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (parse_comp_unit heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100624", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14129", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22047", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e4f2723003859dc6b33ca0dadbc4a7659ebf1643" - ], - "PublishedDate": "2017-09-04T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14130", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14130", - "Title": "binutils: Heap-based buffer over-read in the _bfd_elf_parse_attributes function", - "Description": "The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (_bfd_elf_attr_strdup heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100625", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14130", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22058", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=2a143b99fc4a5094a9cf128f3184d8e6818c8229" - ], - "PublishedDate": "2017-09-04T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14529", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14529", - "Title": "binutils: heap-based buffer over-read in bfd_getl16 function in peXXigen.c", - "Description": "The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PE file, related to the bfd_getl16 function.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14529", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22113", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4d465c689a8fb27212ef358d0aee89d60dee69a6", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dcaaca89e8618eba35193c27afcb1cfa54f74582" - ], - "PublishedDate": "2017-09-18T00:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14729", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14729", - "Title": "binutils: Heap buffer overflow in the *_get_synthetic_symtab functions", - "Description": "The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/09/25/binutils-heap-based-buffer-overflow-in-_bfd_x86_elf_get_synthetic_symtab-elfxx-x86-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14729", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22170", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=56933f9e3e90eebf1018ed7417d6c1184b91db6b", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=61e3bf5f83f7e505b6bc51ef65426e5b31e6e360" - ], - "PublishedDate": "2017-09-25T16:29:00Z", - "LastModifiedDate": "2017-09-28T16:51:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14745", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14745", - "Title": "binutils: Integer overflow in the *_get_synthetic_symtab functions", - "Description": "The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, interpret a -1 value as a sorting count instead of an error flag, which allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14745", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22148" - ], - "PublishedDate": "2017-09-26T16:29:00Z", - "LastModifiedDate": "2017-09-29T18:37:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14930", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14930", - "Title": "binutils: Memory leak in decode_line_info", - "Description": "Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 7.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14930", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22191" - ], - "PublishedDate": "2017-09-30T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14932", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14932", - "Title": "binutils: Infinite loop in the decode_line_info", - "Description": "decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14932", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22204", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e338894dc2e603683bed2172e8e9f25b29051005" - ], - "PublishedDate": "2017-09-30T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14933", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14933", - "Title": "binutils: Infinite loop in read_formatted_entries", - "Description": "read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101203", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14933", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22210", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=30d0157a2ad64e64e5ff9fcc0dbe78a3e682f573", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=33e0a9a056bd23e923b929a4f2ab049ade0b1c32" - ], - "PublishedDate": "2017-09-30T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14934", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14934", - "Title": "binutils: Infinite loop in process_debug_info", - "Description": "process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-131", - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101204", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14934", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22219", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=19485196044b2521af979f1e5c4a89bfb90fba0b" - ], - "PublishedDate": "2017-09-30T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14938", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14938", - "Title": "binutils: Excessive memory allocation in _bfd_elf_slurp_version_tables", - "Description": "_bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101212", - "https://blogs.gentoo.org/ago/2017/09/26/binutils-memory-allocation-failure-in-_bfd_elf_slurp_version_tables-elf-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14938", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22166", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bd61e135492ecf624880e6b78e5fcde3c9716df6" - ], - "PublishedDate": "2017-09-30T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14939", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14939", - "Title": "binutils: Heap-based buffer over-read in the decode_line_info", - "Description": "decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to read_1_byte.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101216", - "https://blogs.gentoo.org/ago/2017/09/26/binutils-heap-based-buffer-overflow-in-read_1_byte-dwarf2-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14939", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22169", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=515f23e63c0074ab531bc954f84ca40c6281a724", - "https://www.exploit-db.com/exploits/42970/" - ], - "PublishedDate": "2017-09-30T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14940", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14940", - "Title": "binutils: NULL pointer dereference in the scan_unit_for_symbols", - "Description": "scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/09/26/binutils-null-pointer-dereference-in-scan_unit_for_symbols-dwarf2-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14940", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22166", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0d76029f92182c3682d8be2c833d45bc9a2068fe" - ], - "PublishedDate": "2017-09-30T01:29:00Z", - "LastModifiedDate": "2017-10-03T17:37:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14974", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14974", - "Title": "binutils: NULL pointer dereference in the *_get_synthetic_symtab functions", - "Description": "The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14974", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22163", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e70c19e3a4c26e9c1ebf0c9170d105039b56d7cf" - ], - "PublishedDate": "2017-10-02T01:29:00Z", - "LastModifiedDate": "2017-10-05T16:23:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15020", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15020", - "Title": "binutils: Heap-based buffer overflow in parse_die", - "Description": "dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles pointers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file, related to parse_die and parse_line_table, as demonstrated by a parse_die heap-based buffer over-read.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-parse_die-dwarf1-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15020", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22202", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1da5c9a485f3dcac4c45e96ef4b7dae5948314b5" - ], - "PublishedDate": "2017-10-05T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15021", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15021", - "Title": "binutils: Heap-based buffer over-read in bfd_get_debug_link_info_1", - "Description": "bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to bfd_getl32.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-bfd_getl32-opncls-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15021", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22197", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=52b36c51e5bf6d7600fdc6ba115b170b0e78e31d" - ], - "PublishedDate": "2017-10-05T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15022", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15022", - "Title": "binutils: NULL pointer dereference in dwarf2.c", - "Description": "dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of service (bfd_hash_hash NULL pointer dereference, or out-of-bounds access, and application crash) via a crafted ELF file, related to scan_unit_for_symbols and parse_comp_unit.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-bfd_hash_hash-hash-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15022", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22201", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=11855d8a1f11b102a702ab76e95b22082cccf2f8" - ], - "PublishedDate": "2017-10-05T01:29:00Z", - "LastModifiedDate": "2017-10-11T17:37:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15023", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15023", - "Title": "binutils: NULL pointer dereference in read_formatted_entries", - "Description": "read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101611", - "https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15023", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22200", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c361faae8d964db951b7100cada4dcdc983df1bf" - ], - "PublishedDate": "2017-10-05T01:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15024", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15024", - "Title": "binutils: Infinite recursion in find_abstract_instance_name", - "Description": "find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/10/03/binutils-infinite-loop-in-find_abstract_instance_name-dwarf2-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15024", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22187", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=52a93b95ec0771c97e26f0bb28630a271a667bd2" - ], - "PublishedDate": "2017-10-05T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15025", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15025", - "Title": "binutils: Divide-by-zero in decode_line_info", - "Description": "decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-369" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/10/03/binutils-divide-by-zero-in-decode_line_info-dwarf2-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15025", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22186", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d8010d3e75ec7194a4703774090b27486b742d48" - ], - "PublishedDate": "2017-10-05T01:29:00Z", - "LastModifiedDate": "2017-10-11T17:38:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15225", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15225", - "Title": "binutils: Memory leak in _bfd_dwarf2_cleanup_debug_info", - "Description": "_bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15225", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22212", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b55ec8b676ed05d93ee49d6c79ae0403616c4fb0" - ], - "PublishedDate": "2017-10-10T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15938", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15938", - "Title": "binutils: Invalid memory read in find_abstract_instance_name", - "Description": "dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash).", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101610", - "https://blogs.gentoo.org/ago/2017/10/24/binutils-invalid-memory-read-in-find_abstract_instance_name-dwarf2-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15938", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22209", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1b86808a86077722ee4f42ff97f836b12420bb2a" - ], - "PublishedDate": "2017-10-27T21:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15939", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15939", - "Title": "binutils: NULL pointer dereference in the concat_filename", - "Description": "dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. NOTE: this issue is caused by an incomplete fix for CVE-2017-15023.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101613", - "https://blogs.gentoo.org/ago/2017/10/24/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c-incomplete-fix-for-cve-2017-15023/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15939", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22205", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a54018b72d75abf2e74bf36016702da06399c1d9" - ], - "PublishedDate": "2017-10-27T21:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15996", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15996", - "Title": "binutils: Excessive memory allocation in elfcomm.c", - "Description": "elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a \"buffer overflow on fuzzed archive header,\" related to an uninitialized variable, an improper conditional jump, and the get_archive_member_name, process_archive_index_and_symbols, and setup_archive functions.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101608", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15996", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22361", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d91f0b20e561e326ee91a09a76206257bde8438b" - ], - "PublishedDate": "2017-10-29T17:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16826", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16826", - "Title": "binutils: Invalid memory access in the coff_slurp_line_table function", - "Description": "The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16826", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22376", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a67d66eb97e7613a38ffe6622d837303b3ecd31d" - ], - "PublishedDate": "2017-11-15T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16827", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16827", - "Title": "binutils: Invalid free in the aout_get_external_symbols function", - "Description": "The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16827", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22306", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0301ce1486b1450f219202677f30d0fa97335419" - ], - "PublishedDate": "2017-11-15T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16828", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16828", - "Title": "binutils: Integer overflow in the display_debug_frames function", - "Description": "The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file, related to print_debug_frame.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16828", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22386", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bf59c5d5f4f5b8b4da1f5f605cfa546f8029b43d" - ], - "PublishedDate": "2017-11-15T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16829", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16829", - "Title": "binutils: Out-of-bounds read in the _bfd_elf_parse_gnu_properties function", - "Description": "The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16829", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22307", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cf54ebff3b7361989712fd9c0128a9b255578163" - ], - "PublishedDate": "2017-11-15T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16830", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16830", - "Title": "binutils: Segmentation fault in the print_gnu_property_note function", - "Description": "The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101941", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16830", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22384", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6ab2c4ed51f9c4243691755e1b1d2149c6a426f4" - ], - "PublishedDate": "2017-11-15T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16831", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16831", - "Title": "binutils: Integer overflow in coffgen.c", - "Description": "coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16831", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22385", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6cee897971d4d7cd37d2a686bb6d2aa3e759c8ca" - ], - "PublishedDate": "2017-11-15T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16832", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16832", - "Title": "binutils: Segmentation fault in the pe_bfd_read_buildid function", - "Description": "The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16832", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22373", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0bb6961f18b8e832d88b490d421ca56cea16c45b" - ], - "PublishedDate": "2017-11-15T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17080", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17080", - "Title": "binutils: Heap-based buffer over-read in bfd_getl32", - "Description": "elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate sizes of core notes, which allows remote attackers to cause a denial of service (bfd_getl32 heap-based buffer over-read and application crash) via a crafted object file, related to elfcore_grok_netbsd_procinfo, elfcore_grok_openbsd_procinfo, and elfcore_grok_nto_status.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17080", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22421" - ], - "PublishedDate": "2017-11-30T21:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17121", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17121", - "Title": "binutils: Memory access violation via a crafted COFF binary", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location after the end of the to-be-relocated section.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17121", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22506", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b23dc97fe237a1d9e850d7cbeee066183a00630b" - ], - "PublishedDate": "2017-12-04T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17122", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17122", - "Title": "binutils: Excessive memory allocation in the dump_relocs_in_section function", - "Description": "The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to cause a denial of service (excessive memory allocation, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PE file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17122", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22508", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d785b7d4b877ed465d04072e17ca19d0f47d840f" - ], - "PublishedDate": "2017-12-04T08:29:00Z", - "LastModifiedDate": "2019-03-14T02:32:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17123", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17123", - "Title": "binutils: NULL pointer dereference in the coff_slurp_reloc_table function", - "Description": "The coff_slurp_reloc_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted COFF based file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17123", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22509", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4581a1c7d304ce14e714b27522ebf3d0188d6543" - ], - "PublishedDate": "2017-12-04T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17124", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17124", - "Title": "binutils: Heap buffer overflow in the _bfd_coff_read_string_table function", - "Description": "The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not properly validate the size of the external string table, which allows remote attackers to cause a denial of service (excessive memory consumption, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted COFF binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17124", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22507", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b0029dce6867de1a2828293177b0e030d2f0f03c" - ], - "PublishedDate": "2017-12-04T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17125", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17125", - "Title": "binutils: Buffer over-read in the _bfd_elf_get_symbol_version_string function", - "Description": "nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global symbols, which allows remote attackers to cause a denial of service (_bfd_elf_get_symbol_version_string buffer over-read and application crash) or possibly have unspecified other impact via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17125", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22443", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=160b1a618ad94988410dc81fce9189fcda5b7ff4" - ], - "PublishedDate": "2017-12-04T08:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17126", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17126", - "Title": "binutils: Invalid memory access in the load_debug_section function", - "Description": "The load_debug_section function in readelf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via an ELF file that lacks section headers.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17126", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22510", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f425ec6600b69e39eb605f3128806ff688137ea8" - ], - "PublishedDate": "2017-12-04T08:29:00Z", - "LastModifiedDate": "2019-03-13T19:31:00Z" - }, - { - "VulnerabilityID": "CVE-2017-6969", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6969", - "Title": "binutils: Heap-based buffer over-read in readelf when processing corrupt RL78 binaries", - "Description": "readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "V3Score": 4.4 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/03/16/8", - "http://www.securityfocus.com/bid/97065", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6969", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21156" - ], - "PublishedDate": "2017-03-17T09:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7209", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7209", - "Title": "binutils: Null pointer dereference in dump_section_as_bytes function in readelf", - "Description": "The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/96994", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7209", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21135" - ], - "PublishedDate": "2017-03-21T06:59:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7210", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7210", - "Title": "binutils: Heap-based buffer over-reads in objdump", - "Description": "objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/96992", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7210", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21157" - ], - "PublishedDate": "2017-03-21T06:59:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7223", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7223", - "Title": "binutils: Global buffer overflow when attempting to unget EOF character", - "Description": "GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7223", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20898" - ], - "PublishedDate": "2017-03-22T16:59:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7224", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7224", - "Title": "binutils: Invalid write in find_nearest_line function", - "Description": "The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97277", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7224", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20892" - ], - "PublishedDate": "2017-03-22T16:59:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7225", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7225", - "Title": "binutils: Null pointer dereference and invalid write in find_nearest_line function in addr2line", - "Description": "The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97275", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7225", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20891" - ], - "PublishedDate": "2017-03-22T16:59:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7226", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7226", - "Title": "binutils: Heap-based buffer over-read in pe_ILF_object_p function in libbfd", - "Description": "The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "V3Score": 4.4 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7226", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20905" - ], - "PublishedDate": "2017-03-22T16:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7227", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7227", - "Title": "binutils: Heap-based buffer overflow in ld due to missing null termination", - "Description": "GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of '\\0' termination of a name field in ldlex.l.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97209", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7227", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20906" - ], - "PublishedDate": "2017-03-22T16:59:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7299", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7299", - "Title": "binutils: Out-of-bounds read in bfd_elf_final_link function", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) does not check the format of the input file before trying to read the ELF reloc section header. The vulnerability leads to a GNU linker (ld) program crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97217", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7299", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20908" - ], - "PublishedDate": "2017-03-29T15:59:00Z", - "LastModifiedDate": "2017-03-31T16:28:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7300", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7300", - "Title": "binutils: Heap-buffer overflow in aout_link_add_symbols function", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97219", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7300", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20909" - ], - "PublishedDate": "2017-03-29T15:59:00Z", - "LastModifiedDate": "2017-03-31T17:00:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7301", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7301", - "Title": "binutils: Off-by-one error in aout_link_add_symbols function", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully check the string offset. The vulnerability could lead to a GNU linker (ld) program crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97218", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7301", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20924" - ], - "PublishedDate": "2017-03-29T15:59:00Z", - "LastModifiedDate": "2017-03-31T17:02:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7302", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7302", - "Title": "binutils: Out-of-bounds read in wap_std_reloc_out function", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability causes Binutils utilities like strip to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97216", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7302", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20921" - ], - "PublishedDate": "2017-03-29T15:59:00Z", - "LastModifiedDate": "2017-03-31T16:28:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7303", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7303", - "Title": "binutils: Out-of-bounds read in find_link function", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers before attempting to match them. This vulnerability causes Binutils utilities like strip to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97213", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7303", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20922" - ], - "PublishedDate": "2017-03-29T15:59:00Z", - "LastModifiedDate": "2017-03-31T17:00:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7304", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7304", - "Title": "binutils: Out-of-bounds read in copy_special_section_fields function", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field before attempting to follow it. This vulnerability causes Binutils utilities like strip to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97215", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7304", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20931" - ], - "PublishedDate": "2017-03-29T15:59:00Z", - "LastModifiedDate": "2017-03-31T17:06:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7614", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7614", - "Title": "binutils: NULL pointer dereference in bfd_elf_final_link function", - "Description": "elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a \"member access within null pointer\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an \"int main() {return 0;}\" program.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/04/05/binutils-two-null-pointer-dereference-in-elflink-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7614", - "https://security.gentoo.org/glsa/201709-02" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8392", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8392", - "Title": "binutils: NULL pointer dereference in the _bfd_dwarf2_find_nearest_line function", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21409" - ], - "PublishedDate": "2017-05-01T18:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8393", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8393", - "Title": "binutils: Out-of-bounds read due to wrong assumption for objcopy and strip", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy and strip, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8393", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21412" - ], - "PublishedDate": "2017-05-01T18:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8394", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8394", - "Title": "binutils: NULL pointer dereference in the _bfd_elf_large_com_section", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8394", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21414" - ], - "PublishedDate": "2017-05-01T18:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8395", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8395", - "Title": "binutils: Out-of-bounds write in the _bfd_generic_get_section_contents function", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid write of size 8 because of missing a malloc() return-value check to see if memory had actually been allocated in the _bfd_generic_get_section_contents function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8395", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21431" - ], - "PublishedDate": "2017-05-01T18:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8396", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8396", - "Title": "binutils: Out-of-bounds read in the existing reloc offset range tests", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8396", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21432" - ], - "PublishedDate": "2017-05-01T18:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8397", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8397", - "Title": "binutils: Out-of-bounds read and write while processing binary containing reloc(s) with negative addresses", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 and an invalid write of size 1 during processing of a corrupt binary containing reloc(s) with negative addresses. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8397", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21434" - ], - "PublishedDate": "2017-05-01T18:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8398", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8398", - "Title": "binutils: Out-of-bounds read while dumping the debug information from a corrupt binary", - "Description": "dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8398", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21438" - ], - "PublishedDate": "2017-05-01T18:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8421", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8421", - "Title": "binutils: Memory exhaustion in objdump via a crafted PE file", - "Description": "The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file. Additional validation in dump_relocs_in_section in objdump.c can resolve this.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 7.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8421", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21440" - ], - "PublishedDate": "2017-05-02T17:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9038", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9038", - "Title": "binutils: Heap-buffer overflow in the byte_get_little_endian", - "Description": "GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to the byte_get_little_endian function in elfcomm.c, the get_unwind_section_word function in readelf.c, and ARM unwind information that contains invalid word offsets.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98589", - "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9038", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f32ba72991d2406b21ab17edc234a2f3fa7fb23d" - ], - "PublishedDate": "2017-05-18T01:29:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9039", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9039", - "Title": "binutils: Memory consumption via many program headers", - "Description": "GNU Binutils 2.28 allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file with many program headers, related to the get_program_headers function in readelf.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98580", - "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9039", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=82156ab704b08b124d319c0decdbd48b3ca2dac5" - ], - "PublishedDate": "2017-05-18T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9040", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9040", - "Title": "binutils: NULL pointer dereference in the process_mips_specific_function", - "Description": "GNU Binutils 2017-04-03 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash), related to the process_mips_specific function in readelf.c, via a crafted ELF file that triggers a large memory-allocation attempt.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98579", - "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9040", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf" - ], - "PublishedDate": "2017-05-18T01:29:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9041", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9041", - "Title": "binutils: Heap buffer overflow in the process_mips_specific function", - "Description": "GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to MIPS GOT mishandling in the process_mips_specific function in readelf.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98598", - "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9041", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75ec1fdbb797a389e4fe4aaf2e15358a070dcc19", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c4ab9505b53cdc899506ed421fddb7e1f8faf7a3" - ], - "PublishedDate": "2017-05-18T01:29:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9042", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9042", - "Title": "binutils: Invalid variable type in readelf.c", - "Description": "readelf.c in GNU Binutils 2017-04-12 has a \"cannot be represented in type long\" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-704" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9042", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf" - ], - "PublishedDate": "2017-05-18T01:29:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9043", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9043", - "Title": "binutils: Shift exponent too large for type unsigned long in readelf.c", - "Description": "readelf.c in GNU Binutils 2017-04-12 has a \"shift exponent too large for type unsigned long\" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98591", - "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9043", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ddef72cdc10d82ba011a7ff81cafbbd3466acf54" - ], - "PublishedDate": "2017-05-18T01:29:00Z", - "LastModifiedDate": "2017-05-25T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9044", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9044", - "Title": "binutils: Out-of-bounds read in the print_symbol_for_build_attribute function", - "Description": "The print_symbol_for_build_attribute function in readelf.c in GNU Binutils 2017-04-12 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98587", - "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9044" - ], - "PublishedDate": "2017-05-18T01:29:00Z", - "LastModifiedDate": "2017-05-25T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9742", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9742", - "Title": "binutils: Global buffer over-read in print_insn_score16 function while disassembling corrupt score binary", - "Description": "The score_opcodes function in opcodes/score7-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99105", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9742", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21576", - "https://www.exploit-db.com/exploits/42203/" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9743", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9743", - "Title": "binutils: Global buffer over-read in print_insn_score32 function while disassembling corrupt score binary", - "Description": "The print_insn_score32 function in opcodes/score7-dis.c:552 in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99106", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9743", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21577" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9744", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9744", - "Title": "binutils: Address violation in sh_elf_set_mach_from_flags function when disassembling a corrupt SH binary", - "Description": "The sh_elf_set_mach_from_flags function in bfd/elf32-sh.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99108", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9744", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21578" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2017-06-26T16:10:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9745", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9745", - "Title": "binutils: Heap buffer over-read in _bfd_vms_slurp_etir function when handling VMS alpha binaries", - "Description": "The _bfd_vms_slurp_etir function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99109", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9745", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21579" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2017-06-26T16:13:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9746", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9746", - "Title": "binutils: Heap buffer over-read in disassemble_bytes function when disassembling a corrupt binary", - "Description": "The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing for this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99117", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9746", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21580", - "https://www.exploit-db.com/exploits/42199/" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9747", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9747", - "Title": "binutils: Stack-based buffer over-read in ieee_archive_p function while disassembling corrupt IEEE binary", - "Description": "The ieee_archive_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution. NOTE: this may be related to a compiler bug.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99114", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9747", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21581", - "https://www.exploit-db.com/exploits/42200/" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2017-08-13T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9748", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9748", - "Title": "binutils: Stack-based buffer over-read in ieee_object_p function", - "Description": "The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution. NOTE: this may be related to a compiler bug.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99110", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9748", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21582", - "https://www.exploit-db.com/exploits/42202/" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2017-08-12T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9749", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9749", - "Title": "binutils: Global buffer over-read in *regs* macros when disassembling corrupt bfin binary", - "Description": "The *regs* macros in opcodes/bfin-dis.c in GNU Binutils 2.28 allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99113", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9749", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21586", - "https://www.exploit-db.com/exploits/42201/" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9750", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9750", - "Title": "binutils: Global buffer over-read in opcodes/rx-decode.opc when disassembling a corrupt RX binary", - "Description": "opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain scale arrays, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99118", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9750", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21587", - "https://www.exploit-db.com/exploits/42198/" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9751", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9751", - "Title": "binutils: Stack-based buffer over-read in opcodes/rl78-decode.opc when disassembling a corrupt RL78 binary", - "Description": "opcodes/rl78-decode.opc in GNU Binutils 2.28 has an unbounded GETBYTE macro, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99111", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9751", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21588" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9752", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9752", - "Title": "binutils: Heap buffer over-read in f_bfd_vms_get_value function when processing a corrupt Alpha VMA binary", - "Description": "bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file in the _bfd_vms_get_value and _bfd_vms_slurp_etir functions during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99122", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9752", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21589" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2017-06-26T16:20:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9753", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9753", - "Title": "binutils: Address violation in versados_mkobject function when disassembling a corrupt versados binary", - "Description": "The versados_mkobject function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not initialize a certain data structure, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99116", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9753", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21591" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2017-06-26T16:20:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9754", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9754", - "Title": "binutils: Stack-based buffer over-read in process_otr function", - "Description": "The process_otr function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not validate a certain offset, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99125", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9754", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21591" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2017-06-26T16:21:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9755", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9755", - "Title": "binutils: Global buffer over-read in opcodes/i386-dis.c while checking invalid registers", - "Description": "opcodes/i386-dis.c in GNU Binutils 2.28 does not consider the number of registers for bnd mode, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99124", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9755", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21594" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9756", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9756", - "Title": "binutils: Address violation in aarch64_ext_ldst_reglist function when disassembling corrupt aarch64 binary", - "Description": "The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99103", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9756", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21595", - "https://www.exploit-db.com/exploits/42204/" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9954", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9954", - "Title": "binutils: stack-based buffer over-read in getvalue function", - "Description": "The getvalue function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted tekhex file, as demonstrated by mishandling within the nm program.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99307", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9954", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21670" - ], - "PublishedDate": "2017-06-26T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9955", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9955", - "Title": "binutils: heap buffer over-read in get_build_id function", - "Description": "The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file in which a certain size field is larger than a corresponding data field, as demonstrated by mishandling within the objdump program.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99573", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9955", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21665" - ], - "PublishedDate": "2017-06-26T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-10373", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-10373", - "Title": "binutils: NULL pointer dereference in dwarf2.c:concat_filename() allows for denial of service via crafted file", - "Description": "concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-10373.html", - "http://linux.oracle.com/errata/ELSA-2018-3032.html", - "http://www.securityfocus.com/bid/104000", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3032", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10373", - "https://security.gentoo.org/glsa/201908-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23065" - ], - "PublishedDate": "2018-04-25T09:29:00Z", - "LastModifiedDate": "2019-08-03T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-10535", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-10535", - "Title": "binutils: NULL pointer dereference in elf.c", - "Description": "The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a \"SECTION\" type that has a \"0\" value, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-10535.html", - "http://linux.oracle.com/errata/ELSA-2018-3032.html", - "http://www.securityfocus.com/bid/104021", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3032", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10535", - "https://security.gentoo.org/glsa/201908-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23113" - ], - "PublishedDate": "2018-04-29T15:29:00Z", - "LastModifiedDate": "2019-08-03T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12641", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12641", - "Title": "binutils: Stack Exhaustion in the demangling functions provided by libiberty", - "Description": "An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new.", - "Severity": "LOW", - "CweIDs": [ - "CWE-400" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-12641.html", - "http://linux.oracle.com/errata/ELSA-2019-2075.html", - "https://access.redhat.com/errata/RHSA-2019:2075", - "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763099", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12641", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85452", - "https://security.gentoo.org/glsa/201908-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23058" - ], - "PublishedDate": "2018-06-22T12:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12697", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12697", - "Title": "binutils: NULL pointer dereference in work_stuff_copy_to_from in cplus-dem.c.", - "Description": "A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-12697.html", - "http://linux.oracle.com/errata/ELSA-2019-2075.html", - "http://www.securityfocus.com/bid/104538", - "https://access.redhat.com/errata/RHSA-2019:2075", - "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12697", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454", - "https://security.gentoo.org/glsa/201908-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23057" - ], - "PublishedDate": "2018-06-23T23:29:00Z", - "LastModifiedDate": "2019-08-03T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12698", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12698", - "Title": "binutils: excessive memory consumption in demangle_template in cplus-dem.c", - "Description": "demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the \"Create an array for saving the template argument values\" XNEWVEC call. This can occur during execution of objdump.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/104539", - "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12698", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454", - "https://security.gentoo.org/glsa/201908-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23057" - ], - "PublishedDate": "2018-06-23T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12699", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12699", - "Title": "binutils: heap-based buffer overflow in finish_stab in stabs.c", - "Description": "finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump.", - "Severity": "LOW", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/104540", - "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12699", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454", - "https://security.gentoo.org/glsa/201908-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23057" - ], - "PublishedDate": "2018-06-23T23:29:00Z", - "LastModifiedDate": "2019-08-03T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12700", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12700", - "Title": "binutils: Stack Exhaustion in debug_write_type in debug.c", - "Description": "A Stack Exhaustion issue was discovered in debug_write_type in debug.c in GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/104541", - "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12700", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454", - "https://security.gentoo.org/glsa/201908-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23057" - ], - "PublishedDate": "2018-06-23T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12934", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12934", - "Title": "binutils: Uncontrolled Resource Consumption in remember_Ktype in cplus-dem.c", - "Description": "remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.", - "Severity": "LOW", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763101", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85453", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23059" - ], - "PublishedDate": "2018-06-28T14:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-13033", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-13033", - "Title": "binutils: Uncontrolled Resource Consumption in execution of nm", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm.", - "Severity": "LOW", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-13033.html", - "http://linux.oracle.com/errata/ELSA-2018-3032.html", - "http://www.securityfocus.com/bid/104584", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3032", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13033", - "https://security.gentoo.org/glsa/201908-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23361" - ], - "PublishedDate": "2018-07-01T16:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-17794", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17794", - "Title": "binutils: NULL pointer dereference in libiberty/cplus-dem.c:work_stuff_copy_to_from() via crafted input", - "Description": "An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in work_stuff_copy_to_from when called from iterate_demangle_function.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17794", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87350" - ], - "PublishedDate": "2018-09-30T20:29:00Z", - "LastModifiedDate": "2018-11-28T15:06:00Z" - }, - { - "VulnerabilityID": "CVE-2018-17985", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17985", - "Title": "binutils: Stack consumption problem caused by the cplus_demangle_type", - "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls to itself in certain scenarios involving many 'P' characters.", - "Severity": "LOW", - "CweIDs": [ - "CWE-400" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17985", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87335" - ], - "PublishedDate": "2018-10-04T23:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18483", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18483", - "Title": "binutils: Integer overflow in cplus-dem.c:get_count() allows for denial of service", - "Description": "The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/105689", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87602", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23767" - ], - "PublishedDate": "2018-10-18T21:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18484", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18484", - "Title": "binutils: Stack exhaustion in cp-demangle.c allows for denial of service", - "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplus_demangle_type, d_bare_function_type, d_function_type.", - "Severity": "LOW", - "CweIDs": [ - "CWE-400" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/105693", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18484", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87636" - ], - "PublishedDate": "2018-10-18T21:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18605", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18605", - "Title": "binutils: heap-based buffer over-read in sec_merge_hash_lookup in merge.c", - "Description": "A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/105754", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18605", - "https://deb.freexian.com/extended-lts/tracker/CVE-2018-18605", - "https://security.netapp.com/advisory/ntap-20190307-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23804", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ab419ddbb2cdd17ca83618990f2cacf904ce1d61" - ], - "PublishedDate": "2018-10-23T17:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18606", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18606", - "Title": "binutils: NULL pointer dereference in _bfd_add_merge_section in merge_strings function in merge.c", - "Description": "An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/105754", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18606", - "https://deb.freexian.com/extended-lts/tracker/CVE-2018-18606", - "https://security.netapp.com/advisory/ntap-20190307-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23806", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=45a0eaf77022963d639d6d19871dbab7b79703fc" - ], - "PublishedDate": "2018-10-23T17:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18607", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18607", - "Title": "binutils: NULL pointer dereference in elf_link_input_bfd in elflink.c", - "Description": "An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/105754", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18607", - "https://deb.freexian.com/extended-lts/tracker/CVE-2018-18607", - "https://security.netapp.com/advisory/ntap-20190307-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23805", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=102def4da826b3d9e169741421e5e67e8731909a" - ], - "PublishedDate": "2018-10-23T17:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18700", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18700", - "Title": "binutils: Recursive Stack Overflow within function d_name, d_encoding, and d_local_name in cp-demangle.c", - "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions d_name(), d_encoding(), and d_local_name() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18700", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87681" - ], - "PublishedDate": "2018-10-29T12:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18701", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18701", - "Title": "binutils: infinite recursion in next_is_type_qual and cplus_demangle_type functions in cp-demangle.c", - "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18701", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87675" - ], - "PublishedDate": "2018-10-29T12:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19931", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19931", - "Title": "binutils: Heap-based buffer overflow in bfd_elf32_swap_phdr_in function resulting in a denial of service", - "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106144", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19931", - "https://security.gentoo.org/glsa/201908-01", - "https://security.netapp.com/advisory/ntap-20190221-0004/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23942", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5f60af5d24d181371d67534fa273dd221df20c07" - ], - "PublishedDate": "2018-12-07T07:29:00Z", - "LastModifiedDate": "2019-08-03T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19932", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19932", - "Title": "binutils: Integer overflow due to the IS_CONTAINED_BY_LMA macro resulting in a denial of service", - "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106144", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19932", - "https://security.gentoo.org/glsa/201908-01", - "https://security.netapp.com/advisory/ntap-20190221-0004/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23932", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=beab453223769279cc1cef68a1622ab8978641f7" - ], - "PublishedDate": "2018-12-07T07:29:00Z", - "LastModifiedDate": "2019-08-03T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20002", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20002", - "Title": "binutils: memory leak in _bfd_generic_read_minisymbols function in syms.c", - "Description": "The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106142", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20002", - "https://security.gentoo.org/glsa/201908-01", - "https://security.netapp.com/advisory/ntap-20190221-0004/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23952", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c2f5dc30afa34696f2da0081c4ac50b958ecb0e9", - "https://support.f5.com/csp/article/K62602089" - ], - "PublishedDate": "2018-12-10T02:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20657", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20657", - "Title": "libiberty: Memory leak in demangle_template function resulting in a denial of service", - "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-20657.html", - "http://linux.oracle.com/errata/ELSA-2019-3352.html", - "http://www.securityfocus.com/bid/106444", - "https://access.redhat.com/errata/RHSA-2019:3352", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539", - "https://support.f5.com/csp/article/K62602089" - ], - "PublishedDate": "2019-01-02T14:29:00Z", - "LastModifiedDate": "2019-11-06T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6323", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6323", - "Title": "binutils: Integer overflow in elf_object_p function in elfcode.h", - "Description": "The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/102821", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6323", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22746", - "https://www.exploit-db.com/exploits/44035/" - ], - "PublishedDate": "2018-01-26T08:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6759", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6759", - "Title": "binutils: Unchecked strnlen in opncls.c:bfd_get_debug_link_info_1() can allow lead to denial of service", - "Description": "The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/103030", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6759", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22794" - ], - "PublishedDate": "2018-02-06T21:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6872", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6872", - "Title": "binutils: out of bounds read in elf_parse_notes function in elf.c file in libbfd library", - "Description": "The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/103103", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6872", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22788", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=ef135d4314fd4c2d7da66b9d7b59af4a85b0f7e6" - ], - "PublishedDate": "2018-02-09T06:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-7208", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7208", - "Title": "binutils: Improper bounds check in coffgen.c:coff_pointerize_aux() allows for denial of service when parsing a crafted COFF file", - "Description": "In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-7208.html", - "http://linux.oracle.com/errata/ELSA-2018-3032.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/103077", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3032", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7208", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22741" - ], - "PublishedDate": "2018-02-18T04:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-7568", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7568", - "Title": "binutils: integer overflow via an ELF file with corrupt dwarf1 debug information in libbfd library", - "Description": "The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-7568.html", - "http://linux.oracle.com/errata/ELSA-2018-3032.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3032", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7568", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22894" - ], - "PublishedDate": "2018-02-28T21:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-7569", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7569", - "Title": "binutils: integer underflow or overflow via an ELF file with a corrupt DWARF FORM block in libbfd library", - "Description": "dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190", - "CWE-191" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-7569.html", - "http://linux.oracle.com/errata/ELSA-2018-3032.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3032", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7569", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22895" - ], - "PublishedDate": "2018-02-28T21:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-7642", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7642", - "Title": "binutils: NULL pointer dereference in swap_std_reloc_in function in aoutx.h resulting in crash", - "Description": "The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-7642.html", - "http://linux.oracle.com/errata/ELSA-2018-3032.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3032", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7642", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22887", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=116acb2c268c89c89186673a7c92620d21825b25" - ], - "PublishedDate": "2018-03-02T15:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-7643", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7643", - "Title": "binutils: Integer overflow in the display_debug_ranges function resulting in crash", - "Description": "The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-7643.html", - "http://linux.oracle.com/errata/ELSA-2018-3032.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/103264", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3032", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7643", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22905" - ], - "PublishedDate": "2018-03-02T15:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-8945", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-8945", - "Title": "binutils: Crash in elf.c:bfd_section_from_shdr() with crafted executable", - "Description": "The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-8945.html", - "http://linux.oracle.com/errata/ELSA-2018-3032.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3032", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8945", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22809" - ], - "PublishedDate": "2018-03-22T21:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9070", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9070", - "Title": "binutils: heap-based buffer over-read in function d_expression_1 in cp-demangle.c", - "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.9 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107147", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9070", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89395", - "https://security.netapp.com/advisory/ntap-20190314-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24229", - "https://support.f5.com/csp/article/K13534168" - ], - "PublishedDate": "2019-02-24T00:29:00Z", - "LastModifiedDate": "2019-05-24T19:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-3189", - "PkgName": "bzip2", - "InstalledVersion": "1.0.5-7.el6_0", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-3189", - "Title": "bzip2: heap use after free in bzip2recover", - "Description": "Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/06/20/1", - "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", - "http://www.securityfocus.com/bid/91297", - "http://www.securitytracker.com/id/1036132", - "https://bugzilla.redhat.com/show_bug.cgi?id=1319648", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3189", - "https://marc.info/?l=oss-security\u0026m=146642106322396\u0026w=2", - "https://security.gentoo.org/glsa/201708-08", - "https://usn.ubuntu.com/usn/usn-4038-1", - "https://usn.ubuntu.com/usn/usn-4038-2" - ], - "PublishedDate": "2016-06-30T17:59:00Z", - "LastModifiedDate": "2017-08-22T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-3189", - "PkgName": "bzip2-libs", - "InstalledVersion": "1.0.5-7.el6_0", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-3189", - "Title": "bzip2: heap use after free in bzip2recover", - "Description": "Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/06/20/1", - "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", - "http://www.securityfocus.com/bid/91297", - "http://www.securitytracker.com/id/1036132", - "https://bugzilla.redhat.com/show_bug.cgi?id=1319648", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3189", - "https://marc.info/?l=oss-security\u0026m=146642106322396\u0026w=2", - "https://security.gentoo.org/glsa/201708-08", - "https://usn.ubuntu.com/usn/usn-4038-1", - "https://usn.ubuntu.com/usn/usn-4038-2" - ], - "PublishedDate": "2016-06-30T17:59:00Z", - "LastModifiedDate": "2017-08-22T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2781", - "PkgName": "coreutils", - "InstalledVersion": "8.4-47.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2781", - "Title": "coreutils: Non-privileged session can escape to the parent session in chroot", - "Description": "chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", - "V2Score": 2.1, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 6.2, - "V3Score": 8.6 - } - }, - "References": [ - "http://seclists.org/oss-sec/2016/q1/452", - "http://www.openwall.com/lists/oss-security/2016/02/28/2", - "http://www.openwall.com/lists/oss-security/2016/02/28/3", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2781" - ], - "PublishedDate": "2017-02-07T15:59:00Z", - "LastModifiedDate": "2017-02-27T19:32:00Z" - }, - { - "VulnerabilityID": "CVE-2017-18018", - "PkgName": "coreutils", - "InstalledVersion": "8.4-47.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18018", - "Title": "coreutils: race condition vulnerability in chown and chgrp", - "Description": "In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX \"-R -L\" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-362" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 4.2 - } - }, - "References": [ - "http://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html" - ], - "PublishedDate": "2018-01-04T04:29:00Z", - "LastModifiedDate": "2018-01-19T15:46:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9471", - "PkgName": "coreutils", - "InstalledVersion": "8.4-47.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9471", - "Title": "coreutils: memory corruption flaw in parse_datetime()", - "Description": "The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the \"--date=TZ=\"123\"345\" @1\" string to the touch or date command.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2015-0029.html", - "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16872", - "http://debbugs.gnu.org/cgi/bugreport.cgi?msg=11;filename=date-tz-crash.patch;att=1;bug=16872", - "http://debbugs.gnu.org/cgi/bugreport.cgi?msg=19;filename=coreutils-date-crash.patch;att=1;bug=16872", - "http://secunia.com/advisories/62226", - "http://ubuntu.com/usn/usn-2473-1", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:179", - "http://www.openwall.com/lists/oss-security/2014/11/25/1", - "http://www.openwall.com/lists/oss-security/2014/11/25/4", - "http://www.openwall.com/lists/oss-security/2015/01/03/11", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766147", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9471", - "https://security.gentoo.org/glsa/201612-22", - "https://usn.ubuntu.com/usn/usn-2473-1" - ], - "PublishedDate": "2015-01-16T16:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-1865", - "PkgName": "coreutils", - "InstalledVersion": "8.4-47.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1865", - "Title": "coreutils: \"time of check to time of use\" race condition fts.c", - "Description": "fts.c in coreutils 8.4 allows local users to delete arbitrary files.", - "Severity": "LOW", - "CweIDs": [ - "CWE-362" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 3.3, - "V3Score": 4.7 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://www.securityfocus.com/bid/76073", - "https://bugzilla.redhat.com/show_bug.cgi?id=1211300", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1865" - ], - "PublishedDate": "2017-09-20T18:29:00Z", - "LastModifiedDate": "2017-09-27T16:13:00Z" - }, - { - "VulnerabilityID": "CVE-2015-4041", - "PkgName": "coreutils", - "InstalledVersion": "8.4-47.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-4041", - "Title": "coreutils: heap buffer overflow in sort(1) keycompare_mb()", - "Description": "The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings.", - "Severity": "LOW", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2015/05/15/1", - "https://bugzilla.suse.com/show_bug.cgi?id=928749", - "https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940" - ], - "PublishedDate": "2020-01-24T17:15:00Z", - "LastModifiedDate": "2020-02-01T17:33:00Z" - }, - { - "VulnerabilityID": "CVE-2015-4042", - "PkgName": "coreutils", - "InstalledVersion": "8.4-47.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-4042", - "Title": "coreutils: possible buffer overflow in keycompare_mb()", - "Description": "Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2015/05/15/1", - "https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940" - ], - "PublishedDate": "2020-01-24T17:15:00Z", - "LastModifiedDate": "2020-02-01T17:33:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2781", - "PkgName": "coreutils-libs", - "InstalledVersion": "8.4-47.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2781", - "Title": "coreutils: Non-privileged session can escape to the parent session in chroot", - "Description": "chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", - "V2Score": 2.1, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 6.2, - "V3Score": 8.6 - } - }, - "References": [ - "http://seclists.org/oss-sec/2016/q1/452", - "http://www.openwall.com/lists/oss-security/2016/02/28/2", - "http://www.openwall.com/lists/oss-security/2016/02/28/3", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2781" - ], - "PublishedDate": "2017-02-07T15:59:00Z", - "LastModifiedDate": "2017-02-27T19:32:00Z" - }, - { - "VulnerabilityID": "CVE-2017-18018", - "PkgName": "coreutils-libs", - "InstalledVersion": "8.4-47.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18018", - "Title": "coreutils: race condition vulnerability in chown and chgrp", - "Description": "In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX \"-R -L\" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-362" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 4.2 - } - }, - "References": [ - "http://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html" - ], - "PublishedDate": "2018-01-04T04:29:00Z", - "LastModifiedDate": "2018-01-19T15:46:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9471", - "PkgName": "coreutils-libs", - "InstalledVersion": "8.4-47.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9471", - "Title": "coreutils: memory corruption flaw in parse_datetime()", - "Description": "The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the \"--date=TZ=\"123\"345\" @1\" string to the touch or date command.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2015-0029.html", - "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16872", - "http://debbugs.gnu.org/cgi/bugreport.cgi?msg=11;filename=date-tz-crash.patch;att=1;bug=16872", - "http://debbugs.gnu.org/cgi/bugreport.cgi?msg=19;filename=coreutils-date-crash.patch;att=1;bug=16872", - "http://secunia.com/advisories/62226", - "http://ubuntu.com/usn/usn-2473-1", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:179", - "http://www.openwall.com/lists/oss-security/2014/11/25/1", - "http://www.openwall.com/lists/oss-security/2014/11/25/4", - "http://www.openwall.com/lists/oss-security/2015/01/03/11", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766147", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9471", - "https://security.gentoo.org/glsa/201612-22", - "https://usn.ubuntu.com/usn/usn-2473-1" - ], - "PublishedDate": "2015-01-16T16:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-1865", - "PkgName": "coreutils-libs", - "InstalledVersion": "8.4-47.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1865", - "Title": "coreutils: \"time of check to time of use\" race condition fts.c", - "Description": "fts.c in coreutils 8.4 allows local users to delete arbitrary files.", - "Severity": "LOW", - "CweIDs": [ - "CWE-362" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 3.3, - "V3Score": 4.7 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://www.securityfocus.com/bid/76073", - "https://bugzilla.redhat.com/show_bug.cgi?id=1211300", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1865" - ], - "PublishedDate": "2017-09-20T18:29:00Z", - "LastModifiedDate": "2017-09-27T16:13:00Z" - }, - { - "VulnerabilityID": "CVE-2015-4041", - "PkgName": "coreutils-libs", - "InstalledVersion": "8.4-47.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-4041", - "Title": "coreutils: heap buffer overflow in sort(1) keycompare_mb()", - "Description": "The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings.", - "Severity": "LOW", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2015/05/15/1", - "https://bugzilla.suse.com/show_bug.cgi?id=928749", - "https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940" - ], - "PublishedDate": "2020-01-24T17:15:00Z", - "LastModifiedDate": "2020-02-01T17:33:00Z" - }, - { - "VulnerabilityID": "CVE-2015-4042", - "PkgName": "coreutils-libs", - "InstalledVersion": "8.4-47.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-4042", - "Title": "coreutils: possible buffer overflow in keycompare_mb()", - "Description": "Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2015/05/15/1", - "https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940" - ], - "PublishedDate": "2020-01-24T17:15:00Z", - "LastModifiedDate": "2020-02-01T17:33:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9112", - "PkgName": "cpio", - "InstalledVersion": "2.10-13.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9112", - "Title": "cpio: heap-based buffer overflow flaw in list_file()", - "Description": "Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 5.1 - } - }, - "References": [ - "http://lcamtuf.coredump.cx/afl/vulns/lesspipe-cpio-bad-write.cpio", - "http://linux.oracle.com/cve/CVE-2014-9112.html", - "http://linux.oracle.com/errata/ELSA-2015-2108.html", - "http://lists.gnu.org/archive/html/bug-cpio/2014-11/msg00007.html", - "http://seclists.org/fulldisclosure/2014/Nov/74", - "http://secunia.com/advisories/60167", - "http://secunia.com/advisories/62145", - "http://www.debian.org/security/2014/dsa-3111", - "http://www.openwall.com/lists/oss-security/2014/11/23/2", - "http://www.openwall.com/lists/oss-security/2014/11/25/2", - "http://www.openwall.com/lists/oss-security/2014/11/26/20", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "http://www.securityfocus.com/bid/71248", - "http://www.ubuntu.com/usn/USN-2456-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9112", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/98918", - "https://marc.info/?l=oss-security\u0026m=141702212015484\u0026w=2", - "https://savannah.gnu.org/bugs/?43709", - "https://usn.ubuntu.com/usn/usn-2456-1" - ], - "PublishedDate": "2014-12-02T16:59:00Z", - "LastModifiedDate": "2017-09-08T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-1197", - "PkgName": "cpio", - "InstalledVersion": "2.10-13.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1197", - "Title": "cpio: directory traversal through symlinks", - "Description": "cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 1.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2015-0080.html", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:066", - "http://www.openwall.com/lists/oss-security/2015/01/07/5", - "http://www.openwall.com/lists/oss-security/2015/01/18/7", - "http://www.securityfocus.com/bid/71914", - "http://www.ubuntu.com/usn/USN-2906-1", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774669", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1197", - "https://lists.gnu.org/archive/html/bug-cpio/2015-01/msg00000.html", - "https://usn.ubuntu.com/usn/usn-2906-1" - ], - "PublishedDate": "2015-02-19T15:59:00Z", - "LastModifiedDate": "2016-12-06T02:59:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2037", - "PkgName": "cpio", - "InstalledVersion": "2.10-13.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2037", - "Title": "cpio: out of bounds write", - "Description": "The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V2Score": 4.3, - "V3Score": 4.3 - } - }, - "References": [ - "http://www.debian.org/security/2016/dsa-3483", - "http://www.openwall.com/lists/oss-security/2016/01/19/4", - "http://www.openwall.com/lists/oss-security/2016/01/22/4", - "http://www.securityfocus.com/bid/82293", - "http://www.securitytracker.com/id/1035067", - "http://www.ubuntu.com/usn/USN-2906-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2037", - "https://usn.ubuntu.com/usn/usn-2906-1" - ], - "PublishedDate": "2016-02-22T15:59:00Z", - "LastModifiedDate": "2016-12-06T03:07:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6318", - "PkgName": "cracklib", - "InstalledVersion": "2.8.16-4.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6318", - "Title": "cracklib: Stack-based buffer overflow when parsing large GECOS field", - "Description": "Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V2Score": 1.9, - "V3Score": 4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00122.html", - "http://seclists.org/oss-sec/2016/q3/290", - "http://www.openwall.com/lists/oss-security/2016/08/16/2", - "http://www.securityfocus.com/bid/92478", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6318", - "https://security.gentoo.org/glsa/201612-25" - ], - "PublishedDate": "2016-09-07T19:28:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6318", - "PkgName": "cracklib-dicts", - "InstalledVersion": "2.8.16-4.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6318", - "Title": "cracklib: Stack-based buffer overflow when parsing large GECOS field", - "Description": "Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V2Score": 1.9, - "V3Score": 4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00122.html", - "http://seclists.org/oss-sec/2016/q3/290", - "http://www.openwall.com/lists/oss-security/2016/08/16/2", - "http://www.securityfocus.com/bid/92478", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6318", - "https://security.gentoo.org/glsa/201612-25" - ], - "PublishedDate": "2016-09-07T19:28:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2015-3153", - "PkgName": "curl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-3153", - "Title": "curl: sensitive HTTP server headers also sent to proxies", - "Description": "The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://curl.haxx.se/docs/adv_20150429.html", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743", - "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", - "http://lists.opensuse.org/opensuse-updates/2015-05/msg00017.html", - "http://www.debian.org/security/2015/dsa-3240", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", - "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", - "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "http://www.securityfocus.com/bid/74408", - "http://www.securitytracker.com/id/1032233", - "http://www.ubuntu.com/usn/USN-2591-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3153", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10131", - "https://support.apple.com/kb/HT205031", - "https://usn.ubuntu.com/usn/usn-2591-1" - ], - "PublishedDate": "2015-05-01T15:59:00Z", - "LastModifiedDate": "2018-10-17T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-5419", - "PkgName": "curl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5419", - "Title": "curl: TLS session resumption client cert bypass", - "Description": "curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V2Score": 5.8, - "V3Score": 4.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-5419.html", - "http://linux.oracle.com/errata/ELSA-2016-2575.html", - "http://lists.opensuse.org/opensuse-updates/2016-09/msg00011.html", - "http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html", - "http://rhn.redhat.com/errata/RHSA-2016-2575.html", - "http://rhn.redhat.com/errata/RHSA-2016-2957.html", - "http://www.debian.org/security/2016/dsa-3638", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/92292", - "http://www.securityfocus.com/bid/92319", - "http://www.securitytracker.com/id/1036538", - "http://www.securitytracker.com/id/1038341", - "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.563059", - "http://www.ubuntu.com/usn/USN-3048-1", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/docs/adv_20160803A.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5419", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLPXQQKURBQFM4XM6645VRPTOE2AWG33/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3GQH4V3XAQ5Z53AMQRDEC3C3UHTW7QR/", - "https://security.gentoo.org/glsa/201701-47", - "https://source.android.com/security/bulletin/2016-12-01.html", - "https://usn.ubuntu.com/usn/usn-3048-1", - "https://www.tenable.com/security/tns-2016-18" - ], - "PublishedDate": "2016-08-10T14:59:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8615", - "PkgName": "curl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8615", - "Title": "curl: Cookie injection for other servers", - "Description": "A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8615.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94096", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8615", - "https://curl.haxx.se/CVE-2016-8615.patch", - "https://curl.haxx.se/docs/adv_20161102A.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8617", - "PkgName": "curl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8617", - "Title": "curl: Out-of-bounds write via unchecked multiplication", - "Description": "The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.4, - "V3Score": 7 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8617.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94097", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8617", - "https://curl.haxx.se/CVE-2016-8617.patch", - "https://curl.haxx.se/docs/adv_20161102C.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T22:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8618", - "PkgName": "curl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8618", - "Title": "curl: Double-free in curl_maprintf", - "Description": "The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8618.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94098", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8618", - "https://curl.haxx.se/docs/adv_20161102D.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T21:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8619", - "PkgName": "curl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8619", - "Title": "curl: Double-free in krb5 code", - "Description": "The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8619.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94100", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8619", - "https://curl.haxx.se/CVE-2016-8619.patch", - "https://curl.haxx.se/docs/adv_20161102E.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8624", - "PkgName": "curl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8624", - "Title": "curl: Invalid URL parsing with '#'", - "Description": "curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8624.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94103", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8624", - "https://curl.haxx.se/docs/adv_20161102J.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T21:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8625", - "PkgName": "curl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8625", - "Title": "curl: IDNA 2003 makes curl use wrong host", - "Description": "curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8625.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.securityfocus.com/bid/94107", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8625", - "https://curl.haxx.se/CVE-2016-8625.patch", - "https://curl.haxx.se/docs/adv_20161102K.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8625", - "https://security.gentoo.org/glsa/201701-47", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2017-1000254", - "PkgName": "curl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000254", - "Title": "curl: FTP PWD response parser out of bounds read", - "Description": "libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3992", - "http://www.securityfocus.com/bid/101115", - "http://www.securitytracker.com/id/1039509", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/673d0cd8.patch", - "https://curl.haxx.se/docs/adv_20171004.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000254", - "https://security.gentoo.org/glsa/201712-04", - "https://support.apple.com/HT208331", - "https://usn.ubuntu.com/usn/usn-3441-1", - "https://usn.ubuntu.com/usn/usn-3441-2" - ], - "PublishedDate": "2017-10-06T13:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1000120", - "PkgName": "curl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000120", - "Title": "curl: FTP path trickery leads to NIL byte out of bounds write", - "Description": "A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-1000120.html", - "http://linux.oracle.com/errata/ELSA-2018-3157.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/103414", - "http://www.securitytracker.com/id/1040531", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3157", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://access.redhat.com/errata/RHSA-2019:1543", - "https://curl.haxx.se/docs/adv_2018-9cd6.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000120", - "https://lists.debian.org/debian-lts-announce/2018/03/msg00012.html", - "https://usn.ubuntu.com/3598-1/", - "https://usn.ubuntu.com/3598-2/", - "https://usn.ubuntu.com/usn/usn-3598-1", - "https://usn.ubuntu.com/usn/usn-3598-2", - "https://www.debian.org/security/2018/dsa-4136", - "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - ], - "PublishedDate": "2018-03-14T18:29:00Z", - "LastModifiedDate": "2019-06-18T22:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-0755", - "PkgName": "curl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-0755", - "Title": "curl: NTLM credentials not-checked for proxy connection re-use", - "Description": "The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.", - "Severity": "LOW", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 5, - "V3Score": 7.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", - "V2Score": 4 - } - }, - "References": [ - "http://curl.haxx.se/docs/adv_20160127A.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176546.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177342.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177383.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176413.html", - "http://lists.opensuse.org/opensuse-updates/2016-02/msg00031.html", - "http://lists.opensuse.org/opensuse-updates/2016-02/msg00044.html", - "http://lists.opensuse.org/opensuse-updates/2016-02/msg00047.html", - "http://packetstormsecurity.com/files/135695/Slackware-Security-Advisory-curl-Updates.html", - "http://www.debian.org/security/2016/dsa-3455", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/82307", - "http://www.securitytracker.com/id/1034882", - "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.519965", - "http://www.ubuntu.com/usn/USN-2882-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0755", - "https://security.gentoo.org/glsa/201701-47", - "https://support.apple.com/HT207170", - "https://usn.ubuntu.com/usn/usn-2882-1" - ], - "PublishedDate": "2016-01-29T20:59:00Z", - "LastModifiedDate": "2018-10-17T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-5420", - "PkgName": "curl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5420", - "Title": "curl: Re-using connection with wrong client cert", - "Description": "curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.", - "Severity": "LOW", - "CweIDs": [ - "CWE-285" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", - "V2Score": 4.9, - "V3Score": 4.2 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-5420.html", - "http://linux.oracle.com/errata/ELSA-2016-2575.html", - "http://lists.opensuse.org/opensuse-updates/2016-09/msg00011.html", - "http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html", - "http://rhn.redhat.com/errata/RHSA-2016-2575.html", - "http://rhn.redhat.com/errata/RHSA-2016-2957.html", - "http://www.debian.org/security/2016/dsa-3638", - "http://www.openwall.com/lists/oss-security/2016/09/05/1", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/92309", - "http://www.securitytracker.com/id/1036537", - "http://www.securitytracker.com/id/1036739", - "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.563059", - "http://www.ubuntu.com/usn/USN-3048-1", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/docs/adv_20160803B.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5420", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLPXQQKURBQFM4XM6645VRPTOE2AWG33/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3GQH4V3XAQ5Z53AMQRDEC3C3UHTW7QR/", - "https://security.gentoo.org/glsa/201701-47", - "https://source.android.com/security/bulletin/2016-12-01.html", - "https://usn.ubuntu.com/usn/usn-3048-1", - "https://www.tenable.com/security/tns-2016-18" - ], - "PublishedDate": "2016-08-10T14:59:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-7141", - "PkgName": "curl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-7141", - "Title": "curl: Incorrect reuse of client certificates", - "Description": "curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.", - "Severity": "LOW", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", - "V2Score": 4.9, - "V3Score": 4.2 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-7141.html", - "http://linux.oracle.com/errata/ELSA-2016-2575.html", - "http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html", - "http://rhn.redhat.com/errata/RHSA-2016-2575.html", - "http://rhn.redhat.com/errata/RHSA-2016-2957.html", - "http://seclists.org/oss-sec/2016/q3/419", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/92754", - "http://www.securitytracker.com/id/1036739", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=1373229", - "https://curl.haxx.se/docs/adv_20160907.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7141", - "https://github.com/curl/curl/commit/curl-7_50_2~32", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1" - ], - "PublishedDate": "2016-10-03T21:59:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-7167", - "PkgName": "curl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-7167", - "Title": "curl: escape and unescape integer overflows", - "Description": "Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V2Score": 4.3, - "V3Score": 2.9 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-7167.html", - "http://linux.oracle.com/errata/ELSA-2017-2016.html", - "http://openwall.com/lists/oss-security/2016/09/14/1", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/92975", - "http://www.securitytracker.com/id/1036813", - "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.538632", - "https://access.redhat.com/errata/RHSA-2017:2016", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/docs/adv_20160914.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7167", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B3IU2FRXQNU6UJIQT4NGLWWTP2GJQXO7/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTH54DFOS4TSYPG5XKJDGAG4XPAR4T7M/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZMRWVISG7VUCYRMF23A2UHMYD72VQWAK/", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1" - ], - "PublishedDate": "2016-10-07T14:59:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8616", - "PkgName": "curl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8616", - "Title": "curl: Case insensitive password comparison", - "Description": "A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.", - "Severity": "LOW", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 2.6, - "V3Score": 3.7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8616.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94094", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8616", - "https://curl.haxx.se/CVE-2016-8616.patch", - "https://curl.haxx.se/docs/adv_20161102B.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8621", - "PkgName": "curl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8621", - "Title": "curl: curl_getdate out-of-bounds read", - "Description": "The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8621.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94101", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8621", - "https://curl.haxx.se/CVE-2016-8621.patch", - "https://curl.haxx.se/docs/adv_20161102G.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T22:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8623", - "PkgName": "curl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8623", - "Title": "curl: Use-after-free via shared cookies", - "Description": "A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8623.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94106", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8623", - "https://curl.haxx.se/CVE-2016-8623.patch", - "https://curl.haxx.se/docs/adv_20161102I.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9586", - "PkgName": "curl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9586", - "Title": "curl: printf floating point buffer overflow", - "Description": "curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 2.6, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/95019", - "http://www.securitytracker.com/id/1037515", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9586", - "https://curl.haxx.se/docs/adv_20161221A.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9586", - "https://github.com/curl/curl/commit/curl-7_51_0-162-g3ab3c16", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3441-1", - "https://usn.ubuntu.com/usn/usn-3441-2" - ], - "PublishedDate": "2018-04-23T18:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-1000100", - "PkgName": "curl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000100", - "Title": "curl: TFTP sends more than buffer size", - "Description": "When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 4.8 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3992", - "http://www.securityfocus.com/bid/100286", - "http://www.securitytracker.com/id/1039118", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/docs/adv_20170809B.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000100", - "https://security.gentoo.org/glsa/201709-14", - "https://support.apple.com/HT208221", - "https://usn.ubuntu.com/usn/usn-3441-1", - "https://usn.ubuntu.com/usn/usn-3441-2" - ], - "PublishedDate": "2017-10-05T01:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7407", - "PkgName": "curl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7407", - "Title": "curl: --write-out out of bounds read", - "Description": "The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 2.1, - "V3Score": 2.4 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", - "V3Score": 1.8 - } - }, - "References": [ - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/docs/adv_20170403.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7407", - "https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13", - "https://security.gentoo.org/glsa/201709-14", - "https://usn.ubuntu.com/usn/usn-3441-1", - "https://usn.ubuntu.com/usn/usn-3441-2" - ], - "PublishedDate": "2017-04-03T20:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-14618", - "PkgName": "curl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14618", - "Title": "curl: NTLM password overflow via integer overflow", - "Description": "curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 10, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-14618.html", - "http://linux.oracle.com/errata/ELSA-2019-1880.html", - "http://www.securitytracker.com/id/1041605", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618", - "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf", - "https://curl.haxx.se/docs/CVE-2018-14618.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14618", - "https://github.com/curl/curl/issues/2756", - "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0014", - "https://security.gentoo.org/glsa/201903-03", - "https://usn.ubuntu.com/3765-1/", - "https://usn.ubuntu.com/3765-2/", - "https://usn.ubuntu.com/usn/usn-3765-1", - "https://usn.ubuntu.com/usn/usn-3765-2", - "https://www.debian.org/security/2018/dsa-4286" - ], - "PublishedDate": "2018-09-05T19:29:00Z", - "LastModifiedDate": "2019-04-22T17:48:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16842", - "PkgName": "curl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16842", - "Title": "curl: Heap-based buffer over-read in the curl tool warning formatting", - "Description": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16842.html", - "http://linux.oracle.com/errata/ELSA-2019-2181.html", - "http://www.securitytracker.com/id/1042014", - "https://access.redhat.com/errata/RHSA-2019:2181", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842", - "https://curl.haxx.se/docs/CVE-2018-16842.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16842", - "https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", - "https://security.gentoo.org/glsa/201903-03", - "https://usn.ubuntu.com/3805-1/", - "https://usn.ubuntu.com/3805-2/", - "https://usn.ubuntu.com/usn/usn-3805-1", - "https://usn.ubuntu.com/usn/usn-3805-2", - "https://www.debian.org/security/2018/dsa-4331" - ], - "PublishedDate": "2018-10-31T19:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5436", - "PkgName": "curl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5436", - "Title": "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function", - "Description": "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html", - "https://curl.haxx.se/docs/CVE-2019-5436.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/", - "https://security.netapp.com/advisory/ntap-20190606-0004/", - "https://usn.ubuntu.com/usn/usn-3993-1", - "https://usn.ubuntu.com/usn/usn-3993-2" - ], - "PublishedDate": "2019-05-28T19:29:00Z", - "LastModifiedDate": "2019-06-09T05:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10140", - "PkgName": "db4", - "InstalledVersion": "4.7.25-22.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10140", - "Title": "libdb: Reads DB_CONFIG from the current working directory", - "Description": "Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 4.5 - } - }, - "References": [ - "http://seclists.org/oss-sec/2017/q3/285", - "http://www.openwall.com/lists/oss-security/2017/08/12/1", - "http://www.postfix.org/announcements/postfix-3.2.2.html", - "https://access.redhat.com/errata/RHSA-2019:0366", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10140", - "https://usn.ubuntu.com/usn/usn-3489-1", - "https://usn.ubuntu.com/usn/usn-3489-2" - ], - "PublishedDate": "2018-04-16T17:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10140", - "PkgName": "db4-utils", - "InstalledVersion": "4.7.25-22.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10140", - "Title": "libdb: Reads DB_CONFIG from the current working directory", - "Description": "Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 4.5 - } - }, - "References": [ - "http://seclists.org/oss-sec/2017/q3/285", - "http://www.openwall.com/lists/oss-security/2017/08/12/1", - "http://www.postfix.org/announcements/postfix-3.2.2.html", - "https://access.redhat.com/errata/RHSA-2019:0366", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10140", - "https://usn.ubuntu.com/usn/usn-3489-1", - "https://usn.ubuntu.com/usn/usn-3489-2" - ], - "PublishedDate": "2018-04-16T17:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-12749", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.2.24-9.el6", - "FixedVersion": "1:1.2.24-11.el6_10", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12749", - "Title": "dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass", - "Description": "dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", - "V2Score": 3.6, - "V3Score": 7.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-12749.html", - "http://linux.oracle.com/errata/ELSA-2019-3707.html", - "http://www.openwall.com/lists/oss-security/2019/06/11/2", - "http://www.securityfocus.com/bid/108751", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12749", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00005.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2CQF37O73VH2JDVX2ILX2KD2KLXLQOU/", - "https://seclists.org/bugtraq/2019/Jun/16", - "https://usn.ubuntu.com/4015-1/", - "https://usn.ubuntu.com/4015-2/", - "https://usn.ubuntu.com/usn/usn-4015-1", - "https://usn.ubuntu.com/usn/usn-4015-2", - "https://www.debian.org/security/2019/dsa-4462", - "https://www.openwall.com/lists/oss-security/2019/06/11/2" - ], - "PublishedDate": "2019-06-11T17:29:00Z", - "LastModifiedDate": "2019-06-14T14:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3477", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.2.24-9.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3477", - "Title": "dbus: denial of service flaw in dbus-daemon", - "Description": "The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P", - "V2Score": 3.6 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0266.html", - "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8\u0026id=24c590703ca47eb71ddef453de43126b90954567", - "http://lists.opensuse.org/opensuse-updates/2014-06/msg00042.html", - "http://lists.opensuse.org/opensuse-updates/2014-07/msg00012.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://seclists.org/oss-sec/2014/q2/509", - "http://secunia.com/advisories/59428", - "http://secunia.com/advisories/59611", - "http://secunia.com/advisories/59798", - "http://www.debian.org/security/2014/dsa-2971", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.securityfocus.com/bid/67986", - "https://bugs.freedesktop.org/show_bug.cgi?id=78979", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3477", - "https://usn.ubuntu.com/usn/usn-2275-1" - ], - "PublishedDate": "2014-07-01T17:55:00Z", - "LastModifiedDate": "2015-04-15T02:00:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3532", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.2.24-9.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3532", - "Title": "dbus: denial of service in file descriptor passing feature", - "Description": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0294.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://openwall.com/lists/oss-security/2014/07/02/4", - "http://secunia.com/advisories/59611", - "http://secunia.com/advisories/59798", - "http://secunia.com/advisories/60236", - "http://www.debian.org/security/2014/dsa-2971", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", - "https://bugs.freedesktop.org/show_bug.cgi?id=80163", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3532", - "https://usn.ubuntu.com/usn/usn-2275-1" - ], - "PublishedDate": "2014-07-19T19:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3533", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.2.24-9.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3533", - "Title": "dbus: denial of service when forwarding invalid file descriptors", - "Description": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0294.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://openwall.com/lists/oss-security/2014/07/02/4", - "http://secunia.com/advisories/59611", - "http://secunia.com/advisories/59798", - "http://secunia.com/advisories/60236", - "http://www.debian.org/security/2014/dsa-2971", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", - "https://bugs.freedesktop.org/show_bug.cgi?id=79694", - "https://bugs.freedesktop.org/show_bug.cgi?id=80469", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3533", - "https://usn.ubuntu.com/usn/usn-2275-1" - ], - "PublishedDate": "2014-07-19T19:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2011-2533", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.2.24-9.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-2533", - "Title": "dbus: Possibility of symlink attack in /tmp during compilation", - "Description": "The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/.", - "Severity": "LOW", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", - "V2Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 1.9 - } - }, - "References": [ - "http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2", - "http://www.securitytracker.com/id?1025720", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2533", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/68173" - ], - "PublishedDate": "2011-06-22T23:55:00Z", - "LastModifiedDate": "2017-08-29T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3636", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.2.24-9.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3636", - "Title": "dbus: denial of service by queuing or splitting file descriptors", - "Description": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0395.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://secunia.com/advisories/61378", - "http://www.debian.org/security/2014/dsa-3026", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2014/09/16/9", - "http://www.securitytracker.com/id/1030864", - "http://www.ubuntu.com/usn/USN-2352-1", - "https://bugs.freedesktop.org/show_bug.cgi?id=82820", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3636", - "https://usn.ubuntu.com/usn/usn-2352-1" - ], - "PublishedDate": "2014-10-25T20:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3637", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.2.24-9.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3637", - "Title": "dbus: denial of service by creating unkillable D-Bus connections", - "Description": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.", - "Severity": "LOW", - "CweIDs": [ - "CWE-17" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0395.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://secunia.com/advisories/61378", - "http://www.debian.org/security/2014/dsa-3026", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2014/09/16/9", - "http://www.openwall.com/lists/oss-security/2019/06/24/13", - "http://www.openwall.com/lists/oss-security/2019/06/24/14", - "http://www.securitytracker.com/id/1030864", - "http://www.ubuntu.com/usn/USN-2352-1", - "https://bugs.freedesktop.org/show_bug.cgi?id=80559", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3637", - "https://usn.ubuntu.com/usn/usn-2352-1" - ], - "PublishedDate": "2014-09-22T15:55:00Z", - "LastModifiedDate": "2019-06-24T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3638", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.2.24-9.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3638", - "Title": "dbus: denial of service in method call handling", - "Description": "The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0395.html", - "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://secunia.com/advisories/61378", - "http://secunia.com/advisories/61431", - "http://www.debian.org/security/2014/dsa-3026", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2014/09/16/9", - "http://www.securitytracker.com/id/1030864", - "http://www.ubuntu.com/usn/USN-2352-1", - "https://bugs.freedesktop.org/show_bug.cgi?id=81053", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3638", - "https://usn.ubuntu.com/usn/usn-2352-1" - ], - "PublishedDate": "2014-09-22T15:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3639", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.2.24-9.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3639", - "Title": "dbus: denial of service flaw in incomplete connection handling", - "Description": "The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0395.html", - "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://secunia.com/advisories/61378", - "http://secunia.com/advisories/61431", - "http://www.debian.org/security/2014/dsa-3026", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2014/09/16/9", - "http://www.securitytracker.com/id/1030864", - "http://www.ubuntu.com/usn/USN-2352-1", - "https://bugs.freedesktop.org/show_bug.cgi?id=80919", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3639", - "https://usn.ubuntu.com/usn/usn-2352-1" - ], - "PublishedDate": "2014-09-22T15:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10254", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.164-2.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10254", - "Title": "elfutils: Memory allocation failure in allocate_elf", - "Description": "The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/03/22/2", - "https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-allocate_elf-common-h/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10254", - "https://lists.fedorahosted.org/archives/list/elfutils-devel@lists.fedorahosted.org/message/EJWVY7TMRDEMWPAPNVU3V4MZYG5HANF2/", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-03-23T16:59:00Z", - "LastModifiedDate": "2018-06-07T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10255", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.164-2.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10255", - "Title": "elfutils: Memory allocation failure in __libelf_set_rawdata_wrlock (elf_getdata.c)", - "Description": "The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/03/22/1", - "https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-__libelf_set_rawdata_wrlock-elf_getdata-c/", - "https://bugzilla.redhat.com/show_bug.cgi?id=1387584", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10255", - "https://lists.fedorahosted.org/archives/list/elfutils-devel@lists.fedorahosted.org/thread/Q4LE47FPEVRZANMV6JE2NMHYO4H5MHGJ/", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-03-23T16:59:00Z", - "LastModifiedDate": "2018-06-07T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7607", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.164-2.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7607", - "Title": "elfutils: Heap-buffer overflow in the handle_gnu_hash function", - "Description": "The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "http://www.securityfocus.com/bid/98608", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7607", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7608", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.164-2.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7608", - "Title": "elfutils: Heap-buffer overflow in the ebl_object_note_type_name function", - "Description": "The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "http://www.securityfocus.com/bid/98609", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7608", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7609", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.164-2.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7609", - "Title": "elfutils: Memory allocation failure in elf_compress.c", - "Description": "elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7609", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2018-06-07T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7610", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.164-2.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7610", - "Title": "elfutils: Heap-buffer overflow in the check_group function", - "Description": "The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7610", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7611", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.164-2.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7611", - "Title": "elfutils: Heap-buffer overflow in the check_symtab_shndx function", - "Description": "The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7611", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7612", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.164-2.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7612", - "Title": "elfutils: Heap-buffer overflow in the check_sysv_hash function", - "Description": "The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7612", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7613", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.164-2.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7613", - "Title": "elfutils: elflint.c does not validate the number of sections and segments", - "Description": "elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7613", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-06-20T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16062", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.164-2.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16062", - "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file", - "Description": "dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16062.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23541", - "https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-08-29T03:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16403", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.164-2.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16403", - "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash", - "Description": "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16403.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16403", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23529", - "https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-09-03T19:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18310", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.164-2.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18310", - "Title": "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl", - "Description": "An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18310.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23752", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-15T02:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18520", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.164-2.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18520", - "Title": "elfutils: eu-size cannot handle recursive ar files", - "Description": "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18520.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23787", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-19T17:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18521", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.164-2.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18521", - "Title": "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c", - "Description": "Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.", - "Severity": "LOW", - "CweIDs": [ - "CWE-369" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18521.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23786", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-19T17:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7150", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.164-2.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7150", - "Title": "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c", - "Description": "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7150.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24103", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-01-29T00:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7664", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.164-2.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7664", - "Title": "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h", - "Description": "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7664.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24084" - ], - "PublishedDate": "2019-02-09T16:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7665", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.164-2.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7665", - "Title": "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c", - "Description": "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7665.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24089", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-02-09T16:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2012-6702", - "PkgName": "expat", - "InstalledVersion": "2.0.1-13.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2012-6702", - "Title": "expat: Using XML_Parse before rand() results into non-random output", - "Description": "Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://seclists.org/oss-sec/2016/q2/468", - "http://www.debian.org/security/2016/dsa-3597", - "http://www.openwall.com/lists/oss-security/2016/06/03/8", - "http://www.openwall.com/lists/oss-security/2016/06/04/1", - "http://www.securityfocus.com/bid/91483", - "http://www.ubuntu.com/usn/USN-3010-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6702", - "https://security.gentoo.org/glsa/201701-21", - "https://source.android.com/security/bulletin/2016-11-01.html", - "https://usn.ubuntu.com/usn/usn-3010-1", - "https://usn.ubuntu.com/usn/usn-3013-1", - "https://www.tenable.com/security/tns-2016-20" - ], - "PublishedDate": "2016-06-16T18:59:00Z", - "LastModifiedDate": "2019-01-18T17:55:00Z" - }, - { - "VulnerabilityID": "CVE-2013-0340", - "PkgName": "expat", - "InstalledVersion": "2.0.1-13.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-0340", - "Title": "expat: internal entity expansion", - "Description": "expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2013/02/22/3", - "http://securitytracker.com/id?1028213", - "http://www.openwall.com/lists/oss-security/2013/04/12/6", - "http://www.osvdb.org/90634", - "http://www.securityfocus.com/bid/58233", - "https://security.gentoo.org/glsa/201701-21" - ], - "PublishedDate": "2014-01-21T18:55:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2716", - "PkgName": "expat", - "InstalledVersion": "2.0.1-13.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2716", - "Title": "Mozilla: Buffer overflow when parsing compressed XML (MFSA 2015-54)", - "Description": "Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-2716.html", - "http://linux.oracle.com/errata/ELSA-2015-1012.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html", - "http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html", - "http://rhn.redhat.com/errata/RHSA-2015-0988.html", - "http://rhn.redhat.com/errata/RHSA-2015-1012.html", - "http://www.debian.org/security/2015/dsa-3260", - "http://www.debian.org/security/2015/dsa-3264", - "http://www.mozilla.org/security/announce/2015/mfsa2015-54.html", - "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "http://www.securityfocus.com/bid/74611", - "http://www.ubuntu.com/usn/USN-2602-1", - "http://www.ubuntu.com/usn/USN-2603-1", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1140537", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2716", - "https://hg.mozilla.org/releases/mozilla-esr31/rev/2f3e78643f5c", - "https://security.gentoo.org/glsa/201605-06", - "https://usn.ubuntu.com/usn/usn-2602-1", - "https://usn.ubuntu.com/usn/usn-2603-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2015-54/", - "https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7", - "https://www.tenable.com/security/tns-2016-20" - ], - "PublishedDate": "2015-05-14T10:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-5300", - "PkgName": "expat", - "InstalledVersion": "2.0.1-13.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5300", - "Title": "expat: Little entropy used for hash initialization", - "Description": "The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 7.8, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://seclists.org/oss-sec/2016/q2/468", - "http://www.debian.org/security/2016/dsa-3597", - "http://www.openwall.com/lists/oss-security/2016/06/04/4", - "http://www.openwall.com/lists/oss-security/2016/06/04/5", - "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", - "http://www.securityfocus.com/bid/91159", - "http://www.ubuntu.com/usn/USN-3010-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5300", - "https://security.gentoo.org/glsa/201701-21", - "https://source.android.com/security/bulletin/2016-11-01.html", - "https://usn.ubuntu.com/usn/usn-3010-1", - "https://usn.ubuntu.com/usn/usn-3013-1", - "https://www.tenable.com/security/tns-2016-20" - ], - "PublishedDate": "2016-06-16T18:59:00Z", - "LastModifiedDate": "2019-01-23T12:59:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9063", - "PkgName": "expat", - "InstalledVersion": "2.0.1-13.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9063", - "Title": "firefox: Possible integer overflow to fix inside XML_Parse in Expat", - "Description": "An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox \u003c 50.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V2Score": 4.3, - "V3Score": 3.1 - } - }, - "References": [ - "http://www.securityfocus.com/bid/94337", - "http://www.securitytracker.com/id/1037298", - "http://www.securitytracker.com/id/1039427", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1274777", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063", - "https://usn.ubuntu.com/usn/usn-3124-1", - "https://www.debian.org/security/2017/dsa-3898", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9063", - "https://www.mozilla.org/security/advisories/mfsa2016-89/" - ], - "PublishedDate": "2018-06-11T21:29:00Z", - "LastModifiedDate": "2018-07-30T18:31:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8865", - "PkgName": "file", - "InstalledVersion": "5.04-30.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8865", - "Title": "file: Buffer over-write in finfo_open with malformed magic file", - "Description": "The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 7.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 5.1, - "V3Score": 5.6 - } - }, - "References": [ - "http://bugs.gw.com/view.php?id=522", - "http://git.php.net/?p=php-src.git;a=commit;h=fe13566c93f118a15a96320a546c7878fd0cfc5e", - "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://www.debian.org/security/2016/dsa-3560", - "http://www.openwall.com/lists/oss-security/2016/04/11/7", - "http://www.openwall.com/lists/oss-security/2016/04/24/1", - "http://www.php.net/ChangeLog-5.php", - "http://www.php.net/ChangeLog-7.php", - "http://www.securityfocus.com/bid/85802", - "http://www.ubuntu.com/usn/USN-2952-1", - "http://www.ubuntu.com/usn/USN-2952-2", - "https://bugs.php.net/bug.php?id=71527", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8865", - "https://github.com/file/file/commit/6713ca45e7757297381f4b4cdb9cf5e624a9ad36", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201611-22", - "https://security.gentoo.org/glsa/201701-42", - "https://support.apple.com/HT206567", - "https://usn.ubuntu.com/3686-1/", - "https://usn.ubuntu.com/3686-2/", - "https://usn.ubuntu.com/usn/usn-2952-1", - "https://usn.ubuntu.com/usn/usn-2984-1", - "https://usn.ubuntu.com/usn/usn-3686-1", - "https://usn.ubuntu.com/usn/usn-3686-2" - ], - "PublishedDate": "2016-05-20T10:59:00Z", - "LastModifiedDate": "2018-06-30T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-10360", - "PkgName": "file", - "InstalledVersion": "5.04-30.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-10360", - "Title": "file: out-of-bounds read via a crafted ELF file", - "Description": "The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10360", - "https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22", - "https://security.gentoo.org/glsa/201806-08", - "https://usn.ubuntu.com/3686-1/", - "https://usn.ubuntu.com/3686-2/", - "https://usn.ubuntu.com/usn/usn-3686-1", - "https://usn.ubuntu.com/usn/usn-3686-2" - ], - "PublishedDate": "2018-06-11T10:29:00Z", - "LastModifiedDate": "2019-05-02T14:40:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8865", - "PkgName": "file-libs", - "InstalledVersion": "5.04-30.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8865", - "Title": "file: Buffer over-write in finfo_open with malformed magic file", - "Description": "The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 7.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 5.1, - "V3Score": 5.6 - } - }, - "References": [ - "http://bugs.gw.com/view.php?id=522", - "http://git.php.net/?p=php-src.git;a=commit;h=fe13566c93f118a15a96320a546c7878fd0cfc5e", - "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://www.debian.org/security/2016/dsa-3560", - "http://www.openwall.com/lists/oss-security/2016/04/11/7", - "http://www.openwall.com/lists/oss-security/2016/04/24/1", - "http://www.php.net/ChangeLog-5.php", - "http://www.php.net/ChangeLog-7.php", - "http://www.securityfocus.com/bid/85802", - "http://www.ubuntu.com/usn/USN-2952-1", - "http://www.ubuntu.com/usn/USN-2952-2", - "https://bugs.php.net/bug.php?id=71527", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8865", - "https://github.com/file/file/commit/6713ca45e7757297381f4b4cdb9cf5e624a9ad36", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201611-22", - "https://security.gentoo.org/glsa/201701-42", - "https://support.apple.com/HT206567", - "https://usn.ubuntu.com/3686-1/", - "https://usn.ubuntu.com/3686-2/", - "https://usn.ubuntu.com/usn/usn-2952-1", - "https://usn.ubuntu.com/usn/usn-2984-1", - "https://usn.ubuntu.com/usn/usn-3686-1", - "https://usn.ubuntu.com/usn/usn-3686-2" - ], - "PublishedDate": "2016-05-20T10:59:00Z", - "LastModifiedDate": "2018-06-30T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-10360", - "PkgName": "file-libs", - "InstalledVersion": "5.04-30.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-10360", - "Title": "file: out-of-bounds read via a crafted ELF file", - "Description": "The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10360", - "https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22", - "https://security.gentoo.org/glsa/201806-08", - "https://usn.ubuntu.com/3686-1/", - "https://usn.ubuntu.com/3686-2/", - "https://usn.ubuntu.com/usn/usn-3686-1", - "https://usn.ubuntu.com/usn/usn-3686-2" - ], - "PublishedDate": "2018-06-11T10:29:00Z", - "LastModifiedDate": "2019-05-02T14:40:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8385", - "PkgName": "glib2", - "InstalledVersion": "2.28.8-10.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8385", - "Title": "pcre: buffer overflow caused by named forward reference to duplicate group number (8.38/30)", - "Description": "PCRE before 8.38 mishandles the /(?|(\\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-8385.html", - "http://linux.oracle.com/errata/ELSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/85572", - "https://access.redhat.com/errata/RHSA-2016:1132", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8385", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2019-12-27T16:08:00Z" - }, - { - "VulnerabilityID": "CVE-2016-3191", - "PkgName": "glib2", - "InstalledVersion": "2.28.8-10.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-3191", - "Title": "pcre: workspace overflow for (*ACCEPT) with deeply nested parentheses (8.39/13, 10.22/12)", - "Description": "The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-3191.html", - "http://linux.oracle.com/errata/ELSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-1025.html", - "http://vcs.pcre.org/pcre2?view=revision\u0026revision=489", - "http://vcs.pcre.org/pcre?view=revision\u0026revision=1631", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/84810", - "https://access.redhat.com/errata/RHSA-2016:1132", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://bugs.debian.org/815920", - "https://bugs.debian.org/815921", - "https://bugs.exim.org/show_bug.cgi?id=1791", - "https://bugzilla.redhat.com/show_bug.cgi?id=1311503", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3191", - "https://usn.ubuntu.com/usn/usn-2943-1", - "https://www.tenable.com/security/tns-2016-18" - ], - "PublishedDate": "2016-03-17T23:59:00Z", - "LastModifiedDate": "2018-01-05T02:30:00Z" - }, - { - "VulnerabilityID": "CVE-2012-0039", - "PkgName": "glib2", - "InstalledVersion": "2.28.8-10.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2012-0039", - "Title": "glib2: hash table collisions CPU usage DoS", - "Description": "** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655044", - "http://mail.gnome.org/archives/gtk-devel-list/2003-May/msg00111.html", - "http://openwall.com/lists/oss-security/2012/01/10/12", - "https://bugzilla.redhat.com/show_bug.cgi?id=772720" - ], - "PublishedDate": "2012-01-14T17:55:00Z", - "LastModifiedDate": "2012-02-08T05:00:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2327", - "PkgName": "glib2", - "InstalledVersion": "2.28.8-10.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2327", - "Title": "pcre: infinite recursion compiling pattern with zero-repeated groups that include recursive back reference (8.36/19)", - "Description": "PCRE before 8.36 mishandles the /(((a\\2)|(a*)\\g\u003c-1\u003e))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.fortiguard.com/advisory/FG-VD-15-010/", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/74924", - "https://bugs.exim.org/show_bug.cgi?id=1503", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2327", - "https://jira.mongodb.org/browse/SERVER-17252", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2018-01-05T02:30:00Z" - }, - { - "VulnerabilityID": "CVE-2015-3217", - "PkgName": "glib2", - "InstalledVersion": "2.28.8-10.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-3217", - "Title": "pcre: stack overflow caused by mishandled group empty match (8.38/11)", - "Description": "PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\\\.|([^\\\\\\\\W_])?)+)+$/.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-3217.html", - "http://linux.oracle.com/errata/ELSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://vcs.pcre.org/pcre?view=revision\u0026revision=1566", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "http://www.openwall.com/lists/oss-security/2015/06/03/7", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/75018", - "https://access.redhat.com/errata/RHSA-2016:1132", - "https://bugs.exim.org/show_bug.cgi?id=1638", - "https://bugzilla.redhat.com/show_bug.cgi?id=1228283", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3217" - ], - "PublishedDate": "2016-12-13T16:59:00Z", - "LastModifiedDate": "2018-05-18T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5073", - "PkgName": "glib2", - "InstalledVersion": "2.28.8-10.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5073", - "Title": "CVE-2015-8388 pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18)", - "Description": "Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119", - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-5073.html", - "http://linux.oracle.com/errata/ELSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?revision=1609\u0026view=markup", - "http://vcs.pcre.org/pcre?view=revision\u0026revision=1571", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "http://www.openwall.com/lists/oss-security/2015/06/26/1", - "http://www.openwall.com/lists/oss-security/2015/06/26/3", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/75430", - "http://www.securitytracker.com/id/1033154", - "https://access.redhat.com/errata/RHSA-2016:1132", - "https://bugs.exim.org/show_bug.cgi?id=1651", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5073", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2694-1", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2016-12-13T16:59:00Z", - "LastModifiedDate": "2018-05-18T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8387", - "PkgName": "glib2", - "InstalledVersion": "2.28.8-10.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8387", - "Title": "pcre: Integer overflow in subroutine calls (8.38/8)", - "Description": "PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-189" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/82990", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8387", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8388", - "PkgName": "glib2", - "InstalledVersion": "2.28.8-10.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8388", - "Title": "CVE-2015-5073 CVE-2015-8388 pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18)", - "Description": "PCRE before 8.38 mishandles the /(?=di(?\u003c=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119", - "CWE-185" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-8388.html", - "http://linux.oracle.com/errata/ELSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/85576", - "https://access.redhat.com/errata/RHSA-2016:1132", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8388", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2019-12-27T16:08:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8390", - "PkgName": "glib2", - "InstalledVersion": "2.28.8-10.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8390", - "Title": "pcre: uninitialized memory read triggered by malformed posix character class (8.38/22)", - "Description": "PCRE before 8.38 mishandles the [: and \\\\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/82990", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8390", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8394", - "PkgName": "glib2", - "InstalledVersion": "2.28.8-10.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8394", - "Title": "pcre: Integer overflow caused by missing check for certain conditions (8.38/31)", - "Description": "PCRE before 8.38 mishandles the (?(\u003cdigits\u003e) and (?(R\u003cdigits\u003e) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-189" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/82990", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8394", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9633", - "PkgName": "glib2", - "InstalledVersion": "2.28.8-10.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9633", - "Title": "glib: g_socket_client_connected_callback in gio/gsocketclient.c allows to cause denial of service", - "Description": "gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mishandling and application crash) via a crafted web site, as demonstrated by GNOME Web (aka Epiphany).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", - "V3Score": 8.2 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107391", - "https://gitlab.gnome.org/GNOME/glib/issues/1649" - ], - "PublishedDate": "2019-03-08T08:29:00Z", - "LastModifiedDate": "2019-03-14T18:16:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8386", - "PkgName": "glib2", - "InstalledVersion": "2.28.8-10.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8386", - "Title": "pcre: Buffer overflow caused by lookbehind assertion (8.38/6)", - "Description": "PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-8386.html", - "http://linux.oracle.com/errata/ELSA-2016-1025.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://rhn.redhat.com/errata/RHSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/82990", - "https://access.redhat.com/errata/RHSA-2016:1132", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8386", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2019-12-27T16:08:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11164", - "PkgName": "glib2", - "InstalledVersion": "2.28.8-10.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11164", - "Title": "pcre: OP_KETRMAX feature in the match function in pcre_exec.c", - "Description": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.", - "Severity": "LOW", - "CweIDs": [ - "CWE-674" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 7.8, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2017/07/11/3", - "http://www.securityfocus.com/bid/99575", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164" - ], - "PublishedDate": "2017-07-11T03:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7244", - "PkgName": "glib2", - "InstalledVersion": "2.28.8-10.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7244", - "Title": "pcre: invalid memory read in _pcre32_xclass (pcre_xclass.c)", - "Description": "The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97067", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7244", - "https://security.gentoo.org/glsa/201710-25" - ], - "PublishedDate": "2017-03-23T21:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7245", - "PkgName": "glib2", - "InstalledVersion": "2.28.8-10.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7245", - "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", - "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97067", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7245", - "https://security.gentoo.org/glsa/201710-25" - ], - "PublishedDate": "2017-03-23T21:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7246", - "PkgName": "glib2", - "InstalledVersion": "2.28.8-10.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7246", - "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", - "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97067", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7246", - "https://security.gentoo.org/glsa/201710-25" - ], - "PublishedDate": "2017-03-23T21:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16428", - "PkgName": "glib2", - "InstalledVersion": "2.28.8-10.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16428", - "Title": "glib2: NULL pointer dereference in g_markup_parse_context_end_parse() function in gmarkup.c", - "Description": "In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 5.1 - } - }, - "References": [ - "http://www.securityfocus.com/bid/105210", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16428", - "https://gitlab.gnome.org/GNOME/glib/commit/fccef3cc822af74699cca84cd202719ae61ca3b9", - "https://gitlab.gnome.org/GNOME/glib/issues/1364", - "https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html", - "https://usn.ubuntu.com/3767-1/", - "https://usn.ubuntu.com/3767-2/", - "https://usn.ubuntu.com/usn/usn-3767-1", - "https://usn.ubuntu.com/usn/usn-3767-2" - ], - "PublishedDate": "2018-09-04T00:29:00Z", - "LastModifiedDate": "2019-07-31T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16429", - "PkgName": "glib2", - "InstalledVersion": "2.28.8-10.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16429", - "Title": "glib2: Out-of-bounds read in g_markup_parse_context_parse() in gmarkup.c", - "Description": "GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str().", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16429", - "https://gitlab.gnome.org/GNOME/glib/commit/cec71705406f0b2790422f0c1aa0ff3b4b464b1b", - "https://gitlab.gnome.org/GNOME/glib/issues/1361", - "https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html", - "https://usn.ubuntu.com/3767-1/", - "https://usn.ubuntu.com/3767-2/", - "https://usn.ubuntu.com/usn/usn-3767-1", - "https://usn.ubuntu.com/usn/usn-3767-2" - ], - "PublishedDate": "2018-09-04T00:29:00Z", - "LastModifiedDate": "2019-07-31T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1000001", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000001", - "Title": "glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation", - "Description": "In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-1000001.html", - "http://linux.oracle.com/errata/ELSA-2018-0805.html", - "http://seclists.org/oss-sec/2018/q1/38", - "http://www.openwall.com/lists/oss-security/2018/01/11/5", - "http://www.securityfocus.com/bid/102525", - "http://www.securitytracker.com/id/1040162", - "https://access.redhat.com/errata/RHSA-2018:0805", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000001", - "https://lists.samba.org/archive/rsync/2018-February/031478.html", - "https://security.netapp.com/advisory/ntap-20190404-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18203", - "https://usn.ubuntu.com/3534-1/", - "https://usn.ubuntu.com/3536-1/", - "https://usn.ubuntu.com/usn/usn-3534-1", - "https://usn.ubuntu.com/usn/usn-3536-1", - "https://www.exploit-db.com/exploits/43775/", - "https://www.exploit-db.com/exploits/44889/", - "https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/" - ], - "PublishedDate": "2018-01-31T14:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2009-5155", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2009-5155", - "Title": "glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result", - "Description": "In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5155", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=11053", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18986", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672", - "https://support.f5.com/csp/article/K64119434" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-03-25T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2012-4412", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2012-4412", - "Title": "glibc: strcoll() integer overflow leading to buffer overflow", - "Description": "Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-189" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 4.4 - } - }, - "References": [ - "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", - "http://seclists.org/fulldisclosure/2019/Jun/18", - "http://secunia.com/advisories/55113", - "http://sourceware.org/bugzilla/show_bug.cgi?id=14547", - "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283", - "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284", - "http://www.openwall.com/lists/oss-security/2012/09/07/9", - "http://www.ubuntu.com/usn/USN-1991-1", - "https://bugzilla.redhat.com/show_bug.cgi?id=855385", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4412", - "https://seclists.org/bugtraq/2019/Jun/14", - "https://security.gentoo.org/glsa/201503-04", - "https://usn.ubuntu.com/usn/usn-1991-1" - ], - "PublishedDate": "2013-10-09T22:55:00Z", - "LastModifiedDate": "2019-06-13T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2012-4424", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2012-4424", - "Title": "glibc: alloca() stack overflow in the strcoll() interface", - "Description": "Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 5.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://sourceware.org/bugzilla/show_bug.cgi?id=14547", - "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283", - "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284", - "http://www.openwall.com/lists/oss-security/2012/09/13/16", - "http://www.ubuntu.com/usn/USN-1991-1", - "https://bugzilla.redhat.com/show_bug.cgi?id=858238", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4424", - "https://security.gentoo.org/glsa/201503-04", - "https://usn.ubuntu.com/usn/usn-1991-1" - ], - "PublishedDate": "2013-10-09T22:55:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8983", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8983", - "Title": "glibc: _IO_wstr_overflow integer overflow", - "Description": "Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 4.4 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2015/02/22/15", - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/72740", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8983", - "https://sourceware.org/bugzilla/show_bug.cgi?id=17269", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bdf1ff052a8e23d637f2c838fa5642d78fcedc33", - "https://usn.ubuntu.com/usn/usn-3239-1", - "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html" - ], - "PublishedDate": "2017-03-20T16:59:00Z", - "LastModifiedDate": "2017-03-22T19:12:00Z" - }, - { - "VulnerabilityID": "CVE-2016-1234", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1234", - "Title": "glibc: Stack-based buffer overflow in glob with GLOB_ALTDIRFUNC and crafted directory", - "Description": "Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 4.6, - "V3Score": 4.8 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html", - "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html", - "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html", - "http://www.openwall.com/lists/oss-security/2016/03/07/16", - "http://www.securityfocus.com/bid/84204", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1234", - "https://security.gentoo.org/glsa/201702-11", - "https://sourceware.org/bugzilla/show_bug.cgi?id=19779", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5171f3079f2cc53e0548fc4967361f4d1ce9d7ea", - "https://usn.ubuntu.com/usn/usn-3239-1" - ], - "PublishedDate": "2016-06-01T20:59:00Z", - "LastModifiedDate": "2019-05-31T18:16:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16997", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16997", - "Title": "glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries", - "Description": "elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the \"./\" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-426" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 9.3, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2017-16997.html", - "http://linux.oracle.com/errata/ELSA-2018-3092.html", - "http://www.securityfocus.com/bid/102228", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3092", - "https://bugs.debian.org/884615", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16997", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22625", - "https://sourceware.org/ml/libc-alpha/2017-12/msg00528.html", - "https://usn.ubuntu.com/usn/usn-3534-1" - ], - "PublishedDate": "2017-12-18T01:29:00Z", - "LastModifiedDate": "2019-04-26T12:41:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8804", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8804", - "Title": "glibc: memory leak in sunrpc when decoding malformed XDR", - "Description": "The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-502" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 7.8, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/05/05/2", - "http://www.securityfocus.com/bid/98339", - "https://bugzilla.suse.com/show_bug.cgi?id=1037559#c7", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21461", - "https://sourceware.org/ml/libc-alpha/2017-05/msg00105.html" - ], - "PublishedDate": "2017-05-07T18:29:00Z", - "LastModifiedDate": "2017-05-16T01:34:00Z" - }, - { - "VulnerabilityID": "CVE-2018-11236", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-11236", - "Title": "glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow", - "Description": "stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-11236.html", - "http://linux.oracle.com/errata/ELSA-2018-3092.html", - "http://www.securityfocus.com/bid/104255", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3092", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11236", - "https://security.netapp.com/advisory/ntap-20190329-0001/", - "https://security.netapp.com/advisory/ntap-20190401-0001/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22786", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5460617d1567657621107d895ee2dd83bc1f88f2", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-05-18T16:29:00Z", - "LastModifiedDate": "2019-04-25T18:43:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6485", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6485", - "Title": "glibc: Integer overflow in posix_memalign in memalign functions", - "Description": "An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://bugs.debian.org/878159", - "http://linux.oracle.com/cve/CVE-2018-6485.html", - "http://linux.oracle.com/errata/ELSA-2018-3092.html", - "http://www.securityfocus.com/bid/102912", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3092", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6485", - "https://security.netapp.com/advisory/ntap-20190404-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22343", - "https://usn.ubuntu.com/4218-1/", - "https://usn.ubuntu.com/usn/usn-4218-1", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-02-01T14:29:00Z", - "LastModifiedDate": "2019-12-10T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9169", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9169", - "Title": "glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24114", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9", - "https://support.f5.com/csp/article/K54823184" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-04-16T05:29:00Z" - }, - { - "VulnerabilityID": "CVE-2010-0015", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-0015", - "Title": "glibc NIS password hash disclosure", - "Description": "nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function.", - "Severity": "LOW", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:A/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 3.3 - } - }, - "References": [ - "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560333", - "http://marc.info/?l=oss-security\u0026m=126320356003425\u0026w=2", - "http://marc.info/?l=oss-security\u0026m=126320570505651\u0026w=2", - "http://sourceware.org/bugzilla/show_bug.cgi?id=11134", - "http://svn.debian.org/viewsvn/pkg-glibc/glibc-package/trunk/debian/patches/any/submitted-nis-shadow.diff?revision=4062\u0026view=markup", - "http://www.mandriva.com/security/advisories?name=MDVSA-2010:111", - "http://www.mandriva.com/security/advisories?name=MDVSA-2010:112", - "http://www.openwall.com/lists/oss-security/2010/01/07/3", - "http://www.openwall.com/lists/oss-security/2010/01/08/1", - "http://www.openwall.com/lists/oss-security/2010/01/08/2", - "http://www.openwall.com/lists/oss-security/2010/01/11/6", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0015", - "https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html" - ], - "PublishedDate": "2010-01-14T18:30:00Z", - "LastModifiedDate": "2016-12-07T02:59:00Z" - }, - { - "VulnerabilityID": "CVE-2010-4756", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4756", - "Title": "glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions", - "Description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "V2Score": 4 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223" - ], - "PublishedDate": "2011-03-02T20:00:00Z", - "LastModifiedDate": "2011-03-04T05:00:00Z" - }, - { - "VulnerabilityID": "CVE-2011-5320", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-5320", - "Title": "glibc: scanf implementation crashes on certain inputs", - "Description": "scanf and related functions in glibc before 2.15 allow local users to cause a denial of service (segmentation fault) via a large string of 0s.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 2.1, - "V3Score": 6.2 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2015/03/12/14", - "https://bugzilla.redhat.com/show_bug.cgi?id=1196745", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5320", - "https://marc.info/?l=gimp-developer\u0026m=129567990905823\u0026w=2", - "https://sourceware.org/bugzilla/show_bug.cgi?id=13138#c4", - "https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=20b38e0", - "https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3f8cc204fdd0" - ], - "PublishedDate": "2017-10-18T14:29:00Z", - "LastModifiedDate": "2017-11-08T17:05:00Z" - }, - { - "VulnerabilityID": "CVE-2013-4788", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4788", - "Title": "glibc: PTR_MANGLE does not initialize to a random value for the pointer guard when compiling static executables", - "Description": "The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 5.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://hmarco.org/bugs/CVE-2013-4788.html", - "http://seclists.org/fulldisclosure/2015/Sep/23", - "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283", - "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284", - "http://www.openwall.com/lists/oss-security/2013/07/15/9", - "http://www.securityfocus.com/bid/61183", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4788", - "https://security.gentoo.org/glsa/201503-04" - ], - "PublishedDate": "2013-10-04T17:55:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-4043", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-4043", - "Title": "glibc: posix_spawn_file_actions_addopen fails to copy the path argument", - "Description": "The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.", - "Severity": "LOW", - "CweIDs": [ - "CWE-94" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:S/C:P/I:N/A:N", - "V2Score": 1 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00012.html", - "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", - "http://seclists.org/fulldisclosure/2019/Jun/18", - "http://www.mandriva.com/security/advisories?name=MDVSA-2014:152", - "http://www.openwall.com/lists/oss-security/2014/06/13/2", - "http://www.securityfocus.com/bid/68006", - "https://bugzilla.redhat.com/show_bug.cgi?id=1109263", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/93784", - "https://seclists.org/bugtraq/2019/Jun/14", - "https://security.gentoo.org/glsa/201503-04", - "https://sourceware.org/bugzilla/show_bug.cgi?id=17048", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=ChangeLog;h=3020b9ac232315df362521aeaf85f21cb9926db8;hp=d86e73963dd9fb5e21b1a28326630337226812aa;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=posix/spawn_faction_addopen.c;h=40800b8e6e81341501c0fb8a91009529e2048dec;hp=47f62425b696a4fdd511b2a057746322eb6518db;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=89e435f3559c53084498e9baad22172b64429362", - "https://usn.ubuntu.com/usn/usn-2306-1" - ], - "PublishedDate": "2014-10-06T23:55:00Z", - "LastModifiedDate": "2019-06-13T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-8121", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-8121", - "Title": "glibc: Unexpected closing of nss_files databases after lookups causes denial of service", - "Description": "DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.", - "Severity": "LOW", - "CweIDs": [ - "CWE-17" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2014-8121.html", - "http://linux.oracle.com/errata/ELSA-2015-0327.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html", - "http://rhn.redhat.com/errata/RHSA-2015-0327.html", - "http://www.debian.org/security/2016/dsa-3480", - "http://www.securityfocus.com/bid/73038", - "http://www.ubuntu.com/usn/USN-2985-1", - "http://www.ubuntu.com/usn/USN-2985-2", - "https://bugzilla.redhat.com/show_bug.cgi?id=1165192", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8121", - "https://security.gentoo.org/glsa/201602-02", - "https://sourceware.org/ml/libc-alpha/2015-02/msg00617.html", - "https://usn.ubuntu.com/usn/usn-2985-1" - ], - "PublishedDate": "2015-03-27T14:59:00Z", - "LastModifiedDate": "2018-10-17T19:01:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9402", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9402", - "Title": "glibc: denial of service in getnetbyname function", - "Description": "The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V2Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 1.2 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2014-9402.html", - "http://linux.oracle.com/errata/ELSA-2018-0805.html", - "http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html", - "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", - "http://seclists.org/fulldisclosure/2019/Jun/18", - "http://www.openwall.com/lists/oss-security/2014/12/18/1", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.securityfocus.com/bid/71670", - "http://www.ubuntu.com/usn/USN-2519-1", - "https://access.redhat.com/errata/RHSA-2018:0805", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9402", - "https://seclists.org/bugtraq/2019/Jun/14", - "https://security.gentoo.org/glsa/201602-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=17630", - "https://usn.ubuntu.com/usn/usn-2519-1" - ], - "PublishedDate": "2015-02-24T15:59:00Z", - "LastModifiedDate": "2019-06-13T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5180", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5180", - "Title": "glibc: DNS resolver NULL pointer dereference with crafted record type", - "Description": "res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 1.2 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-5180.html", - "http://linux.oracle.com/errata/ELSA-2018-0805.html", - "http://www.securityfocus.com/bid/99324", - "http://www.ubuntu.com/usn/USN-3239-1", - "http://www.ubuntu.com/usn/USN-3239-2", - "https://access.redhat.com/errata/RHSA-2018:0805", - "https://bugzilla.redhat.com/show_bug.cgi?id=1249603", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5180", - "https://security.gentoo.org/glsa/201706-19", - "https://sourceware.org/bugzilla/attachment.cgi?id=8492", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18784", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=fc82b0a2dfe7dbd35671c10510a8da1043d746a5", - "https://sourceware.org/ml/libc-alpha/2017-02/msg00079.html", - "https://usn.ubuntu.com/usn/usn-3239-1", - "https://usn.ubuntu.com/usn/usn-3239-2" - ], - "PublishedDate": "2017-06-27T20:29:00Z", - "LastModifiedDate": "2018-04-12T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8777", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8777", - "Title": "glibc: LD_POINTER_GUARD in the environment is not sanitized", - "Description": "The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.", - "Severity": "LOW", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 2.1, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 3.7, - "V3Score": 7 - } - }, - "References": [ - "http://hmarco.org/bugs/glibc_ptr_mangle_weakness.html", - "http://linux.oracle.com/cve/CVE-2015-8777.html", - "http://linux.oracle.com/errata/ELSA-2017-1916.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html", - "http://www.debian.org/security/2016/dsa-3480", - "http://www.openwall.com/lists/oss-security/2015/09/05/8", - "http://www.openwall.com/lists/oss-security/2016/01/20/1", - "http://www.securityfocus.com/bid/81469", - "http://www.securitytracker.com/id/1034811", - "http://www.ubuntu.com/usn/USN-2985-1", - "http://www.ubuntu.com/usn/USN-2985-2", - "https://access.redhat.com/errata/RHSA-2017:1916", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8777", - "https://security.gentoo.org/glsa/201702-11", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18928", - "https://usn.ubuntu.com/usn/usn-2985-1" - ], - "PublishedDate": "2016-01-20T05:59:00Z", - "LastModifiedDate": "2018-01-05T02:30:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8982", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8982", - "Title": "glibc: multiple overflows in strxfrm()", - "Description": "Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:N", - "V2Score": 2.6 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2015/09/08/2", - "http://www.openwall.com/lists/oss-security/2015/02/13/3", - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/72602", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8982", - "https://sourceware.org/bugzilla/show_bug.cgi?id=16009", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=0f9e585480ed", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0f9e585480ed", - "https://usn.ubuntu.com/usn/usn-3239-1" - ], - "PublishedDate": "2017-03-15T19:59:00Z", - "LastModifiedDate": "2017-03-17T12:26:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8984", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8984", - "Title": "glibc: potential denial of service in internal_fnmatch()", - "Description": "The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 1.2 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2015/02/26/5", - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/72789", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8984", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18032", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a28f4d55a6cc33474c0792fe93b5942d81bf185", - "https://usn.ubuntu.com/usn/usn-3239-1", - "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html" - ], - "PublishedDate": "2017-03-20T16:59:00Z", - "LastModifiedDate": "2017-03-22T19:12:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8985", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8985", - "Title": "glibc: potential denial of service in pop_fail_stack()", - "Description": "The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.", - "Severity": "LOW", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/76916", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8985", - "https://security.gentoo.org/glsa/201908-06" - ], - "PublishedDate": "2017-03-20T16:59:00Z", - "LastModifiedDate": "2019-08-15T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10228", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228", - "Title": "glibc: iconv program can hang when invoked with the -c option", - "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2017/03/01/10", - "http://www.securityfocus.com/bid/96525", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228", - "https://sourceware.org/bugzilla/show_bug.cgi?id=19519" - ], - "PublishedDate": "2017-03-02T01:59:00Z", - "LastModifiedDate": "2017-03-04T02:59:00Z" - }, - { - "VulnerabilityID": "CVE-2016-3075", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-3075", - "Title": "glibc: Stack overflow in nss_dns_getnetbyname_r", - "Description": "Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:M/C:P/I:P/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", - "V2Score": 5.8, - "V3Score": 7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-3075.html", - "http://linux.oracle.com/errata/ELSA-2016-2573.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html", - "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html", - "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html", - "http://rhn.redhat.com/errata/RHSA-2016-2573.html", - "http://www.securityfocus.com/bid/85732", - "http://www.ubuntu.com/usn/USN-2985-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3075", - "https://security.gentoo.org/glsa/201702-11", - "https://sourceware.org/bugzilla/show_bug.cgi?id=19879", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=317b199b4aff8cfa27f2302ab404d2bb5032b9a4", - "https://usn.ubuntu.com/usn/usn-2985-1" - ], - "PublishedDate": "2016-06-01T20:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-3706", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-3706", - "Title": "glibc: stack (frame) overflow in getaddrinfo() when called with AF_INET, AF_INET6 (incomplete fix for CVE-2013-4458)", - "Description": "Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html", - "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html", - "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "http://www.securityfocus.com/bid/102073", - "http://www.securityfocus.com/bid/88440", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3706", - "https://source.android.com/security/bulletin/2017-12-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20010", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9", - "https://usn.ubuntu.com/usn/usn-3239-1", - "https://usn.ubuntu.com/usn/usn-3239-3" - ], - "PublishedDate": "2016-06-10T15:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4429", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4429", - "Title": "glibc: libtirpc: stack (frame) overflow in Sun RPC clntudp_call()", - "Description": "Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html", - "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html", - "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "http://www.securityfocus.com/bid/102073", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4429", - "https://source.android.com/security/bulletin/2017-12-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20112", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bc779a1a5b3035133024b21e2f339fe4219fb11c", - "https://usn.ubuntu.com/3759-1/", - "https://usn.ubuntu.com/3759-2/", - "https://usn.ubuntu.com/usn/usn-3239-1", - "https://usn.ubuntu.com/usn/usn-3759-1", - "https://usn.ubuntu.com/usn/usn-3759-2" - ], - "PublishedDate": "2016-06-10T15:59:00Z", - "LastModifiedDate": "2019-03-22T17:32:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12132", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12132", - "Title": "glibc: Fragmentation attacks possible when EDNS0 is enabled", - "Description": "The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.", - "Severity": "LOW", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", - "V3Score": 3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2017-12132.html", - "http://linux.oracle.com/errata/ELSA-2018-0805.html", - "http://www.securityfocus.com/bid/100598", - "https://access.redhat.com/errata/RHSA-2018:0805", - "https://arxiv.org/pdf/1205.4011.pdf", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12132", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21361" - ], - "PublishedDate": "2017-08-01T16:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15671", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15671", - "Title": "glibc: Memory leak in glob with GLOB_TILDE", - "Description": "The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101517", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15671", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22325" - ], - "PublishedDate": "2017-10-20T17:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1000001", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000001", - "Title": "glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation", - "Description": "In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-1000001.html", - "http://linux.oracle.com/errata/ELSA-2018-0805.html", - "http://seclists.org/oss-sec/2018/q1/38", - "http://www.openwall.com/lists/oss-security/2018/01/11/5", - "http://www.securityfocus.com/bid/102525", - "http://www.securitytracker.com/id/1040162", - "https://access.redhat.com/errata/RHSA-2018:0805", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000001", - "https://lists.samba.org/archive/rsync/2018-February/031478.html", - "https://security.netapp.com/advisory/ntap-20190404-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18203", - "https://usn.ubuntu.com/3534-1/", - "https://usn.ubuntu.com/3536-1/", - "https://usn.ubuntu.com/usn/usn-3534-1", - "https://usn.ubuntu.com/usn/usn-3536-1", - "https://www.exploit-db.com/exploits/43775/", - "https://www.exploit-db.com/exploits/44889/", - "https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/" - ], - "PublishedDate": "2018-01-31T14:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2009-5155", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2009-5155", - "Title": "glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result", - "Description": "In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5155", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=11053", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18986", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672", - "https://support.f5.com/csp/article/K64119434" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-03-25T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2012-4412", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2012-4412", - "Title": "glibc: strcoll() integer overflow leading to buffer overflow", - "Description": "Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-189" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 4.4 - } - }, - "References": [ - "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", - "http://seclists.org/fulldisclosure/2019/Jun/18", - "http://secunia.com/advisories/55113", - "http://sourceware.org/bugzilla/show_bug.cgi?id=14547", - "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283", - "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284", - "http://www.openwall.com/lists/oss-security/2012/09/07/9", - "http://www.ubuntu.com/usn/USN-1991-1", - "https://bugzilla.redhat.com/show_bug.cgi?id=855385", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4412", - "https://seclists.org/bugtraq/2019/Jun/14", - "https://security.gentoo.org/glsa/201503-04", - "https://usn.ubuntu.com/usn/usn-1991-1" - ], - "PublishedDate": "2013-10-09T22:55:00Z", - "LastModifiedDate": "2019-06-13T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2012-4424", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2012-4424", - "Title": "glibc: alloca() stack overflow in the strcoll() interface", - "Description": "Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 5.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://sourceware.org/bugzilla/show_bug.cgi?id=14547", - "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283", - "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284", - "http://www.openwall.com/lists/oss-security/2012/09/13/16", - "http://www.ubuntu.com/usn/USN-1991-1", - "https://bugzilla.redhat.com/show_bug.cgi?id=858238", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4424", - "https://security.gentoo.org/glsa/201503-04", - "https://usn.ubuntu.com/usn/usn-1991-1" - ], - "PublishedDate": "2013-10-09T22:55:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8983", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8983", - "Title": "glibc: _IO_wstr_overflow integer overflow", - "Description": "Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 4.4 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2015/02/22/15", - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/72740", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8983", - "https://sourceware.org/bugzilla/show_bug.cgi?id=17269", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bdf1ff052a8e23d637f2c838fa5642d78fcedc33", - "https://usn.ubuntu.com/usn/usn-3239-1", - "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html" - ], - "PublishedDate": "2017-03-20T16:59:00Z", - "LastModifiedDate": "2017-03-22T19:12:00Z" - }, - { - "VulnerabilityID": "CVE-2016-1234", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1234", - "Title": "glibc: Stack-based buffer overflow in glob with GLOB_ALTDIRFUNC and crafted directory", - "Description": "Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 4.6, - "V3Score": 4.8 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html", - "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html", - "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html", - "http://www.openwall.com/lists/oss-security/2016/03/07/16", - "http://www.securityfocus.com/bid/84204", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1234", - "https://security.gentoo.org/glsa/201702-11", - "https://sourceware.org/bugzilla/show_bug.cgi?id=19779", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5171f3079f2cc53e0548fc4967361f4d1ce9d7ea", - "https://usn.ubuntu.com/usn/usn-3239-1" - ], - "PublishedDate": "2016-06-01T20:59:00Z", - "LastModifiedDate": "2019-05-31T18:16:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16997", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16997", - "Title": "glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries", - "Description": "elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the \"./\" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-426" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 9.3, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2017-16997.html", - "http://linux.oracle.com/errata/ELSA-2018-3092.html", - "http://www.securityfocus.com/bid/102228", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3092", - "https://bugs.debian.org/884615", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16997", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22625", - "https://sourceware.org/ml/libc-alpha/2017-12/msg00528.html", - "https://usn.ubuntu.com/usn/usn-3534-1" - ], - "PublishedDate": "2017-12-18T01:29:00Z", - "LastModifiedDate": "2019-04-26T12:41:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8804", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8804", - "Title": "glibc: memory leak in sunrpc when decoding malformed XDR", - "Description": "The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-502" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 7.8, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/05/05/2", - "http://www.securityfocus.com/bid/98339", - "https://bugzilla.suse.com/show_bug.cgi?id=1037559#c7", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21461", - "https://sourceware.org/ml/libc-alpha/2017-05/msg00105.html" - ], - "PublishedDate": "2017-05-07T18:29:00Z", - "LastModifiedDate": "2017-05-16T01:34:00Z" - }, - { - "VulnerabilityID": "CVE-2018-11236", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-11236", - "Title": "glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow", - "Description": "stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-11236.html", - "http://linux.oracle.com/errata/ELSA-2018-3092.html", - "http://www.securityfocus.com/bid/104255", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3092", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11236", - "https://security.netapp.com/advisory/ntap-20190329-0001/", - "https://security.netapp.com/advisory/ntap-20190401-0001/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22786", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5460617d1567657621107d895ee2dd83bc1f88f2", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-05-18T16:29:00Z", - "LastModifiedDate": "2019-04-25T18:43:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6485", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6485", - "Title": "glibc: Integer overflow in posix_memalign in memalign functions", - "Description": "An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://bugs.debian.org/878159", - "http://linux.oracle.com/cve/CVE-2018-6485.html", - "http://linux.oracle.com/errata/ELSA-2018-3092.html", - "http://www.securityfocus.com/bid/102912", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3092", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6485", - "https://security.netapp.com/advisory/ntap-20190404-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22343", - "https://usn.ubuntu.com/4218-1/", - "https://usn.ubuntu.com/usn/usn-4218-1", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-02-01T14:29:00Z", - "LastModifiedDate": "2019-12-10T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9169", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9169", - "Title": "glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24114", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9", - "https://support.f5.com/csp/article/K54823184" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-04-16T05:29:00Z" - }, - { - "VulnerabilityID": "CVE-2010-0015", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-0015", - "Title": "glibc NIS password hash disclosure", - "Description": "nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function.", - "Severity": "LOW", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:A/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 3.3 - } - }, - "References": [ - "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560333", - "http://marc.info/?l=oss-security\u0026m=126320356003425\u0026w=2", - "http://marc.info/?l=oss-security\u0026m=126320570505651\u0026w=2", - "http://sourceware.org/bugzilla/show_bug.cgi?id=11134", - "http://svn.debian.org/viewsvn/pkg-glibc/glibc-package/trunk/debian/patches/any/submitted-nis-shadow.diff?revision=4062\u0026view=markup", - "http://www.mandriva.com/security/advisories?name=MDVSA-2010:111", - "http://www.mandriva.com/security/advisories?name=MDVSA-2010:112", - "http://www.openwall.com/lists/oss-security/2010/01/07/3", - "http://www.openwall.com/lists/oss-security/2010/01/08/1", - "http://www.openwall.com/lists/oss-security/2010/01/08/2", - "http://www.openwall.com/lists/oss-security/2010/01/11/6", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0015", - "https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html" - ], - "PublishedDate": "2010-01-14T18:30:00Z", - "LastModifiedDate": "2016-12-07T02:59:00Z" - }, - { - "VulnerabilityID": "CVE-2010-4756", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4756", - "Title": "glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions", - "Description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "V2Score": 4 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223" - ], - "PublishedDate": "2011-03-02T20:00:00Z", - "LastModifiedDate": "2011-03-04T05:00:00Z" - }, - { - "VulnerabilityID": "CVE-2011-5320", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-5320", - "Title": "glibc: scanf implementation crashes on certain inputs", - "Description": "scanf and related functions in glibc before 2.15 allow local users to cause a denial of service (segmentation fault) via a large string of 0s.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 2.1, - "V3Score": 6.2 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2015/03/12/14", - "https://bugzilla.redhat.com/show_bug.cgi?id=1196745", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5320", - "https://marc.info/?l=gimp-developer\u0026m=129567990905823\u0026w=2", - "https://sourceware.org/bugzilla/show_bug.cgi?id=13138#c4", - "https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=20b38e0", - "https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3f8cc204fdd0" - ], - "PublishedDate": "2017-10-18T14:29:00Z", - "LastModifiedDate": "2017-11-08T17:05:00Z" - }, - { - "VulnerabilityID": "CVE-2013-4788", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4788", - "Title": "glibc: PTR_MANGLE does not initialize to a random value for the pointer guard when compiling static executables", - "Description": "The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 5.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://hmarco.org/bugs/CVE-2013-4788.html", - "http://seclists.org/fulldisclosure/2015/Sep/23", - "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283", - "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284", - "http://www.openwall.com/lists/oss-security/2013/07/15/9", - "http://www.securityfocus.com/bid/61183", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4788", - "https://security.gentoo.org/glsa/201503-04" - ], - "PublishedDate": "2013-10-04T17:55:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-4043", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-4043", - "Title": "glibc: posix_spawn_file_actions_addopen fails to copy the path argument", - "Description": "The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.", - "Severity": "LOW", - "CweIDs": [ - "CWE-94" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:S/C:P/I:N/A:N", - "V2Score": 1 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00012.html", - "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", - "http://seclists.org/fulldisclosure/2019/Jun/18", - "http://www.mandriva.com/security/advisories?name=MDVSA-2014:152", - "http://www.openwall.com/lists/oss-security/2014/06/13/2", - "http://www.securityfocus.com/bid/68006", - "https://bugzilla.redhat.com/show_bug.cgi?id=1109263", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/93784", - "https://seclists.org/bugtraq/2019/Jun/14", - "https://security.gentoo.org/glsa/201503-04", - "https://sourceware.org/bugzilla/show_bug.cgi?id=17048", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=ChangeLog;h=3020b9ac232315df362521aeaf85f21cb9926db8;hp=d86e73963dd9fb5e21b1a28326630337226812aa;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=posix/spawn_faction_addopen.c;h=40800b8e6e81341501c0fb8a91009529e2048dec;hp=47f62425b696a4fdd511b2a057746322eb6518db;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=89e435f3559c53084498e9baad22172b64429362", - "https://usn.ubuntu.com/usn/usn-2306-1" - ], - "PublishedDate": "2014-10-06T23:55:00Z", - "LastModifiedDate": "2019-06-13T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-8121", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-8121", - "Title": "glibc: Unexpected closing of nss_files databases after lookups causes denial of service", - "Description": "DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.", - "Severity": "LOW", - "CweIDs": [ - "CWE-17" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2014-8121.html", - "http://linux.oracle.com/errata/ELSA-2015-0327.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html", - "http://rhn.redhat.com/errata/RHSA-2015-0327.html", - "http://www.debian.org/security/2016/dsa-3480", - "http://www.securityfocus.com/bid/73038", - "http://www.ubuntu.com/usn/USN-2985-1", - "http://www.ubuntu.com/usn/USN-2985-2", - "https://bugzilla.redhat.com/show_bug.cgi?id=1165192", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8121", - "https://security.gentoo.org/glsa/201602-02", - "https://sourceware.org/ml/libc-alpha/2015-02/msg00617.html", - "https://usn.ubuntu.com/usn/usn-2985-1" - ], - "PublishedDate": "2015-03-27T14:59:00Z", - "LastModifiedDate": "2018-10-17T19:01:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9402", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9402", - "Title": "glibc: denial of service in getnetbyname function", - "Description": "The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V2Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 1.2 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2014-9402.html", - "http://linux.oracle.com/errata/ELSA-2018-0805.html", - "http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html", - "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", - "http://seclists.org/fulldisclosure/2019/Jun/18", - "http://www.openwall.com/lists/oss-security/2014/12/18/1", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.securityfocus.com/bid/71670", - "http://www.ubuntu.com/usn/USN-2519-1", - "https://access.redhat.com/errata/RHSA-2018:0805", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9402", - "https://seclists.org/bugtraq/2019/Jun/14", - "https://security.gentoo.org/glsa/201602-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=17630", - "https://usn.ubuntu.com/usn/usn-2519-1" - ], - "PublishedDate": "2015-02-24T15:59:00Z", - "LastModifiedDate": "2019-06-13T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5180", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5180", - "Title": "glibc: DNS resolver NULL pointer dereference with crafted record type", - "Description": "res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 1.2 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-5180.html", - "http://linux.oracle.com/errata/ELSA-2018-0805.html", - "http://www.securityfocus.com/bid/99324", - "http://www.ubuntu.com/usn/USN-3239-1", - "http://www.ubuntu.com/usn/USN-3239-2", - "https://access.redhat.com/errata/RHSA-2018:0805", - "https://bugzilla.redhat.com/show_bug.cgi?id=1249603", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5180", - "https://security.gentoo.org/glsa/201706-19", - "https://sourceware.org/bugzilla/attachment.cgi?id=8492", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18784", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=fc82b0a2dfe7dbd35671c10510a8da1043d746a5", - "https://sourceware.org/ml/libc-alpha/2017-02/msg00079.html", - "https://usn.ubuntu.com/usn/usn-3239-1", - "https://usn.ubuntu.com/usn/usn-3239-2" - ], - "PublishedDate": "2017-06-27T20:29:00Z", - "LastModifiedDate": "2018-04-12T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8777", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8777", - "Title": "glibc: LD_POINTER_GUARD in the environment is not sanitized", - "Description": "The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.", - "Severity": "LOW", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 2.1, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 3.7, - "V3Score": 7 - } - }, - "References": [ - "http://hmarco.org/bugs/glibc_ptr_mangle_weakness.html", - "http://linux.oracle.com/cve/CVE-2015-8777.html", - "http://linux.oracle.com/errata/ELSA-2017-1916.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html", - "http://www.debian.org/security/2016/dsa-3480", - "http://www.openwall.com/lists/oss-security/2015/09/05/8", - "http://www.openwall.com/lists/oss-security/2016/01/20/1", - "http://www.securityfocus.com/bid/81469", - "http://www.securitytracker.com/id/1034811", - "http://www.ubuntu.com/usn/USN-2985-1", - "http://www.ubuntu.com/usn/USN-2985-2", - "https://access.redhat.com/errata/RHSA-2017:1916", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8777", - "https://security.gentoo.org/glsa/201702-11", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18928", - "https://usn.ubuntu.com/usn/usn-2985-1" - ], - "PublishedDate": "2016-01-20T05:59:00Z", - "LastModifiedDate": "2018-01-05T02:30:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8982", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8982", - "Title": "glibc: multiple overflows in strxfrm()", - "Description": "Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:N", - "V2Score": 2.6 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2015/09/08/2", - "http://www.openwall.com/lists/oss-security/2015/02/13/3", - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/72602", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8982", - "https://sourceware.org/bugzilla/show_bug.cgi?id=16009", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=0f9e585480ed", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0f9e585480ed", - "https://usn.ubuntu.com/usn/usn-3239-1" - ], - "PublishedDate": "2017-03-15T19:59:00Z", - "LastModifiedDate": "2017-03-17T12:26:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8984", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8984", - "Title": "glibc: potential denial of service in internal_fnmatch()", - "Description": "The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 1.2 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2015/02/26/5", - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/72789", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8984", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18032", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a28f4d55a6cc33474c0792fe93b5942d81bf185", - "https://usn.ubuntu.com/usn/usn-3239-1", - "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html" - ], - "PublishedDate": "2017-03-20T16:59:00Z", - "LastModifiedDate": "2017-03-22T19:12:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8985", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8985", - "Title": "glibc: potential denial of service in pop_fail_stack()", - "Description": "The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.", - "Severity": "LOW", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/76916", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8985", - "https://security.gentoo.org/glsa/201908-06" - ], - "PublishedDate": "2017-03-20T16:59:00Z", - "LastModifiedDate": "2019-08-15T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10228", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228", - "Title": "glibc: iconv program can hang when invoked with the -c option", - "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2017/03/01/10", - "http://www.securityfocus.com/bid/96525", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228", - "https://sourceware.org/bugzilla/show_bug.cgi?id=19519" - ], - "PublishedDate": "2017-03-02T01:59:00Z", - "LastModifiedDate": "2017-03-04T02:59:00Z" - }, - { - "VulnerabilityID": "CVE-2016-3075", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-3075", - "Title": "glibc: Stack overflow in nss_dns_getnetbyname_r", - "Description": "Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:M/C:P/I:P/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", - "V2Score": 5.8, - "V3Score": 7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-3075.html", - "http://linux.oracle.com/errata/ELSA-2016-2573.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html", - "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html", - "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html", - "http://rhn.redhat.com/errata/RHSA-2016-2573.html", - "http://www.securityfocus.com/bid/85732", - "http://www.ubuntu.com/usn/USN-2985-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3075", - "https://security.gentoo.org/glsa/201702-11", - "https://sourceware.org/bugzilla/show_bug.cgi?id=19879", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=317b199b4aff8cfa27f2302ab404d2bb5032b9a4", - "https://usn.ubuntu.com/usn/usn-2985-1" - ], - "PublishedDate": "2016-06-01T20:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-3706", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-3706", - "Title": "glibc: stack (frame) overflow in getaddrinfo() when called with AF_INET, AF_INET6 (incomplete fix for CVE-2013-4458)", - "Description": "Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html", - "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html", - "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "http://www.securityfocus.com/bid/102073", - "http://www.securityfocus.com/bid/88440", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3706", - "https://source.android.com/security/bulletin/2017-12-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20010", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9", - "https://usn.ubuntu.com/usn/usn-3239-1", - "https://usn.ubuntu.com/usn/usn-3239-3" - ], - "PublishedDate": "2016-06-10T15:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4429", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4429", - "Title": "glibc: libtirpc: stack (frame) overflow in Sun RPC clntudp_call()", - "Description": "Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html", - "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html", - "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "http://www.securityfocus.com/bid/102073", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4429", - "https://source.android.com/security/bulletin/2017-12-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20112", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bc779a1a5b3035133024b21e2f339fe4219fb11c", - "https://usn.ubuntu.com/3759-1/", - "https://usn.ubuntu.com/3759-2/", - "https://usn.ubuntu.com/usn/usn-3239-1", - "https://usn.ubuntu.com/usn/usn-3759-1", - "https://usn.ubuntu.com/usn/usn-3759-2" - ], - "PublishedDate": "2016-06-10T15:59:00Z", - "LastModifiedDate": "2019-03-22T17:32:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12132", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12132", - "Title": "glibc: Fragmentation attacks possible when EDNS0 is enabled", - "Description": "The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.", - "Severity": "LOW", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", - "V3Score": 3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2017-12132.html", - "http://linux.oracle.com/errata/ELSA-2018-0805.html", - "http://www.securityfocus.com/bid/100598", - "https://access.redhat.com/errata/RHSA-2018:0805", - "https://arxiv.org/pdf/1205.4011.pdf", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12132", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21361" - ], - "PublishedDate": "2017-08-01T16:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15671", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15671", - "Title": "glibc: Memory leak in glob with GLOB_TILDE", - "Description": "The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101517", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15671", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22325" - ], - "PublishedDate": "2017-10-20T17:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2014-4617", - "PkgName": "gnupg2", - "InstalledVersion": "2.0.14-9.el6_10", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-4617", - "Title": "gnupg: infinite loop when decompressing data packets", - "Description": "The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=014b2103fcb12f261135e3954f26e9e07b39e342", - "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=11fdfcf82bd8d2b5bc38292a29876e10770f4b0a", - "http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html", - "http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html", - "http://lists.opensuse.org/opensuse-updates/2014-07/msg00010.html", - "http://secunia.com/advisories/59213", - "http://secunia.com/advisories/59351", - "http://secunia.com/advisories/59534", - "http://secunia.com/advisories/59578", - "http://www.debian.org/security/2014/dsa-2967", - "http://www.debian.org/security/2014/dsa-2968", - "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", - "http://www.ubuntu.com/usn/USN-2258-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4617", - "https://usn.ubuntu.com/usn/usn-2258-1" - ], - "PublishedDate": "2014-06-25T11:19:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13050", - "PkgName": "gnupg2", - "InstalledVersion": "2.0.14-9.el6_10", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13050", - "Title": "GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack which leads to persistent DoS", - "Description": "Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-297" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "https://access.redhat.com/articles/4264021", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13050", - "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f", - "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html", - "https://twitter.com/lambdafu/status/1147162583969009664" - ], - "PublishedDate": "2019-06-29T17:15:00Z", - "LastModifiedDate": "2019-07-09T20:15:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3591", - "PkgName": "gnupg2", - "InstalledVersion": "2.0.14-9.el6_10", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3591", - "Title": "libgcrypt: use ciphertext blinding for Elgamal decryption (new side-channel attack)", - "Description": "Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 1.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 1.2 - } - }, - "References": [ - "http://www.cs.tau.ac.il/~tromer/radioexp/", - "http://www.debian.org/security/2015/dsa-3184", - "http://www.debian.org/security/2015/dsa-3185", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3591", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html", - "https://usn.ubuntu.com/usn/usn-2554-1", - "https://usn.ubuntu.com/usn/usn-2555-1" - ], - "PublishedDate": "2019-11-29T22:15:00Z", - "LastModifiedDate": "2019-12-05T18:06:00Z" - }, - { - "VulnerabilityID": "CVE-2015-0837", - "PkgName": "gnupg2", - "InstalledVersion": "2.0.14-9.el6_10", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-0837", - "Title": "libgcrypt: last-level cache side-channel attack", - "Description": "The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a \"Last-Level Cache Side-Channel Attack.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-203" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 1.2 - } - }, - "References": [ - "http://www.debian.org/security/2015/dsa-3184", - "http://www.debian.org/security/2015/dsa-3185", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0837", - "https://ieeexplore.ieee.org/document/7163050", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html", - "https://usn.ubuntu.com/usn/usn-2554-1", - "https://usn.ubuntu.com/usn/usn-2555-1" - ], - "PublishedDate": "2019-11-29T22:15:00Z", - "LastModifiedDate": "2019-12-14T13:59:00Z" - }, - { - "VulnerabilityID": "CVE-2015-1606", - "PkgName": "gnupg2", - "InstalledVersion": "2.0.14-9.el6_10", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1606", - "Title": "gnupg2: invalid memory read using a garbled keyring", - "Description": "The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 1.2 - } - }, - "References": [ - "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=f0f71a721ccd7ab9e40b8b6b028b59632c0cc648", - "http://www.debian.org/security/2015/dsa-3184", - "http://www.openwall.com/lists/oss-security/2015/02/13/14", - "http://www.openwall.com/lists/oss-security/2015/02/14/6", - "http://www.securitytracker.com/id/1031876", - "https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1606", - "https://usn.ubuntu.com/usn/usn-2554-1" - ], - "PublishedDate": "2019-11-20T19:15:00Z", - "LastModifiedDate": "2019-11-22T16:33:00Z" - }, - { - "VulnerabilityID": "CVE-2015-1607", - "PkgName": "gnupg2", - "InstalledVersion": "2.0.14-9.el6_10", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1607", - "Title": "gnupg2: memcpy with overlapping ranges (keybox_search.c)", - "Description": "kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and \"memcpy with overlapping ranges.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 1.2 - } - }, - "References": [ - "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=2183683bd633818dd031b090b5530951de76f392", - "http://www.openwall.com/lists/oss-security/2015/02/13/14", - "http://www.openwall.com/lists/oss-security/2015/02/14/6", - "http://www.securityfocus.com/bid/72610", - "http://www.ubuntu.com/usn/usn-2554-1/", - "https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1607", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000361.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000362.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", - "https://usn.ubuntu.com/usn/usn-2554-1" - ], - "PublishedDate": "2019-11-20T19:15:00Z", - "LastModifiedDate": "2019-11-22T16:19:00Z" - }, - { - "VulnerabilityID": "CVE-2018-9234", - "PkgName": "gnupg2", - "InstalledVersion": "2.0.14-9.el6_10", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-9234", - "Title": "GnuPG: Unenforced configuration allows for apparently valid certifications actually signed by signing subkeys", - "Description": "GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.", - "Severity": "LOW", - "CweIDs": [ - "CWE-320" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", - "V3Score": 2.2 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9234", - "https://dev.gnupg.org/T3844", - "https://usn.ubuntu.com/3675-1/", - "https://usn.ubuntu.com/usn/usn-3675-1" - ], - "PublishedDate": "2018-04-04T00:29:00Z", - "LastModifiedDate": "2019-02-27T19:37:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3564", - "PkgName": "gpgme", - "InstalledVersion": "1.1.8-3.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3564", - "Title": "gpgme: heap-based buffer overflow in gpgsm status handler", - "Description": "Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to \"different line lengths in a specific order.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 5.1 - } - }, - "References": [ - "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f7911fc215845e89b50d6af5ff4a83dd77", - "http://seclists.org/oss-sec/2014/q3/266", - "http://www.debian.org/security/2014/dsa-3005", - "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "http://www.osvdb.org/109699", - "http://www.securityfocus.com/bid/68990", - "https://bugzilla.redhat.com/show_bug.cgi?id=1113267", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3564", - "https://usn.ubuntu.com/usn/usn-2307-1" - ], - "PublishedDate": "2014-10-20T17:55:00Z", - "LastModifiedDate": "2016-10-18T03:44:00Z" - }, - { - "VulnerabilityID": "CVE-2009-5080", - "PkgName": "groff", - "InstalledVersion": "1.18.1.4-21.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2009-5080", - "Title": "groff: improper handling of failed attempts to create temporary directories in eqn2graph/pic2graph/grap2graph", - "Description": "The (1) contrib/eqn2graph/eqn2graph.sh, (2) contrib/grap2graph/grap2graph.sh, and (3) contrib/pic2graph/pic2graph.sh scripts in GNU troff (aka groff) 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to overwrite arbitrary files via a symlink attack on a file in a temporary directory, a different vulnerability than CVE-2004-1296.", - "Severity": "LOW", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", - "V2Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 1.9 - } - }, - "References": [ - "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff", - "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1;r2=1.2;f=h", - "http://openwall.com/lists/oss-security/2009/08/14/4", - "http://openwall.com/lists/oss-security/2009/08/14/5", - "http://www.mandriva.com/security/advisories?name=MDVSA-2013:085", - "http://www.mandriva.com/security/advisories?name=MDVSA-2013:086", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5080" - ], - "PublishedDate": "2011-06-30T15:55:00Z", - "LastModifiedDate": "2013-12-13T04:34:00Z" - }, - { - "VulnerabilityID": "CVE-2011-0283", - "PkgName": "krb5-libs", - "InstalledVersion": "1.10.3-65.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-0283", - "Title": "krb5: uninitialized pointer use in krb5kdc leads to KDC crash", - "Description": "The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed request packet that does not trigger a response packet.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://secunia.com/advisories/43260", - "http://securityreason.com/securityalert/8073", - "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt", - "http://www.securityfocus.com/archive/1/516299/100/0/threaded", - "http://www.securityfocus.com/bid/46272", - "http://www.securitytracker.com/id?1025037", - "http://www.vupen.com/english/advisories/2011/0330" - ], - "PublishedDate": "2011-02-10T18:00:00Z", - "LastModifiedDate": "2020-01-21T15:46:00Z" - }, - { - "VulnerabilityID": "CVE-2011-4151", - "PkgName": "krb5-libs", - "InstalledVersion": "1.10.3-65.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-4151", - "Title": "CVE-2011-1527 CVE-2011-1528 CVE-2011-1529 CVE-2011-4151 krb5: KDC denial of service vulnerabilities (MITKRB5-SA-2011-006)", - "Description": "The krb5_db2_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4, when the db2 (aka Berkeley DB) back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, a different vulnerability than CVE-2011-1528.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V2Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt", - "http://www.kb.cert.org/vuls/id/659251", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4151", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/70891" - ], - "PublishedDate": "2011-10-20T21:55:00Z", - "LastModifiedDate": "2020-01-21T15:46:00Z" - }, - { - "VulnerabilityID": "CVE-2014-5351", - "PkgName": "krb5-libs", - "InstalledVersion": "1.10.3-65.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-5351", - "Title": "krb5: current keys returned when randomizing the keys for a service principal", - "Description": "The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:H/Au:S/C:P/I:N/A:N", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:S/C:P/I:N/A:N", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0477.html", - "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8018", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140132.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html", - "http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html", - "http://security.gentoo.org/glsa/glsa-201412-53.xml", - "http://www.mandriva.com/security/advisories?name=MDVSA-2014:224", - "http://www.securityfocus.com/bid/70380", - "http://www.securitytracker.com/id/1031003", - "http://www.ubuntu.com/usn/USN-2498-1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1145425", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5351", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/97028", - "https://github.com/krb5/krb5/commit/af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6ca", - "https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html", - "https://usn.ubuntu.com/usn/usn-2498-1" - ], - "PublishedDate": "2014-10-10T01:55:00Z", - "LastModifiedDate": "2020-01-21T15:46:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2695", - "PkgName": "krb5-libs", - "InstalledVersion": "1.10.3-65.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2695", - "Title": "krb5: SPNEGO context aliasing bugs", - "Description": "lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-18" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", - "V2Score": 7.1 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8244", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00007.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html", - "http://www.debian.org/security/2015/dsa-3395", - "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "http://www.securityfocus.com/bid/90687", - "http://www.securitytracker.com/id/1034084", - "http://www.ubuntu.com/usn/USN-2810-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2695", - "https://github.com/krb5/krb5/commit/b51b33f2bc5d1497ddf5bd107f791c101695000d", - "https://security.gentoo.org/glsa/201611-14", - "https://usn.ubuntu.com/usn/usn-2810-1" - ], - "PublishedDate": "2015-11-09T03:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2696", - "PkgName": "krb5-libs", - "InstalledVersion": "1.10.3-65.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2696", - "Title": "krb5: IAKERB context aliasing flaw", - "Description": "lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-18" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", - "V2Score": 7.1 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8244", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html", - "http://www.debian.org/security/2015/dsa-3395", - "http://www.securityfocus.com/bid/90675", - "http://www.securitytracker.com/id/1034084", - "http://www.ubuntu.com/usn/USN-2810-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2696", - "https://github.com/krb5/krb5/commit/e04f0283516e80d2f93366e0d479d13c9b5c8c2a", - "https://security.gentoo.org/glsa/201611-14", - "https://usn.ubuntu.com/usn/usn-2810-1" - ], - "PublishedDate": "2015-11-09T03:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2697", - "PkgName": "krb5-libs", - "InstalledVersion": "1.10.3-65.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2697", - "Title": "krb5: build_principal() memory flaw", - "Description": "The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\\0' character in a long realm field within a TGS request.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C", - "V2Score": 6.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "V2Score": 4 - } - }, - "References": [ - "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8252", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html", - "http://www.debian.org/security/2015/dsa-3395", - "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "http://www.securityfocus.com/bid/77581", - "http://www.securitytracker.com/id/1034084", - "http://www.ubuntu.com/usn/USN-2810-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2697", - "https://github.com/krb5/krb5/commit/f0c094a1b745d91ef2f9a4eae2149aac026a5789", - "https://security.gentoo.org/glsa/201611-14", - "https://usn.ubuntu.com/usn/usn-2810-1" - ], - "PublishedDate": "2015-11-09T03:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11368", - "PkgName": "krb5-libs", - "InstalledVersion": "1.10.3-65.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11368", - "Title": "krb5: Invalid S4U2Self or S4U2Proxy request causes assertion failure", - "Description": "In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-617" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2017-11368.html", - "http://linux.oracle.com/errata/ELSA-2018-0666.html", - "http://www.securityfocus.com/bid/100291", - "https://access.redhat.com/errata/RHSA-2018:0666", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11368", - "https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970", - "https://github.com/krb5/krb5/pull/678/files", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HNWXM6OQU7G23MG7XWIOBRGP43ECLDT/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBUTXMNZWMVJLQ4NDX5OQFPUVCJRLV3W/" - ], - "PublishedDate": "2017-08-09T18:29:00Z", - "LastModifiedDate": "2020-01-21T15:47:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20217", - "PkgName": "krb5-libs", - "InstalledVersion": "1.10.3-65.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20217", - "Title": "krb5: Reachable assertion in the KDC using S4U2Self requests", - "Description": "A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-617" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 3.5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 5.3 - } - }, - "References": [ - "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20217", - "https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086", - "https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2KNHELH4YHNT6H2ESJWX2UIDXLBNGB2O/", - "https://security.netapp.com/advisory/ntap-20190416-0006/" - ], - "PublishedDate": "2018-12-26T21:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2016-3119", - "PkgName": "krb5-libs", - "InstalledVersion": "1.10.3-65.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-3119", - "Title": "krb5: null pointer dereference in kadmin", - "Description": "The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 3.5, - "V3Score": 5.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:S/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-3119.html", - "http://linux.oracle.com/errata/ELSA-2016-2591.html", - "http://lists.opensuse.org/opensuse-updates/2016-04/msg00007.html", - "http://lists.opensuse.org/opensuse-updates/2016-04/msg00055.html", - "http://rhn.redhat.com/errata/RHSA-2016-2591.html", - "http://www.securityfocus.com/bid/85392", - "http://www.securitytracker.com/id/1035399", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3119", - "https://github.com/krb5/krb5/commit/08c642c09c38a9c6454ab43a9b53b2a89b9eef99", - "https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html" - ], - "PublishedDate": "2016-03-26T01:59:00Z", - "LastModifiedDate": "2020-01-21T15:47:00Z" - }, - { - "VulnerabilityID": "CVE-2016-3120", - "PkgName": "krb5-libs", - "InstalledVersion": "1.10.3-65.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-3120", - "Title": "krb5: S4U2Self KDC crash when anon is restricted", - "Description": "The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 3.5, - "V3Score": 5.3 - } - }, - "References": [ - "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8458", - "http://linux.oracle.com/cve/CVE-2016-3120.html", - "http://linux.oracle.com/errata/ELSA-2016-2591.html", - "http://lists.opensuse.org/opensuse-updates/2016-09/msg00035.html", - "http://rhn.redhat.com/errata/RHSA-2016-2591.html", - "http://web.mit.edu/kerberos/krb5-1.13/", - "http://web.mit.edu/kerberos/krb5-1.14/", - "http://www.securityfocus.com/bid/92132", - "http://www.securitytracker.com/id/1036442", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3120", - "https://github.com/krb5/krb5/commit/93b4a6306a0026cf1cc31ac4bd8a49ba5d034ba7", - "https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AWL3KYFRJIX37EAM4DKCQQIQP2WBKL35/" - ], - "PublishedDate": "2016-08-01T02:59:00Z", - "LastModifiedDate": "2020-01-21T15:47:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11462", - "PkgName": "krb5-libs", - "InstalledVersion": "1.10.3-65.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11462", - "Title": "krb5: Automatic sec context deletion could lead to double-free", - "Description": "Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.", - "Severity": "LOW", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V3Score": 3.7 - } - }, - "References": [ - "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598", - "https://bugzilla.redhat.com/show_bug.cgi?id=1488873", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11462", - "https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2FPRUP4YVOEBGEROUYWZFEQ64HTMGNED/" - ], - "PublishedDate": "2017-09-13T16:29:00Z", - "LastModifiedDate": "2020-01-21T15:47:00Z" - }, - { - "VulnerabilityID": "CVE-2018-5729", - "PkgName": "krb5-libs", - "InstalledVersion": "1.10.3-65.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5729", - "Title": "krb5: null dereference in kadmind or DN container check bypass by supplying special crafted data", - "Description": "MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 6.5, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 4.7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-5729.html", - "http://linux.oracle.com/errata/ELSA-2018-3071.html", - "http://www.securitytracker.com/id/1042071", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3071", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869", - "https://bugzilla.redhat.com/show_bug.cgi?id=1551083", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5729", - "https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1", - "https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GK5T6JPMBHBPKS7HNGHYUUF4KKRMNSNU/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIFUL3CPM4S5TOXTTOCQ3CUZN6XCXUTR/" - ], - "PublishedDate": "2018-03-06T20:29:00Z", - "LastModifiedDate": "2020-01-21T15:47:00Z" - }, - { - "VulnerabilityID": "CVE-2018-5730", - "PkgName": "krb5-libs", - "InstalledVersion": "1.10.3-65.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5730", - "Title": "krb5: DN container check bypass by supplying special crafted data", - "Description": "MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a \"linkdn\" and \"containerdn\" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.", - "Severity": "LOW", - "CweIDs": [ - "CWE-90" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", - "V2Score": 5.5, - "V3Score": 3.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 3.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-5730.html", - "http://linux.oracle.com/errata/ELSA-2018-3071.html", - "http://www.securitytracker.com/id/1042071", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3071", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869", - "https://bugzilla.redhat.com/show_bug.cgi?id=1551082", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5730", - "https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1", - "https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GK5T6JPMBHBPKS7HNGHYUUF4KKRMNSNU/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIFUL3CPM4S5TOXTTOCQ3CUZN6XCXUTR/" - ], - "PublishedDate": "2018-03-06T20:29:00Z", - "LastModifiedDate": "2020-01-21T15:47:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9488", - "PkgName": "less", - "InstalledVersion": "436-13.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9488", - "Title": "less: out of bounds read access in is_utf8_well_formed()", - "Description": "The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "V2Score": 10 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V2Score": 1.2, - "V3Score": 2.5 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2015-0139.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159449.html", - "http://lists.opensuse.org/opensuse-updates/2015-03/msg00077.html", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:199", - "http://www.openwall.com/lists/oss-security/2015/03/10/14", - "https://blog.fuzzing-project.org/3-less-out-of-bounds-read-access-TFPA-0022014.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9488" - ], - "PublishedDate": "2015-04-14T18:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9114", - "PkgName": "libblkid", - "InstalledVersion": "2.17.2-12.28.el6_9.2", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9114", - "Title": "util-linux: command injection flaw in blkid", - "Description": "Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-77" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V2Score": 6.2 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146229.html", - "http://lists.opensuse.org/opensuse-updates/2015-01/msg00035.html", - "http://www.openwall.com/lists/oss-security/2014/11/26/21", - "http://www.securityfocus.com/bid/71327", - "https://bugzilla.redhat.com/show_bug.cgi?id=1168485", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9114", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/98993", - "https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc", - "https://security.gentoo.org/glsa/201612-14" - ], - "PublishedDate": "2017-03-31T16:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2010-3879", - "PkgName": "libblkid", - "InstalledVersion": "2.17.2-12.28.el6_9.2", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-3879", - "Title": "CVE-2011-0541 CVE-2011-0542 CVE-2011-0543 fuse: unprivileged user can unmount arbitrary locations via symlink attack", - "Description": "FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE filesystem, a different vulnerability than CVE-2010-0789.", - "Severity": "LOW", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P", - "V2Score": 5.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:N/I:P/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602333", - "http://linux.oracle.com/cve/CVE-2010-3879.html", - "http://linux.oracle.com/errata/ELSA-2011-1083.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053792.html", - "http://lists.grok.org.uk/pipermail/full-disclosure/2010-November/077247.html", - "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html", - "http://openwall.com/lists/oss-security/2010/11/04/8", - "http://openwall.com/lists/oss-security/2010/11/05/2", - "http://osvdb.org/70520", - "http://secunia.com/advisories/42961", - "http://secunia.com/advisories/42965", - "http://www.halfdog.net/Security/FuseTimerace/", - "http://www.mandriva.com/security/advisories?name=MDVSA-2013:155", - "http://www.securityfocus.com/bid/44623", - "http://www.ubuntu.com/usn/USN-1045-1", - "http://www.ubuntu.com/usn/USN-1045-2", - "http://www.vupen.com/english/advisories/2011/0181", - "http://www.vupen.com/english/advisories/2011/0302", - "https://bugs.launchpad.net/bugs/670622", - "https://bugzilla.novell.com/show_bug.cgi?id=651598", - "https://bugzilla.redhat.com/show_bug.cgi?id=651183", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3879", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/62986" - ], - "PublishedDate": "2011-01-22T22:00:00Z", - "LastModifiedDate": "2017-08-17T01:33:00Z" - }, - { - "VulnerabilityID": "CVE-2011-0541", - "PkgName": "libblkid", - "InstalledVersion": "2.17.2-12.28.el6_9.2", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-0541", - "Title": "CVE-2010-3879 CVE-2011-0541 CVE-2011-0542 CVE-2011-0543 fuse: unprivileged user can unmount arbitrary locations via symlink attack", - "Description": "fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", - "V2Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:N/I:P/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=bf5ffb5fd8558bd799791834def431c0cee5a11f", - "http://linux.oracle.com/cve/CVE-2011-0541.html", - "http://linux.oracle.com/errata/ELSA-2011-1083.html", - "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html", - "http://www.openwall.com/lists/oss-security/2011/02/02/2", - "http://www.openwall.com/lists/oss-security/2011/02/03/5", - "http://www.openwall.com/lists/oss-security/2011/02/08/4", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0541" - ], - "PublishedDate": "2011-09-02T23:55:00Z", - "LastModifiedDate": "2014-02-12T04:26:00Z" - }, - { - "VulnerabilityID": "CVE-2011-0542", - "PkgName": "libblkid", - "InstalledVersion": "2.17.2-12.28.el6_9.2", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-0542", - "Title": "CVE-2010-3879 CVE-2011-0541 CVE-2011-0542 CVE-2011-0543 fuse: unprivileged user can unmount arbitrary locations via symlink attack", - "Description": "fusermount in fuse 2.8.5 and earlier does not perform a chdir to / before performing a mount or umount, which allows local users to unmount arbitrary directories via unspecified vectors.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", - "V2Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:N/I:P/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=1e7607ff89c65b005f69e27aeb1649d624099873", - "http://linux.oracle.com/cve/CVE-2011-0542.html", - "http://linux.oracle.com/errata/ELSA-2011-1083.html", - "http://www.openwall.com/lists/oss-security/2011/02/02/2", - "http://www.openwall.com/lists/oss-security/2011/02/03/5", - "http://www.openwall.com/lists/oss-security/2011/02/08/4", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0542" - ], - "PublishedDate": "2011-09-02T23:55:00Z", - "LastModifiedDate": "2011-09-05T04:00:00Z" - }, - { - "VulnerabilityID": "CVE-2011-0543", - "PkgName": "libblkid", - "InstalledVersion": "2.17.2-12.28.el6_9.2", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-0543", - "Title": "CVE-2010-3879 CVE-2011-0541 CVE-2011-0542 CVE-2011-0543 fuse: unprivileged user can unmount arbitrary locations via symlink attack", - "Description": "Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when util-linux does not support the --no-canonicalize option, allows local users to bypass intended access restrictions and unmount arbitrary directories via a symlink attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", - "V2Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:N/I:P/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=cbd3a2a84068aae6e3fe32939d88470d712dbf47", - "http://linux.oracle.com/cve/CVE-2011-0543.html", - "http://linux.oracle.com/errata/ELSA-2011-1083.html", - "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html", - "http://www.openwall.com/lists/oss-security/2011/02/02/2", - "http://www.openwall.com/lists/oss-security/2011/02/03/5", - "http://www.openwall.com/lists/oss-security/2011/02/08/4", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0543" - ], - "PublishedDate": "2011-09-02T23:55:00Z", - "LastModifiedDate": "2014-02-12T04:26:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5218", - "PkgName": "libblkid", - "InstalledVersion": "2.17.2-12.28.el6_9.2", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5218", - "Title": "colcrt: global-buffer-overflow", - "Description": "Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2015-11/msg00035.html", - "http://www.spinics.net/lists/util-linux-ng/msg11873.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=1259322", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5218", - "https://github.com/kerolasa/lelux-utiliteetit/commit/70e3fcf293c1827a2655a86584ab13075124a8a8", - "https://github.com/kerolasa/lelux-utiliteetit/commit/d883d64d96ab9bef510745d064a351145b9babec", - "https://www.kernel.org/pub/linux/utils/util-linux/v2.27/v2.27-ReleaseNotes" - ], - "PublishedDate": "2015-11-09T16:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-5011", - "PkgName": "libblkid", - "InstalledVersion": "2.17.2-12.28.el6_9.2", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5011", - "Title": "util-linux: Extended partition loop in MBR partition table leads to DOS", - "Description": "The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.7, - "V3Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.9, - "V3Score": 4.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-5011.html", - "http://linux.oracle.com/errata/ELSA-2016-2605.html", - "http://rhn.redhat.com/errata/RHSA-2016-2605.html", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1024543", - "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021801", - "http://www.openwall.com/lists/oss-security/2016/07/11/2", - "http://www.securityfocus.com/bid/91683", - "http://www.securitytracker.com/id/1036272", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5011", - "https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=7164a1c3" - ], - "PublishedDate": "2017-04-11T15:59:00Z", - "LastModifiedDate": "2017-04-17T16:50:00Z" - }, - { - "VulnerabilityID": "CVE-2015-0247", - "PkgName": "libcom_err", - "InstalledVersion": "1.41.12-24.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-0247", - "Title": "e2fsprogs: ext2fs_open2() missing first_meta_bg boundary check leading to heap buffer overflow (oCERT-015-002)", - "Description": "Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", - "V2Score": 6.9 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2015-0061.html", - "http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149434.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150606.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150805.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00019.html", - "http://lists.opensuse.org/opensuse-updates/2015-06/msg00010.html", - "http://packetstormsecurity.com/files/130283/e2fsprogs-Input-Sanitization.html", - "http://www.debian.org/security/2015/dsa-3166", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:045", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:067", - "http://www.ocert.org/advisories/ocert-2015-002.html", - "http://www.securityfocus.com/archive/1/534633/100/0/threaded", - "http://www.securityfocus.com/bid/72520", - "http://www.ubuntu.com/usn/USN-2507-1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1187032", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0247", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/100740", - "https://security.gentoo.org/glsa/201701-06", - "https://usn.ubuntu.com/usn/usn-2507-1" - ], - "PublishedDate": "2015-02-17T15:59:00Z", - "LastModifiedDate": "2018-10-09T19:55:00Z" - }, - { - "VulnerabilityID": "CVE-2015-1572", - "PkgName": "libcom_err", - "InstalledVersion": "1.41.12-24.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1572", - "Title": "e2fsprogs: potential buffer overflow in closefs() (incomplete CVE-2015-0247 fix)", - "Description": "Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V2Score": 6.2 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2015-0088.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150606.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150805.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00019.html", - "http://lists.opensuse.org/opensuse-updates/2015-06/msg00006.html", - "http://lists.opensuse.org/opensuse-updates/2015-06/msg00010.html", - "http://www.debian.org/security/2015/dsa-3166", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:067", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:068", - "http://www.securityfocus.com/bid/72709", - "http://www.ubuntu.com/usn/USN-2507-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1572", - "https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=49d0fe2a14f2a23da2fe299643379b8c1d37df73", - "https://security.gentoo.org/glsa/201507-22", - "https://usn.ubuntu.com/usn/usn-2507-1" - ], - "PublishedDate": "2015-02-24T15:59:00Z", - "LastModifiedDate": "2017-11-08T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-3153", - "PkgName": "libcurl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-3153", - "Title": "curl: sensitive HTTP server headers also sent to proxies", - "Description": "The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://curl.haxx.se/docs/adv_20150429.html", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743", - "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", - "http://lists.opensuse.org/opensuse-updates/2015-05/msg00017.html", - "http://www.debian.org/security/2015/dsa-3240", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", - "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", - "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "http://www.securityfocus.com/bid/74408", - "http://www.securitytracker.com/id/1032233", - "http://www.ubuntu.com/usn/USN-2591-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3153", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10131", - "https://support.apple.com/kb/HT205031", - "https://usn.ubuntu.com/usn/usn-2591-1" - ], - "PublishedDate": "2015-05-01T15:59:00Z", - "LastModifiedDate": "2018-10-17T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-5419", - "PkgName": "libcurl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5419", - "Title": "curl: TLS session resumption client cert bypass", - "Description": "curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V2Score": 5.8, - "V3Score": 4.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-5419.html", - "http://linux.oracle.com/errata/ELSA-2016-2575.html", - "http://lists.opensuse.org/opensuse-updates/2016-09/msg00011.html", - "http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html", - "http://rhn.redhat.com/errata/RHSA-2016-2575.html", - "http://rhn.redhat.com/errata/RHSA-2016-2957.html", - "http://www.debian.org/security/2016/dsa-3638", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/92292", - "http://www.securityfocus.com/bid/92319", - "http://www.securitytracker.com/id/1036538", - "http://www.securitytracker.com/id/1038341", - "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.563059", - "http://www.ubuntu.com/usn/USN-3048-1", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/docs/adv_20160803A.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5419", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLPXQQKURBQFM4XM6645VRPTOE2AWG33/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3GQH4V3XAQ5Z53AMQRDEC3C3UHTW7QR/", - "https://security.gentoo.org/glsa/201701-47", - "https://source.android.com/security/bulletin/2016-12-01.html", - "https://usn.ubuntu.com/usn/usn-3048-1", - "https://www.tenable.com/security/tns-2016-18" - ], - "PublishedDate": "2016-08-10T14:59:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8615", - "PkgName": "libcurl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8615", - "Title": "curl: Cookie injection for other servers", - "Description": "A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8615.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94096", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8615", - "https://curl.haxx.se/CVE-2016-8615.patch", - "https://curl.haxx.se/docs/adv_20161102A.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8617", - "PkgName": "libcurl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8617", - "Title": "curl: Out-of-bounds write via unchecked multiplication", - "Description": "The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.4, - "V3Score": 7 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8617.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94097", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8617", - "https://curl.haxx.se/CVE-2016-8617.patch", - "https://curl.haxx.se/docs/adv_20161102C.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T22:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8618", - "PkgName": "libcurl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8618", - "Title": "curl: Double-free in curl_maprintf", - "Description": "The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8618.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94098", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8618", - "https://curl.haxx.se/docs/adv_20161102D.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T21:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8619", - "PkgName": "libcurl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8619", - "Title": "curl: Double-free in krb5 code", - "Description": "The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8619.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94100", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8619", - "https://curl.haxx.se/CVE-2016-8619.patch", - "https://curl.haxx.se/docs/adv_20161102E.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8624", - "PkgName": "libcurl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8624", - "Title": "curl: Invalid URL parsing with '#'", - "Description": "curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8624.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94103", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8624", - "https://curl.haxx.se/docs/adv_20161102J.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T21:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8625", - "PkgName": "libcurl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8625", - "Title": "curl: IDNA 2003 makes curl use wrong host", - "Description": "curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8625.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.securityfocus.com/bid/94107", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8625", - "https://curl.haxx.se/CVE-2016-8625.patch", - "https://curl.haxx.se/docs/adv_20161102K.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8625", - "https://security.gentoo.org/glsa/201701-47", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2017-1000254", - "PkgName": "libcurl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000254", - "Title": "curl: FTP PWD response parser out of bounds read", - "Description": "libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3992", - "http://www.securityfocus.com/bid/101115", - "http://www.securitytracker.com/id/1039509", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/673d0cd8.patch", - "https://curl.haxx.se/docs/adv_20171004.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000254", - "https://security.gentoo.org/glsa/201712-04", - "https://support.apple.com/HT208331", - "https://usn.ubuntu.com/usn/usn-3441-1", - "https://usn.ubuntu.com/usn/usn-3441-2" - ], - "PublishedDate": "2017-10-06T13:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1000120", - "PkgName": "libcurl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000120", - "Title": "curl: FTP path trickery leads to NIL byte out of bounds write", - "Description": "A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-1000120.html", - "http://linux.oracle.com/errata/ELSA-2018-3157.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/103414", - "http://www.securitytracker.com/id/1040531", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3157", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://access.redhat.com/errata/RHSA-2019:1543", - "https://curl.haxx.se/docs/adv_2018-9cd6.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000120", - "https://lists.debian.org/debian-lts-announce/2018/03/msg00012.html", - "https://usn.ubuntu.com/3598-1/", - "https://usn.ubuntu.com/3598-2/", - "https://usn.ubuntu.com/usn/usn-3598-1", - "https://usn.ubuntu.com/usn/usn-3598-2", - "https://www.debian.org/security/2018/dsa-4136", - "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - ], - "PublishedDate": "2018-03-14T18:29:00Z", - "LastModifiedDate": "2019-06-18T22:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-0755", - "PkgName": "libcurl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-0755", - "Title": "curl: NTLM credentials not-checked for proxy connection re-use", - "Description": "The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.", - "Severity": "LOW", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 5, - "V3Score": 7.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", - "V2Score": 4 - } - }, - "References": [ - "http://curl.haxx.se/docs/adv_20160127A.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176546.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177342.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177383.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176413.html", - "http://lists.opensuse.org/opensuse-updates/2016-02/msg00031.html", - "http://lists.opensuse.org/opensuse-updates/2016-02/msg00044.html", - "http://lists.opensuse.org/opensuse-updates/2016-02/msg00047.html", - "http://packetstormsecurity.com/files/135695/Slackware-Security-Advisory-curl-Updates.html", - "http://www.debian.org/security/2016/dsa-3455", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/82307", - "http://www.securitytracker.com/id/1034882", - "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.519965", - "http://www.ubuntu.com/usn/USN-2882-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0755", - "https://security.gentoo.org/glsa/201701-47", - "https://support.apple.com/HT207170", - "https://usn.ubuntu.com/usn/usn-2882-1" - ], - "PublishedDate": "2016-01-29T20:59:00Z", - "LastModifiedDate": "2018-10-17T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-5420", - "PkgName": "libcurl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5420", - "Title": "curl: Re-using connection with wrong client cert", - "Description": "curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.", - "Severity": "LOW", - "CweIDs": [ - "CWE-285" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", - "V2Score": 4.9, - "V3Score": 4.2 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-5420.html", - "http://linux.oracle.com/errata/ELSA-2016-2575.html", - "http://lists.opensuse.org/opensuse-updates/2016-09/msg00011.html", - "http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html", - "http://rhn.redhat.com/errata/RHSA-2016-2575.html", - "http://rhn.redhat.com/errata/RHSA-2016-2957.html", - "http://www.debian.org/security/2016/dsa-3638", - "http://www.openwall.com/lists/oss-security/2016/09/05/1", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/92309", - "http://www.securitytracker.com/id/1036537", - "http://www.securitytracker.com/id/1036739", - "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.563059", - "http://www.ubuntu.com/usn/USN-3048-1", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/docs/adv_20160803B.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5420", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLPXQQKURBQFM4XM6645VRPTOE2AWG33/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3GQH4V3XAQ5Z53AMQRDEC3C3UHTW7QR/", - "https://security.gentoo.org/glsa/201701-47", - "https://source.android.com/security/bulletin/2016-12-01.html", - "https://usn.ubuntu.com/usn/usn-3048-1", - "https://www.tenable.com/security/tns-2016-18" - ], - "PublishedDate": "2016-08-10T14:59:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-7141", - "PkgName": "libcurl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-7141", - "Title": "curl: Incorrect reuse of client certificates", - "Description": "curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.", - "Severity": "LOW", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", - "V2Score": 4.9, - "V3Score": 4.2 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-7141.html", - "http://linux.oracle.com/errata/ELSA-2016-2575.html", - "http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html", - "http://rhn.redhat.com/errata/RHSA-2016-2575.html", - "http://rhn.redhat.com/errata/RHSA-2016-2957.html", - "http://seclists.org/oss-sec/2016/q3/419", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/92754", - "http://www.securitytracker.com/id/1036739", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=1373229", - "https://curl.haxx.se/docs/adv_20160907.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7141", - "https://github.com/curl/curl/commit/curl-7_50_2~32", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1" - ], - "PublishedDate": "2016-10-03T21:59:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-7167", - "PkgName": "libcurl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-7167", - "Title": "curl: escape and unescape integer overflows", - "Description": "Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V2Score": 4.3, - "V3Score": 2.9 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-7167.html", - "http://linux.oracle.com/errata/ELSA-2017-2016.html", - "http://openwall.com/lists/oss-security/2016/09/14/1", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/92975", - "http://www.securitytracker.com/id/1036813", - "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.538632", - "https://access.redhat.com/errata/RHSA-2017:2016", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/docs/adv_20160914.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7167", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B3IU2FRXQNU6UJIQT4NGLWWTP2GJQXO7/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTH54DFOS4TSYPG5XKJDGAG4XPAR4T7M/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZMRWVISG7VUCYRMF23A2UHMYD72VQWAK/", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1" - ], - "PublishedDate": "2016-10-07T14:59:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8616", - "PkgName": "libcurl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8616", - "Title": "curl: Case insensitive password comparison", - "Description": "A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.", - "Severity": "LOW", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 2.6, - "V3Score": 3.7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8616.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94094", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8616", - "https://curl.haxx.se/CVE-2016-8616.patch", - "https://curl.haxx.se/docs/adv_20161102B.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8621", - "PkgName": "libcurl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8621", - "Title": "curl: curl_getdate out-of-bounds read", - "Description": "The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8621.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94101", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8621", - "https://curl.haxx.se/CVE-2016-8621.patch", - "https://curl.haxx.se/docs/adv_20161102G.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T22:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8623", - "PkgName": "libcurl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8623", - "Title": "curl: Use-after-free via shared cookies", - "Description": "A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8623.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94106", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8623", - "https://curl.haxx.se/CVE-2016-8623.patch", - "https://curl.haxx.se/docs/adv_20161102I.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9586", - "PkgName": "libcurl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9586", - "Title": "curl: printf floating point buffer overflow", - "Description": "curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 2.6, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/95019", - "http://www.securitytracker.com/id/1037515", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9586", - "https://curl.haxx.se/docs/adv_20161221A.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9586", - "https://github.com/curl/curl/commit/curl-7_51_0-162-g3ab3c16", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3441-1", - "https://usn.ubuntu.com/usn/usn-3441-2" - ], - "PublishedDate": "2018-04-23T18:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-1000100", - "PkgName": "libcurl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000100", - "Title": "curl: TFTP sends more than buffer size", - "Description": "When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 4.8 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3992", - "http://www.securityfocus.com/bid/100286", - "http://www.securitytracker.com/id/1039118", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/docs/adv_20170809B.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000100", - "https://security.gentoo.org/glsa/201709-14", - "https://support.apple.com/HT208221", - "https://usn.ubuntu.com/usn/usn-3441-1", - "https://usn.ubuntu.com/usn/usn-3441-2" - ], - "PublishedDate": "2017-10-05T01:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7407", - "PkgName": "libcurl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7407", - "Title": "curl: --write-out out of bounds read", - "Description": "The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 2.1, - "V3Score": 2.4 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", - "V3Score": 1.8 - } - }, - "References": [ - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/docs/adv_20170403.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7407", - "https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13", - "https://security.gentoo.org/glsa/201709-14", - "https://usn.ubuntu.com/usn/usn-3441-1", - "https://usn.ubuntu.com/usn/usn-3441-2" - ], - "PublishedDate": "2017-04-03T20:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-14618", - "PkgName": "libcurl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14618", - "Title": "curl: NTLM password overflow via integer overflow", - "Description": "curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 10, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-14618.html", - "http://linux.oracle.com/errata/ELSA-2019-1880.html", - "http://www.securitytracker.com/id/1041605", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618", - "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf", - "https://curl.haxx.se/docs/CVE-2018-14618.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14618", - "https://github.com/curl/curl/issues/2756", - "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0014", - "https://security.gentoo.org/glsa/201903-03", - "https://usn.ubuntu.com/3765-1/", - "https://usn.ubuntu.com/3765-2/", - "https://usn.ubuntu.com/usn/usn-3765-1", - "https://usn.ubuntu.com/usn/usn-3765-2", - "https://www.debian.org/security/2018/dsa-4286" - ], - "PublishedDate": "2018-09-05T19:29:00Z", - "LastModifiedDate": "2019-04-22T17:48:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16842", - "PkgName": "libcurl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16842", - "Title": "curl: Heap-based buffer over-read in the curl tool warning formatting", - "Description": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16842.html", - "http://linux.oracle.com/errata/ELSA-2019-2181.html", - "http://www.securitytracker.com/id/1042014", - "https://access.redhat.com/errata/RHSA-2019:2181", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842", - "https://curl.haxx.se/docs/CVE-2018-16842.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16842", - "https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", - "https://security.gentoo.org/glsa/201903-03", - "https://usn.ubuntu.com/3805-1/", - "https://usn.ubuntu.com/3805-2/", - "https://usn.ubuntu.com/usn/usn-3805-1", - "https://usn.ubuntu.com/usn/usn-3805-2", - "https://www.debian.org/security/2018/dsa-4331" - ], - "PublishedDate": "2018-10-31T19:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5436", - "PkgName": "libcurl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5436", - "Title": "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function", - "Description": "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html", - "https://curl.haxx.se/docs/CVE-2019-5436.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/", - "https://security.netapp.com/advisory/ntap-20190606-0004/", - "https://usn.ubuntu.com/usn/usn-3993-1", - "https://usn.ubuntu.com/usn/usn-3993-2" - ], - "PublishedDate": "2019-05-28T19:29:00Z", - "LastModifiedDate": "2019-06-09T05:29:00Z" - }, - { - "VulnerabilityID": "CVE-2002-2439", - "PkgName": "libgcc", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2002-2439", - "Title": "gcc: Integer overflow can occur during the computation of the memory region size for new[] operator", - "Description": "Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "https://access.redhat.com/security/cve/cve-2002-2439", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2002-2439", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2439", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=19351", - "https://security-tracker.debian.org/tracker/CVE-2002-2439" - ], - "PublishedDate": "2019-10-23T18:15:00Z", - "LastModifiedDate": "2019-10-31T02:39:00Z" - }, - { - "VulnerabilityID": "CVE-2014-5044", - "PkgName": "libgcc", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-5044", - "Title": "gcc: integer overflow flaws in libgfortran", - "Description": "Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2014/07/23/7", - "http://www.openwall.com/lists/oss-security/2014/07/24/1", - "http://www.openwall.com/lists/oss-security/2014/07/31/6", - "https://bugzilla.redhat.com/show_bug.cgi?id=1122812", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5044", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/94849", - "https://gcc.gnu.org/viewcvs/gcc/trunk/libgfortran/ChangeLog?limit_changes=0\u0026view=markup\u0026pathrev=211721", - "https://gcc.gnu.org/viewcvs/gcc?limit_changes=0\u0026view=revision\u0026revision=211721" - ], - "PublishedDate": "2018-03-07T15:29:00Z", - "LastModifiedDate": "2018-03-27T23:48:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9427", - "PkgName": "libgcc", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9427", - "Title": "gc: Integer overflow in GC_MALLOC_ATOMIC", - "Description": "Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190", - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 5.1, - "V3Score": 7.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2016-12/msg00089.html", - "http://lists.opensuse.org/opensuse-updates/2016-12/msg00115.html", - "http://www.openwall.com/lists/oss-security/2016/11/18/3", - "http://www.securityfocus.com/bid/94407", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9427", - "https://github.com/ivmai/bdwgc/issues/135", - "https://usn.ubuntu.com/usn/usn-3197-1" - ], - "PublishedDate": "2016-12-12T02:59:00Z", - "LastModifiedDate": "2017-01-07T03:00:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20673", - "PkgName": "libgcc", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20673", - "Title": "libiberty: Integer overflow in demangle_template() function", - "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106454", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24039" - ], - "PublishedDate": "2019-01-04T18:29:00Z", - "LastModifiedDate": "2019-01-15T14:36:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5276", - "PkgName": "libgcc", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5276", - "Title": "gcc: Predictable randomness from std::random_device", - "Description": "The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2015-11/msg00054.html", - "http://lists.opensuse.org/opensuse-updates/2016-04/msg00052.html", - "http://www.securitytracker.com/id/1034375", - "https://bugzilla.redhat.com/show_bug.cgi?id=1262846", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5276", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65142", - "https://gcc.gnu.org/ml/gcc-patches/2015-09/msg01050.html" - ], - "PublishedDate": "2015-11-17T15:59:00Z", - "LastModifiedDate": "2019-02-12T19:05:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2226", - "PkgName": "libgcc", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2226", - "Title": "gcc: Exploitable buffer overflow", - "Description": "Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190", - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V2Score": 6.8, - "V3Score": 3.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90103", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1", - "https://www.exploit-db.com/exploits/42386/" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-08-12T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4487", - "PkgName": "libgcc", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4487", - "Title": "gcc: Invalid write due to a use-after-free to array btypevec", - "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"btypevec.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90025", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", - "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4488", - "PkgName": "libgcc", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4488", - "Title": "gcc: Invalid write due to a use-after-free to array ktypevec", - "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"ktypevec.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 5.1, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90025", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", - "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4489", - "PkgName": "libgcc", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4489", - "Title": "gcc: Invalid write due to integer overflow", - "Description": "Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the \"demangling of virtual tables.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90017", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4490", - "PkgName": "libgcc", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4490", - "Title": "gcc: Write access violation", - "Description": "Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90019", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4491", - "PkgName": "libgcc", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4491", - "Title": "gcc: Stack overflow due to infinite recursion in d_print_comp", - "Description": "The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90016", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4492", - "PkgName": "libgcc", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4492", - "Title": "gcc: Read access violations", - "Description": "Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 4.4 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90014", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4493", - "PkgName": "libgcc", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4493", - "Title": "gcc: Read access violations", - "Description": "The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90014", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20657", - "PkgName": "libgcc", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20657", - "Title": "libiberty: Memory leak in demangle_template function resulting in a denial of service", - "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-20657.html", - "http://linux.oracle.com/errata/ELSA-2019-3352.html", - "http://www.securityfocus.com/bid/106444", - "https://access.redhat.com/errata/RHSA-2019:3352", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539", - "https://support.f5.com/csp/article/K62602089" - ], - "PublishedDate": "2019-01-02T14:29:00Z", - "LastModifiedDate": "2019-11-06T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2014-5270", - "PkgName": "libgcrypt", - "InstalledVersion": "1.4.5-12.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-5270", - "Title": "libgcrypt: ELGAMAL side-channel attack", - "Description": "Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 1.9 - } - }, - "References": [ - "http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000352.html", - "http://openwall.com/lists/oss-security/2014/08/16/2", - "http://www.cs.tau.ac.il/~tromer/handsoff/", - "http://www.debian.org/security/2014/dsa-3024", - "http://www.debian.org/security/2014/dsa-3073", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5270", - "https://usn.ubuntu.com/usn/usn-2339-1", - "https://usn.ubuntu.com/usn/usn-2339-2" - ], - "PublishedDate": "2014-10-10T01:55:00Z", - "LastModifiedDate": "2017-11-04T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7526", - "PkgName": "libgcrypt", - "InstalledVersion": "1.4.5-12.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7526", - "Title": "libgcrypt: Use of left-to-right sliding window method allows full RSA key recovery", - "Description": "libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", - "V3Score": 6.1 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99338", - "http://www.securitytracker.com/id/1038915", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7526", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7526", - "https://eprint.iacr.org/2017/627", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=78130828e9a140a9de4dafadbc844dbb64cb709a", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=8725c99ffa41778f382ca97233183bcd687bb0ce", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=e6a3dc9900433bbc8ad362a595a3837318c28fa9", - "https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html", - "https://usn.ubuntu.com/3733-1/", - "https://usn.ubuntu.com/3733-2/", - "https://usn.ubuntu.com/usn/usn-3347-1", - "https://usn.ubuntu.com/usn/usn-3347-2", - "https://usn.ubuntu.com/usn/usn-3733-1", - "https://usn.ubuntu.com/usn/usn-3733-2", - "https://www.debian.org/security/2017/dsa-3901", - "https://www.debian.org/security/2017/dsa-3960" - ], - "PublishedDate": "2018-07-26T13:29:00Z", - "LastModifiedDate": "2019-10-09T23:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-12904", - "PkgName": "libgcrypt", - "InstalledVersion": "1.4.5-12.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12904", - "Title": "Libgcrypt: physical addresses being available to other processes leads to a flush-and-reload side-channel attack", - "Description": "In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.)", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00049.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12904", - "https://dev.gnupg.org/T4541", - "https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020", - "https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762", - "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html" - ], - "PublishedDate": "2019-06-20T00:15:00Z", - "LastModifiedDate": "2019-07-23T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3591", - "PkgName": "libgcrypt", - "InstalledVersion": "1.4.5-12.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3591", - "Title": "libgcrypt: use ciphertext blinding for Elgamal decryption (new side-channel attack)", - "Description": "Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 1.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 1.2 - } - }, - "References": [ - "http://www.cs.tau.ac.il/~tromer/radioexp/", - "http://www.debian.org/security/2015/dsa-3184", - "http://www.debian.org/security/2015/dsa-3185", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3591", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html", - "https://usn.ubuntu.com/usn/usn-2554-1", - "https://usn.ubuntu.com/usn/usn-2555-1" - ], - "PublishedDate": "2019-11-29T22:15:00Z", - "LastModifiedDate": "2019-12-05T18:06:00Z" - }, - { - "VulnerabilityID": "CVE-2015-0837", - "PkgName": "libgcrypt", - "InstalledVersion": "1.4.5-12.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-0837", - "Title": "libgcrypt: last-level cache side-channel attack", - "Description": "The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a \"Last-Level Cache Side-Channel Attack.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-203" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 1.2 - } - }, - "References": [ - "http://www.debian.org/security/2015/dsa-3184", - "http://www.debian.org/security/2015/dsa-3185", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0837", - "https://ieeexplore.ieee.org/document/7163050", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html", - "https://usn.ubuntu.com/usn/usn-2554-1", - "https://usn.ubuntu.com/usn/usn-2555-1" - ], - "PublishedDate": "2019-11-29T22:15:00Z", - "LastModifiedDate": "2019-12-14T13:59:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2059", - "PkgName": "libidn", - "InstalledVersion": "1.18-2.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2059", - "Title": "libidn: out-of-bounds read with stringprep on invalid UTF-8", - "Description": "The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 2.6 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=2e97c279", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162537.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162549.html", - "http://lists.opensuse.org/opensuse-updates/2015-07/msg00042.html", - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html", - "http://www.debian.org/security/2016/dsa-3578", - "http://www.openwall.com/lists/oss-security/2015/02/23/25", - "http://www.securityfocus.com/bid/72736", - "http://www.ubuntu.com/usn/USN-3068-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2059", - "https://github.com/jabberd2/jabberd2/issues/85", - "https://lists.gnu.org/archive/html/help-libidn/2015-07/msg00026.html (regression)", - "https://usn.ubuntu.com/usn/usn-3068-1" - ], - "PublishedDate": "2015-08-12T14:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8948", - "PkgName": "libidn", - "InstalledVersion": "1.18-2.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8948", - "Title": "libidn: Out-of-bounds read due to use of fgets with fixed-size buffer", - "Description": "idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 2.6, - "V3Score": 3.7 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=570e68886c41c2e765e6218cb317d9a9a447a041", - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html", - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html", - "http://www.debian.org/security/2016/dsa-3658", - "http://www.openwall.com/lists/oss-security/2016/07/20/6", - "http://www.openwall.com/lists/oss-security/2016/07/21/4", - "http://www.securityfocus.com/bid/92070", - "http://www.ubuntu.com/usn/USN-3068-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8948", - "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html", - "https://marc.info/?l=oss-security\u0026m=146910769415616\u0026w=2", - "https://usn.ubuntu.com/usn/usn-3068-1" - ], - "PublishedDate": "2016-09-07T20:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6261", - "PkgName": "libidn", - "InstalledVersion": "1.18-2.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6261", - "Title": "libidn: Out of bounds stack read in idna_to_ascii_4i", - "Description": "The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 2.6, - "V3Score": 3.7 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d", - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html", - "http://www.debian.org/security/2016/dsa-3658", - "http://www.openwall.com/lists/oss-security/2016/07/20/6", - "http://www.openwall.com/lists/oss-security/2016/07/21/4", - "http://www.securityfocus.com/bid/92070", - "http://www.ubuntu.com/usn/USN-3068-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6261", - "https://lists.gnu.org/archive/html/help-libidn/2015-07/msg00016.html", - "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html", - "https://usn.ubuntu.com/usn/usn-3068-1" - ], - "PublishedDate": "2016-09-07T20:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6262", - "PkgName": "libidn", - "InstalledVersion": "1.18-2.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6262", - "Title": "libidn: Out-of-bounds read when reading zero byte as input", - "Description": "idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V2Score": 2.6, - "V3Score": 3.7 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60", - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html", - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html", - "http://www.openwall.com/lists/oss-security/2016/07/20/6", - "http://www.openwall.com/lists/oss-security/2016/07/21/4", - "http://www.securityfocus.com/bid/92070", - "http://www.ubuntu.com/usn/USN-3068-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6262", - "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html", - "https://usn.ubuntu.com/usn/usn-3068-1" - ], - "PublishedDate": "2016-09-07T20:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6263", - "PkgName": "libidn", - "InstalledVersion": "1.18-2.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6263", - "Title": "libidn: Crash when given invalid UTF-8 data on input", - "Description": "The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V2Score": 2.6, - "V3Score": 3.7 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f425555", - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html", - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html", - "http://www.debian.org/security/2016/dsa-3658", - "http://www.openwall.com/lists/oss-security/2016/07/20/6", - "http://www.openwall.com/lists/oss-security/2016/07/21/4", - "http://www.securityfocus.com/bid/92070", - "http://www.ubuntu.com/usn/USN-3068-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6263", - "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html", - "https://usn.ubuntu.com/usn/usn-3068-1" - ], - "PublishedDate": "2016-09-07T20:59:00Z", - "LastModifiedDate": "2016-11-28T20:31:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14062", - "PkgName": "libidn", - "InstalledVersion": "1.18-2.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14062", - "Title": "libidn2: Integer overflow in puny_decode.c/decode_digit", - "Description": "Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3988", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14062", - "https://gitlab.com/libidn/libidn2/blob/master/NEWS", - "https://gitlab.com/libidn/libidn2/commit/3284eb342cd0ed1a18786e3fcdf0cdd7e76676bd", - "https://lists.debian.org/debian-lts-announce/2018/07/msg00040.html", - "https://usn.ubuntu.com/usn/usn-3421-1", - "https://usn.ubuntu.com/usn/usn-3434-1", - "https://usn.ubuntu.com/usn/usn-3434-2" - ], - "PublishedDate": "2017-08-31T16:29:00Z", - "LastModifiedDate": "2020-02-18T19:27:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3855", - "PkgName": "libssh2", - "InstalledVersion": "1.4.2-2.el6_7.1", - "FixedVersion": "1.4.2-3.el6_10.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3855", - "Title": "libssh2: Integer overflow in transport read resulting in out of bounds write", - "Description": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 9.3, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3855.html", - "http://linux.oracle.com/errata/ELSA-2019-1652.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", - "http://www.openwall.com/lists/oss-security/2019/03/18/3", - "http://www.securityfocus.com/bid/107485", - "https://access.redhat.com/errata/RHSA-2019:0679", - "https://access.redhat.com/errata/RHSA-2019:1175", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3855", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3855", - "https://github.com/libssh2/libssh2/pull/315", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://seclists.org/bugtraq/2019/Mar/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3855.html" - ], - "PublishedDate": "2019-03-21T21:29:00Z", - "LastModifiedDate": "2019-05-14T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3856", - "PkgName": "libssh2", - "InstalledVersion": "1.4.2-2.el6_7.1", - "FixedVersion": "1.4.2-3.el6_10.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3856", - "Title": "libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write", - "Description": "An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3856.html", - "http://linux.oracle.com/errata/ELSA-2019-1652.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "https://access.redhat.com/errata/RHSA-2019:0679", - "https://access.redhat.com/errata/RHSA-2019:1175", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3856", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3856", - "https://github.com/libssh2/libssh2/pull/315", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3856.html" - ], - "PublishedDate": "2019-03-25T19:29:00Z", - "LastModifiedDate": "2019-05-14T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3857", - "PkgName": "libssh2", - "InstalledVersion": "1.4.2-2.el6_7.1", - "FixedVersion": "1.4.2-3.el6_10.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3857", - "Title": "libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write", - "Description": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3857.html", - "http://linux.oracle.com/errata/ELSA-2019-1652.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "https://access.redhat.com/errata/RHSA-2019:0679", - "https://access.redhat.com/errata/RHSA-2019:1175", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3857", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3857", - "https://github.com/libssh2/libssh2/pull/315", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3857.html" - ], - "PublishedDate": "2019-03-25T19:29:00Z", - "LastModifiedDate": "2019-05-14T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3863", - "PkgName": "libssh2", - "InstalledVersion": "1.4.2-2.el6_7.1", - "FixedVersion": "1.4.2-3.el6_10.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3863", - "Title": "libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes", - "Description": "A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3863.html", - "http://linux.oracle.com/errata/ELSA-2019-1652.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "https://access.redhat.com/errata/RHSA-2019:0679", - "https://access.redhat.com/errata/RHSA-2019:1175", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3863", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3863", - "https://github.com/libssh2/libssh2/pull/315", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3863.html" - ], - "PublishedDate": "2019-03-25T18:29:00Z", - "LastModifiedDate": "2019-05-14T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3858", - "PkgName": "libssh2", - "InstalledVersion": "1.4.2-2.el6_7.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3858", - "Title": "libssh2: Zero-byte allocation with a specially crafted SFTP packed leading to an out-of-bounds read", - "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3858.html", - "http://linux.oracle.com/errata/ELSA-2019-2136.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", - "http://www.openwall.com/lists/oss-security/2019/03/18/3", - "http://www.securityfocus.com/bid/107485", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3858", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3858", - "https://github.com/libssh2/libssh2/pull/316", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://seclists.org/bugtraq/2019/Mar/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3858.html" - ], - "PublishedDate": "2019-03-21T21:29:00Z", - "LastModifiedDate": "2019-04-15T12:31:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3859", - "PkgName": "libssh2", - "InstalledVersion": "1.4.2-2.el6_7.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3859", - "Title": "libssh2: Unchecked use of _libssh2_packet_require and _libssh2_packet_requirev resulting in out-of-bounds read", - "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00102.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00103.html", - "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", - "http://www.openwall.com/lists/oss-security/2019/03/18/3", - "http://www.securityfocus.com/bid/107485", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3859", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3859", - "https://github.com/libssh2/libssh2/pull/315", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.debian.org/debian-lts-announce/2019/04/msg00006.html", - "https://lists.debian.org/debian-lts-announce/2019/07/msg00024.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", - "https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00102.html", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://seclists.org/bugtraq/2019/Mar/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3859.html" - ], - "PublishedDate": "2019-03-21T16:01:00Z", - "LastModifiedDate": "2019-07-25T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3860", - "PkgName": "libssh2", - "InstalledVersion": "1.4.2-2.el6_7.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3860", - "Title": "libssh2: Out-of-bounds reads with specially crafted SFTP packets", - "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3860", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3860", - "https://github.com/libssh2/libssh2/pull/316", - "https://libssh2.org/CVE-2019-3860.html", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3860.html" - ], - "PublishedDate": "2019-03-25T19:29:00Z", - "LastModifiedDate": "2019-04-15T12:31:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3861", - "PkgName": "libssh2", - "InstalledVersion": "1.4.2-2.el6_7.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3861", - "Title": "libssh2: Out-of-bounds reads with specially crafted SSH packets", - "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3861.html", - "http://linux.oracle.com/errata/ELSA-2019-2136.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3861", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3861", - "https://github.com/libssh2/libssh2/pull/316", - "https://libssh2.org/CVE-2019-3861.html", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3861.html" - ], - "PublishedDate": "2019-03-25T19:29:00Z", - "LastModifiedDate": "2019-04-15T12:31:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3862", - "PkgName": "libssh2", - "InstalledVersion": "1.4.2-2.el6_7.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3862", - "Title": "libssh2: Out-of-bounds memory comparison with specially crafted message channel request", - "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 7.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3862.html", - "http://linux.oracle.com/errata/ELSA-2019-4693.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", - "http://www.openwall.com/lists/oss-security/2019/03/18/3", - "http://www.securityfocus.com/bid/107485", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3862", - "https://github.com/libssh2/libssh2/pull/316", - "https://libssh2.org/CVE-2019-3862.html", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://seclists.org/bugtraq/2019/Mar/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3862.html" - ], - "PublishedDate": "2019-03-21T16:01:00Z", - "LastModifiedDate": "2019-04-15T12:31:00Z" - }, - { - "VulnerabilityID": "CVE-2015-1782", - "PkgName": "libssh2", - "InstalledVersion": "1.4.2-2.el6_7.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1782", - "Title": "libssh2: Using SSH_MSG_KEXINIT data unbounded", - "Description": "The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V2Score": 7.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-1782.html", - "http://linux.oracle.com/errata/ELSA-2015-2140.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151943.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152362.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153933.html", - "http://www.debian.org/security/2015/dsa-3182", - "http://www.libssh2.org/adv_20150311.html", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:148", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "http://www.securityfocus.com/bid/73061", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1782" - ], - "PublishedDate": "2015-03-13T14:59:00Z", - "LastModifiedDate": "2017-01-03T02:59:00Z" - }, - { - "VulnerabilityID": "CVE-2002-2439", - "PkgName": "libstdc++", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2002-2439", - "Title": "gcc: Integer overflow can occur during the computation of the memory region size for new[] operator", - "Description": "Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "https://access.redhat.com/security/cve/cve-2002-2439", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2002-2439", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2439", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=19351", - "https://security-tracker.debian.org/tracker/CVE-2002-2439" - ], - "PublishedDate": "2019-10-23T18:15:00Z", - "LastModifiedDate": "2019-10-31T02:39:00Z" - }, - { - "VulnerabilityID": "CVE-2014-5044", - "PkgName": "libstdc++", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-5044", - "Title": "gcc: integer overflow flaws in libgfortran", - "Description": "Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2014/07/23/7", - "http://www.openwall.com/lists/oss-security/2014/07/24/1", - "http://www.openwall.com/lists/oss-security/2014/07/31/6", - "https://bugzilla.redhat.com/show_bug.cgi?id=1122812", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5044", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/94849", - "https://gcc.gnu.org/viewcvs/gcc/trunk/libgfortran/ChangeLog?limit_changes=0\u0026view=markup\u0026pathrev=211721", - "https://gcc.gnu.org/viewcvs/gcc?limit_changes=0\u0026view=revision\u0026revision=211721" - ], - "PublishedDate": "2018-03-07T15:29:00Z", - "LastModifiedDate": "2018-03-27T23:48:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9427", - "PkgName": "libstdc++", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9427", - "Title": "gc: Integer overflow in GC_MALLOC_ATOMIC", - "Description": "Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190", - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 5.1, - "V3Score": 7.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2016-12/msg00089.html", - "http://lists.opensuse.org/opensuse-updates/2016-12/msg00115.html", - "http://www.openwall.com/lists/oss-security/2016/11/18/3", - "http://www.securityfocus.com/bid/94407", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9427", - "https://github.com/ivmai/bdwgc/issues/135", - "https://usn.ubuntu.com/usn/usn-3197-1" - ], - "PublishedDate": "2016-12-12T02:59:00Z", - "LastModifiedDate": "2017-01-07T03:00:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20673", - "PkgName": "libstdc++", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20673", - "Title": "libiberty: Integer overflow in demangle_template() function", - "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106454", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24039" - ], - "PublishedDate": "2019-01-04T18:29:00Z", - "LastModifiedDate": "2019-01-15T14:36:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5276", - "PkgName": "libstdc++", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5276", - "Title": "gcc: Predictable randomness from std::random_device", - "Description": "The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2015-11/msg00054.html", - "http://lists.opensuse.org/opensuse-updates/2016-04/msg00052.html", - "http://www.securitytracker.com/id/1034375", - "https://bugzilla.redhat.com/show_bug.cgi?id=1262846", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5276", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65142", - "https://gcc.gnu.org/ml/gcc-patches/2015-09/msg01050.html" - ], - "PublishedDate": "2015-11-17T15:59:00Z", - "LastModifiedDate": "2019-02-12T19:05:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2226", - "PkgName": "libstdc++", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2226", - "Title": "gcc: Exploitable buffer overflow", - "Description": "Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190", - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V2Score": 6.8, - "V3Score": 3.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90103", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1", - "https://www.exploit-db.com/exploits/42386/" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-08-12T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4487", - "PkgName": "libstdc++", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4487", - "Title": "gcc: Invalid write due to a use-after-free to array btypevec", - "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"btypevec.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90025", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", - "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4488", - "PkgName": "libstdc++", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4488", - "Title": "gcc: Invalid write due to a use-after-free to array ktypevec", - "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"ktypevec.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 5.1, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90025", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", - "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4489", - "PkgName": "libstdc++", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4489", - "Title": "gcc: Invalid write due to integer overflow", - "Description": "Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the \"demangling of virtual tables.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90017", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4490", - "PkgName": "libstdc++", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4490", - "Title": "gcc: Write access violation", - "Description": "Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90019", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4491", - "PkgName": "libstdc++", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4491", - "Title": "gcc: Stack overflow due to infinite recursion in d_print_comp", - "Description": "The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90016", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4492", - "PkgName": "libstdc++", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4492", - "Title": "gcc: Read access violations", - "Description": "Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 4.4 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90014", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4493", - "PkgName": "libstdc++", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4493", - "Title": "gcc: Read access violations", - "Description": "The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90014", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20657", - "PkgName": "libstdc++", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20657", - "Title": "libiberty: Memory leak in demangle_template function resulting in a denial of service", - "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-20657.html", - "http://linux.oracle.com/errata/ELSA-2019-3352.html", - "http://www.securityfocus.com/bid/106444", - "https://access.redhat.com/errata/RHSA-2019:3352", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539", - "https://support.f5.com/csp/article/K62602089" - ], - "PublishedDate": "2019-01-02T14:29:00Z", - "LastModifiedDate": "2019-11-06T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2015-3622", - "PkgName": "libtasn1", - "InstalledVersion": "2.3-6.el6_5", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-3622", - "Title": "libtasn1: heap overflow flaw in _asn1_extract_der_octet()", - "Description": "The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-3622.html", - "http://linux.oracle.com/errata/ELSA-2017-1860.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158225.html", - "http://lists.opensuse.org/opensuse-updates/2015-08/msg00014.html", - "http://lists.opensuse.org/opensuse-updates/2016-06/msg00047.html", - "http://lists.opensuse.org/opensuse-updates/2016-06/msg00097.html", - "http://packetstormsecurity.com/files/131711/libtasn1-Heap-Overflow.html", - "http://seclists.org/fulldisclosure/2015/Apr/109", - "http://www.debian.org/security/2015/dsa-3256", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:232", - "http://www.securityfocus.com/bid/74419", - "http://www.securitytracker.com/id/1032246", - "http://www.ubuntu.com/usn/USN-2604-1", - "https://access.redhat.com/errata/RHSA-2017:1860", - "https://blog.fuzzing-project.org/9-Heap-overflow-invalid-read-in-Libtasn1-TFPA-0052015.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3622", - "https://lists.gnu.org/archive/html/help-libtasn1/2015-04/msg00000.html", - "https://security.gentoo.org/glsa/201509-04", - "https://usn.ubuntu.com/usn/usn-2604-1" - ], - "PublishedDate": "2015-05-12T19:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4008", - "PkgName": "libtasn1", - "InstalledVersion": "2.3-6.el6_5", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4008", - "Title": "libtasn1: infinite loop while parsing DER certificates", - "Description": "The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=a6e0a0b58f5cdaf4e9beca5bce69c09808cbb625", - "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=f435825c0f527a8e52e6ffbc3ad0bc60531d537e", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182299.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182907.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183221.html", - "http://lists.opensuse.org/opensuse-updates/2016-06/msg00047.html", - "http://lists.opensuse.org/opensuse-updates/2016-06/msg00097.html", - "http://www.debian.org/security/2016/dsa-3568", - "http://www.openwall.com/lists/oss-security/2016/04/11/3", - "http://www.ubuntu.com/usn/USN-2957-1", - "http://www.ubuntu.com/usn/USN-2957-2", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4008", - "https://lists.gnu.org/archive/html/help-libtasn1/2016-04/msg00009.html", - "https://security.gentoo.org/glsa/201703-05", - "https://usn.ubuntu.com/usn/usn-2957-1", - "https://usn.ubuntu.com/usn/usn-2957-2" - ], - "PublishedDate": "2016-05-05T18:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2806", - "PkgName": "libtasn1", - "InstalledVersion": "2.3-6.el6_5", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2806", - "Title": "libtasn1: stack overflow in asn1_der_decoding", - "Description": "Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "V2Score": 10 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V2Score": 2.6, - "V3Score": 3.3 - } - }, - "References": [ - "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=4d4f992826a4962790ecd0cce6fbba4a415ce149", - "http://linux.oracle.com/cve/CVE-2015-2806.html", - "http://linux.oracle.com/errata/ELSA-2017-1860.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154741.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154805.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155117.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155270.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155435.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155483.html", - "http://www.debian.org/security/2015/dsa-3220", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:193", - "http://www.openwall.com/lists/oss-security/2015/03/29/4", - "http://www.openwall.com/lists/oss-security/2015/03/31/2", - "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "http://www.securityfocus.com/bid/73436", - "http://www.securitytracker.com/id/1032080", - "http://www.ubuntu.com/usn/USN-2559-1", - "https://access.redhat.com/errata/RHSA-2017:1860", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2806", - "https://security.gentoo.org/glsa/201509-04", - "https://usn.ubuntu.com/usn/usn-2559-1" - ], - "PublishedDate": "2015-04-10T15:00:00Z", - "LastModifiedDate": "2018-01-05T02:30:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10790", - "PkgName": "libtasn1", - "InstalledVersion": "2.3-6.el6_5", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10790", - "Title": "libtasn1: NULL pointer dereference in the _asn1_check_identifier function", - "Description": "The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464141", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10790", - "https://security.gentoo.org/glsa/201710-11", - "https://usn.ubuntu.com/3547-1/", - "https://usn.ubuntu.com/usn/usn-3547-1", - "https://www.debian.org/security/2018/dsa-4106" - ], - "PublishedDate": "2017-07-02T03:29:00Z", - "LastModifiedDate": "2018-03-16T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-6891", - "PkgName": "libtasn1", - "InstalledVersion": "2.3-6.el6_5", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6891", - "Title": "libtasn1: Stack-based buffer overflow in asn1_find_node()", - "Description": "Two errors in the \"asn1_find_node()\" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=5520704d075802df25ce4ffccc010ba1641bd484", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html", - "http://www.debian.org/security/2017/dsa-3861", - "http://www.securityfocus.com/bid/98641", - "http://www.securitytracker.com/id/1038619", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6891", - "https://secuniaresearch.flexerasoftware.com/advisories/76125/", - "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/", - "https://security.gentoo.org/glsa/201710-11", - "https://usn.ubuntu.com/usn/usn-3309-1", - "https://usn.ubuntu.com/usn/usn-3309-2" - ], - "PublishedDate": "2017-05-22T19:29:00Z", - "LastModifiedDate": "2019-06-05T15:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1000654", - "PkgName": "libtasn1", - "InstalledVersion": "2.3-6.el6_5", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000654", - "Title": "libtasn1: Infinite loop in _asn1_expand_object_id(ptree) leads to memory exhaustion", - "Description": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 7.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html", - "http://www.securityfocus.com/bid/105151", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000654", - "https://gitlab.com/gnutls/libtasn1/issues/4" - ], - "PublishedDate": "2018-08-20T19:31:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2012-5630", - "PkgName": "libuser", - "InstalledVersion": "0.56.13-8.el6_7", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2012-5630", - "Title": "libuser: TOCTOU race conditions by copying and removing directory trees", - "Description": "libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees.", - "Severity": "LOW", - "CweIDs": [ - "CWE-367" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", - "V2Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102068.html", - "https://access.redhat.com/security/cve/cve-2012-5630", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5630", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5630", - "https://security-tracker.debian.org/tracker/CVE-2012-5630", - "https://www.securityfocus.com/bid/59285" - ], - "PublishedDate": "2019-11-25T14:15:00Z", - "LastModifiedDate": "2019-12-04T15:43:00Z" - }, - { - "VulnerabilityID": "CVE-2012-5644", - "PkgName": "libuser", - "InstalledVersion": "0.56.13-8.el6_7", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2012-5644", - "Title": "libuser: (Complete) Information disclosure when moving user's home directory", - "Description": "libuser has information disclosure when moving user's home directory", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N", - "V2Score": 4.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N", - "V2Score": 4.7 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102068.html", - "https://access.redhat.com/security/cve/cve-2012-5644", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5644", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5644", - "https://security-tracker.debian.org/tracker/CVE-2012-5644" - ], - "PublishedDate": "2019-11-25T15:15:00Z", - "LastModifiedDate": "2019-12-04T15:47:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9114", - "PkgName": "libuuid", - "InstalledVersion": "2.17.2-12.28.el6_9.2", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9114", - "Title": "util-linux: command injection flaw in blkid", - "Description": "Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-77" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V2Score": 6.2 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146229.html", - "http://lists.opensuse.org/opensuse-updates/2015-01/msg00035.html", - "http://www.openwall.com/lists/oss-security/2014/11/26/21", - "http://www.securityfocus.com/bid/71327", - "https://bugzilla.redhat.com/show_bug.cgi?id=1168485", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9114", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/98993", - "https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc", - "https://security.gentoo.org/glsa/201612-14" - ], - "PublishedDate": "2017-03-31T16:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2010-3879", - "PkgName": "libuuid", - "InstalledVersion": "2.17.2-12.28.el6_9.2", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-3879", - "Title": "CVE-2011-0541 CVE-2011-0542 CVE-2011-0543 fuse: unprivileged user can unmount arbitrary locations via symlink attack", - "Description": "FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE filesystem, a different vulnerability than CVE-2010-0789.", - "Severity": "LOW", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P", - "V2Score": 5.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:N/I:P/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602333", - "http://linux.oracle.com/cve/CVE-2010-3879.html", - "http://linux.oracle.com/errata/ELSA-2011-1083.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053792.html", - "http://lists.grok.org.uk/pipermail/full-disclosure/2010-November/077247.html", - "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html", - "http://openwall.com/lists/oss-security/2010/11/04/8", - "http://openwall.com/lists/oss-security/2010/11/05/2", - "http://osvdb.org/70520", - "http://secunia.com/advisories/42961", - "http://secunia.com/advisories/42965", - "http://www.halfdog.net/Security/FuseTimerace/", - "http://www.mandriva.com/security/advisories?name=MDVSA-2013:155", - "http://www.securityfocus.com/bid/44623", - "http://www.ubuntu.com/usn/USN-1045-1", - "http://www.ubuntu.com/usn/USN-1045-2", - "http://www.vupen.com/english/advisories/2011/0181", - "http://www.vupen.com/english/advisories/2011/0302", - "https://bugs.launchpad.net/bugs/670622", - "https://bugzilla.novell.com/show_bug.cgi?id=651598", - "https://bugzilla.redhat.com/show_bug.cgi?id=651183", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3879", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/62986" - ], - "PublishedDate": "2011-01-22T22:00:00Z", - "LastModifiedDate": "2017-08-17T01:33:00Z" - }, - { - "VulnerabilityID": "CVE-2011-0541", - "PkgName": "libuuid", - "InstalledVersion": "2.17.2-12.28.el6_9.2", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-0541", - "Title": "CVE-2010-3879 CVE-2011-0541 CVE-2011-0542 CVE-2011-0543 fuse: unprivileged user can unmount arbitrary locations via symlink attack", - "Description": "fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", - "V2Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:N/I:P/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=bf5ffb5fd8558bd799791834def431c0cee5a11f", - "http://linux.oracle.com/cve/CVE-2011-0541.html", - "http://linux.oracle.com/errata/ELSA-2011-1083.html", - "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html", - "http://www.openwall.com/lists/oss-security/2011/02/02/2", - "http://www.openwall.com/lists/oss-security/2011/02/03/5", - "http://www.openwall.com/lists/oss-security/2011/02/08/4", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0541" - ], - "PublishedDate": "2011-09-02T23:55:00Z", - "LastModifiedDate": "2014-02-12T04:26:00Z" - }, - { - "VulnerabilityID": "CVE-2011-0542", - "PkgName": "libuuid", - "InstalledVersion": "2.17.2-12.28.el6_9.2", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-0542", - "Title": "CVE-2010-3879 CVE-2011-0541 CVE-2011-0542 CVE-2011-0543 fuse: unprivileged user can unmount arbitrary locations via symlink attack", - "Description": "fusermount in fuse 2.8.5 and earlier does not perform a chdir to / before performing a mount or umount, which allows local users to unmount arbitrary directories via unspecified vectors.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", - "V2Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:N/I:P/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=1e7607ff89c65b005f69e27aeb1649d624099873", - "http://linux.oracle.com/cve/CVE-2011-0542.html", - "http://linux.oracle.com/errata/ELSA-2011-1083.html", - "http://www.openwall.com/lists/oss-security/2011/02/02/2", - "http://www.openwall.com/lists/oss-security/2011/02/03/5", - "http://www.openwall.com/lists/oss-security/2011/02/08/4", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0542" - ], - "PublishedDate": "2011-09-02T23:55:00Z", - "LastModifiedDate": "2011-09-05T04:00:00Z" - }, - { - "VulnerabilityID": "CVE-2011-0543", - "PkgName": "libuuid", - "InstalledVersion": "2.17.2-12.28.el6_9.2", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-0543", - "Title": "CVE-2010-3879 CVE-2011-0541 CVE-2011-0542 CVE-2011-0543 fuse: unprivileged user can unmount arbitrary locations via symlink attack", - "Description": "Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when util-linux does not support the --no-canonicalize option, allows local users to bypass intended access restrictions and unmount arbitrary directories via a symlink attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", - "V2Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:N/I:P/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=cbd3a2a84068aae6e3fe32939d88470d712dbf47", - "http://linux.oracle.com/cve/CVE-2011-0543.html", - "http://linux.oracle.com/errata/ELSA-2011-1083.html", - "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html", - "http://www.openwall.com/lists/oss-security/2011/02/02/2", - "http://www.openwall.com/lists/oss-security/2011/02/03/5", - "http://www.openwall.com/lists/oss-security/2011/02/08/4", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0543" - ], - "PublishedDate": "2011-09-02T23:55:00Z", - "LastModifiedDate": "2014-02-12T04:26:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5218", - "PkgName": "libuuid", - "InstalledVersion": "2.17.2-12.28.el6_9.2", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5218", - "Title": "colcrt: global-buffer-overflow", - "Description": "Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2015-11/msg00035.html", - "http://www.spinics.net/lists/util-linux-ng/msg11873.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=1259322", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5218", - "https://github.com/kerolasa/lelux-utiliteetit/commit/70e3fcf293c1827a2655a86584ab13075124a8a8", - "https://github.com/kerolasa/lelux-utiliteetit/commit/d883d64d96ab9bef510745d064a351145b9babec", - "https://www.kernel.org/pub/linux/utils/util-linux/v2.27/v2.27-ReleaseNotes" - ], - "PublishedDate": "2015-11-09T16:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-5011", - "PkgName": "libuuid", - "InstalledVersion": "2.17.2-12.28.el6_9.2", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5011", - "Title": "util-linux: Extended partition loop in MBR partition table leads to DOS", - "Description": "The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.7, - "V3Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.9, - "V3Score": 4.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-5011.html", - "http://linux.oracle.com/errata/ELSA-2016-2605.html", - "http://rhn.redhat.com/errata/RHSA-2016-2605.html", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1024543", - "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021801", - "http://www.openwall.com/lists/oss-security/2016/07/11/2", - "http://www.securityfocus.com/bid/91683", - "http://www.securitytracker.com/id/1036272", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5011", - "https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=7164a1c3" - ], - "PublishedDate": "2017-04-11T15:59:00Z", - "LastModifiedDate": "2017-04-17T16:50:00Z" - }, - { - "VulnerabilityID": "CVE-2016-5131", - "PkgName": "libxml2", - "InstalledVersion": "2.7.6-21.el6_8.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5131", - "Title": "libxml2: use after free triggered by XPointer paths beginning with range-to", - "Description": "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - } - }, - "References": [ - "http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html", - "http://rhn.redhat.com/errata/RHSA-2016-1485.html", - "http://www.debian.org/security/2016/dsa-3637", - "http://www.securityfocus.com/bid/92053", - "http://www.securitytracker.com/id/1036428", - "http://www.securitytracker.com/id/1038623", - "http://www.ubuntu.com/usn/USN-3041-1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1358641", - "https://codereview.chromium.org/2127493002", - "https://crbug.com/623378", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131", - "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", - "https://security.gentoo.org/glsa/201610-09", - "https://security.gentoo.org/glsa/201701-37", - "https://source.android.com/security/bulletin/2017-05-01", - "https://support.apple.com/HT207141", - "https://support.apple.com/HT207142", - "https://support.apple.com/HT207143", - "https://support.apple.com/HT207170", - "https://usn.ubuntu.com/usn/usn-3041-1", - "https://usn.ubuntu.com/usn/usn-3235-1" - ], - "PublishedDate": "2016-07-23T19:59:00Z", - "LastModifiedDate": "2019-03-26T17:14:00Z" - }, - { - "VulnerabilityID": "CVE-2013-0339", - "PkgName": "libxml2", - "InstalledVersion": "2.7.6-21.el6_8.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-0339", - "Title": "libxml2: CPU consumption DoS and other effects when performing string substitutions during external entities expansion", - "Description": "libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because libxml2 already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed and each affected application would need its own CVE.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html", - "http://openwall.com/lists/oss-security/2013/02/21/24", - "http://openwall.com/lists/oss-security/2013/02/22/3", - "http://seclists.org/oss-sec/2013/q4/182", - "http://seclists.org/oss-sec/2013/q4/184", - "http://seclists.org/oss-sec/2013/q4/188", - "http://secunia.com/advisories/52662", - "http://secunia.com/advisories/54172", - "http://secunia.com/advisories/55568", - "http://www.debian.org/security/2013/dsa-2652", - "http://www.openwall.com/lists/oss-security/2013/04/12/6", - "http://www.ubuntu.com/usn/USN-1904-1", - "http://www.ubuntu.com/usn/USN-1904-2", - "https://bugzilla.redhat.com/show_bug.cgi?id=915149", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0339", - "https://git.gnome.org/browse/libxml2/commit/?id=4629ee02ac649c27f9c0cf98ba017c6b5526070f", - "https://usn.ubuntu.com/usn/usn-1904-1" - ], - "PublishedDate": "2014-01-21T18:55:00Z", - "LastModifiedDate": "2016-05-05T15:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4483", - "PkgName": "libxml2", - "InstalledVersion": "2.7.6-21.el6_8.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4483", - "Title": "libxml2: out-of-bounds read", - "Description": "The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://rhn.redhat.com/errata/RHSA-2016-2957.html", - "http://www.debian.org/security/2016/dsa-3593", - "http://www.openwall.com/lists/oss-security/2016/05/03/8", - "http://www.openwall.com/lists/oss-security/2016/05/04/7", - "http://www.openwall.com/lists/oss-security/2016/06/07/4", - "http://www.openwall.com/lists/oss-security/2016/06/07/5", - "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", - "http://www.securityfocus.com/bid/90013", - "http://www.securitytracker.com/id/1036348", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483", - "https://git.gnome.org/browse/libxml2/commit/?id=c97750d11bb8b6f3303e7131fe526a61ac65bcfd", - "https://security.gentoo.org/glsa/201701-37", - "https://usn.ubuntu.com/usn/usn-2994-1", - "https://www.tenable.com/security/tns-2016-18" - ], - "PublishedDate": "2017-04-11T16:59:00Z", - "LastModifiedDate": "2018-01-05T02:30:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4658", - "PkgName": "libxml2", - "InstalledVersion": "2.7.6-21.el6_8.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4658", - "Title": "libxml2: Use after free via namespace node in XPointer ranges", - "Description": "xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 10, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html", - "http://www.securityfocus.com/bid/93054", - "http://www.securitytracker.com/id/1036858", - "http://www.securitytracker.com/id/1038623", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658", - "https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b", - "https://github.com/sparklemotion/nokogiri/issues/1615", - "https://nvd.nist.gov/vuln/detail/CVE-2016-4658", - "https://security.gentoo.org/glsa/201701-37", - "https://support.apple.com/HT207141", - "https://support.apple.com/HT207142", - "https://support.apple.com/HT207143", - "https://support.apple.com/HT207170", - "https://usn.ubuntu.com/usn/usn-3235-1" - ], - "PublishedDate": "2016-09-25T10:59:00Z", - "LastModifiedDate": "2019-03-13T14:05:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9318", - "PkgName": "libxml2", - "InstalledVersion": "2.7.6-21.el6_8.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9318", - "Title": "libxml2: XML External Entity vulnerability", - "Description": "libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-611" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L", - "V2Score": 5.8, - "V3Score": 6.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/94347", - "https://bugzilla.gnome.org/show_bug.cgi?id=772726", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9318", - "https://github.com/lsh123/xmlsec/issues/43", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/3739-1/", - "https://usn.ubuntu.com/3739-2/", - "https://usn.ubuntu.com/usn/usn-3739-1", - "https://usn.ubuntu.com/usn/usn-3739-2" - ], - "PublishedDate": "2016-11-16T00:59:00Z", - "LastModifiedDate": "2018-08-15T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-0663", - "PkgName": "libxml2", - "InstalledVersion": "2.7.6-21.el6_8.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-0663", - "Title": "libxml2: Heap buffer overflow in xmlAddID", - "Description": "A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.securityfocus.com/bid/98877", - "http://www.securitytracker.com/id/1038623", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663", - "https://security.gentoo.org/glsa/201711-01", - "https://source.android.com/security/bulletin/2017-06-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-06-14T13:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16931", - "PkgName": "libxml2", - "InstalledVersion": "2.7.6-21.el6_8.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16931", - "Title": "libxml2: Mishandling parameter-entity references", - "Description": "parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://xmlsoft.org/news.html", - "https://bugzilla.gnome.org/show_bug.cgi?id=766956", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16931", - "https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html" - ], - "PublishedDate": "2017-11-23T21:29:00Z", - "LastModifiedDate": "2018-02-04T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16932", - "PkgName": "libxml2", - "InstalledVersion": "2.7.6-21.el6_8.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16932", - "Title": "libxml2: Infinite recursion in parameter entities", - "Description": "parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://xmlsoft.org/news.html", - "https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html", - "https://bugzilla.gnome.org/show_bug.cgi?id=759579", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932", - "https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961", - "https://github.com/sparklemotion/nokogiri/issues/1714", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16932.html", - "https://usn.ubuntu.com/3739-1/", - "https://usn.ubuntu.com/usn/usn-3504-1", - "https://usn.ubuntu.com/usn/usn-3504-1/", - "https://usn.ubuntu.com/usn/usn-3504-2", - "https://usn.ubuntu.com/usn/usn-3739-1" - ], - "PublishedDate": "2017-11-23T21:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7375", - "PkgName": "libxml2", - "InstalledVersion": "2.7.6-21.el6_8.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7375", - "Title": "libxml2: Missing validation for external entities in xmlParsePEReference", - "Description": "A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-611" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98877", - "http://www.securitytracker.com/id/1038623", - "https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa", - "https://bugzilla.redhat.com/show_bug.cgi?id=1462203", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375", - "https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e", - "https://security.gentoo.org/glsa/201711-01", - "https://source.android.com/security/bulletin/2017-06-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2", - "https://www.debian.org/security/2017/dsa-3952" - ], - "PublishedDate": "2018-02-19T19:29:00Z", - "LastModifiedDate": "2018-03-18T14:17:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9047", - "PkgName": "libxml2", - "InstalledVersion": "2.7.6-21.el6_8.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9047", - "Title": "libxml2: Buffer overflow in function xmlSnprintfElementContent", - "Description": "A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content-\u003etype is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content-\u003eprefix is appended to buf (if it actually fits) whereupon (ii) content-\u003ename is written to the buffer. However, the check for whether the content-\u003ename actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about \"size\" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.openwall.com/lists/oss-security/2017/05/15/1", - "http://www.securityfocus.com/bid/98599", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-05-18T06:29:00Z", - "LastModifiedDate": "2017-11-11T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9049", - "PkgName": "libxml2", - "InstalledVersion": "2.7.6-21.el6_8.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9049", - "Title": "libxml2: Heap-based buffer over-read in function xmlDictComputeFastKey", - "Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.openwall.com/lists/oss-security/2017/05/15/1", - "http://www.securityfocus.com/bid/98601", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-05-18T06:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9050", - "PkgName": "libxml2", - "InstalledVersion": "2.7.6-21.el6_8.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9050", - "Title": "libxml2: Heap-based buffer over-read in function xmlDictAddString", - "Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.openwall.com/lists/oss-security/2017/05/15/1", - "http://www.securityfocus.com/bid/98568", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050", - "https://github.com/sparklemotion/nokogiri/issues/1673", - "https://nvd.nist.gov/vuln/detail/CVE-2017-9050", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0663.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7375.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7376.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9047.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9048.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9049.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9050.html", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-1/", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-05-18T06:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-14404", - "PkgName": "libxml2", - "InstalledVersion": "2.7.6-21.el6_8.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14404", - "Title": "libxml2: NULL pointer dereference in xpath.c:xmlXPathCompOpEval() can allow attackers to cause a denial of service", - "Description": "A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817", - "https://bugzilla.redhat.com/show_bug.cgi?id=1595985", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14404", - "https://github.com/sparklemotion/nokogiri/issues/1785", - "https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74", - "https://gitlab.gnome.org/GNOME/libxml2/commit/a436374994c47b12d5de1b8b1d191a098fa23594", - "https://gitlab.gnome.org/GNOME/libxml2/issues/10", - "https://groups.google.com/forum/#!msg/ruby-security-ann/uVrmO2HjqQw/Fw3ocLI0BQAJ", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", - "https://nvd.nist.gov/vuln/detail/CVE-2018-14404", - "https://usn.ubuntu.com/3739-1/", - "https://usn.ubuntu.com/3739-2/", - "https://usn.ubuntu.com/usn/usn-3739-1", - "https://usn.ubuntu.com/usn/usn-3739-2" - ], - "PublishedDate": "2018-07-19T13:29:00Z", - "LastModifiedDate": "2018-09-28T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-5969", - "PkgName": "libxml2", - "InstalledVersion": "2.7.6-21.el6_8.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-5969", - "Title": "libxml2: Null pointer dereference in xmlSaveDoc implementation", - "Description": "** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states \"I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 2.6, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/11/05/3", - "http://www.openwall.com/lists/oss-security/2017/02/13/1", - "http://www.securityfocus.com/bid/96188", - "https://bugzilla.gnome.org/show_bug.cgi?id=778519", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5969", - "https://security.gentoo.org/glsa/201711-01" - ], - "PublishedDate": "2017-04-11T16:59:00Z", - "LastModifiedDate": "2017-11-11T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8872", - "PkgName": "libxml2", - "InstalledVersion": "2.7.6-21.el6_8.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8872", - "Title": "libxml2: Out-of-bounds read in htmlParseTryOrFinish", - "Description": "The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "https://bugzilla.gnome.org/show_bug.cgi?id=775200", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8872" - ], - "PublishedDate": "2017-05-10T05:29:00Z", - "LastModifiedDate": "2017-05-15T18:37:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9048", - "PkgName": "libxml2", - "InstalledVersion": "2.7.6-21.el6_8.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9048", - "Title": "libxml2: Stack-based buffer overflow in function xmlSnprintfElementContent", - "Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 \u003c size. This vulnerability causes programs that use libxml2, such as PHP, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", - "V3Score": 4.8 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.openwall.com/lists/oss-security/2017/05/15/1", - "http://www.securityfocus.com/bid/98556", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-05-18T06:29:00Z", - "LastModifiedDate": "2017-11-11T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-5461", - "PkgName": "lua", - "InstalledVersion": "5.1.4-4.1.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-5461", - "Title": "lua: overflow flaw in vararg functions", - "Description": "Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 4.4 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0414.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00030.html", - "http://secunia.com/advisories/59890", - "http://secunia.com/advisories/60869", - "http://secunia.com/advisories/61411", - "http://www.debian.org/security/2014/dsa-3015", - "http://www.debian.org/security/2014/dsa-3016", - "http://www.lua.org/bugs.html#5.2.2-1", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:144", - "http://www.openwall.com/lists/oss-security/2014/08/21/1", - "http://www.openwall.com/lists/oss-security/2014/08/21/4", - "http://www.openwall.com/lists/oss-security/2014/08/27/2", - "http://www.securityfocus.com/bid/69342", - "http://www.ubuntu.com/usn/USN-2338-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5461", - "https://security.gentoo.org/glsa/201701-53", - "https://usn.ubuntu.com/usn/usn-2338-1" - ], - "PublishedDate": "2014-09-04T17:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10685", - "PkgName": "ncurses", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10685", - "Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function", - "Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-134" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464692", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-06-29T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11112", - "PkgName": "ncurses", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11112", - "Title": "ncurses: Illegal address access in append_acs function", - "Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464686", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11113", - "PkgName": "ncurses", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11113", - "Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function", - "Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464691", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2019-05-06T15:00:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13728", - "PkgName": "ncurses", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13728", - "Title": "ncurses: Infinite loop in the next_char function", - "Description": "There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484274", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13729", - "PkgName": "ncurses", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13729", - "Title": "ncurses: Illegal address access in the _nc_save_str function", - "Description": "There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13729", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13730", - "PkgName": "ncurses", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13730", - "Title": "ncurses: Illegal address access in the function _nc_read_entry_source()", - "Description": "There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484284", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13730", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13731", - "PkgName": "ncurses", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13731", - "Title": "ncurses: Illegal address access in the function postprocess_termcap()", - "Description": "There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484285", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13731", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13732", - "PkgName": "ncurses", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13732", - "Title": "ncurses: Illegal address access in the function dump_uses()", - "Description": "There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484287", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13732", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13733", - "PkgName": "ncurses", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13733", - "Title": "ncurses: Illegal address access in the function fmt_entry", - "Description": "There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484290", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13733", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13734", - "PkgName": "ncurses", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13734", - "Title": "ncurses: Illegal address access in the function _nc_safe_strcat", - "Description": "There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484291", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13734", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16879", - "PkgName": "ncurses", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16879", - "Title": "ncurses: Stack-based buffer overflow in the _nc_write_entry function", - "Description": "Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.5 - } - }, - "References": [ - "http://invisible-island.net/ncurses/NEWS.html#t20171125", - "http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16879", - "https://security.gentoo.org/glsa/201804-13", - "https://tools.cisco.com/security/center/viewAlert.x?alertId=57695" - ], - "PublishedDate": "2017-11-22T22:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19211", - "PkgName": "ncurses", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19211", - "Title": "ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c", - "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1643754", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19211" - ], - "PublishedDate": "2018-11-12T19:29:00Z", - "LastModifiedDate": "2019-04-23T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19217", - "PkgName": "ncurses", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19217", - "Title": "ncurses: Null pointer dereference at function _nc_name_match", - "Description": "** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1643753", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19217" - ], - "PublishedDate": "2018-11-12T19:29:00Z", - "LastModifiedDate": "2019-04-18T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10685", - "PkgName": "ncurses-base", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10685", - "Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function", - "Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-134" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464692", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-06-29T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11112", - "PkgName": "ncurses-base", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11112", - "Title": "ncurses: Illegal address access in append_acs function", - "Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464686", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11113", - "PkgName": "ncurses-base", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11113", - "Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function", - "Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464691", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2019-05-06T15:00:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13728", - "PkgName": "ncurses-base", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13728", - "Title": "ncurses: Infinite loop in the next_char function", - "Description": "There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484274", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13729", - "PkgName": "ncurses-base", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13729", - "Title": "ncurses: Illegal address access in the _nc_save_str function", - "Description": "There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13729", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13730", - "PkgName": "ncurses-base", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13730", - "Title": "ncurses: Illegal address access in the function _nc_read_entry_source()", - "Description": "There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484284", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13730", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13731", - "PkgName": "ncurses-base", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13731", - "Title": "ncurses: Illegal address access in the function postprocess_termcap()", - "Description": "There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484285", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13731", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13732", - "PkgName": "ncurses-base", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13732", - "Title": "ncurses: Illegal address access in the function dump_uses()", - "Description": "There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484287", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13732", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13733", - "PkgName": "ncurses-base", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13733", - "Title": "ncurses: Illegal address access in the function fmt_entry", - "Description": "There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484290", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13733", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13734", - "PkgName": "ncurses-base", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13734", - "Title": "ncurses: Illegal address access in the function _nc_safe_strcat", - "Description": "There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484291", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13734", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16879", - "PkgName": "ncurses-base", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16879", - "Title": "ncurses: Stack-based buffer overflow in the _nc_write_entry function", - "Description": "Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.5 - } - }, - "References": [ - "http://invisible-island.net/ncurses/NEWS.html#t20171125", - "http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16879", - "https://security.gentoo.org/glsa/201804-13", - "https://tools.cisco.com/security/center/viewAlert.x?alertId=57695" - ], - "PublishedDate": "2017-11-22T22:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19211", - "PkgName": "ncurses-base", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19211", - "Title": "ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c", - "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1643754", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19211" - ], - "PublishedDate": "2018-11-12T19:29:00Z", - "LastModifiedDate": "2019-04-23T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19217", - "PkgName": "ncurses-base", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19217", - "Title": "ncurses: Null pointer dereference at function _nc_name_match", - "Description": "** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1643753", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19217" - ], - "PublishedDate": "2018-11-12T19:29:00Z", - "LastModifiedDate": "2019-04-18T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10685", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10685", - "Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function", - "Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-134" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464692", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-06-29T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11112", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11112", - "Title": "ncurses: Illegal address access in append_acs function", - "Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464686", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11113", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11113", - "Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function", - "Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464691", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2019-05-06T15:00:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13728", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13728", - "Title": "ncurses: Infinite loop in the next_char function", - "Description": "There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484274", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13729", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13729", - "Title": "ncurses: Illegal address access in the _nc_save_str function", - "Description": "There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13729", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13730", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13730", - "Title": "ncurses: Illegal address access in the function _nc_read_entry_source()", - "Description": "There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484284", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13730", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13731", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13731", - "Title": "ncurses: Illegal address access in the function postprocess_termcap()", - "Description": "There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484285", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13731", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13732", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13732", - "Title": "ncurses: Illegal address access in the function dump_uses()", - "Description": "There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484287", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13732", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13733", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13733", - "Title": "ncurses: Illegal address access in the function fmt_entry", - "Description": "There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484290", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13733", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13734", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13734", - "Title": "ncurses: Illegal address access in the function _nc_safe_strcat", - "Description": "There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484291", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13734", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16879", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16879", - "Title": "ncurses: Stack-based buffer overflow in the _nc_write_entry function", - "Description": "Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.5 - } - }, - "References": [ - "http://invisible-island.net/ncurses/NEWS.html#t20171125", - "http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16879", - "https://security.gentoo.org/glsa/201804-13", - "https://tools.cisco.com/security/center/viewAlert.x?alertId=57695" - ], - "PublishedDate": "2017-11-22T22:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19211", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19211", - "Title": "ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c", - "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1643754", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19211" - ], - "PublishedDate": "2018-11-12T19:29:00Z", - "LastModifiedDate": "2019-04-23T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19217", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19217", - "Title": "ncurses: Null pointer dereference at function _nc_name_match", - "Description": "** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1643753", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19217" - ], - "PublishedDate": "2018-11-12T19:29:00Z", - "LastModifiedDate": "2019-04-18T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-1951", - "PkgName": "nspr", - "InstalledVersion": "4.19.0-1.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1951", - "Title": "nspr: Memory allocation issue related to PR_*printf functions", - "Description": "Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before 4.12 allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long string to a PR_*printf function.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", - "V2Score": 7.5, - "V3Score": 8.6 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - } - }, - "References": [ - "http://www.securityfocus.com/bid/92385", - "http://www.securitytracker.com/id/1036590", - "http://www.ubuntu.com/usn/USN-3023-1", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1174015", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1951", - "https://groups.google.com/forum/#!topic/mozilla.dev.tech.nspr/dV4MyMsg6jw", - "https://groups.google.com/forum/message/raw?msg=mozilla.dev.tech.nspr/dV4MyMsg6jw/hhWcXOgJDQAJ", - "https://hg.mozilla.org/projects/nspr/rev/96381e3aaae2", - "https://usn.ubuntu.com/usn/usn-3023-1", - "https://usn.ubuntu.com/usn/usn-3028-1" - ], - "PublishedDate": "2016-08-07T19:59:00Z", - "LastModifiedDate": "2016-11-28T20:02:00Z" - }, - { - "VulnerabilityID": "CVE-2011-3640", - "PkgName": "nss", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-3640", - "Title": "nss: /pkcs11.txt and /secmod.db files read on initialization", - "Description": "** DISPUTED ** Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was \"Strange behavior, but we're not treating this as a security bug.\"", - "Severity": "HIGH", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", - "V2Score": 9.3 - } - }, - "References": [ - "http://blog.acrossecurity.com/2011/10/google-chrome-pkcs11txt-file-planting.html", - "http://code.google.com/p/chromium/issues/detail?id=97426", - "http://securityreason.com/securityalert/8483", - "https://bugzilla.mozilla.org/show_bug.cgi?id=641052", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3640", - "https://hermes.opensuse.org/messages/13154861", - "https://hermes.opensuse.org/messages/13155432", - "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13414" - ], - "PublishedDate": "2011-10-28T02:49:00Z", - "LastModifiedDate": "2017-09-19T01:34:00Z" - }, - { - "VulnerabilityID": "CVE-2011-3389", - "PkgName": "nss", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-3389", - "Title": "HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)", - "Description": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://arcticdog.wordpress.com/2012/08/29/beast-openssl-and-apache/", - "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/", - "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx", - "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx", - "http://curl.haxx.se/docs/adv_20120124B.html", - "http://downloads.asterisk.org/pub/security/AST-2016-001.html", - "http://ekoparty.org/2011/juliano-rizzo.php", - "http://eprint.iacr.org/2004/111", - "http://eprint.iacr.org/2006/136", - "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html", - "http://isc.sans.edu/diary/SSL+TLS+part+3+/11635", - "http://linux.oracle.com/cve/CVE-2011-3389.html", - "http://linux.oracle.com/errata/ELSA-2011-1380.html", - "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html", - "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html", - "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html", - "http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html", - "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html", - "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html", - "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html", - "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html", - "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html", - "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html", - "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2", - "http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue", - "http://osvdb.org/74829", - "http://rhn.redhat.com/errata/RHSA-2012-0508.html", - "http://rhn.redhat.com/errata/RHSA-2013-1455.html", - "http://secunia.com/advisories/45791", - "http://secunia.com/advisories/47998", - "http://secunia.com/advisories/48256", - "http://secunia.com/advisories/48692", - "http://secunia.com/advisories/48915", - "http://secunia.com/advisories/48948", - "http://secunia.com/advisories/49198", - "http://secunia.com/advisories/55322", - "http://secunia.com/advisories/55350", - "http://secunia.com/advisories/55351", - "http://security.gentoo.org/glsa/glsa-201203-02.xml", - "http://security.gentoo.org/glsa/glsa-201406-32.xml", - "http://support.apple.com/kb/HT4999", - "http://support.apple.com/kb/HT5001", - "http://support.apple.com/kb/HT5130", - "http://support.apple.com/kb/HT5281", - "http://support.apple.com/kb/HT5501", - "http://support.apple.com/kb/HT6150", - "http://technet.microsoft.com/security/advisory/2588513", - "http://vnhacker.blogspot.com/2011/09/beast.html", - "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf", - "http://www.debian.org/security/2012/dsa-2398", - "http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html", - "http://www.ibm.com/developerworks/java/jdk/alerts/", - "http://www.imperialviolet.org/2011/09/23/chromeandbeast.html", - "http://www.insecure.cl/Beast-SSL.rar", - "http://www.kb.cert.org/vuls/id/864643", - "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058", - "http://www.opera.com/docs/changelogs/mac/1151/", - "http://www.opera.com/docs/changelogs/mac/1160/", - "http://www.opera.com/docs/changelogs/unix/1151/", - "http://www.opera.com/docs/changelogs/unix/1160/", - "http://www.opera.com/docs/changelogs/windows/1151/", - "http://www.opera.com/docs/changelogs/windows/1160/", - "http://www.opera.com/support/kb/view/1004/", - "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", - "http://www.redhat.com/support/errata/RHSA-2011-1384.html", - "http://www.redhat.com/support/errata/RHSA-2012-0006.html", - "http://www.securityfocus.com/bid/49388", - "http://www.securityfocus.com/bid/49778", - "http://www.securitytracker.com/id/1029190", - "http://www.securitytracker.com/id?1025997", - "http://www.securitytracker.com/id?1026103", - "http://www.securitytracker.com/id?1026704", - "http://www.ubuntu.com/usn/USN-1263-1", - "http://www.us-cert.gov/cas/techalerts/TA12-010A.html", - "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail", - "https://bugzilla.novell.com/show_bug.cgi?id=719047", - "https://bugzilla.redhat.com/show_bug.cgi?id=737506", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389", - "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006", - "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862", - "https://hermes.opensuse.org/messages/13154861", - "https://hermes.opensuse.org/messages/13155432", - "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", - "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752", - "https://usn.ubuntu.com/usn/usn-1263-1" - ], - "PublishedDate": "2011-09-06T19:55:00Z", - "LastModifiedDate": "2018-10-12T22:01:00Z" - }, - { - "VulnerabilityID": "CVE-2013-2566", - "PkgName": "nss", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-2566", - "Title": "SSL/TLS: Attack against RC4 stream cipher", - "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html", - "http://cr.yp.to/talks/2013.03.12/slides.pdf", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", - "http://marc.info/?l=bugtraq\u0026m=143039468003789\u0026w=2", - "http://my.opera.com/securitygroup/blog/2013/03/20/on-the-precariousness-of-rc4", - "http://security.gentoo.org/glsa/glsa-201406-19.xml", - "http://www.isg.rhul.ac.uk/tls/", - "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html", - "http://www.opera.com/docs/changelogs/unified/1215/", - "http://www.opera.com/security/advisory/1046", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.securityfocus.com/bid/58796", - "http://www.ubuntu.com/usn/USN-2031-1", - "http://www.ubuntu.com/usn/USN-2032-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2566", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", - "https://security.gentoo.org/glsa/201504-01", - "https://usn.ubuntu.com/usn/usn-2031-1", - "https://usn.ubuntu.com/usn/usn-2032-1" - ], - "PublishedDate": "2013-03-15T21:55:00Z", - "LastModifiedDate": "2018-01-18T18:18:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2808", - "PkgName": "nss", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2808", - "Title": "SSL/TLS: \"Invariance Weakness\" vulnerability in RC4 stream cipher", - "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", - "http://linux.oracle.com/cve/CVE-2015-2808.html", - "http://linux.oracle.com/errata/ELSA-2015-1526.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html", - "http://marc.info/?l=bugtraq\u0026m=143456209711959\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143629696317098\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144059660127919\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144059703728085\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144104565600964\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2", - "http://rhn.redhat.com/errata/RHSA-2015-1006.html", - "http://rhn.redhat.com/errata/RHSA-2015-1007.html", - "http://rhn.redhat.com/errata/RHSA-2015-1020.html", - "http://rhn.redhat.com/errata/RHSA-2015-1021.html", - "http://rhn.redhat.com/errata/RHSA-2015-1091.html", - "http://rhn.redhat.com/errata/RHSA-2015-1228.html", - "http://rhn.redhat.com/errata/RHSA-2015-1229.html", - "http://rhn.redhat.com/errata/RHSA-2015-1230.html", - "http://rhn.redhat.com/errata/RHSA-2015-1241.html", - "http://rhn.redhat.com/errata/RHSA-2015-1242.html", - "http://rhn.redhat.com/errata/RHSA-2015-1243.html", - "http://rhn.redhat.com/errata/RHSA-2015-1526.html", - "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888", - "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892", - "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", - "http://www-304.ibm.com/support/docview.wss?uid=swg21903565", - "http://www-304.ibm.com/support/docview.wss?uid=swg21960015", - "http://www-304.ibm.com/support/docview.wss?uid=swg21960769", - "http://www.debian.org/security/2015/dsa-3316", - "http://www.debian.org/security/2015/dsa-3339", - "http://www.huawei.com/en/psirt/security-advisories/hw-454055", - "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "http://www.securityfocus.com/bid/73684", - "http://www.securityfocus.com/bid/91787", - "http://www.securitytracker.com/id/1032599", - "http://www.securitytracker.com/id/1032600", - "http://www.securitytracker.com/id/1032707", - "http://www.securitytracker.com/id/1032708", - "http://www.securitytracker.com/id/1032734", - "http://www.securitytracker.com/id/1032788", - "http://www.securitytracker.com/id/1032858", - "http://www.securitytracker.com/id/1032868", - "http://www.securitytracker.com/id/1032910", - "http://www.securitytracker.com/id/1032990", - "http://www.securitytracker.com/id/1033071", - "http://www.securitytracker.com/id/1033072", - "http://www.securitytracker.com/id/1033386", - "http://www.securitytracker.com/id/1033415", - "http://www.securitytracker.com/id/1033431", - "http://www.securitytracker.com/id/1033432", - "http://www.securitytracker.com/id/1033737", - "http://www.securitytracker.com/id/1033769", - "http://www.securitytracker.com/id/1036222", - "http://www.ubuntu.com/usn/USN-2696-1", - "http://www.ubuntu.com/usn/USN-2706-1", - "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808", - "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", - "https://kb.juniper.net/JSA10783", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163", - "https://security.gentoo.org/glsa/201512-10", - "https://usn.ubuntu.com/usn/usn-2696-1", - "https://usn.ubuntu.com/usn/usn-2706-1", - "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709", - "https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf" - ], - "PublishedDate": "2015-04-01T02:00:00Z", - "LastModifiedDate": "2018-01-18T18:18:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2183", - "PkgName": "nss", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2183", - "Title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)", - "Description": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.7 - } - }, - "References": [ - "http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/5d2bb853ae31", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759", - "http://linux.oracle.com/cve/CVE-2016-2183.html", - "http://linux.oracle.com/errata/ELSA-2018-2123.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", - "http://rhn.redhat.com/errata/RHSA-2017-0336.html", - "http://rhn.redhat.com/errata/RHSA-2017-0337.html", - "http://rhn.redhat.com/errata/RHSA-2017-0338.html", - "http://rhn.redhat.com/errata/RHSA-2017-0462.html", - "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697", - "http://www-01.ibm.com/support/docview.wss?uid=swg21991482", - "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", - "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", - "http://www.securityfocus.com/bid/92630", - "http://www.securityfocus.com/bid/95568", - "http://www.securitytracker.com/id/1036696", - "http://www.splunk.com/view/SP-CAAAPSV", - "http://www.splunk.com/view/SP-CAAAPUE", - "https://access.redhat.com/articles/2548661", - "https://access.redhat.com/errata/RHSA-2016:1940", - "https://access.redhat.com/errata/RHSA-2017:1216", - "https://access.redhat.com/errata/RHSA-2017:2708", - "https://access.redhat.com/errata/RHSA-2017:2709", - "https://access.redhat.com/errata/RHSA-2017:2710", - "https://access.redhat.com/errata/RHSA-2017:3113", - "https://access.redhat.com/errata/RHSA-2017:3114", - "https://access.redhat.com/errata/RHSA-2017:3239", - "https://access.redhat.com/errata/RHSA-2017:3240", - "https://access.redhat.com/errata/RHSA-2018:2123", - "https://access.redhat.com/errata/RHSA-2019:1245", - "https://access.redhat.com/errata/RHSA-2019:2859", - "https://access.redhat.com/security/cve/cve-2016-2183", - "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/", - "https://bto.bluecoat.com/security-advisory/sa133", - "https://bugzilla.redhat.com/show_bug.cgi?id=1369383", - "https://community.qualys.com/thread/16555", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183", - "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03765en_us", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849", - "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", - "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171", - "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/", - "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", - "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvb05575", - "https://security-tracker.debian.org/tracker/CVE-2016-2183", - "https://security.gentoo.org/glsa/201612-16", - "https://security.gentoo.org/glsa/201701-65", - "https://security.gentoo.org/glsa/201707-01", - "https://security.netapp.com/advisory/ntap-20160915-0001/", - "https://security.netapp.com/advisory/ntap-20170119-0001/", - "https://sweet32.info/", - "https://twitter.com/symantec/status/768786631159603200", - "https://usn.ubuntu.com/usn/usn-3087-1", - "https://usn.ubuntu.com/usn/usn-3179-1", - "https://usn.ubuntu.com/usn/usn-3194-1", - "https://usn.ubuntu.com/usn/usn-3198-1", - "https://usn.ubuntu.com/usn/usn-3270-1", - "https://usn.ubuntu.com/usn/usn-3372-1", - "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html", - "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008", - "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/", - "https://www.openssl.org/blog/blog/2016/08/24/sweet32/", - "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "https://www.sigsac.org/ccs/CCS2016/accepted-papers/", - "https://www.suse.com/security/cve/CVE-2016-2183.html", - "https://www.tenable.com/security/tns-2016-16", - "https://www.tenable.com/security/tns-2016-20", - "https://www.tenable.com/security/tns-2016-21", - "https://www.tenable.com/security/tns-2017-09", - "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue" - ], - "PublishedDate": "2016-09-01T00:59:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9074", - "PkgName": "nss", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9074", - "Title": "nss: Insufficient timing side-channel resistance in divSpoiler", - "Description": "An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/94341", - "http://www.securitytracker.com/id/1037298", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1293334", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", - "https://security.gentoo.org/glsa/201701-15", - "https://security.gentoo.org/glsa/201701-46", - "https://usn.ubuntu.com/usn/usn-3163-1", - "https://www.debian.org/security/2016/dsa-3730", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9074", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/", - "https://www.mozilla.org/security/advisories/mfsa2016-89/", - "https://www.mozilla.org/security/advisories/mfsa2016-90/", - "https://www.mozilla.org/security/advisories/mfsa2016-93/" - ], - "PublishedDate": "2018-06-11T21:29:00Z", - "LastModifiedDate": "2018-08-09T15:12:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9574", - "PkgName": "nss", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9574", - "Title": "nss: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA", - "Description": "nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-384" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - } - }, - "References": [ - "https://bugzilla.mozilla.org/show_bug.cgi?id=1320695", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9574", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9574" - ], - "PublishedDate": "2018-07-19T13:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0495", - "PkgName": "nss", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", - "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", - "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0495.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://www.securitytracker.com/id/1041144", - "http://www.securitytracker.com/id/1041147", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1296", - "https://access.redhat.com/errata/RHSA-2019:1297", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", - "https://dev.gnupg.org/T4011", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", - "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", - "https://usn.ubuntu.com/3689-1/", - "https://usn.ubuntu.com/3689-2/", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/3850-1/", - "https://usn.ubuntu.com/3850-2/", - "https://usn.ubuntu.com/usn/usn-3689-1", - "https://usn.ubuntu.com/usn/usn-3689-2", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.debian.org/security/2018/dsa-4231", - "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-06-13T23:29:00Z", - "LastModifiedDate": "2019-05-30T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12384", - "PkgName": "nss", - "InstalledVersion": "3.36.0-8.el6", - "FixedVersion": "3.36.0-9.el6_10", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12384", - "Title": "nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello", - "Description": "When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-12384.html", - "http://linux.oracle.com/errata/ELSA-2018-2898.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12384", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12384", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.5_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.39_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" - ], - "PublishedDate": "2019-04-29T15:29:00Z", - "LastModifiedDate": "2019-10-16T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12404", - "PkgName": "nss", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", - "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", - "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://cat.eyalro.net/", - "http://linux.oracle.com/cve/CVE-2018-12404.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", - "http://www.securityfocus.com/bid/107260", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2" - ], - "PublishedDate": "2019-05-02T17:29:00Z", - "LastModifiedDate": "2019-07-20T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18508", - "PkgName": "nss", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18508", - "Title": "nss: NULL pointer dereference in several CMS functions resulting in a denial of service", - "Description": "No description is available for this CVE.", - "Severity": "MEDIUM", - "CVSS": { - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18508.html", - "http://linux.oracle.com/errata/ELSA-2019-1951.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.42.1_release_notes", - "https://usn.ubuntu.com/usn/usn-3898-1", - "https://usn.ubuntu.com/usn/usn-3898-2" +{ + "SchemaVersion": 2, + "ArtifactName": "testdata/fixtures/images/centos-6.tar.gz", + "ArtifactType": "container_image", + "Metadata": { + "OS": { + "Family": "centos", + "Name": "6.10", + "EOSL": true + }, + "ImageID": "sha256:d0957ffdf8a2ea8c8925903862b65a1b6850dbb019f88d45e927d3d5a3fa0c31", + "DiffIDs": [ + "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + ], + "ImageConfig": { + "architecture": "amd64", + "author": "https://github.com/CentOS/sig-cloud-instance-images", + "container": "d519f3e5c41d16388d3fba0dac626427b21deb98cce150dee80c180b9baf9435", + "created": "2019-03-14T21:20:11.486358099Z", + "docker_version": "18.06.1-ce", + "history": [ + { + "author": "https://github.com/CentOS/sig-cloud-instance-images", + "created": "2018-10-09T18:20:03.816986835Z", + "created_by": "/bin/sh -c #(nop) MAINTAINER https://github.com/CentOS/sig-cloud-instance-images", + "empty_layer": true + }, + { + "author": "https://github.com/CentOS/sig-cloud-instance-images", + "created": "2019-03-14T21:20:10.936939354Z", + "created_by": "/bin/sh -c #(nop) ADD file:0065316a41144e95bcb133567cc86816b8368a823cc067d741e06ded59849fd8 in / " + }, + { + "author": "https://github.com/CentOS/sig-cloud-instance-images", + "created": "2019-03-14T21:20:11.322700622Z", + "created_by": "/bin/sh -c #(nop) LABEL org.label-schema.schema-version=1.0 org.label-schema.name=CentOS Base Image org.label-schema.vendor=CentOS org.label-schema.license=GPLv2 org.label-schema.build-date=20181006", + "empty_layer": true + }, + { + "author": "https://github.com/CentOS/sig-cloud-instance-images", + "created": "2019-03-14T21:20:11.486358099Z", + "created_by": "/bin/sh -c #(nop) CMD [\"/bin/bash\"]", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" ] }, - { - "VulnerabilityID": "CVE-2011-5094", - "PkgName": "nss", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-5094", - "Title": "nss: DoS via repeated SSL session renegotiations", - "Description": "** DISPUTED ** Mozilla Network Security Services (NSS) 3.x, with certain settings of the SSL_ENABLE_RENEGOTIATION option, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-1473. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://orchilles.com/2011/03/ssl-renegotiation-dos.html", - "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html", - "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html", - "http://www.ietf.org/mail-archive/web/tls/current/msg07553.html", - "http://www.ietf.org/mail-archive/web/tls/current/msg07564.html", - "http://www.ietf.org/mail-archive/web/tls/current/msg07567.html", - "http://www.ietf.org/mail-archive/web/tls/current/msg07576.html", - "http://www.ietf.org/mail-archive/web/tls/current/msg07577.html", - "http://www.openwall.com/lists/oss-security/2011/07/08/2", - "https://bugzilla.redhat.com/show_bug.cgi?id=707065" - ], - "PublishedDate": "2012-06-16T21:55:00Z", - "LastModifiedDate": "2012-06-18T04:00:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-softokn", - "InstalledVersion": "3.14.3-23.3.el6_8", - "FixedVersion": "3.44.0-6.el6_10", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2613", - "PkgName": "nss-softokn", - "InstalledVersion": "3.14.3-23.3.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2613", - "Title": "NSS / JCE: missing EC parameter validation in ECDH_Derive() (OpenJDK JCE, 8075833)", - "Description": "Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - } - }, - "References": [ - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", - "http://rhn.redhat.com/errata/RHSA-2015-1241.html", - "http://rhn.redhat.com/errata/RHSA-2015-1242.html", - "http://rhn.redhat.com/errata/RHSA-2015-1485.html", - "http://rhn.redhat.com/errata/RHSA-2015-1488.html", - "http://www.debian.org/security/2015/dsa-3316", - "http://www.debian.org/security/2015/dsa-3339", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA", - "http://www.securityfocus.com/bid/75871", - "http://www.securitytracker.com/id/1032910", - "http://www.ubuntu.com/usn/USN-2696-1", - "http://www.ubuntu.com/usn/USN-2706-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10139", - "https://security.gentoo.org/glsa/201603-11", - "https://security.gentoo.org/glsa/201603-14", - "https://usn.ubuntu.com/usn/usn-2696-1" - ], - "PublishedDate": "2015-07-16T10:59:00Z", - "LastModifiedDate": "2018-01-05T02:30:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7781", - "PkgName": "nss-softokn", - "InstalledVersion": "3.14.3-23.3.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7781", - "Title": "Mozilla: Elliptic curve point addition error when using mixed Jacobian-affine coordinates (MFSA 2017-18)", - "Description": "An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result \"POINT_AT_INFINITY\" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret. This vulnerability affects Firefox \u003c 55.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V3Score": 6.1 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100383", - "http://www.securitytracker.com/id/1039124", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1352039", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7781", - "https://usn.ubuntu.com/usn/usn-3391-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7781", - "https://www.mozilla.org/security/advisories/mfsa2017-18/" - ], - "PublishedDate": "2018-06-11T21:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2016-1938", - "PkgName": "nss-softokn", - "InstalledVersion": "3.14.3-23.3.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1938", - "Title": "Mozilla NSS: Errors in mp_div and mp_exptmod cryptographic functions", - "Description": "The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.", - "Severity": "LOW", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V2Score": 6.4, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 2.6 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html", - "http://www.debian.org/security/2016/dsa-3688", - "http://www.mozilla.org/security/announce/2016/mfsa2016-07.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "http://www.securityfocus.com/bid/81955", - "http://www.securityfocus.com/bid/91787", - "http://www.securitytracker.com/id/1034825", - "http://www.ubuntu.com/usn/USN-2880-1", - "http://www.ubuntu.com/usn/USN-2880-2", - "http://www.ubuntu.com/usn/USN-2903-1", - "http://www.ubuntu.com/usn/USN-2903-2", - "http://www.ubuntu.com/usn/USN-2973-1", - "https://blog.fuzzing-project.org/37-Mozilla-NSS-Wrong-calculation-results-in-mp_div-and-mp_exptmod.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1190248", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1194947", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1938", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes", - "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_div.c", - "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_exptmod.c", - "https://hg.mozilla.org/projects/nss/diff/a555bf0fc23a/lib/freebl/mpi/mpi.c", - "https://security.gentoo.org/glsa/201605-06", - "https://security.gentoo.org/glsa/201701-46", - "https://usn.ubuntu.com/usn/usn-2880-1", - "https://usn.ubuntu.com/usn/usn-2903-1", - "https://usn.ubuntu.com/usn/usn-2973-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-07/" - ], - "PublishedDate": "2016-01-31T18:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.14.3-23.3.el6_8", - "FixedVersion": "3.44.0-6.el6_10", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2613", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.14.3-23.3.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2613", - "Title": "NSS / JCE: missing EC parameter validation in ECDH_Derive() (OpenJDK JCE, 8075833)", - "Description": "Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - } - }, - "References": [ - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", - "http://rhn.redhat.com/errata/RHSA-2015-1241.html", - "http://rhn.redhat.com/errata/RHSA-2015-1242.html", - "http://rhn.redhat.com/errata/RHSA-2015-1485.html", - "http://rhn.redhat.com/errata/RHSA-2015-1488.html", - "http://www.debian.org/security/2015/dsa-3316", - "http://www.debian.org/security/2015/dsa-3339", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA", - "http://www.securityfocus.com/bid/75871", - "http://www.securitytracker.com/id/1032910", - "http://www.ubuntu.com/usn/USN-2696-1", - "http://www.ubuntu.com/usn/USN-2706-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10139", - "https://security.gentoo.org/glsa/201603-11", - "https://security.gentoo.org/glsa/201603-14", - "https://usn.ubuntu.com/usn/usn-2696-1" - ], - "PublishedDate": "2015-07-16T10:59:00Z", - "LastModifiedDate": "2018-01-05T02:30:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7781", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.14.3-23.3.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7781", - "Title": "Mozilla: Elliptic curve point addition error when using mixed Jacobian-affine coordinates (MFSA 2017-18)", - "Description": "An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result \"POINT_AT_INFINITY\" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret. This vulnerability affects Firefox \u003c 55.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V3Score": 6.1 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100383", - "http://www.securitytracker.com/id/1039124", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1352039", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7781", - "https://usn.ubuntu.com/usn/usn-3391-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7781", - "https://www.mozilla.org/security/advisories/mfsa2017-18/" - ], - "PublishedDate": "2018-06-11T21:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2016-1938", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.14.3-23.3.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1938", - "Title": "Mozilla NSS: Errors in mp_div and mp_exptmod cryptographic functions", - "Description": "The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.", - "Severity": "LOW", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V2Score": 6.4, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 2.6 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html", - "http://www.debian.org/security/2016/dsa-3688", - "http://www.mozilla.org/security/announce/2016/mfsa2016-07.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "http://www.securityfocus.com/bid/81955", - "http://www.securityfocus.com/bid/91787", - "http://www.securitytracker.com/id/1034825", - "http://www.ubuntu.com/usn/USN-2880-1", - "http://www.ubuntu.com/usn/USN-2880-2", - "http://www.ubuntu.com/usn/USN-2903-1", - "http://www.ubuntu.com/usn/USN-2903-2", - "http://www.ubuntu.com/usn/USN-2973-1", - "https://blog.fuzzing-project.org/37-Mozilla-NSS-Wrong-calculation-results-in-mp_div-and-mp_exptmod.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1190248", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1194947", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1938", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes", - "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_div.c", - "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_exptmod.c", - "https://hg.mozilla.org/projects/nss/diff/a555bf0fc23a/lib/freebl/mpi/mpi.c", - "https://security.gentoo.org/glsa/201605-06", - "https://security.gentoo.org/glsa/201701-46", - "https://usn.ubuntu.com/usn/usn-2880-1", - "https://usn.ubuntu.com/usn/usn-2903-1", - "https://usn.ubuntu.com/usn/usn-2973-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-07/" - ], - "PublishedDate": "2016-01-31T18:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2011-3640", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-3640", - "Title": "nss: /pkcs11.txt and /secmod.db files read on initialization", - "Description": "** DISPUTED ** Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was \"Strange behavior, but we're not treating this as a security bug.\"", - "Severity": "HIGH", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", - "V2Score": 9.3 - } - }, - "References": [ - "http://blog.acrossecurity.com/2011/10/google-chrome-pkcs11txt-file-planting.html", - "http://code.google.com/p/chromium/issues/detail?id=97426", - "http://securityreason.com/securityalert/8483", - "https://bugzilla.mozilla.org/show_bug.cgi?id=641052", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3640", - "https://hermes.opensuse.org/messages/13154861", - "https://hermes.opensuse.org/messages/13155432", - "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13414" - ], - "PublishedDate": "2011-10-28T02:49:00Z", - "LastModifiedDate": "2017-09-19T01:34:00Z" - }, - { - "VulnerabilityID": "CVE-2011-3389", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-3389", - "Title": "HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)", - "Description": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://arcticdog.wordpress.com/2012/08/29/beast-openssl-and-apache/", - "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/", - "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx", - "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx", - "http://curl.haxx.se/docs/adv_20120124B.html", - "http://downloads.asterisk.org/pub/security/AST-2016-001.html", - "http://ekoparty.org/2011/juliano-rizzo.php", - "http://eprint.iacr.org/2004/111", - "http://eprint.iacr.org/2006/136", - "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html", - "http://isc.sans.edu/diary/SSL+TLS+part+3+/11635", - "http://linux.oracle.com/cve/CVE-2011-3389.html", - "http://linux.oracle.com/errata/ELSA-2011-1380.html", - "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html", - "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html", - "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html", - "http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html", - "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html", - "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html", - "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html", - "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html", - "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html", - "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html", - "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2", - "http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue", - "http://osvdb.org/74829", - "http://rhn.redhat.com/errata/RHSA-2012-0508.html", - "http://rhn.redhat.com/errata/RHSA-2013-1455.html", - "http://secunia.com/advisories/45791", - "http://secunia.com/advisories/47998", - "http://secunia.com/advisories/48256", - "http://secunia.com/advisories/48692", - "http://secunia.com/advisories/48915", - "http://secunia.com/advisories/48948", - "http://secunia.com/advisories/49198", - "http://secunia.com/advisories/55322", - "http://secunia.com/advisories/55350", - "http://secunia.com/advisories/55351", - "http://security.gentoo.org/glsa/glsa-201203-02.xml", - "http://security.gentoo.org/glsa/glsa-201406-32.xml", - "http://support.apple.com/kb/HT4999", - "http://support.apple.com/kb/HT5001", - "http://support.apple.com/kb/HT5130", - "http://support.apple.com/kb/HT5281", - "http://support.apple.com/kb/HT5501", - "http://support.apple.com/kb/HT6150", - "http://technet.microsoft.com/security/advisory/2588513", - "http://vnhacker.blogspot.com/2011/09/beast.html", - "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf", - "http://www.debian.org/security/2012/dsa-2398", - "http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html", - "http://www.ibm.com/developerworks/java/jdk/alerts/", - "http://www.imperialviolet.org/2011/09/23/chromeandbeast.html", - "http://www.insecure.cl/Beast-SSL.rar", - "http://www.kb.cert.org/vuls/id/864643", - "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058", - "http://www.opera.com/docs/changelogs/mac/1151/", - "http://www.opera.com/docs/changelogs/mac/1160/", - "http://www.opera.com/docs/changelogs/unix/1151/", - "http://www.opera.com/docs/changelogs/unix/1160/", - "http://www.opera.com/docs/changelogs/windows/1151/", - "http://www.opera.com/docs/changelogs/windows/1160/", - "http://www.opera.com/support/kb/view/1004/", - "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", - "http://www.redhat.com/support/errata/RHSA-2011-1384.html", - "http://www.redhat.com/support/errata/RHSA-2012-0006.html", - "http://www.securityfocus.com/bid/49388", - "http://www.securityfocus.com/bid/49778", - "http://www.securitytracker.com/id/1029190", - "http://www.securitytracker.com/id?1025997", - "http://www.securitytracker.com/id?1026103", - "http://www.securitytracker.com/id?1026704", - "http://www.ubuntu.com/usn/USN-1263-1", - "http://www.us-cert.gov/cas/techalerts/TA12-010A.html", - "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail", - "https://bugzilla.novell.com/show_bug.cgi?id=719047", - "https://bugzilla.redhat.com/show_bug.cgi?id=737506", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389", - "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006", - "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862", - "https://hermes.opensuse.org/messages/13154861", - "https://hermes.opensuse.org/messages/13155432", - "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", - "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752", - "https://usn.ubuntu.com/usn/usn-1263-1" - ], - "PublishedDate": "2011-09-06T19:55:00Z", - "LastModifiedDate": "2018-10-12T22:01:00Z" - }, - { - "VulnerabilityID": "CVE-2013-2566", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-2566", - "Title": "SSL/TLS: Attack against RC4 stream cipher", - "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html", - "http://cr.yp.to/talks/2013.03.12/slides.pdf", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", - "http://marc.info/?l=bugtraq\u0026m=143039468003789\u0026w=2", - "http://my.opera.com/securitygroup/blog/2013/03/20/on-the-precariousness-of-rc4", - "http://security.gentoo.org/glsa/glsa-201406-19.xml", - "http://www.isg.rhul.ac.uk/tls/", - "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html", - "http://www.opera.com/docs/changelogs/unified/1215/", - "http://www.opera.com/security/advisory/1046", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.securityfocus.com/bid/58796", - "http://www.ubuntu.com/usn/USN-2031-1", - "http://www.ubuntu.com/usn/USN-2032-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2566", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", - "https://security.gentoo.org/glsa/201504-01", - "https://usn.ubuntu.com/usn/usn-2031-1", - "https://usn.ubuntu.com/usn/usn-2032-1" - ], - "PublishedDate": "2013-03-15T21:55:00Z", - "LastModifiedDate": "2018-01-18T18:18:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2808", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2808", - "Title": "SSL/TLS: \"Invariance Weakness\" vulnerability in RC4 stream cipher", - "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", - "http://linux.oracle.com/cve/CVE-2015-2808.html", - "http://linux.oracle.com/errata/ELSA-2015-1526.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html", - "http://marc.info/?l=bugtraq\u0026m=143456209711959\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143629696317098\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144059660127919\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144059703728085\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144104565600964\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2", - "http://rhn.redhat.com/errata/RHSA-2015-1006.html", - "http://rhn.redhat.com/errata/RHSA-2015-1007.html", - "http://rhn.redhat.com/errata/RHSA-2015-1020.html", - "http://rhn.redhat.com/errata/RHSA-2015-1021.html", - "http://rhn.redhat.com/errata/RHSA-2015-1091.html", - "http://rhn.redhat.com/errata/RHSA-2015-1228.html", - "http://rhn.redhat.com/errata/RHSA-2015-1229.html", - "http://rhn.redhat.com/errata/RHSA-2015-1230.html", - "http://rhn.redhat.com/errata/RHSA-2015-1241.html", - "http://rhn.redhat.com/errata/RHSA-2015-1242.html", - "http://rhn.redhat.com/errata/RHSA-2015-1243.html", - "http://rhn.redhat.com/errata/RHSA-2015-1526.html", - "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888", - "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892", - "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", - "http://www-304.ibm.com/support/docview.wss?uid=swg21903565", - "http://www-304.ibm.com/support/docview.wss?uid=swg21960015", - "http://www-304.ibm.com/support/docview.wss?uid=swg21960769", - "http://www.debian.org/security/2015/dsa-3316", - "http://www.debian.org/security/2015/dsa-3339", - "http://www.huawei.com/en/psirt/security-advisories/hw-454055", - "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "http://www.securityfocus.com/bid/73684", - "http://www.securityfocus.com/bid/91787", - "http://www.securitytracker.com/id/1032599", - "http://www.securitytracker.com/id/1032600", - "http://www.securitytracker.com/id/1032707", - "http://www.securitytracker.com/id/1032708", - "http://www.securitytracker.com/id/1032734", - "http://www.securitytracker.com/id/1032788", - "http://www.securitytracker.com/id/1032858", - "http://www.securitytracker.com/id/1032868", - "http://www.securitytracker.com/id/1032910", - "http://www.securitytracker.com/id/1032990", - "http://www.securitytracker.com/id/1033071", - "http://www.securitytracker.com/id/1033072", - "http://www.securitytracker.com/id/1033386", - "http://www.securitytracker.com/id/1033415", - "http://www.securitytracker.com/id/1033431", - "http://www.securitytracker.com/id/1033432", - "http://www.securitytracker.com/id/1033737", - "http://www.securitytracker.com/id/1033769", - "http://www.securitytracker.com/id/1036222", - "http://www.ubuntu.com/usn/USN-2696-1", - "http://www.ubuntu.com/usn/USN-2706-1", - "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808", - "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", - "https://kb.juniper.net/JSA10783", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163", - "https://security.gentoo.org/glsa/201512-10", - "https://usn.ubuntu.com/usn/usn-2696-1", - "https://usn.ubuntu.com/usn/usn-2706-1", - "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709", - "https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf" - ], - "PublishedDate": "2015-04-01T02:00:00Z", - "LastModifiedDate": "2018-01-18T18:18:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2183", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2183", - "Title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)", - "Description": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.7 - } - }, - "References": [ - "http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/5d2bb853ae31", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759", - "http://linux.oracle.com/cve/CVE-2016-2183.html", - "http://linux.oracle.com/errata/ELSA-2018-2123.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", - "http://rhn.redhat.com/errata/RHSA-2017-0336.html", - "http://rhn.redhat.com/errata/RHSA-2017-0337.html", - "http://rhn.redhat.com/errata/RHSA-2017-0338.html", - "http://rhn.redhat.com/errata/RHSA-2017-0462.html", - "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697", - "http://www-01.ibm.com/support/docview.wss?uid=swg21991482", - "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", - "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", - "http://www.securityfocus.com/bid/92630", - "http://www.securityfocus.com/bid/95568", - "http://www.securitytracker.com/id/1036696", - "http://www.splunk.com/view/SP-CAAAPSV", - "http://www.splunk.com/view/SP-CAAAPUE", - "https://access.redhat.com/articles/2548661", - "https://access.redhat.com/errata/RHSA-2016:1940", - "https://access.redhat.com/errata/RHSA-2017:1216", - "https://access.redhat.com/errata/RHSA-2017:2708", - "https://access.redhat.com/errata/RHSA-2017:2709", - "https://access.redhat.com/errata/RHSA-2017:2710", - "https://access.redhat.com/errata/RHSA-2017:3113", - "https://access.redhat.com/errata/RHSA-2017:3114", - "https://access.redhat.com/errata/RHSA-2017:3239", - "https://access.redhat.com/errata/RHSA-2017:3240", - "https://access.redhat.com/errata/RHSA-2018:2123", - "https://access.redhat.com/errata/RHSA-2019:1245", - "https://access.redhat.com/errata/RHSA-2019:2859", - "https://access.redhat.com/security/cve/cve-2016-2183", - "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/", - "https://bto.bluecoat.com/security-advisory/sa133", - "https://bugzilla.redhat.com/show_bug.cgi?id=1369383", - "https://community.qualys.com/thread/16555", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183", - "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03765en_us", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849", - "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", - "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171", - "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/", - "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", - "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvb05575", - "https://security-tracker.debian.org/tracker/CVE-2016-2183", - "https://security.gentoo.org/glsa/201612-16", - "https://security.gentoo.org/glsa/201701-65", - "https://security.gentoo.org/glsa/201707-01", - "https://security.netapp.com/advisory/ntap-20160915-0001/", - "https://security.netapp.com/advisory/ntap-20170119-0001/", - "https://sweet32.info/", - "https://twitter.com/symantec/status/768786631159603200", - "https://usn.ubuntu.com/usn/usn-3087-1", - "https://usn.ubuntu.com/usn/usn-3179-1", - "https://usn.ubuntu.com/usn/usn-3194-1", - "https://usn.ubuntu.com/usn/usn-3198-1", - "https://usn.ubuntu.com/usn/usn-3270-1", - "https://usn.ubuntu.com/usn/usn-3372-1", - "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html", - "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008", - "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/", - "https://www.openssl.org/blog/blog/2016/08/24/sweet32/", - "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "https://www.sigsac.org/ccs/CCS2016/accepted-papers/", - "https://www.suse.com/security/cve/CVE-2016-2183.html", - "https://www.tenable.com/security/tns-2016-16", - "https://www.tenable.com/security/tns-2016-20", - "https://www.tenable.com/security/tns-2016-21", - "https://www.tenable.com/security/tns-2017-09", - "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue" - ], - "PublishedDate": "2016-09-01T00:59:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9074", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9074", - "Title": "nss: Insufficient timing side-channel resistance in divSpoiler", - "Description": "An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/94341", - "http://www.securitytracker.com/id/1037298", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1293334", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", - "https://security.gentoo.org/glsa/201701-15", - "https://security.gentoo.org/glsa/201701-46", - "https://usn.ubuntu.com/usn/usn-3163-1", - "https://www.debian.org/security/2016/dsa-3730", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9074", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/", - "https://www.mozilla.org/security/advisories/mfsa2016-89/", - "https://www.mozilla.org/security/advisories/mfsa2016-90/", - "https://www.mozilla.org/security/advisories/mfsa2016-93/" - ], - "PublishedDate": "2018-06-11T21:29:00Z", - "LastModifiedDate": "2018-08-09T15:12:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9574", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9574", - "Title": "nss: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA", - "Description": "nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-384" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - } - }, - "References": [ - "https://bugzilla.mozilla.org/show_bug.cgi?id=1320695", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9574", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9574" - ], - "PublishedDate": "2018-07-19T13:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0495", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", - "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", - "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0495.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://www.securitytracker.com/id/1041144", - "http://www.securitytracker.com/id/1041147", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1296", - "https://access.redhat.com/errata/RHSA-2019:1297", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", - "https://dev.gnupg.org/T4011", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", - "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", - "https://usn.ubuntu.com/3689-1/", - "https://usn.ubuntu.com/3689-2/", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/3850-1/", - "https://usn.ubuntu.com/3850-2/", - "https://usn.ubuntu.com/usn/usn-3689-1", - "https://usn.ubuntu.com/usn/usn-3689-2", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.debian.org/security/2018/dsa-4231", - "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-06-13T23:29:00Z", - "LastModifiedDate": "2019-05-30T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12384", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-8.el6", - "FixedVersion": "3.36.0-9.el6_10", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12384", - "Title": "nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello", - "Description": "When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-12384.html", - "http://linux.oracle.com/errata/ELSA-2018-2898.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12384", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12384", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.5_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.39_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" - ], - "PublishedDate": "2019-04-29T15:29:00Z", - "LastModifiedDate": "2019-10-16T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12404", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", - "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", - "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://cat.eyalro.net/", - "http://linux.oracle.com/cve/CVE-2018-12404.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", - "http://www.securityfocus.com/bid/107260", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2" - ], - "PublishedDate": "2019-05-02T17:29:00Z", - "LastModifiedDate": "2019-07-20T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18508", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18508", - "Title": "nss: NULL pointer dereference in several CMS functions resulting in a denial of service", - "Description": "No description is available for this CVE.", - "Severity": "MEDIUM", - "CVSS": { - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18508.html", - "http://linux.oracle.com/errata/ELSA-2019-1951.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.42.1_release_notes", - "https://usn.ubuntu.com/usn/usn-3898-1", - "https://usn.ubuntu.com/usn/usn-3898-2" - ] - }, - { - "VulnerabilityID": "CVE-2011-5094", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-5094", - "Title": "nss: DoS via repeated SSL session renegotiations", - "Description": "** DISPUTED ** Mozilla Network Security Services (NSS) 3.x, with certain settings of the SSL_ENABLE_RENEGOTIATION option, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-1473. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://orchilles.com/2011/03/ssl-renegotiation-dos.html", - "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html", - "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html", - "http://www.ietf.org/mail-archive/web/tls/current/msg07553.html", - "http://www.ietf.org/mail-archive/web/tls/current/msg07564.html", - "http://www.ietf.org/mail-archive/web/tls/current/msg07567.html", - "http://www.ietf.org/mail-archive/web/tls/current/msg07576.html", - "http://www.ietf.org/mail-archive/web/tls/current/msg07577.html", - "http://www.openwall.com/lists/oss-security/2011/07/08/2", - "https://bugzilla.redhat.com/show_bug.cgi?id=707065" - ], - "PublishedDate": "2012-06-16T21:55:00Z", - "LastModifiedDate": "2012-06-18T04:00:00Z" - }, - { - "VulnerabilityID": "CVE-2011-3640", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-3640", - "Title": "nss: /pkcs11.txt and /secmod.db files read on initialization", - "Description": "** DISPUTED ** Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was \"Strange behavior, but we're not treating this as a security bug.\"", - "Severity": "HIGH", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", - "V2Score": 9.3 - } - }, - "References": [ - "http://blog.acrossecurity.com/2011/10/google-chrome-pkcs11txt-file-planting.html", - "http://code.google.com/p/chromium/issues/detail?id=97426", - "http://securityreason.com/securityalert/8483", - "https://bugzilla.mozilla.org/show_bug.cgi?id=641052", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3640", - "https://hermes.opensuse.org/messages/13154861", - "https://hermes.opensuse.org/messages/13155432", - "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13414" - ], - "PublishedDate": "2011-10-28T02:49:00Z", - "LastModifiedDate": "2017-09-19T01:34:00Z" - }, - { - "VulnerabilityID": "CVE-2011-3389", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-3389", - "Title": "HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)", - "Description": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://arcticdog.wordpress.com/2012/08/29/beast-openssl-and-apache/", - "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/", - "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx", - "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx", - "http://curl.haxx.se/docs/adv_20120124B.html", - "http://downloads.asterisk.org/pub/security/AST-2016-001.html", - "http://ekoparty.org/2011/juliano-rizzo.php", - "http://eprint.iacr.org/2004/111", - "http://eprint.iacr.org/2006/136", - "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html", - "http://isc.sans.edu/diary/SSL+TLS+part+3+/11635", - "http://linux.oracle.com/cve/CVE-2011-3389.html", - "http://linux.oracle.com/errata/ELSA-2011-1380.html", - "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html", - "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html", - "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html", - "http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html", - "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html", - "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html", - "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html", - "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html", - "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html", - "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html", - "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2", - "http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue", - "http://osvdb.org/74829", - "http://rhn.redhat.com/errata/RHSA-2012-0508.html", - "http://rhn.redhat.com/errata/RHSA-2013-1455.html", - "http://secunia.com/advisories/45791", - "http://secunia.com/advisories/47998", - "http://secunia.com/advisories/48256", - "http://secunia.com/advisories/48692", - "http://secunia.com/advisories/48915", - "http://secunia.com/advisories/48948", - "http://secunia.com/advisories/49198", - "http://secunia.com/advisories/55322", - "http://secunia.com/advisories/55350", - "http://secunia.com/advisories/55351", - "http://security.gentoo.org/glsa/glsa-201203-02.xml", - "http://security.gentoo.org/glsa/glsa-201406-32.xml", - "http://support.apple.com/kb/HT4999", - "http://support.apple.com/kb/HT5001", - "http://support.apple.com/kb/HT5130", - "http://support.apple.com/kb/HT5281", - "http://support.apple.com/kb/HT5501", - "http://support.apple.com/kb/HT6150", - "http://technet.microsoft.com/security/advisory/2588513", - "http://vnhacker.blogspot.com/2011/09/beast.html", - "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf", - "http://www.debian.org/security/2012/dsa-2398", - "http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html", - "http://www.ibm.com/developerworks/java/jdk/alerts/", - "http://www.imperialviolet.org/2011/09/23/chromeandbeast.html", - "http://www.insecure.cl/Beast-SSL.rar", - "http://www.kb.cert.org/vuls/id/864643", - "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058", - "http://www.opera.com/docs/changelogs/mac/1151/", - "http://www.opera.com/docs/changelogs/mac/1160/", - "http://www.opera.com/docs/changelogs/unix/1151/", - "http://www.opera.com/docs/changelogs/unix/1160/", - "http://www.opera.com/docs/changelogs/windows/1151/", - "http://www.opera.com/docs/changelogs/windows/1160/", - "http://www.opera.com/support/kb/view/1004/", - "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", - "http://www.redhat.com/support/errata/RHSA-2011-1384.html", - "http://www.redhat.com/support/errata/RHSA-2012-0006.html", - "http://www.securityfocus.com/bid/49388", - "http://www.securityfocus.com/bid/49778", - "http://www.securitytracker.com/id/1029190", - "http://www.securitytracker.com/id?1025997", - "http://www.securitytracker.com/id?1026103", - "http://www.securitytracker.com/id?1026704", - "http://www.ubuntu.com/usn/USN-1263-1", - "http://www.us-cert.gov/cas/techalerts/TA12-010A.html", - "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail", - "https://bugzilla.novell.com/show_bug.cgi?id=719047", - "https://bugzilla.redhat.com/show_bug.cgi?id=737506", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389", - "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006", - "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862", - "https://hermes.opensuse.org/messages/13154861", - "https://hermes.opensuse.org/messages/13155432", - "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", - "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752", - "https://usn.ubuntu.com/usn/usn-1263-1" - ], - "PublishedDate": "2011-09-06T19:55:00Z", - "LastModifiedDate": "2018-10-12T22:01:00Z" - }, - { - "VulnerabilityID": "CVE-2013-2566", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-2566", - "Title": "SSL/TLS: Attack against RC4 stream cipher", - "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html", - "http://cr.yp.to/talks/2013.03.12/slides.pdf", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", - "http://marc.info/?l=bugtraq\u0026m=143039468003789\u0026w=2", - "http://my.opera.com/securitygroup/blog/2013/03/20/on-the-precariousness-of-rc4", - "http://security.gentoo.org/glsa/glsa-201406-19.xml", - "http://www.isg.rhul.ac.uk/tls/", - "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html", - "http://www.opera.com/docs/changelogs/unified/1215/", - "http://www.opera.com/security/advisory/1046", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.securityfocus.com/bid/58796", - "http://www.ubuntu.com/usn/USN-2031-1", - "http://www.ubuntu.com/usn/USN-2032-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2566", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", - "https://security.gentoo.org/glsa/201504-01", - "https://usn.ubuntu.com/usn/usn-2031-1", - "https://usn.ubuntu.com/usn/usn-2032-1" - ], - "PublishedDate": "2013-03-15T21:55:00Z", - "LastModifiedDate": "2018-01-18T18:18:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2808", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2808", - "Title": "SSL/TLS: \"Invariance Weakness\" vulnerability in RC4 stream cipher", - "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", - "http://linux.oracle.com/cve/CVE-2015-2808.html", - "http://linux.oracle.com/errata/ELSA-2015-1526.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html", - "http://marc.info/?l=bugtraq\u0026m=143456209711959\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143629696317098\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144059660127919\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144059703728085\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144104565600964\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2", - "http://rhn.redhat.com/errata/RHSA-2015-1006.html", - "http://rhn.redhat.com/errata/RHSA-2015-1007.html", - "http://rhn.redhat.com/errata/RHSA-2015-1020.html", - "http://rhn.redhat.com/errata/RHSA-2015-1021.html", - "http://rhn.redhat.com/errata/RHSA-2015-1091.html", - "http://rhn.redhat.com/errata/RHSA-2015-1228.html", - "http://rhn.redhat.com/errata/RHSA-2015-1229.html", - "http://rhn.redhat.com/errata/RHSA-2015-1230.html", - "http://rhn.redhat.com/errata/RHSA-2015-1241.html", - "http://rhn.redhat.com/errata/RHSA-2015-1242.html", - "http://rhn.redhat.com/errata/RHSA-2015-1243.html", - "http://rhn.redhat.com/errata/RHSA-2015-1526.html", - "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888", - "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892", - "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", - "http://www-304.ibm.com/support/docview.wss?uid=swg21903565", - "http://www-304.ibm.com/support/docview.wss?uid=swg21960015", - "http://www-304.ibm.com/support/docview.wss?uid=swg21960769", - "http://www.debian.org/security/2015/dsa-3316", - "http://www.debian.org/security/2015/dsa-3339", - "http://www.huawei.com/en/psirt/security-advisories/hw-454055", - "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "http://www.securityfocus.com/bid/73684", - "http://www.securityfocus.com/bid/91787", - "http://www.securitytracker.com/id/1032599", - "http://www.securitytracker.com/id/1032600", - "http://www.securitytracker.com/id/1032707", - "http://www.securitytracker.com/id/1032708", - "http://www.securitytracker.com/id/1032734", - "http://www.securitytracker.com/id/1032788", - "http://www.securitytracker.com/id/1032858", - "http://www.securitytracker.com/id/1032868", - "http://www.securitytracker.com/id/1032910", - "http://www.securitytracker.com/id/1032990", - "http://www.securitytracker.com/id/1033071", - "http://www.securitytracker.com/id/1033072", - "http://www.securitytracker.com/id/1033386", - "http://www.securitytracker.com/id/1033415", - "http://www.securitytracker.com/id/1033431", - "http://www.securitytracker.com/id/1033432", - "http://www.securitytracker.com/id/1033737", - "http://www.securitytracker.com/id/1033769", - "http://www.securitytracker.com/id/1036222", - "http://www.ubuntu.com/usn/USN-2696-1", - "http://www.ubuntu.com/usn/USN-2706-1", - "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808", - "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", - "https://kb.juniper.net/JSA10783", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163", - "https://security.gentoo.org/glsa/201512-10", - "https://usn.ubuntu.com/usn/usn-2696-1", - "https://usn.ubuntu.com/usn/usn-2706-1", - "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709", - "https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf" - ], - "PublishedDate": "2015-04-01T02:00:00Z", - "LastModifiedDate": "2018-01-18T18:18:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2183", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2183", - "Title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)", - "Description": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.7 - } - }, - "References": [ - "http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/5d2bb853ae31", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759", - "http://linux.oracle.com/cve/CVE-2016-2183.html", - "http://linux.oracle.com/errata/ELSA-2018-2123.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", - "http://rhn.redhat.com/errata/RHSA-2017-0336.html", - "http://rhn.redhat.com/errata/RHSA-2017-0337.html", - "http://rhn.redhat.com/errata/RHSA-2017-0338.html", - "http://rhn.redhat.com/errata/RHSA-2017-0462.html", - "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697", - "http://www-01.ibm.com/support/docview.wss?uid=swg21991482", - "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", - "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", - "http://www.securityfocus.com/bid/92630", - "http://www.securityfocus.com/bid/95568", - "http://www.securitytracker.com/id/1036696", - "http://www.splunk.com/view/SP-CAAAPSV", - "http://www.splunk.com/view/SP-CAAAPUE", - "https://access.redhat.com/articles/2548661", - "https://access.redhat.com/errata/RHSA-2016:1940", - "https://access.redhat.com/errata/RHSA-2017:1216", - "https://access.redhat.com/errata/RHSA-2017:2708", - "https://access.redhat.com/errata/RHSA-2017:2709", - "https://access.redhat.com/errata/RHSA-2017:2710", - "https://access.redhat.com/errata/RHSA-2017:3113", - "https://access.redhat.com/errata/RHSA-2017:3114", - "https://access.redhat.com/errata/RHSA-2017:3239", - "https://access.redhat.com/errata/RHSA-2017:3240", - "https://access.redhat.com/errata/RHSA-2018:2123", - "https://access.redhat.com/errata/RHSA-2019:1245", - "https://access.redhat.com/errata/RHSA-2019:2859", - "https://access.redhat.com/security/cve/cve-2016-2183", - "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/", - "https://bto.bluecoat.com/security-advisory/sa133", - "https://bugzilla.redhat.com/show_bug.cgi?id=1369383", - "https://community.qualys.com/thread/16555", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183", - "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03765en_us", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849", - "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", - "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171", - "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/", - "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", - "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvb05575", - "https://security-tracker.debian.org/tracker/CVE-2016-2183", - "https://security.gentoo.org/glsa/201612-16", - "https://security.gentoo.org/glsa/201701-65", - "https://security.gentoo.org/glsa/201707-01", - "https://security.netapp.com/advisory/ntap-20160915-0001/", - "https://security.netapp.com/advisory/ntap-20170119-0001/", - "https://sweet32.info/", - "https://twitter.com/symantec/status/768786631159603200", - "https://usn.ubuntu.com/usn/usn-3087-1", - "https://usn.ubuntu.com/usn/usn-3179-1", - "https://usn.ubuntu.com/usn/usn-3194-1", - "https://usn.ubuntu.com/usn/usn-3198-1", - "https://usn.ubuntu.com/usn/usn-3270-1", - "https://usn.ubuntu.com/usn/usn-3372-1", - "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html", - "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008", - "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/", - "https://www.openssl.org/blog/blog/2016/08/24/sweet32/", - "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "https://www.sigsac.org/ccs/CCS2016/accepted-papers/", - "https://www.suse.com/security/cve/CVE-2016-2183.html", - "https://www.tenable.com/security/tns-2016-16", - "https://www.tenable.com/security/tns-2016-20", - "https://www.tenable.com/security/tns-2016-21", - "https://www.tenable.com/security/tns-2017-09", - "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue" - ], - "PublishedDate": "2016-09-01T00:59:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9074", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9074", - "Title": "nss: Insufficient timing side-channel resistance in divSpoiler", - "Description": "An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/94341", - "http://www.securitytracker.com/id/1037298", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1293334", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", - "https://security.gentoo.org/glsa/201701-15", - "https://security.gentoo.org/glsa/201701-46", - "https://usn.ubuntu.com/usn/usn-3163-1", - "https://www.debian.org/security/2016/dsa-3730", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9074", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/", - "https://www.mozilla.org/security/advisories/mfsa2016-89/", - "https://www.mozilla.org/security/advisories/mfsa2016-90/", - "https://www.mozilla.org/security/advisories/mfsa2016-93/" - ], - "PublishedDate": "2018-06-11T21:29:00Z", - "LastModifiedDate": "2018-08-09T15:12:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9574", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9574", - "Title": "nss: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA", - "Description": "nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-384" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - } - }, - "References": [ - "https://bugzilla.mozilla.org/show_bug.cgi?id=1320695", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9574", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9574" - ], - "PublishedDate": "2018-07-19T13:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0495", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", - "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", - "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0495.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://www.securitytracker.com/id/1041144", - "http://www.securitytracker.com/id/1041147", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1296", - "https://access.redhat.com/errata/RHSA-2019:1297", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", - "https://dev.gnupg.org/T4011", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", - "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", - "https://usn.ubuntu.com/3689-1/", - "https://usn.ubuntu.com/3689-2/", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/3850-1/", - "https://usn.ubuntu.com/3850-2/", - "https://usn.ubuntu.com/usn/usn-3689-1", - "https://usn.ubuntu.com/usn/usn-3689-2", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.debian.org/security/2018/dsa-4231", - "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-06-13T23:29:00Z", - "LastModifiedDate": "2019-05-30T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12384", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-8.el6", - "FixedVersion": "3.36.0-9.el6_10", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12384", - "Title": "nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello", - "Description": "When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-12384.html", - "http://linux.oracle.com/errata/ELSA-2018-2898.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12384", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12384", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.5_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.39_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" - ], - "PublishedDate": "2019-04-29T15:29:00Z", - "LastModifiedDate": "2019-10-16T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12404", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", - "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", - "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://cat.eyalro.net/", - "http://linux.oracle.com/cve/CVE-2018-12404.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", - "http://www.securityfocus.com/bid/107260", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2" - ], - "PublishedDate": "2019-05-02T17:29:00Z", - "LastModifiedDate": "2019-07-20T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18508", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18508", - "Title": "nss: NULL pointer dereference in several CMS functions resulting in a denial of service", - "Description": "No description is available for this CVE.", - "Severity": "MEDIUM", - "CVSS": { - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18508.html", - "http://linux.oracle.com/errata/ELSA-2019-1951.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.42.1_release_notes", - "https://usn.ubuntu.com/usn/usn-3898-1", - "https://usn.ubuntu.com/usn/usn-3898-2" - ] - }, - { - "VulnerabilityID": "CVE-2011-5094", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-5094", - "Title": "nss: DoS via repeated SSL session renegotiations", - "Description": "** DISPUTED ** Mozilla Network Security Services (NSS) 3.x, with certain settings of the SSL_ENABLE_RENEGOTIATION option, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-1473. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://orchilles.com/2011/03/ssl-renegotiation-dos.html", - "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html", - "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html", - "http://www.ietf.org/mail-archive/web/tls/current/msg07553.html", - "http://www.ietf.org/mail-archive/web/tls/current/msg07564.html", - "http://www.ietf.org/mail-archive/web/tls/current/msg07567.html", - "http://www.ietf.org/mail-archive/web/tls/current/msg07576.html", - "http://www.ietf.org/mail-archive/web/tls/current/msg07577.html", - "http://www.openwall.com/lists/oss-security/2011/07/08/2", - "https://bugzilla.redhat.com/show_bug.cgi?id=707065" - ], - "PublishedDate": "2012-06-16T21:55:00Z", - "LastModifiedDate": "2012-06-18T04:00:00Z" - }, - { - "VulnerabilityID": "CVE-2009-3767", - "PkgName": "openldap", - "InstalledVersion": "2.4.40-16.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2009-3767", - "Title": "OpenLDAP: Doesn't properly handle NULL character in subject Common Name", - "Description": "libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V2Score": 2.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2009-3767.html", - "http://linux.oracle.com/errata/ELSA-2010-0198.html", - "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036138.html", - "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html", - "http://marc.info/?l=oss-security\u0026m=125198917018936\u0026w=2", - "http://marc.info/?l=oss-security\u0026m=125369675820512\u0026w=2", - "http://secunia.com/advisories/38769", - "http://secunia.com/advisories/40677", - "http://security.gentoo.org/glsa/glsa-201406-36.xml", - "http://support.apple.com/kb/HT3937", - "http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_o.c.diff?r1=1.8\u0026r2=1.11\u0026f=h", - "http://www.redhat.com/support/errata/RHSA-2010-0543.html", - "http://www.redhat.com/support/errata/RHSA-2011-0896.html", - "http://www.vupen.com/english/advisories/2009/3056", - "http://www.vupen.com/english/advisories/2010/1858", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3767", - "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11178", - "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7274" - ], - "PublishedDate": "2009-10-23T19:30:00Z", - "LastModifiedDate": "2017-09-19T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-1546", - "PkgName": "openldap", - "InstalledVersion": "2.4.40-16.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1546", - "Title": "openldap: slapd crash in valueReturnFilter cleanup", - "Description": "Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matched values control.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html", - "http://lists.opensuse.org/opensuse-updates/2015-07/msg00069.html", - "http://secunia.com/advisories/62787", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:073", - "http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=2f1a2dd329b91afe561cd06b872d09630d4edb6a", - "http://www.openldap.org/its/?findid=8046", - "http://www.openwall.com/lists/oss-security/2015/02/07/3", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776991", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1546", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/100938", - "https://support.apple.com/HT204659" - ], - "PublishedDate": "2015-02-12T16:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2015-3276", - "PkgName": "openldap", - "InstalledVersion": "2.4.40-16.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-3276", - "Title": "openldap: incorrect multi-keyword mode cipherstring parsing", - "Description": "The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-3276.html", - "http://linux.oracle.com/errata/ELSA-2015-2131.html", - "http://rhn.redhat.com/errata/RHSA-2015-2131.html", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "http://www.securitytracker.com/id/1034221", - "https://bugzilla.redhat.com/show_bug.cgi?id=1238322" - ], - "PublishedDate": "2015-12-07T20:59:00Z", - "LastModifiedDate": "2016-10-15T02:01:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9287", - "PkgName": "openldap", - "InstalledVersion": "2.4.40-16.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9287", - "Title": "openldap: Double free vulnerability in servers/slapd/back-mdb/search.c", - "Description": "servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2017-9287.html", - "http://linux.oracle.com/errata/ELSA-2017-1852.html", - "http://www.debian.org/security/2017/dsa-3868", - "http://www.openldap.org/its/?findid=8655", - "http://www.securityfocus.com/bid/98736", - "http://www.securitytracker.com/id/1038591", - "https://access.redhat.com/errata/RHSA-2017:1852", - "https://bugs.debian.org/863563", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9287", - "https://usn.ubuntu.com/usn/usn-3307-1", - "https://usn.ubuntu.com/usn/usn-3307-2" - ], - "PublishedDate": "2017-05-29T16:29:00Z", - "LastModifiedDate": "2018-01-05T02:31:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4984", - "PkgName": "openldap", - "InstalledVersion": "2.4.40-16.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4984", - "Title": "openldap-servers: /usr/libexec/openldap/generate-server-cert.sh create world readable password file", - "Description": "/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it.", - "Severity": "LOW", - "CweIDs": [ - "CWE-362" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", - "V2Score": 1.9, - "V3Score": 2.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1346120" - ], - "PublishedDate": "2017-07-17T13:18:00Z", - "LastModifiedDate": "2019-04-22T17:48:00Z" - }, - { - "VulnerabilityID": "CVE-2011-3389", - "PkgName": "openssl", - "InstalledVersion": "1.0.1e-57.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-3389", - "Title": "HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)", - "Description": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://arcticdog.wordpress.com/2012/08/29/beast-openssl-and-apache/", - "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/", - "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx", - "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx", - "http://curl.haxx.se/docs/adv_20120124B.html", - "http://downloads.asterisk.org/pub/security/AST-2016-001.html", - "http://ekoparty.org/2011/juliano-rizzo.php", - "http://eprint.iacr.org/2004/111", - "http://eprint.iacr.org/2006/136", - "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html", - "http://isc.sans.edu/diary/SSL+TLS+part+3+/11635", - "http://linux.oracle.com/cve/CVE-2011-3389.html", - "http://linux.oracle.com/errata/ELSA-2011-1380.html", - "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html", - "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html", - "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html", - "http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html", - "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html", - "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html", - "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html", - "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html", - "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html", - "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html", - "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2", - "http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue", - "http://osvdb.org/74829", - "http://rhn.redhat.com/errata/RHSA-2012-0508.html", - "http://rhn.redhat.com/errata/RHSA-2013-1455.html", - "http://secunia.com/advisories/45791", - "http://secunia.com/advisories/47998", - "http://secunia.com/advisories/48256", - "http://secunia.com/advisories/48692", - "http://secunia.com/advisories/48915", - "http://secunia.com/advisories/48948", - "http://secunia.com/advisories/49198", - "http://secunia.com/advisories/55322", - "http://secunia.com/advisories/55350", - "http://secunia.com/advisories/55351", - "http://security.gentoo.org/glsa/glsa-201203-02.xml", - "http://security.gentoo.org/glsa/glsa-201406-32.xml", - "http://support.apple.com/kb/HT4999", - "http://support.apple.com/kb/HT5001", - "http://support.apple.com/kb/HT5130", - "http://support.apple.com/kb/HT5281", - "http://support.apple.com/kb/HT5501", - "http://support.apple.com/kb/HT6150", - "http://technet.microsoft.com/security/advisory/2588513", - "http://vnhacker.blogspot.com/2011/09/beast.html", - "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf", - "http://www.debian.org/security/2012/dsa-2398", - "http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html", - "http://www.ibm.com/developerworks/java/jdk/alerts/", - "http://www.imperialviolet.org/2011/09/23/chromeandbeast.html", - "http://www.insecure.cl/Beast-SSL.rar", - "http://www.kb.cert.org/vuls/id/864643", - "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058", - "http://www.opera.com/docs/changelogs/mac/1151/", - "http://www.opera.com/docs/changelogs/mac/1160/", - "http://www.opera.com/docs/changelogs/unix/1151/", - "http://www.opera.com/docs/changelogs/unix/1160/", - "http://www.opera.com/docs/changelogs/windows/1151/", - "http://www.opera.com/docs/changelogs/windows/1160/", - "http://www.opera.com/support/kb/view/1004/", - "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", - "http://www.redhat.com/support/errata/RHSA-2011-1384.html", - "http://www.redhat.com/support/errata/RHSA-2012-0006.html", - "http://www.securityfocus.com/bid/49388", - "http://www.securityfocus.com/bid/49778", - "http://www.securitytracker.com/id/1029190", - "http://www.securitytracker.com/id?1025997", - "http://www.securitytracker.com/id?1026103", - "http://www.securitytracker.com/id?1026704", - "http://www.ubuntu.com/usn/USN-1263-1", - "http://www.us-cert.gov/cas/techalerts/TA12-010A.html", - "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail", - "https://bugzilla.novell.com/show_bug.cgi?id=719047", - "https://bugzilla.redhat.com/show_bug.cgi?id=737506", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389", - "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006", - "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862", - "https://hermes.opensuse.org/messages/13154861", - "https://hermes.opensuse.org/messages/13155432", - "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", - "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752", - "https://usn.ubuntu.com/usn/usn-1263-1" - ], - "PublishedDate": "2011-09-06T19:55:00Z", - "LastModifiedDate": "2018-10-12T22:01:00Z" - }, - { - "VulnerabilityID": "CVE-2013-2566", - "PkgName": "openssl", - "InstalledVersion": "1.0.1e-57.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-2566", - "Title": "SSL/TLS: Attack against RC4 stream cipher", - "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html", - "http://cr.yp.to/talks/2013.03.12/slides.pdf", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", - "http://marc.info/?l=bugtraq\u0026m=143039468003789\u0026w=2", - "http://my.opera.com/securitygroup/blog/2013/03/20/on-the-precariousness-of-rc4", - "http://security.gentoo.org/glsa/glsa-201406-19.xml", - "http://www.isg.rhul.ac.uk/tls/", - "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html", - "http://www.opera.com/docs/changelogs/unified/1215/", - "http://www.opera.com/security/advisory/1046", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.securityfocus.com/bid/58796", - "http://www.ubuntu.com/usn/USN-2031-1", - "http://www.ubuntu.com/usn/USN-2032-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2566", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", - "https://security.gentoo.org/glsa/201504-01", - "https://usn.ubuntu.com/usn/usn-2031-1", - "https://usn.ubuntu.com/usn/usn-2032-1" - ], - "PublishedDate": "2013-03-15T21:55:00Z", - "LastModifiedDate": "2018-01-18T18:18:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2808", - "PkgName": "openssl", - "InstalledVersion": "1.0.1e-57.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2808", - "Title": "SSL/TLS: \"Invariance Weakness\" vulnerability in RC4 stream cipher", - "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", - "http://linux.oracle.com/cve/CVE-2015-2808.html", - "http://linux.oracle.com/errata/ELSA-2015-1526.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html", - "http://marc.info/?l=bugtraq\u0026m=143456209711959\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143629696317098\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144059660127919\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144059703728085\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144104565600964\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2", - "http://rhn.redhat.com/errata/RHSA-2015-1006.html", - "http://rhn.redhat.com/errata/RHSA-2015-1007.html", - "http://rhn.redhat.com/errata/RHSA-2015-1020.html", - "http://rhn.redhat.com/errata/RHSA-2015-1021.html", - "http://rhn.redhat.com/errata/RHSA-2015-1091.html", - "http://rhn.redhat.com/errata/RHSA-2015-1228.html", - "http://rhn.redhat.com/errata/RHSA-2015-1229.html", - "http://rhn.redhat.com/errata/RHSA-2015-1230.html", - "http://rhn.redhat.com/errata/RHSA-2015-1241.html", - "http://rhn.redhat.com/errata/RHSA-2015-1242.html", - "http://rhn.redhat.com/errata/RHSA-2015-1243.html", - "http://rhn.redhat.com/errata/RHSA-2015-1526.html", - "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888", - "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892", - "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", - "http://www-304.ibm.com/support/docview.wss?uid=swg21903565", - "http://www-304.ibm.com/support/docview.wss?uid=swg21960015", - "http://www-304.ibm.com/support/docview.wss?uid=swg21960769", - "http://www.debian.org/security/2015/dsa-3316", - "http://www.debian.org/security/2015/dsa-3339", - "http://www.huawei.com/en/psirt/security-advisories/hw-454055", - "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "http://www.securityfocus.com/bid/73684", - "http://www.securityfocus.com/bid/91787", - "http://www.securitytracker.com/id/1032599", - "http://www.securitytracker.com/id/1032600", - "http://www.securitytracker.com/id/1032707", - "http://www.securitytracker.com/id/1032708", - "http://www.securitytracker.com/id/1032734", - "http://www.securitytracker.com/id/1032788", - "http://www.securitytracker.com/id/1032858", - "http://www.securitytracker.com/id/1032868", - "http://www.securitytracker.com/id/1032910", - "http://www.securitytracker.com/id/1032990", - "http://www.securitytracker.com/id/1033071", - "http://www.securitytracker.com/id/1033072", - "http://www.securitytracker.com/id/1033386", - "http://www.securitytracker.com/id/1033415", - "http://www.securitytracker.com/id/1033431", - "http://www.securitytracker.com/id/1033432", - "http://www.securitytracker.com/id/1033737", - "http://www.securitytracker.com/id/1033769", - "http://www.securitytracker.com/id/1036222", - "http://www.ubuntu.com/usn/USN-2696-1", - "http://www.ubuntu.com/usn/USN-2706-1", - "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808", - "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", - "https://kb.juniper.net/JSA10783", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163", - "https://security.gentoo.org/glsa/201512-10", - "https://usn.ubuntu.com/usn/usn-2696-1", - "https://usn.ubuntu.com/usn/usn-2706-1", - "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709", - "https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf" - ], - "PublishedDate": "2015-04-01T02:00:00Z", - "LastModifiedDate": "2018-01-18T18:18:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2183", - "PkgName": "openssl", - "InstalledVersion": "1.0.1e-57.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2183", - "Title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)", - "Description": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.7 - } - }, - "References": [ - "http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/5d2bb853ae31", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759", - "http://linux.oracle.com/cve/CVE-2016-2183.html", - "http://linux.oracle.com/errata/ELSA-2018-2123.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", - "http://rhn.redhat.com/errata/RHSA-2017-0336.html", - "http://rhn.redhat.com/errata/RHSA-2017-0337.html", - "http://rhn.redhat.com/errata/RHSA-2017-0338.html", - "http://rhn.redhat.com/errata/RHSA-2017-0462.html", - "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697", - "http://www-01.ibm.com/support/docview.wss?uid=swg21991482", - "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", - "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", - "http://www.securityfocus.com/bid/92630", - "http://www.securityfocus.com/bid/95568", - "http://www.securitytracker.com/id/1036696", - "http://www.splunk.com/view/SP-CAAAPSV", - "http://www.splunk.com/view/SP-CAAAPUE", - "https://access.redhat.com/articles/2548661", - "https://access.redhat.com/errata/RHSA-2016:1940", - "https://access.redhat.com/errata/RHSA-2017:1216", - "https://access.redhat.com/errata/RHSA-2017:2708", - "https://access.redhat.com/errata/RHSA-2017:2709", - "https://access.redhat.com/errata/RHSA-2017:2710", - "https://access.redhat.com/errata/RHSA-2017:3113", - "https://access.redhat.com/errata/RHSA-2017:3114", - "https://access.redhat.com/errata/RHSA-2017:3239", - "https://access.redhat.com/errata/RHSA-2017:3240", - "https://access.redhat.com/errata/RHSA-2018:2123", - "https://access.redhat.com/errata/RHSA-2019:1245", - "https://access.redhat.com/errata/RHSA-2019:2859", - "https://access.redhat.com/security/cve/cve-2016-2183", - "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/", - "https://bto.bluecoat.com/security-advisory/sa133", - "https://bugzilla.redhat.com/show_bug.cgi?id=1369383", - "https://community.qualys.com/thread/16555", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183", - "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03765en_us", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849", - "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", - "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171", - "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/", - "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", - "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvb05575", - "https://security-tracker.debian.org/tracker/CVE-2016-2183", - "https://security.gentoo.org/glsa/201612-16", - "https://security.gentoo.org/glsa/201701-65", - "https://security.gentoo.org/glsa/201707-01", - "https://security.netapp.com/advisory/ntap-20160915-0001/", - "https://security.netapp.com/advisory/ntap-20170119-0001/", - "https://sweet32.info/", - "https://twitter.com/symantec/status/768786631159603200", - "https://usn.ubuntu.com/usn/usn-3087-1", - "https://usn.ubuntu.com/usn/usn-3179-1", - "https://usn.ubuntu.com/usn/usn-3194-1", - "https://usn.ubuntu.com/usn/usn-3198-1", - "https://usn.ubuntu.com/usn/usn-3270-1", - "https://usn.ubuntu.com/usn/usn-3372-1", - "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html", - "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008", - "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/", - "https://www.openssl.org/blog/blog/2016/08/24/sweet32/", - "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "https://www.sigsac.org/ccs/CCS2016/accepted-papers/", - "https://www.suse.com/security/cve/CVE-2016-2183.html", - "https://www.tenable.com/security/tns-2016-16", - "https://www.tenable.com/security/tns-2016-20", - "https://www.tenable.com/security/tns-2016-21", - "https://www.tenable.com/security/tns-2017-09", - "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue" - ], - "PublishedDate": "2016-09-01T00:59:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0495", - "PkgName": "openssl", - "InstalledVersion": "1.0.1e-57.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", - "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", - "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0495.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://www.securitytracker.com/id/1041144", - "http://www.securitytracker.com/id/1041147", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1296", - "https://access.redhat.com/errata/RHSA-2019:1297", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", - "https://dev.gnupg.org/T4011", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", - "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", - "https://usn.ubuntu.com/3689-1/", - "https://usn.ubuntu.com/3689-2/", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/3850-1/", - "https://usn.ubuntu.com/3850-2/", - "https://usn.ubuntu.com/usn/usn-3689-1", - "https://usn.ubuntu.com/usn/usn-3689-2", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.debian.org/security/2018/dsa-4231", - "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-06-13T23:29:00Z", - "LastModifiedDate": "2019-05-30T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0732", - "PkgName": "openssl", - "InstalledVersion": "1.0.1e-57.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0732", - "Title": "openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang", - "Description": "During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-320" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0732.html", - "http://linux.oracle.com/errata/ELSA-2018-4249.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/104442", - "http://www.securitytracker.com/id/1041090", - "https://access.redhat.com/errata/RHSA-2018:2552", - "https://access.redhat.com/errata/RHSA-2018:2553", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1296", - "https://access.redhat.com/errata/RHSA-2019:1297", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3984ef0b72831da8b3ece4745cac4f8575b19098", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ea7abeeabf92b7aca160bdd0208636d4da69f4f4", - "https://lists.debian.org/debian-lts-announce/2018/07/msg00043.html", - "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/", - "https://security.gentoo.org/glsa/201811-03", - "https://security.netapp.com/advisory/ntap-20181105-0001/", - "https://security.netapp.com/advisory/ntap-20190118-0002/", - "https://securityadvisories.paloaltonetworks.com/Home/Detail/133", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://www.debian.org/security/2018/dsa-4348", - "https://www.debian.org/security/2018/dsa-4355", - "https://www.openssl.org/news/secadv/20180612.txt", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "https://www.tenable.com/security/tns-2018-12", - "https://www.tenable.com/security/tns-2018-13", - "https://www.tenable.com/security/tns-2018-14", - "https://www.tenable.com/security/tns-2018-17" - ], - "PublishedDate": "2018-06-12T13:29:00Z", - "LastModifiedDate": "2019-05-30T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0739", - "PkgName": "openssl", - "InstalledVersion": "1.0.1e-57.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0739", - "Title": "openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service", - "Description": "Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-400" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0739.html", - "http://linux.oracle.com/errata/ELSA-2018-4228.html", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/103518", - "http://www.securityfocus.com/bid/105609", - "http://www.securitytracker.com/id/1040576", - "https://access.redhat.com/errata/RHSA-2018:3090", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:0366", - "https://access.redhat.com/errata/RHSA-2019:0367", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0739", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9310d45087ae546e27e61ddf8f6367f29848220d", - "https://lists.debian.org/debian-lts-announce/2018/03/msg00033.html", - "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/", - "https://security.gentoo.org/glsa/201811-21", - "https://security.netapp.com/advisory/ntap-20180330-0002/", - "https://security.netapp.com/advisory/ntap-20180726-0002/", - "https://securityadvisories.paloaltonetworks.com/Home/Detail/133", - "https://usn.ubuntu.com/3611-1/", - "https://usn.ubuntu.com/3611-2/", - "https://usn.ubuntu.com/usn/usn-3611-1", - "https://usn.ubuntu.com/usn/usn-3611-2", - "https://www.debian.org/security/2018/dsa-4157", - "https://www.debian.org/security/2018/dsa-4158", - "https://www.openssl.org/news/secadv/20180327.txt", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "https://www.tenable.com/security/tns-2018-04", - "https://www.tenable.com/security/tns-2018-06", - "https://www.tenable.com/security/tns-2018-07" - ], - "PublishedDate": "2018-03-27T21:29:00Z", - "LastModifiedDate": "2019-04-23T19:31:00Z" - }, - { - "VulnerabilityID": "CVE-2018-5407", - "PkgName": "openssl", - "InstalledVersion": "1.0.1e-57.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5407", - "Title": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)", - "Description": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", - "V3Score": 4.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-5407.html", - "http://linux.oracle.com/errata/ELSA-2019-2125.html", - "http://www.securityfocus.com/bid/105897", - "https://access.redhat.com/errata/RHSA-2019:0483", - "https://access.redhat.com/errata/RHSA-2019:0651", - "https://access.redhat.com/errata/RHSA-2019:0652", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407", - "https://eprint.iacr.org/2018/1060.pdf", - "https://github.com/bbbrumley/portsmash", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html", - "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", - "https://security.gentoo.org/glsa/201903-10", - "https://security.netapp.com/advisory/ntap-20181126-0001/", - "https://usn.ubuntu.com/3840-1/", - "https://usn.ubuntu.com/usn/usn-3840-1", - "https://www.debian.org/security/2018/dsa-4348", - "https://www.debian.org/security/2018/dsa-4355", - "https://www.exploit-db.com/exploits/45785/", - "https://www.openssl.org/news/secadv/20181112.txt", - "https://www.openwall.com/lists/oss-security/2018/11/01/4", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "https://www.tenable.com/security/tns-2018-16", - "https://www.tenable.com/security/tns-2018-17" - ], - "PublishedDate": "2018-11-15T21:29:00Z", - "LastModifiedDate": "2019-07-23T23:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1559", - "PkgName": "openssl", - "InstalledVersion": "1.0.1e-57.el6", - "FixedVersion": "1.0.1e-58.el6_10", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1559", - "Title": "openssl: 0-byte record padding oracle", - "Description": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", - "V3Score": 6.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-1559.html", - "http://linux.oracle.com/errata/ELSA-2019-2471.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html", - "http://www.securityfocus.com/bid/107174", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e", - "https://github.com/RUB-NDS/TLS-Padding-Oracles", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html", - "https://security.gentoo.org/glsa/201903-10", - "https://security.netapp.com/advisory/ntap-20190301-0001/", - "https://security.netapp.com/advisory/ntap-20190301-0002/", - "https://security.netapp.com/advisory/ntap-20190423-0002/", - "https://support.f5.com/csp/article/K18549143", - "https://usn.ubuntu.com/3899-1/", - "https://usn.ubuntu.com/usn/usn-3899-1", - "https://www.debian.org/security/2019/dsa-4400", - "https://www.openssl.org/news/secadv/20190226.txt", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "https://www.tenable.com/security/tns-2019-02", - "https://www.tenable.com/security/tns-2019-03" - ], - "PublishedDate": "2019-02-27T23:29:00Z", - "LastModifiedDate": "2019-05-22T00:29:00Z" - }, - { - "VulnerabilityID": "CVE-2011-1473", - "PkgName": "openssl", - "InstalledVersion": "1.0.1e-57.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-1473", - "Title": "openssl: DoS via repeated SSL session renegotiations", - "Description": "** DISPUTED ** OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html", - "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2", - "http://orchilles.com/2011/03/ssl-renegotiation-dos.html", - "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html", - "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html", - "http://www.ietf.org/mail-archive/web/tls/current/msg07553.html", - "http://www.ietf.org/mail-archive/web/tls/current/msg07564.html", - "http://www.ietf.org/mail-archive/web/tls/current/msg07567.html", - "http://www.ietf.org/mail-archive/web/tls/current/msg07576.html", - "http://www.ietf.org/mail-archive/web/tls/current/msg07577.html", - "http://www.openwall.com/lists/oss-security/2011/07/08/2", - "https://bugzilla.redhat.com/show_bug.cgi?id=707065", - "https://lists.apache.org/thread.html/142b93d261e8ac7c5ceffdce848d622404abc1c286bbc999f43a9e10@%3Cdev.rocketmq.apache.org%3E" - ], - "PublishedDate": "2012-06-16T21:55:00Z", - "LastModifiedDate": "2019-05-27T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-3735", - "PkgName": "openssl", - "InstalledVersion": "1.0.1e-57.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-3735", - "Title": "openssl: Malformed X.509 IPAdressFamily could cause OOB read", - "Description": "While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2017-3735.html", - "http://linux.oracle.com/errata/ELSA-2018-3221.html", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/100515", - "http://www.securitytracker.com/id/1039726", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3735", - "https://github.com/openssl/openssl/commit/068b963bb7afc57f5bdd723de0dd15e7795d5822", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00011.html", - "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:11.openssl.asc", - "https://security.gentoo.org/glsa/201712-03", - "https://security.netapp.com/advisory/ntap-20170927-0001/", - "https://security.netapp.com/advisory/ntap-20171107-0002/", - "https://support.apple.com/HT208331", - "https://usn.ubuntu.com/3611-2/", - "https://usn.ubuntu.com/usn/usn-3475-1", - "https://usn.ubuntu.com/usn/usn-3611-2", - "https://www.debian.org/security/2017/dsa-4017", - "https://www.debian.org/security/2017/dsa-4018", - "https://www.openssl.org/news/secadv/20170828.txt", - "https://www.openssl.org/news/secadv/20171102.txt", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "https://www.tenable.com/security/tns-2017-14", - "https://www.tenable.com/security/tns-2017-15" - ], - "PublishedDate": "2017-08-28T19:29:00Z", - "LastModifiedDate": "2019-04-23T19:30:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0734", - "PkgName": "openssl", - "InstalledVersion": "1.0.1e-57.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0734", - "Title": "openssl: timing side channel attack in the DSA signature algorithm", - "Description": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).", - "Severity": "LOW", - "CweIDs": [ - "CWE-320" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0734.html", - "http://linux.oracle.com/errata/ELSA-2019-3700.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html", - "http://www.securityfocus.com/bid/105758", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7", - "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", - "https://security.netapp.com/advisory/ntap-20181105-0002/", - "https://security.netapp.com/advisory/ntap-20190118-0002/", - "https://security.netapp.com/advisory/ntap-20190423-0002/", - "https://usn.ubuntu.com/3840-1/", - "https://usn.ubuntu.com/usn/usn-3840-1", - "https://www.debian.org/security/2018/dsa-4348", - "https://www.debian.org/security/2018/dsa-4355", - "https://www.openssl.org/news/secadv/20181030.txt", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "https://www.tenable.com/security/tns-2018-16", - "https://www.tenable.com/security/tns-2018-17" - ], - "PublishedDate": "2018-10-30T12:29:00Z", - "LastModifiedDate": "2019-06-11T22:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0735", - "PkgName": "openssl", - "InstalledVersion": "1.0.1e-57.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0735", - "Title": "openssl: timing side channel attack in the ECDSA signature generation", - "Description": "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).", - "Severity": "LOW", - "CweIDs": [ - "CWE-320" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0735.html", - "http://linux.oracle.com/errata/ELSA-2019-3700.html", - "http://www.securityfocus.com/bid/105750", - "http://www.securitytracker.com/id/1041986", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0735", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56fb454d281a023b3f950d969693553d3f3ceea1", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html", - "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", - "https://security.netapp.com/advisory/ntap-20181105-0002/", - "https://usn.ubuntu.com/3840-1/", - "https://usn.ubuntu.com/usn/usn-3840-1", - "https://www.debian.org/security/2018/dsa-4348", - "https://www.openssl.org/news/secadv/20181029.txt", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" - ], - "PublishedDate": "2018-10-29T13:29:00Z", - "LastModifiedDate": "2019-07-23T23:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0737", - "PkgName": "openssl", - "InstalledVersion": "1.0.1e-57.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0737", - "Title": "openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys", - "Description": "The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).", - "Severity": "LOW", - "CweIDs": [ - "CWE-327" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0737.html", - "http://linux.oracle.com/errata/ELSA-2018-4249.html", - "http://www.openwall.com/lists/oss-security/2018/04/16/3", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/103766", - "http://www.securitytracker.com/id/1040685", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0737", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=349a41da1ad88ad87825414752a8ff5fdd6a6c3f", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6939eab03a6e23d2bd2c3f5e34fe1d48e542e787", - "https://lists.debian.org/debian-lts-announce/2018/07/msg00043.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/", - "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/", - "https://security.gentoo.org/glsa/201811-21", - "https://security.netapp.com/advisory/ntap-20180726-0003/", - "https://securityadvisories.paloaltonetworks.com/Home/Detail/133", - "https://usn.ubuntu.com/3628-1/", - "https://usn.ubuntu.com/3628-2/", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/usn/usn-3628-1", - "https://usn.ubuntu.com/usn/usn-3628-2", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://www.debian.org/security/2018/dsa-4348", - "https://www.debian.org/security/2018/dsa-4355", - "https://www.openssl.org/news/secadv/20180416.txt", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "https://www.tenable.com/security/tns-2018-12", - "https://www.tenable.com/security/tns-2018-13", - "https://www.tenable.com/security/tns-2018-14", - "https://www.tenable.com/security/tns-2018-17" - ], - "PublishedDate": "2018-04-16T18:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2014-2583", - "PkgName": "pam", - "InstalledVersion": "1.1.1-24.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-2583", - "Title": "pam: path traversal issue in pam_timestamp's format_timestamp_name()", - "Description": "Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty function, which is used by the format_timestamp_name function.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-22" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 5.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V2Score": 6.2 - } - }, - "References": [ - "http://secunia.com/advisories/57317", - "http://www.openwall.com/lists/oss-security/2014/03/24/5", - "http://www.openwall.com/lists/oss-security/2014/03/26", - "http://www.openwall.com/lists/oss-security/2014/03/26/10", - "http://www.openwall.com/lists/oss-security/2014/03/31/6", - "http://www.securityfocus.com/bid/66493", - "http://www.ubuntu.com/usn/USN-2935-1", - "http://www.ubuntu.com/usn/USN-2935-2", - "http://www.ubuntu.com/usn/USN-2935-3", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2583", - "https://git.fedorahosted.org/cgit/linux-pam.git/commit/?id=Linux-PAM-1_1_8-32-g9dcead8", - "https://security.gentoo.org/glsa/201605-05", - "https://usn.ubuntu.com/usn/usn-2935-1" - ], - "PublishedDate": "2014-04-10T20:29:00Z", - "LastModifiedDate": "2019-01-03T15:01:00Z" - }, - { - "VulnerabilityID": "CVE-2013-7041", - "PkgName": "pam", - "InstalledVersion": "1.1.1-24.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-7041", - "Title": "pam: pam_userdb case insensitive password hash comparison", - "Description": "The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2013/12/09/16", - "http://www.openwall.com/lists/oss-security/2013/12/09/5", - "http://www.securityfocus.com/bid/64180", - "http://www.ubuntu.com/usn/USN-2935-1", - "http://www.ubuntu.com/usn/USN-2935-2", - "http://www.ubuntu.com/usn/USN-2935-3", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731368", - "https://bugzilla.redhat.com/show_bug.cgi?id=1038555", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7041", - "https://security.gentoo.org/glsa/201605-05", - "https://usn.ubuntu.com/usn/usn-2935-1" - ], - "PublishedDate": "2014-05-08T14:29:00Z", - "LastModifiedDate": "2016-12-03T03:00:00Z" - }, - { - "VulnerabilityID": "CVE-2015-3217", - "PkgName": "pcre", - "InstalledVersion": "7.8-7.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-3217", - "Title": "pcre: stack overflow caused by mishandled group empty match (8.38/11)", - "Description": "PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\\\.|([^\\\\\\\\W_])?)+)+$/.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-3217.html", - "http://linux.oracle.com/errata/ELSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://vcs.pcre.org/pcre?view=revision\u0026revision=1566", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "http://www.openwall.com/lists/oss-security/2015/06/03/7", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/75018", - "https://access.redhat.com/errata/RHSA-2016:1132", - "https://bugs.exim.org/show_bug.cgi?id=1638", - "https://bugzilla.redhat.com/show_bug.cgi?id=1228283", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3217" - ], - "PublishedDate": "2016-12-13T16:59:00Z", - "LastModifiedDate": "2018-05-18T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8387", - "PkgName": "pcre", - "InstalledVersion": "7.8-7.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8387", - "Title": "pcre: Integer overflow in subroutine calls (8.38/8)", - "Description": "PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-189" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/82990", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8387", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8390", - "PkgName": "pcre", - "InstalledVersion": "7.8-7.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8390", - "Title": "pcre: uninitialized memory read triggered by malformed posix character class (8.38/22)", - "Description": "PCRE before 8.38 mishandles the [: and \\\\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/82990", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8390", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8394", - "PkgName": "pcre", - "InstalledVersion": "7.8-7.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8394", - "Title": "pcre: Integer overflow caused by missing check for certain conditions (8.38/31)", - "Description": "PCRE before 8.38 mishandles the (?(\u003cdigits\u003e) and (?(R\u003cdigits\u003e) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-189" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/82990", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8394", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8382", - "PkgName": "pcre", - "InstalledVersion": "7.8-7.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8382", - "Title": "php: Regular Expression Uninitialized Pointer Information Disclosure Vulnerability (ZDI-CAN-2547)", - "Description": "The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V2Score": 6.4 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 1.9 - } - }, - "References": [ - "http://git.php.net/?p=php-src.git;a=commit;h=c351b47ce85a3a147cfa801fa9f0149ab4160834", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://vcs.pcre.org/pcre/code/trunk/pcre_exec.c?r1=1502\u0026r2=1510", - "http://www.openwall.com/lists/oss-security/2015/08/04/2", - "http://www.openwall.com/lists/oss-security/2015/08/04/3", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/76157", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://bugs.exim.org/show_bug.cgi?id=1537", - "https://bugzilla.redhat.com/show_bug.cgi?id=1187225", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8382", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2016-12-28T02:59:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8386", - "PkgName": "pcre", - "InstalledVersion": "7.8-7.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8386", - "Title": "pcre: Buffer overflow caused by lookbehind assertion (8.38/6)", - "Description": "PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-8386.html", - "http://linux.oracle.com/errata/ELSA-2016-1025.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://rhn.redhat.com/errata/RHSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/82990", - "https://access.redhat.com/errata/RHSA-2016:1132", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8386", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2019-12-27T16:08:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11164", - "PkgName": "pcre", - "InstalledVersion": "7.8-7.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11164", - "Title": "pcre: OP_KETRMAX feature in the match function in pcre_exec.c", - "Description": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.", - "Severity": "LOW", - "CweIDs": [ - "CWE-674" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 7.8, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2017/07/11/3", - "http://www.securityfocus.com/bid/99575", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164" - ], - "PublishedDate": "2017-07-11T03:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7244", - "PkgName": "pcre", - "InstalledVersion": "7.8-7.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7244", - "Title": "pcre: invalid memory read in _pcre32_xclass (pcre_xclass.c)", - "Description": "The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97067", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7244", - "https://security.gentoo.org/glsa/201710-25" - ], - "PublishedDate": "2017-03-23T21:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7245", - "PkgName": "pcre", - "InstalledVersion": "7.8-7.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7245", - "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", - "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97067", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7245", - "https://security.gentoo.org/glsa/201710-25" - ], - "PublishedDate": "2017-03-23T21:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7246", - "PkgName": "pcre", - "InstalledVersion": "7.8-7.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7246", - "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", - "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97067", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7246", - "https://security.gentoo.org/glsa/201710-25" - ], - "PublishedDate": "2017-03-23T21:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1122", - "PkgName": "procps", - "InstalledVersion": "3.2.8-45.el6_9.3", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1122", - "Title": "procps-ng, procps: Local privilege escalation in top", - "Description": "procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.4, - "V3Score": 7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 6.7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-1122.html", - "http://linux.oracle.com/errata/ELSA-2019-2189.html", - "http://seclists.org/oss-sec/2018/q2/122", - "http://www.securityfocus.com/bid/104214", - "https://access.redhat.com/errata/RHSA-2019:2189", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1122", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1122", - "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html", - "https://security.gentoo.org/glsa/201805-14", - "https://usn.ubuntu.com/3658-1/", - "https://usn.ubuntu.com/3658-3/", - "https://usn.ubuntu.com/usn/usn-3658-1", - "https://usn.ubuntu.com/usn/usn-3658-3", - "https://www.debian.org/security/2018/dsa-4208", - "https://www.exploit-db.com/exploits/44806/", - "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" - ], - "PublishedDate": "2018-05-23T14:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1121", - "PkgName": "procps", - "InstalledVersion": "3.2.8-45.el6_9.3", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1121", - "Title": "procps-ng, procps: process hiding through race condition enumerating /proc", - "Description": "procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.", - "Severity": "LOW", - "CweIDs": [ - "CWE-362" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", - "V3Score": 3.9 - } - }, - "References": [ - "http://seclists.org/oss-sec/2018/q2/122", - "http://www.securityfocus.com/bid/104214", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1121", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1121", - "https://security.gentoo.org/glsa/201805-14", - "https://www.exploit-db.com/exploits/44806/", - "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" - ], - "PublishedDate": "2018-06-13T20:29:00Z", - "LastModifiedDate": "2019-10-09T23:38:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1123", - "PkgName": "procps", - "InstalledVersion": "3.2.8-45.el6_9.3", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1123", - "Title": "procps-ng, procps: denial of service in ps via mmap buffer overflow", - "Description": "procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", - "V3Score": 3.9 - } - }, - "References": [ - "http://seclists.org/oss-sec/2018/q2/122", - "http://www.securityfocus.com/bid/104214", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1123", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1123", - "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html", - "https://security.gentoo.org/glsa/201805-14", - "https://usn.ubuntu.com/3658-1/", - "https://usn.ubuntu.com/3658-3/", - "https://usn.ubuntu.com/usn/usn-3658-1", - "https://usn.ubuntu.com/usn/usn-3658-3", - "https://www.debian.org/security/2018/dsa-4208", - "https://www.exploit-db.com/exploits/44806/", - "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" - ], - "PublishedDate": "2018-05-23T14:29:00Z", - "LastModifiedDate": "2019-10-09T23:38:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1125", - "PkgName": "procps", - "InstalledVersion": "3.2.8-45.el6_9.3", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1125", - "Title": "procps-ng, procps: stack buffer overflow in pgrep", - "Description": "procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", - "V3Score": 4.4 - } - }, - "References": [ - "http://seclists.org/oss-sec/2018/q2/122", - "http://www.securityfocus.com/bid/104214", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1125", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1125", - "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html", - "https://usn.ubuntu.com/3658-1/", - "https://usn.ubuntu.com/3658-3/", - "https://usn.ubuntu.com/usn/usn-3658-1", - "https://usn.ubuntu.com/usn/usn-3658-3", - "https://www.debian.org/security/2018/dsa-4208", - "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" - ], - "PublishedDate": "2018-05-23T14:29:00Z", - "LastModifiedDate": "2019-10-09T23:38:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9636", - "PkgName": "python", - "InstalledVersion": "2.6.6-66.el6_8", - "FixedVersion": "2.6.6-68.el6_10", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9636", - "Title": "python: Information Disclosure due to urlsplit improper NFKC normalization", - "Description": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 9.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9636.html", - "http://linux.oracle.com/errata/ELSA-2019-1467.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", - "http://www.securityfocus.com/bid/107400", - "https://access.redhat.com/errata/RHBA-2019:0959", - "https://access.redhat.com/errata/RHSA-2019:0710", - "https://access.redhat.com/errata/RHSA-2019:0765", - "https://access.redhat.com/errata/RHSA-2019:0806", - "https://access.redhat.com/errata/RHSA-2019:0902", - "https://access.redhat.com/errata/RHSA-2019:0981", - "https://access.redhat.com/errata/RHSA-2019:0997", - "https://access.redhat.com/errata/RHSA-2019:1467", - "https://bugs.python.org/issue36216", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636", - "https://github.com/python/cpython/pull/12201", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/", - "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html", - "https://security.netapp.com/advisory/ntap-20190517-0001/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-08T21:29:00Z", - "LastModifiedDate": "2019-06-13T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2013-1664", - "PkgName": "python", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-1664", - "Title": "Python xml bindings: Internal entity expansion in Python XML libraries inflicts DoS vulnerabilities", - "Description": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html", - "http://bugs.python.org/issue17239", - "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html", - "http://rhn.redhat.com/errata/RHSA-2013-0657.html", - "http://rhn.redhat.com/errata/RHSA-2013-0658.html", - "http://rhn.redhat.com/errata/RHSA-2013-0670.html", - "http://ubuntu.com/usn/usn-1757-1", - "http://www.openwall.com/lists/oss-security/2013/02/19/2", - "http://www.openwall.com/lists/oss-security/2013/02/19/4", - "https://bugs.launchpad.net/nova/+bug/1100282", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1664", - "https://usn.ubuntu.com/usn/usn-1730-1", - "https://usn.ubuntu.com/usn/usn-1731-1", - "https://usn.ubuntu.com/usn/usn-1734-1", - "https://usn.ubuntu.com/usn/usn-1757-1", - "https://www.djangoproject.com/weblog/2013/feb/19/security/" - ], - "PublishedDate": "2013-04-03T00:55:00Z", - "LastModifiedDate": "2013-05-15T03:35:00Z" - }, - { - "VulnerabilityID": "CVE-2013-1665", - "PkgName": "python", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-1665", - "Title": "Python xml bindings: External entity expansion in Python XML libraries inflicts potential security flaws and DoS vulnerabilities", - "Description": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - } - }, - "References": [ - "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html", - "http://bugs.python.org/issue17239", - "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html", - "http://rhn.redhat.com/errata/RHSA-2013-0657.html", - "http://rhn.redhat.com/errata/RHSA-2013-0658.html", - "http://rhn.redhat.com/errata/RHSA-2013-0670.html", - "http://ubuntu.com/usn/usn-1757-1", - "http://www.debian.org/security/2013/dsa-2634", - "http://www.openwall.com/lists/oss-security/2013/02/19/2", - "http://www.openwall.com/lists/oss-security/2013/02/19/4", - "https://bugs.launchpad.net/keystone/+bug/1100279", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1665", - "https://usn.ubuntu.com/usn/usn-1730-1", - "https://usn.ubuntu.com/usn/usn-1757-1", - "https://www.djangoproject.com/weblog/2013/feb/19/security/" - ], - "PublishedDate": "2013-04-03T00:55:00Z", - "LastModifiedDate": "2013-05-15T03:35:00Z" - }, - { - "VulnerabilityID": "CVE-2013-7040", - "PkgName": "python", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-7040", - "Title": "python: hash secret can be recovered remotely", - "Description": "Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://bugs.python.org/issue14621", - "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", - "http://www.openwall.com/lists/oss-security/2013/12/09/13", - "http://www.openwall.com/lists/oss-security/2013/12/09/3", - "http://www.securityfocus.com/bid/64194", - "https://support.apple.com/kb/HT205031" - ], - "PublishedDate": "2014-05-19T14:55:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9365", - "PkgName": "python", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9365", - "Title": "python: failure to validate certificates in the HTTP client with TLS (PEP 476)", - "Description": "The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 5.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V2Score": 5.8, - "V3Score": 4.7 - } - }, - "References": [ - "http://bugs.python.org/issue22417", - "http://linux.oracle.com/cve/CVE-2014-9365.html", - "http://linux.oracle.com/errata/ELSA-2017-1868.html", - "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", - "http://seclists.org/oss-sec/2014/q4/1022", - "http://www.openwall.com/lists/oss-security/2014/12/11/1", - "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", - "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "http://www.securityfocus.com/bid/71639", - "https://access.redhat.com/errata/RHSA-2016:1166", - "https://access.redhat.com/errata/RHSA-2017:1162", - "https://access.redhat.com/errata/RHSA-2017:1868", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9365", - "https://security.gentoo.org/glsa/201503-10", - "https://support.apple.com/kb/HT205031", - "https://www.python.org/dev/peps/pep-0476/", - "https://www.python.org/downloads/release/python-279/" - ], - "PublishedDate": "2014-12-12T11:59:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2017-1000158", - "PkgName": "python", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000158", - "Title": "python: Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow", - "Description": "CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://python-security.readthedocs.io/vuln/cve-2017-1000158_pystring_decodeescape_integer_overflow.html", - "http://www.securitytracker.com/id/1039890", - "https://bugs.python.org/issue30657", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000158", - "https://github.com/python/cpython/commit/c3c9db89273fabc62ea1b48389d9a3000c1c03ae", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00035.html", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00036.html", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html", - "https://security.gentoo.org/glsa/201805-02", - "https://usn.ubuntu.com/usn/usn-3496-1", - "https://usn.ubuntu.com/usn/usn-3496-2", - "https://usn.ubuntu.com/usn/usn-3496-3", - "https://www.debian.org/security/2018/dsa-4307" - ], - "PublishedDate": "2017-11-17T05:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1061", - "PkgName": "python", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1061", - "Title": "python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib", - "Description": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-1061.html", - "http://linux.oracle.com/errata/ELSA-2018-3041.html", - "http://www.securitytracker.com/id/1042001", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3041", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://bugs.python.org/issue32981", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1061", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1061", - "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1", - "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-final", - "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", - "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03951en_us", - "https://usn.ubuntu.com/3817-1/", - "https://usn.ubuntu.com/3817-2/", - "https://usn.ubuntu.com/usn/usn-3817-1", - "https://usn.ubuntu.com/usn/usn-3817-2", - "https://www.debian.org/security/2018/dsa-4306", - "https://www.debian.org/security/2018/dsa-4307" - ], - "PublishedDate": "2018-06-19T12:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-14647", - "PkgName": "python", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14647", - "Title": "python: Missing salt initialization in _elementtree.c module", - "Description": "Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. Python 3.8, 3.7, 3.6, 3.5, 3.4, 2.7 are believed to be vulnerable.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-909" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-14647.html", - "http://linux.oracle.com/errata/ELSA-2019-2030.html", - "http://www.securityfocus.com/bid/105396", - "http://www.securitytracker.com/id/1041740", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://access.redhat.com/errata/RHSA-2019:2030", - "https://bugs.python.org/issue34623", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14647", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14647", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBJCB2HWOJLP3L7CUQHJHNBHLSVOXJE5/", - "https://usn.ubuntu.com/3817-1/", - "https://usn.ubuntu.com/3817-2/", - "https://usn.ubuntu.com/usn/usn-3817-1", - "https://usn.ubuntu.com/usn/usn-3817-2", - "https://www.debian.org/security/2018/dsa-4306", - "https://www.debian.org/security/2018/dsa-4307" - ], - "PublishedDate": "2018-09-25T00:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9740", - "PkgName": "python", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9740", - "Title": "python: CRLF injection via the query part of the url passed to urlopen()", - "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-93" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V2Score": 4.3, - "V3Score": 6.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9740.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "http://www.securityfocus.com/bid/107466", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://bugs.python.org/issue36276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://python-security.readthedocs.io/vuln/http-header-injection2.html", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-13T03:29:00Z", - "LastModifiedDate": "2019-05-28T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9947", - "PkgName": "python", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9947", - "Title": "python: CRLF injection via the path part of the url passed to urlopen()", - "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-93" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V2Score": 4.3, - "V3Score": 6.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9947.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://bugs.python.org/issue35906", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9947", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://python-security.readthedocs.io/vuln/http-header-injection2.html", - "https://security.netapp.com/advisory/ntap-20190404-0004/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-23T18:29:00Z", - "LastModifiedDate": "2019-05-28T19:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9948", - "PkgName": "python", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9948", - "Title": "python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms", - "Description": "urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", - "V3Score": 7.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9948.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", - "http://www.securityfocus.com/bid/107549", - "https://bugs.python.org/issue35907", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948", - "https://github.com/python/cpython/pull/11842", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", - "https://security.netapp.com/advisory/ntap-20190404-0004/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-23T18:29:00Z", - "LastModifiedDate": "2019-06-19T02:15:00Z" - }, - { - "VulnerabilityID": "CVE-2010-3492", - "PkgName": "python", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-3492", - "Title": "python accept() implementation in async core is broken", - "Description": "The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://bugs.python.org/issue6706", - "http://www.mandriva.com/security/advisories?name=MDVSA-2010:215", - "http://www.mandriva.com/security/advisories?name=MDVSA-2010:216", - "http://www.openwall.com/lists/oss-security/2010/09/09/6", - "http://www.openwall.com/lists/oss-security/2010/09/11/2", - "http://www.openwall.com/lists/oss-security/2010/09/22/3", - "http://www.openwall.com/lists/oss-security/2010/09/24/3", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3492", - "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12111" - ], - "PublishedDate": "2010-10-19T20:00:00Z", - "LastModifiedDate": "2019-10-29T00:56:00Z" - }, - { - "VulnerabilityID": "CVE-2016-5636", - "PkgName": "python", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5636", - "Title": "python: Heap overflow in zipimporter module", - "Description": "Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 10, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4.4, - "V3Score": 4.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-5636.html", - "http://linux.oracle.com/errata/ELSA-2016-2586.html", - "http://rhn.redhat.com/errata/RHSA-2016-2586.html", - "http://www.openwall.com/lists/oss-security/2016/06/15/15", - "http://www.openwall.com/lists/oss-security/2016/06/16/1", - "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", - "http://www.securityfocus.com/bid/91247", - "http://www.securitytracker.com/id/1038138", - "http://www.splunk.com/view/SP-CAAAPSV", - "http://www.splunk.com/view/SP-CAAAPUE", - "https://bugs.python.org/issue26171", - "https://bugs.python.org/msg278228", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5636", - "https://docs.python.org/3.4/whatsnew/changelog.html#python-3-4-5", - "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-2", - "https://hg.python.org/cpython/raw-file/v2.7.12/Misc/NEWS", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html", - "https://security.gentoo.org/glsa/201701-18", - "https://usn.ubuntu.com/usn/usn-3134-1" - ], - "PublishedDate": "2016-09-02T14:59:00Z", - "LastModifiedDate": "2019-02-09T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1000030", - "PkgName": "python", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000030", - "Title": "python: Heap-Buffer-Overflow and Heap-Use-After-Free in Objects/fileobject.c", - "Description": "Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3-\u003eMalloc-\u003eThread1-\u003eFree's-\u003eThread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119", - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "https://bugs.python.org/issue31530", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000030", - "https://drive.google.com/file/d/1oyR9DAZjZK_SCn3mor6NRAYLJS6ueXaY/view", - "https://security.gentoo.org/glsa/201811-02", - "https://usn.ubuntu.com/3817-1/", - "https://usn.ubuntu.com/3817-2/", - "https://usn.ubuntu.com/usn/usn-3817-1", - "https://usn.ubuntu.com/usn/usn-3817-2", - "https://www.dropbox.com/sh/sj3ee7xv55j36k7/AADwP-YfOYikBMuy32e0uvPFa?dl=0" - ], - "PublishedDate": "2018-02-08T17:29:00Z", - "LastModifiedDate": "2019-10-09T23:32:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1060", - "PkgName": "python", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1060", - "Title": "python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib", - "Description": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-1060.html", - "http://linux.oracle.com/errata/ELSA-2018-3041.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html", - "http://www.securitytracker.com/id/1042001", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3041", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://access.redhat.com/errata/RHSA-2019:3725", - "https://bugs.python.org/issue32981", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1060", - "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1", - "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-final", - "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", - "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03951en_us", - "https://usn.ubuntu.com/3817-1/", - "https://usn.ubuntu.com/3817-2/", - "https://usn.ubuntu.com/usn/usn-3817-1", - "https://usn.ubuntu.com/usn/usn-3817-2", - "https://www.debian.org/security/2018/dsa-4306", - "https://www.debian.org/security/2018/dsa-4307", - "https://www.oracle.com/security-alerts/cpujan2020.html" - ], - "PublishedDate": "2018-06-18T14:29:00Z", - "LastModifiedDate": "2020-01-15T20:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9674", - "PkgName": "python", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9674", - "Title": "python: Nested zip file (Zip bomb) vulnerability in Lib/zipfile.py", - "Description": "Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.", - "Severity": "LOW", - "CweIDs": [ - "CWE-400" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://bugs.python.org/issue36260", - "https://bugs.python.org/issue36462", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9674", - "https://github.com/python/cpython/blob/master/Lib/zipfile.py", - "https://github.com/python/cpython/commit/3ba51d587f6897a45301ce9126300c14fcd4eba2", - "https://python-security.readthedocs.io/security.html#archives-and-zip-bomb", - "https://security.netapp.com/advisory/ntap-20200221-0003/", - "https://www.python.org/news/security/" - ], - "PublishedDate": "2020-02-04T15:15:00Z", - "LastModifiedDate": "2020-02-24T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9636", - "PkgName": "python-libs", - "InstalledVersion": "2.6.6-66.el6_8", - "FixedVersion": "2.6.6-68.el6_10", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9636", - "Title": "python: Information Disclosure due to urlsplit improper NFKC normalization", - "Description": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 9.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9636.html", - "http://linux.oracle.com/errata/ELSA-2019-1467.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", - "http://www.securityfocus.com/bid/107400", - "https://access.redhat.com/errata/RHBA-2019:0959", - "https://access.redhat.com/errata/RHSA-2019:0710", - "https://access.redhat.com/errata/RHSA-2019:0765", - "https://access.redhat.com/errata/RHSA-2019:0806", - "https://access.redhat.com/errata/RHSA-2019:0902", - "https://access.redhat.com/errata/RHSA-2019:0981", - "https://access.redhat.com/errata/RHSA-2019:0997", - "https://access.redhat.com/errata/RHSA-2019:1467", - "https://bugs.python.org/issue36216", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636", - "https://github.com/python/cpython/pull/12201", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/", - "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html", - "https://security.netapp.com/advisory/ntap-20190517-0001/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-08T21:29:00Z", - "LastModifiedDate": "2019-06-13T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2013-1664", - "PkgName": "python-libs", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-1664", - "Title": "Python xml bindings: Internal entity expansion in Python XML libraries inflicts DoS vulnerabilities", - "Description": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html", - "http://bugs.python.org/issue17239", - "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html", - "http://rhn.redhat.com/errata/RHSA-2013-0657.html", - "http://rhn.redhat.com/errata/RHSA-2013-0658.html", - "http://rhn.redhat.com/errata/RHSA-2013-0670.html", - "http://ubuntu.com/usn/usn-1757-1", - "http://www.openwall.com/lists/oss-security/2013/02/19/2", - "http://www.openwall.com/lists/oss-security/2013/02/19/4", - "https://bugs.launchpad.net/nova/+bug/1100282", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1664", - "https://usn.ubuntu.com/usn/usn-1730-1", - "https://usn.ubuntu.com/usn/usn-1731-1", - "https://usn.ubuntu.com/usn/usn-1734-1", - "https://usn.ubuntu.com/usn/usn-1757-1", - "https://www.djangoproject.com/weblog/2013/feb/19/security/" - ], - "PublishedDate": "2013-04-03T00:55:00Z", - "LastModifiedDate": "2013-05-15T03:35:00Z" - }, - { - "VulnerabilityID": "CVE-2013-1665", - "PkgName": "python-libs", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-1665", - "Title": "Python xml bindings: External entity expansion in Python XML libraries inflicts potential security flaws and DoS vulnerabilities", - "Description": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - } - }, - "References": [ - "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html", - "http://bugs.python.org/issue17239", - "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html", - "http://rhn.redhat.com/errata/RHSA-2013-0657.html", - "http://rhn.redhat.com/errata/RHSA-2013-0658.html", - "http://rhn.redhat.com/errata/RHSA-2013-0670.html", - "http://ubuntu.com/usn/usn-1757-1", - "http://www.debian.org/security/2013/dsa-2634", - "http://www.openwall.com/lists/oss-security/2013/02/19/2", - "http://www.openwall.com/lists/oss-security/2013/02/19/4", - "https://bugs.launchpad.net/keystone/+bug/1100279", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1665", - "https://usn.ubuntu.com/usn/usn-1730-1", - "https://usn.ubuntu.com/usn/usn-1757-1", - "https://www.djangoproject.com/weblog/2013/feb/19/security/" - ], - "PublishedDate": "2013-04-03T00:55:00Z", - "LastModifiedDate": "2013-05-15T03:35:00Z" - }, - { - "VulnerabilityID": "CVE-2013-7040", - "PkgName": "python-libs", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-7040", - "Title": "python: hash secret can be recovered remotely", - "Description": "Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://bugs.python.org/issue14621", - "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", - "http://www.openwall.com/lists/oss-security/2013/12/09/13", - "http://www.openwall.com/lists/oss-security/2013/12/09/3", - "http://www.securityfocus.com/bid/64194", - "https://support.apple.com/kb/HT205031" - ], - "PublishedDate": "2014-05-19T14:55:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9365", - "PkgName": "python-libs", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9365", - "Title": "python: failure to validate certificates in the HTTP client with TLS (PEP 476)", - "Description": "The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 5.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V2Score": 5.8, - "V3Score": 4.7 - } - }, - "References": [ - "http://bugs.python.org/issue22417", - "http://linux.oracle.com/cve/CVE-2014-9365.html", - "http://linux.oracle.com/errata/ELSA-2017-1868.html", - "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", - "http://seclists.org/oss-sec/2014/q4/1022", - "http://www.openwall.com/lists/oss-security/2014/12/11/1", - "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", - "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "http://www.securityfocus.com/bid/71639", - "https://access.redhat.com/errata/RHSA-2016:1166", - "https://access.redhat.com/errata/RHSA-2017:1162", - "https://access.redhat.com/errata/RHSA-2017:1868", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9365", - "https://security.gentoo.org/glsa/201503-10", - "https://support.apple.com/kb/HT205031", - "https://www.python.org/dev/peps/pep-0476/", - "https://www.python.org/downloads/release/python-279/" - ], - "PublishedDate": "2014-12-12T11:59:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2017-1000158", - "PkgName": "python-libs", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000158", - "Title": "python: Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow", - "Description": "CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://python-security.readthedocs.io/vuln/cve-2017-1000158_pystring_decodeescape_integer_overflow.html", - "http://www.securitytracker.com/id/1039890", - "https://bugs.python.org/issue30657", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000158", - "https://github.com/python/cpython/commit/c3c9db89273fabc62ea1b48389d9a3000c1c03ae", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00035.html", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00036.html", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html", - "https://security.gentoo.org/glsa/201805-02", - "https://usn.ubuntu.com/usn/usn-3496-1", - "https://usn.ubuntu.com/usn/usn-3496-2", - "https://usn.ubuntu.com/usn/usn-3496-3", - "https://www.debian.org/security/2018/dsa-4307" - ], - "PublishedDate": "2017-11-17T05:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1061", - "PkgName": "python-libs", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1061", - "Title": "python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib", - "Description": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-1061.html", - "http://linux.oracle.com/errata/ELSA-2018-3041.html", - "http://www.securitytracker.com/id/1042001", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3041", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://bugs.python.org/issue32981", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1061", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1061", - "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1", - "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-final", - "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", - "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03951en_us", - "https://usn.ubuntu.com/3817-1/", - "https://usn.ubuntu.com/3817-2/", - "https://usn.ubuntu.com/usn/usn-3817-1", - "https://usn.ubuntu.com/usn/usn-3817-2", - "https://www.debian.org/security/2018/dsa-4306", - "https://www.debian.org/security/2018/dsa-4307" - ], - "PublishedDate": "2018-06-19T12:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-14647", - "PkgName": "python-libs", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14647", - "Title": "python: Missing salt initialization in _elementtree.c module", - "Description": "Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. Python 3.8, 3.7, 3.6, 3.5, 3.4, 2.7 are believed to be vulnerable.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-909" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-14647.html", - "http://linux.oracle.com/errata/ELSA-2019-2030.html", - "http://www.securityfocus.com/bid/105396", - "http://www.securitytracker.com/id/1041740", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://access.redhat.com/errata/RHSA-2019:2030", - "https://bugs.python.org/issue34623", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14647", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14647", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBJCB2HWOJLP3L7CUQHJHNBHLSVOXJE5/", - "https://usn.ubuntu.com/3817-1/", - "https://usn.ubuntu.com/3817-2/", - "https://usn.ubuntu.com/usn/usn-3817-1", - "https://usn.ubuntu.com/usn/usn-3817-2", - "https://www.debian.org/security/2018/dsa-4306", - "https://www.debian.org/security/2018/dsa-4307" - ], - "PublishedDate": "2018-09-25T00:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9740", - "PkgName": "python-libs", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9740", - "Title": "python: CRLF injection via the query part of the url passed to urlopen()", - "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-93" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V2Score": 4.3, - "V3Score": 6.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9740.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "http://www.securityfocus.com/bid/107466", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://bugs.python.org/issue36276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://python-security.readthedocs.io/vuln/http-header-injection2.html", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-13T03:29:00Z", - "LastModifiedDate": "2019-05-28T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9947", - "PkgName": "python-libs", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9947", - "Title": "python: CRLF injection via the path part of the url passed to urlopen()", - "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-93" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V2Score": 4.3, - "V3Score": 6.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9947.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://bugs.python.org/issue35906", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9947", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://python-security.readthedocs.io/vuln/http-header-injection2.html", - "https://security.netapp.com/advisory/ntap-20190404-0004/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-23T18:29:00Z", - "LastModifiedDate": "2019-05-28T19:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9948", - "PkgName": "python-libs", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9948", - "Title": "python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms", - "Description": "urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", - "V3Score": 7.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9948.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", - "http://www.securityfocus.com/bid/107549", - "https://bugs.python.org/issue35907", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948", - "https://github.com/python/cpython/pull/11842", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", - "https://security.netapp.com/advisory/ntap-20190404-0004/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-23T18:29:00Z", - "LastModifiedDate": "2019-06-19T02:15:00Z" - }, - { - "VulnerabilityID": "CVE-2010-3492", - "PkgName": "python-libs", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-3492", - "Title": "python accept() implementation in async core is broken", - "Description": "The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://bugs.python.org/issue6706", - "http://www.mandriva.com/security/advisories?name=MDVSA-2010:215", - "http://www.mandriva.com/security/advisories?name=MDVSA-2010:216", - "http://www.openwall.com/lists/oss-security/2010/09/09/6", - "http://www.openwall.com/lists/oss-security/2010/09/11/2", - "http://www.openwall.com/lists/oss-security/2010/09/22/3", - "http://www.openwall.com/lists/oss-security/2010/09/24/3", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3492", - "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12111" - ], - "PublishedDate": "2010-10-19T20:00:00Z", - "LastModifiedDate": "2019-10-29T00:56:00Z" - }, - { - "VulnerabilityID": "CVE-2016-5636", - "PkgName": "python-libs", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5636", - "Title": "python: Heap overflow in zipimporter module", - "Description": "Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 10, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4.4, - "V3Score": 4.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-5636.html", - "http://linux.oracle.com/errata/ELSA-2016-2586.html", - "http://rhn.redhat.com/errata/RHSA-2016-2586.html", - "http://www.openwall.com/lists/oss-security/2016/06/15/15", - "http://www.openwall.com/lists/oss-security/2016/06/16/1", - "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", - "http://www.securityfocus.com/bid/91247", - "http://www.securitytracker.com/id/1038138", - "http://www.splunk.com/view/SP-CAAAPSV", - "http://www.splunk.com/view/SP-CAAAPUE", - "https://bugs.python.org/issue26171", - "https://bugs.python.org/msg278228", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5636", - "https://docs.python.org/3.4/whatsnew/changelog.html#python-3-4-5", - "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-2", - "https://hg.python.org/cpython/raw-file/v2.7.12/Misc/NEWS", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html", - "https://security.gentoo.org/glsa/201701-18", - "https://usn.ubuntu.com/usn/usn-3134-1" - ], - "PublishedDate": "2016-09-02T14:59:00Z", - "LastModifiedDate": "2019-02-09T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1000030", - "PkgName": "python-libs", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000030", - "Title": "python: Heap-Buffer-Overflow and Heap-Use-After-Free in Objects/fileobject.c", - "Description": "Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3-\u003eMalloc-\u003eThread1-\u003eFree's-\u003eThread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119", - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "https://bugs.python.org/issue31530", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000030", - "https://drive.google.com/file/d/1oyR9DAZjZK_SCn3mor6NRAYLJS6ueXaY/view", - "https://security.gentoo.org/glsa/201811-02", - "https://usn.ubuntu.com/3817-1/", - "https://usn.ubuntu.com/3817-2/", - "https://usn.ubuntu.com/usn/usn-3817-1", - "https://usn.ubuntu.com/usn/usn-3817-2", - "https://www.dropbox.com/sh/sj3ee7xv55j36k7/AADwP-YfOYikBMuy32e0uvPFa?dl=0" - ], - "PublishedDate": "2018-02-08T17:29:00Z", - "LastModifiedDate": "2019-10-09T23:32:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1060", - "PkgName": "python-libs", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1060", - "Title": "python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib", - "Description": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-1060.html", - "http://linux.oracle.com/errata/ELSA-2018-3041.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html", - "http://www.securitytracker.com/id/1042001", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3041", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://access.redhat.com/errata/RHSA-2019:3725", - "https://bugs.python.org/issue32981", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1060", - "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1", - "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-final", - "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", - "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03951en_us", - "https://usn.ubuntu.com/3817-1/", - "https://usn.ubuntu.com/3817-2/", - "https://usn.ubuntu.com/usn/usn-3817-1", - "https://usn.ubuntu.com/usn/usn-3817-2", - "https://www.debian.org/security/2018/dsa-4306", - "https://www.debian.org/security/2018/dsa-4307", - "https://www.oracle.com/security-alerts/cpujan2020.html" - ], - "PublishedDate": "2018-06-18T14:29:00Z", - "LastModifiedDate": "2020-01-15T20:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9674", - "PkgName": "python-libs", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9674", - "Title": "python: Nested zip file (Zip bomb) vulnerability in Lib/zipfile.py", - "Description": "Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.", - "Severity": "LOW", - "CweIDs": [ - "CWE-400" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://bugs.python.org/issue36260", - "https://bugs.python.org/issue36462", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9674", - "https://github.com/python/cpython/blob/master/Lib/zipfile.py", - "https://github.com/python/cpython/commit/3ba51d587f6897a45301ce9126300c14fcd4eba2", - "https://python-security.readthedocs.io/security.html#archives-and-zip-bomb", - "https://security.netapp.com/advisory/ntap-20200221-0003/", - "https://www.python.org/news/security/" - ], - "PublishedDate": "2020-02-04T15:15:00Z", - "LastModifiedDate": "2020-02-24T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2014-2524", - "PkgName": "readline", - "InstalledVersion": "6.0-4.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-2524", - "Title": "readline: insecure temporary file use in _rl_tropen()", - "Description": "The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", - "V2Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0319.html", - "http://lists.gnu.org/archive/html/bug-readline/2014-03/msg00057.html", - "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.html", - "http://seclists.org/oss-sec/2014/q1/579", - "http://seclists.org/oss-sec/2014/q1/587", - "http://www.mandriva.com/security/advisories?name=MDVSA-2014:154", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:132", - "https://bugzilla.redhat.com/show_bug.cgi?id=1077023", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2524", - "https://lists.fedoraproject.org/pipermail/package-announce/2014-July/135686.html" - ], - "PublishedDate": "2014-08-20T14:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-7091", - "PkgName": "readline", - "InstalledVersion": "6.0-4.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-7091", - "Title": "sudo: Possible info leak via INPUTRC", - "Description": "sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.9, - "V3Score": 4.4 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N", - "V2Score": 3.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-7091.html", - "http://linux.oracle.com/errata/ELSA-2016-2593.html", - "http://www.securityfocus.com/bid/92615", - "https://lists.gnu.org/archive/html/bug-readline/2016-05/msg00009.html", - "https://rhn.redhat.com/errata/RHSA-2016-2593.html" - ], - "PublishedDate": "2016-12-22T21:59:00Z", - "LastModifiedDate": "2016-12-23T18:17:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7500", - "PkgName": "rpm", - "InstalledVersion": "4.8.0-59.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7500", - "Title": "rpm: Following symlinks to directories when installing packages allows privilege escalation", - "Description": "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1450369", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7500", - "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9", - "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79" - ], - "PublishedDate": "2018-08-13T17:29:00Z", - "LastModifiedDate": "2019-10-09T23:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7501", - "PkgName": "rpm", - "InstalledVersion": "4.8.0-59.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7501", - "Title": "rpm: Following symlinks to files when installing packages allows privilege escalation", - "Description": "It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1452133", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7501", - "https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc", - "https://security.gentoo.org/glsa/201811-22" - ], - "PublishedDate": "2017-11-22T22:29:00Z", - "LastModifiedDate": "2018-11-29T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7500", - "PkgName": "rpm-libs", - "InstalledVersion": "4.8.0-59.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7500", - "Title": "rpm: Following symlinks to directories when installing packages allows privilege escalation", - "Description": "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1450369", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7500", - "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9", - "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79" - ], - "PublishedDate": "2018-08-13T17:29:00Z", - "LastModifiedDate": "2019-10-09T23:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7501", - "PkgName": "rpm-libs", - "InstalledVersion": "4.8.0-59.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7501", - "Title": "rpm: Following symlinks to files when installing packages allows privilege escalation", - "Description": "It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1452133", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7501", - "https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc", - "https://security.gentoo.org/glsa/201811-22" - ], - "PublishedDate": "2017-11-22T22:29:00Z", - "LastModifiedDate": "2018-11-29T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7500", - "PkgName": "rpm-python", - "InstalledVersion": "4.8.0-59.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7500", - "Title": "rpm: Following symlinks to directories when installing packages allows privilege escalation", - "Description": "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1450369", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7500", - "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9", - "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79" - ], - "PublishedDate": "2018-08-13T17:29:00Z", - "LastModifiedDate": "2019-10-09T23:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7501", - "PkgName": "rpm-python", - "InstalledVersion": "4.8.0-59.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7501", - "Title": "rpm: Following symlinks to files when installing packages allows privilege escalation", - "Description": "It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1452133", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7501", - "https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc", - "https://security.gentoo.org/glsa/201811-22" - ], - "PublishedDate": "2017-11-22T22:29:00Z", - "LastModifiedDate": "2018-11-29T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1113", - "PkgName": "setup", - "InstalledVersion": "2.8.14-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1113", - "Title": "setup: nologin listed in /etc/shells violates security expectations", - "Description": "setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system.", - "Severity": "LOW", - "CweIDs": [ - "CWE-732" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4.6, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 4.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-1113.html", - "http://linux.oracle.com/errata/ELSA-2018-3249.html", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3249", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1113" - ], - "PublishedDate": "2018-07-03T01:29:00Z", - "LastModifiedDate": "2019-10-09T23:38:00Z" - }, - { - "VulnerabilityID": "CVE-2013-4235", - "PkgName": "shadow-utils", - "InstalledVersion": "2:4.1.5.1-5.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4235", - "Title": "shadow-utils: TOCTOU race conditions by copying and removing directory trees", - "Description": "shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees", - "Severity": "LOW", - "CweIDs": [ - "CWE-367" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", - "V2Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 3.7, - "V3Score": 6.7 - } - }, - "References": [ - "https://access.redhat.com/security/cve/cve-2013-4235", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4235", - "https://security-tracker.debian.org/tracker/CVE-2013-4235" - ], - "PublishedDate": "2019-12-03T15:15:00Z", - "LastModifiedDate": "2019-12-13T15:30:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7000", - "PkgName": "sqlite", - "InstalledVersion": "3.6.20-1.el6_7.2", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7000", - "Title": "chromium-browser: pointer disclosure in sqlite", - "Description": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the \"SQLite\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98767", - "http://www.securityfocus.com/bid/99950", - "https://access.redhat.com/errata/RHSA-2017:1833", - "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7000", - "https://security.gentoo.org/glsa/201709-15", - "https://support.apple.com/HT207797", - "https://support.apple.com/HT207798", - "https://www.debian.org/security/2017/dsa-3926", - "https://www.sqlite.org/bindptr.html" - ], - "PublishedDate": "2018-04-03T06:29:00Z", - "LastModifiedDate": "2018-04-27T18:00:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6153", - "PkgName": "sqlite", - "InstalledVersion": "3.6.20-1.el6_7.2", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6153", - "Title": "sqlite: Tempdir selection vulnerability", - "Description": "os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4.6, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", - "V2Score": 1.2, - "V3Score": 2.2 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00053.html", - "http://www.openwall.com/lists/oss-security/2016/07/01/1", - "http://www.openwall.com/lists/oss-security/2016/07/01/2", - "http://www.securityfocus.com/bid/91546", - "http://www.sqlite.org/cgi/src/info/67985761aa93fb61", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6153", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IGQTH7V45QVHFDXJAEECHEO3HHD644WZ/", - "https://usn.ubuntu.com/usn/usn-4019-1", - "https://usn.ubuntu.com/usn/usn-4019-2", - "https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt", - "https://www.sqlite.org/releaselog/3_13_0.html", - "https://www.tenable.com/security/tns-2016-20" - ], - "PublishedDate": "2016-09-26T16:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10989", - "PkgName": "sqlite", - "InstalledVersion": "3.6.20-1.el6_7.2", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10989", - "Title": "sqlite: Heap-buffer overflow in the getNodeSize function", - "Description": "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html", - "http://marc.info/?l=sqlite-users\u0026m=149933696214713\u0026w=2", - "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "http://www.securityfocus.com/bid/99502", - "http://www.securitytracker.com/id/1039427", - "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405", - "https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10989", - "https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html", - "https://sqlite.org/src/info/66de6f4a", - "https://sqlite.org/src/vpatch?from=0db20efe201736b3\u0026to=66de6f4a9504ec26", - "https://support.apple.com/HT208112", - "https://support.apple.com/HT208113", - "https://support.apple.com/HT208115", - "https://support.apple.com/HT208144", - "https://usn.ubuntu.com/4019-1/", - "https://usn.ubuntu.com/4019-2/", - "https://usn.ubuntu.com/usn/usn-4019-1", - "https://usn.ubuntu.com/usn/usn-4019-2" - ], - "PublishedDate": "2017-07-07T12:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13685", - "PkgName": "sqlite", - "InstalledVersion": "3.6.20-1.el6_7.2", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13685", - "Title": "sqlite: Local DoS via dump_callback function", - "Description": "The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html", - "http://www.securityfocus.com/bid/100521", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13685", - "https://usn.ubuntu.com/usn/usn-4019-1", - "https://usn.ubuntu.com/usn/usn-4019-2" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2017-08-31T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15286", - "PkgName": "sqlite", - "InstalledVersion": "3.6.20-1.el6_7.2", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15286", - "Title": "sqlite: NULL pointer dereference in tableColumnList", - "Description": "SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never initialized.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101285", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15286", - "https://github.com/Ha0Team/crash-of-sqlite3/blob/master/poc.md" - ], - "PublishedDate": "2017-10-12T08:29:00Z", - "LastModifiedDate": "2017-10-27T14:18:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6321", - "PkgName": "tar", - "InstalledVersion": "2:1.23-15.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6321", - "Title": "tar: Bypassing the extract path name", - "Description": "Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-22" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 5.1 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d", - "http://lists.gnu.org/archive/html/bug-tar/2016-10/msg00016.html", - "http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html", - "http://seclists.org/fulldisclosure/2016/Oct/102", - "http://seclists.org/fulldisclosure/2016/Oct/96", - "http://www.debian.org/security/2016/dsa-3702", - "http://www.securityfocus.com/bid/93937", - "http://www.ubuntu.com/usn/USN-3132-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6321", - "https://security.gentoo.org/glsa/201611-19", - "https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt", - "https://sintonen.fi/advisories/tar-extract-pathname-bypass.txt", - "https://usn.ubuntu.com/usn/usn-3132-1" - ], - "PublishedDate": "2016-12-09T22:59:00Z", - "LastModifiedDate": "2017-07-01T01:30:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20482", - "PkgName": "tar", - "InstalledVersion": "2:1.23-15.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20482", - "Title": "tar: Infinite read loop in sparse_dump_region function in sparse.c", - "Description": "GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42ccd1e2377945fd0414eca1a49294bff454", - "http://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html", - "http://www.securityfocus.com/bid/106354", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20482", - "https://lists.debian.org/debian-lts-announce/2018/12/msg00023.html", - "https://news.ycombinator.com/item?id=18745431", - "https://security.gentoo.org/glsa/201903-05", - "https://twitter.com/thatcks/status/1076166645708668928", - "https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug" - ], - "PublishedDate": "2018-12-26T18:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9923", - "PkgName": "tar", - "InstalledVersion": "2:1.23-15.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9923", - "Title": "tar: null-pointer dereference in pax_decode_header in sparse.c", - "Description": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html", - "http://savannah.gnu.org/bugs/?55369", - "https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241" - ], - "PublishedDate": "2019-03-22T08:29:00Z", - "LastModifiedDate": "2019-04-24T19:02:00Z" - }, - { - "VulnerabilityID": "CVE-2019-12735", - "PkgName": "vim-minimal", - "InstalledVersion": "2:7.4.629-5.el6_8.1", - "FixedVersion": "2:7.4.629-5.el6_10.2", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12735", - "Title": "vim/neovim: ':source!' command allows arbitrary command execution via modelines", - "Description": "getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-78" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 9.3, - "V3Score": 8.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 6.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-12735.html", - "http://linux.oracle.com/errata/ELSA-2019-1774.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00031.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00036.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00037.html", - "http://www.securityfocus.com/bid/108724", - "https://bugs.debian.org/930020", - "https://bugs.debian.org/930024", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12735", - "https://github.com/neovim/neovim/pull/10082", - "https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md", - "https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2BMDSHTF754TITC6AQJPCS5IRIDMMIM7/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRIRBC2YRGKPAWVRMZS4SZTGGCVRVZPR/", - "https://usn.ubuntu.com/4016-1/", - "https://usn.ubuntu.com/4016-2/", - "https://usn.ubuntu.com/usn/usn-4016-1", - "https://usn.ubuntu.com/usn/usn-4016-2", - "https://www.debian.org/security/2019/dsa-4467" - ], - "PublishedDate": "2019-06-05T14:29:00Z", - "LastModifiedDate": "2019-06-13T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-1000382", - "PkgName": "vim-minimal", - "InstalledVersion": "2:7.4.629-5.el6_8.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000382", - "Title": "vim: Ignores umask when creating a swap file", - "Description": "VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file (\"[ORIGINAL_FILENAME].swp\") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 2.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.5 - } - }, - "References": [ - "http://security.cucumberlinux.com/security/details.php?id=120", - "http://www.openwall.com/lists/oss-security/2017/10/31/1" - ], - "PublishedDate": "2017-10-31T20:29:00Z", - "LastModifiedDate": "2017-11-27T16:24:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11109", - "PkgName": "vim-minimal", - "InstalledVersion": "2:7.4.629-5.el6_8.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11109", - "Title": "vim: Use-after-free via crafted file", - "Description": "Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. NOTE: there might be a limited number of scenarios in which this has security relevance.", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1468492", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11109", - "https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11109.html", - "https://www.mail-archive.com/vim_dev@googlegroups.com/msg45274.html" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2019-08-03T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17087", - "PkgName": "vim-minimal", - "InstalledVersion": "2:7.4.629-5.el6_8.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17087", - "Title": "vim: Sets the group ownership of a .swp file to the editor's primary group", - "Description": "fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 2.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.5 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2017/11/27/2", - "http://security.cucumberlinux.com/security/details.php?id=166", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17087", - "https://github.com/vim/vim/commit/5a73e0ca54c77e067c3b12ea6f35e3e8681e8cf8", - "https://groups.google.com/d/msg/vim_dev/sRT9BtjLWMk/BRtSXNU4BwAJ", - "https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html" - ], - "PublishedDate": "2017-12-01T08:29:00Z", - "LastModifiedDate": "2019-08-03T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2017-5953", - "PkgName": "vim-minimal", - "InstalledVersion": "2:7.4.629-5.el6_8.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-5953", - "Title": "vim: Tree length values not validated properly when handling a spell file", - "Description": "vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.5 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3786", - "http://www.securityfocus.com/bid/96217", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5953", - "https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d", - "https://groups.google.com/forum/#!topic/vim_dev/t-3RSdEnrHY", - "https://security.gentoo.org/glsa/201706-26", - "https://usn.ubuntu.com/4016-1/", - "https://usn.ubuntu.com/usn/usn-4016-1" - ], - "PublishedDate": "2017-02-10T07:59:00Z", - "LastModifiedDate": "2019-06-11T20:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-6350", - "PkgName": "vim-minimal", - "InstalledVersion": "2:7.4.629-5.el6_8.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6350", - "Title": "vim: Integer overflow at an unserialize_uep memory allocation site", - "Description": "An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/96448", - "http://www.securitytracker.com/id/1037949", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6350", - "https://github.com/vim/vim/commit/0c8485f0e4931463c0f7986e1ea84a7d79f10c75", - "https://groups.google.com/forum/#!topic/vim_dev/L_dOHOOiQ5Q", - "https://groups.google.com/forum/#!topic/vim_dev/QPZc0CY9j3Y", - "https://security.gentoo.org/glsa/201706-26" - ], - "PublishedDate": "2017-02-27T07:59:00Z", - "LastModifiedDate": "2018-08-13T21:47:00Z" - }, - { - "VulnerabilityID": "CVE-2015-4035", - "PkgName": "xz-libs", - "InstalledVersion": "4.999.9-0.5.beta.20091007git.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-4035", - "Title": "xzgrep: incorrect parsing of filenames containing a semicolon", - "Description": "scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run xzgrep on a crafted file name.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 4.4 - } - }, - "References": [ - "http://seclists.org/oss-sec/2015/q2/484", - "http://www.openwall.com/lists/oss-security/2015/05/19/13", - "https://bugzilla.redhat.com/show_bug.cgi?id=1223341", - "https://git.tukaani.org/?p=xz.git;a=commitdiff;h=f4b2b52624b802c786e4e2a8eb6895794dd93b24" - ], - "PublishedDate": "2017-07-25T18:29:00Z", - "LastModifiedDate": "2019-04-22T17:48:00Z" + "config": { + "Cmd": [ + "/bin/bash" + ], + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + ], + "Image": "sha256:143abcd43bce45f4fd9ba51c7361051d7ea9e9e1eadb66e5c94a9c1b7754524f", + "Labels": { + "org.label-schema.build-date": "20181006", + "org.label-schema.license": "GPLv2", + "org.label-schema.name": "CentOS Base Image", + "org.label-schema.schema-version": "1.0", + "org.label-schema.vendor": "CentOS" + }, + "ArgsEscaped": true } - ] - } -] \ No newline at end of file + } + }, + "Results": [ + { + "Target": "testdata/fixtures/images/centos-6.tar.gz (centos 6.10)", + "Class": "os-pkgs", + "Type": "centos", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2015-5186", + "PkgName": "audit-libs", + "InstalledVersion": "2.4.5-6.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5186", + "Title": "Audit: log terminal emulator escape sequences handling", + "Description": "Audit before 2.4.4 in Linux does not sanitize escape characters in filenames.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V2Score": 4.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2015/08/13/9", + "http://www.securityfocus.com/bid/76840", + "https://bugzilla.redhat.com/show_bug.cgi?id=1251621", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5186", + "https://people.redhat.com/sgrubb/audit/ChangeLog" + ], + "PublishedDate": "2017-09-06T21:29:00Z", + "LastModifiedDate": "2017-09-13T11:17:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9924", + "PkgName": "bash", + "InstalledVersion": "4.1.2-48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9924", + "Title": "bash: BASH_CMD is writable in restricted bash shells", + "Description": "rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/bash.git/tree/CHANGES?h=bash-4.4-testing#n65", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00049.html", + "https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1803441", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9924", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00028.html", + "https://lists.gnu.org/archive/html/bug-bash/2017-03/msg00077.html", + "https://security.netapp.com/advisory/ntap-20190411-0001/", + "https://usn.ubuntu.com/usn/usn-4058-1", + "https://usn.ubuntu.com/usn/usn-4058-2" + ], + "PublishedDate": "2019-03-22T08:29:00Z", + "LastModifiedDate": "2019-04-11T22:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-5743", + "PkgName": "bind-libs", + "InstalledVersion": "32:9.8.2-0.68.rc1.el6_10.1", + "FixedVersion": "32:9.8.2-0.68.rc1.el6_10.3", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5743", + "Title": "bind: Limiting simultaneous TCP clients is ineffective", + "Description": "By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.6, 9.12.0 -\u003e 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -\u003e 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -\u003e 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", + "V3Score": 8.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-5743.html", + "http://linux.oracle.com/errata/ELSA-2019-1492.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743", + "https://kb.isc.org/docs/cve-2018-5743", + "https://support.f5.com/csp/article/K74009656?utm_source=f5support\u0026amp;utm_medium=RSS", + "https://usn.ubuntu.com/usn/usn-3956-1", + "https://usn.ubuntu.com/usn/usn-3956-2", + "https://www.synology.com/security/advisory/Synology_SA_19_20" + ], + "PublishedDate": "2019-10-09T16:15:00Z", + "LastModifiedDate": "2019-12-18T18:15:00Z" + }, + { + "VulnerabilityID": "CVE-2011-0414", + "PkgName": "bind-libs", + "InstalledVersion": "32:9.8.2-0.68.rc1.el6_10.1", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-0414", + "Title": "bind: named lockup with IXFR or DDNS update and a high query rate", + "Description": "ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative server, allows remote attackers to cause a denial of service (deadlock and daemon hang) by sending a query at the time of (1) an IXFR transfer or (2) a DDNS update.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", + "V2Score": 7.1 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html", + "http://secunia.com/advisories/43439", + "http://secunia.com/advisories/43443", + "http://www.debian.org/security/2011/dsa-2208", + "http://www.isc.org/software/bind/advisories/cve-2011-0414", + "http://www.kb.cert.org/vuls/id/449980", + "http://www.kb.cert.org/vuls/id/559980", + "http://www.securitytracker.com/id?1025110", + "http://www.ubuntu.com/usn/USN-1070-1", + "http://www.vupen.com/english/advisories/2011/0466", + "http://www.vupen.com/english/advisories/2011/0489", + "https://bugzilla.redhat.com/show_bug.cgi?id=679496", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0414" + ], + "PublishedDate": "2011-02-23T19:00:00Z", + "LastModifiedDate": "2018-10-30T16:26:00Z" + }, + { + "VulnerabilityID": "CVE-2018-5741", + "PkgName": "bind-libs", + "InstalledVersion": "32:9.8.2-0.68.rc1.el6_10.1", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5741", + "Title": "bind: Incorrect documentation of krb5-subdomain and ms-subdomain update policies", + "Description": "To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-254" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 4, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-5741.html", + "http://linux.oracle.com/errata/ELSA-2019-2057.html", + "http://www.securityfocus.com/bid/105379", + "http://www.securitytracker.com/id/1041674", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5741", + "https://kb.isc.org/docs/cve-2018-5741", + "https://security.gentoo.org/glsa/201903-13", + "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03927en_us" + ], + "PublishedDate": "2019-01-16T20:29:00Z", + "LastModifiedDate": "2019-07-26T22:15:00Z" + }, + { + "VulnerabilityID": "CVE-2013-5661", + "PkgName": "bind-libs", + "InstalledVersion": "32:9.8.2-0.68.rc1.el6_10.1", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-5661", + "Title": "DNS response rate limiting can simplify cache poisoning attacks", + "Description": "Cache Poisoning issue exists in DNS Response Rate Limiting.", + "Severity": "LOW", + "CweIDs": [ + "CWE-290" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", + "V2Score": 2.6 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", + "V2Score": 2.6 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5661", + "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5661", + "https://security-tracker.debian.org/tracker/CVE-2013-5661" + ], + "PublishedDate": "2019-11-05T19:15:00Z", + "LastModifiedDate": "2019-11-08T19:04:00Z" + }, + { + "VulnerabilityID": "CVE-2016-6170", + "PkgName": "bind-libs", + "InstalledVersion": "32:9.8.2-0.68.rc1.el6_10.1", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6170", + "Title": "bind: Improper restriction of zone size limit", + "Description": "ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4, + "V3Score": 6.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4, + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/07/06/3", + "http://www.securityfocus.com/bid/91611", + "http://www.securitytracker.com/id/1036241", + "https://bugzilla.redhat.com/show_bug.cgi?id=1353563", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6170", + "https://github.com/sischkg/xfer-limit/blob/master/README.md", + "https://kb.isc.org/article/AA-01390", + "https://kb.isc.org/article/AA-01390/0/Operational-Notification%3A-A-party-that-is-allowed-control-over-zone-data-can-overwhelm-a-server-by-transferring-huge-quantities-of-data.html", + "https://kb.isc.org/article/AA-01390/169/CVE-2016-6170", + "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html", + "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015073.html", + "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015075.html", + "https://security.gentoo.org/glsa/201610-07" + ], + "PublishedDate": "2016-07-06T14:59:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-5745", + "PkgName": "bind-libs", + "InstalledVersion": "32:9.8.2-0.68.rc1.el6_10.1", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5745", + "Title": "bind: An assertion failure if a trust anchor rolls over to an unsupported key algorithm when using managed-keys", + "Description": "\"managed-keys\" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. Versions affected: BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.5-P1, 9.12.0 -\u003e 9.12.3-P1, and versions 9.9.3-S1 -\u003e 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -\u003e 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745.", + "Severity": "LOW", + "CweIDs": [ + "CWE-327" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", + "V2Score": 3.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 4.9 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-5745.html", + "http://linux.oracle.com/errata/ELSA-2019-3552.html", + "https://access.redhat.com/errata/RHSA-2019:3552", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5745", + "https://kb.isc.org/docs/cve-2018-5745", + "https://usn.ubuntu.com/usn/usn-3893-1", + "https://usn.ubuntu.com/usn/usn-3893-2" + ], + "PublishedDate": "2019-10-09T16:15:00Z", + "LastModifiedDate": "2019-11-06T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-6465", + "PkgName": "bind-libs", + "InstalledVersion": "32:9.8.2-0.68.rc1.el6_10.1", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-6465", + "Title": "bind: Controls for zone transfers may not be properly applied to DLZs if the zones are writable", + "Description": "Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.5-P2, 9.12.0 -\u003e 9.12.3-P2, and versions 9.9.3-S1 -\u003e 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -\u003e 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465.", + "Severity": "LOW", + "CweIDs": [ + "CWE-732" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-6465.html", + "http://linux.oracle.com/errata/ELSA-2019-3552.html", + "https://access.redhat.com/errata/RHSA-2019:3552", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6465", + "https://kb.isc.org/docs/cve-2019-6465", + "https://usn.ubuntu.com/usn/usn-3893-1", + "https://usn.ubuntu.com/usn/usn-3893-2" + ], + "PublishedDate": "2019-10-09T16:15:00Z", + "LastModifiedDate": "2019-12-16T16:57:00Z" + }, + { + "VulnerabilityID": "CVE-2018-5743", + "PkgName": "bind-utils", + "InstalledVersion": "32:9.8.2-0.68.rc1.el6_10.1", + "FixedVersion": "32:9.8.2-0.68.rc1.el6_10.3", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5743", + "Title": "bind: Limiting simultaneous TCP clients is ineffective", + "Description": "By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.6, 9.12.0 -\u003e 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -\u003e 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -\u003e 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", + "V3Score": 8.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-5743.html", + "http://linux.oracle.com/errata/ELSA-2019-1492.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743", + "https://kb.isc.org/docs/cve-2018-5743", + "https://support.f5.com/csp/article/K74009656?utm_source=f5support\u0026amp;utm_medium=RSS", + "https://usn.ubuntu.com/usn/usn-3956-1", + "https://usn.ubuntu.com/usn/usn-3956-2", + "https://www.synology.com/security/advisory/Synology_SA_19_20" + ], + "PublishedDate": "2019-10-09T16:15:00Z", + "LastModifiedDate": "2019-12-18T18:15:00Z" + }, + { + "VulnerabilityID": "CVE-2011-0414", + "PkgName": "bind-utils", + "InstalledVersion": "32:9.8.2-0.68.rc1.el6_10.1", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-0414", + "Title": "bind: named lockup with IXFR or DDNS update and a high query rate", + "Description": "ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative server, allows remote attackers to cause a denial of service (deadlock and daemon hang) by sending a query at the time of (1) an IXFR transfer or (2) a DDNS update.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", + "V2Score": 7.1 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html", + "http://secunia.com/advisories/43439", + "http://secunia.com/advisories/43443", + "http://www.debian.org/security/2011/dsa-2208", + "http://www.isc.org/software/bind/advisories/cve-2011-0414", + "http://www.kb.cert.org/vuls/id/449980", + "http://www.kb.cert.org/vuls/id/559980", + "http://www.securitytracker.com/id?1025110", + "http://www.ubuntu.com/usn/USN-1070-1", + "http://www.vupen.com/english/advisories/2011/0466", + "http://www.vupen.com/english/advisories/2011/0489", + "https://bugzilla.redhat.com/show_bug.cgi?id=679496", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0414" + ], + "PublishedDate": "2011-02-23T19:00:00Z", + "LastModifiedDate": "2018-10-30T16:26:00Z" + }, + { + "VulnerabilityID": "CVE-2018-5741", + "PkgName": "bind-utils", + "InstalledVersion": "32:9.8.2-0.68.rc1.el6_10.1", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5741", + "Title": "bind: Incorrect documentation of krb5-subdomain and ms-subdomain update policies", + "Description": "To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-254" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 4, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-5741.html", + "http://linux.oracle.com/errata/ELSA-2019-2057.html", + "http://www.securityfocus.com/bid/105379", + "http://www.securitytracker.com/id/1041674", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5741", + "https://kb.isc.org/docs/cve-2018-5741", + "https://security.gentoo.org/glsa/201903-13", + "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03927en_us" + ], + "PublishedDate": "2019-01-16T20:29:00Z", + "LastModifiedDate": "2019-07-26T22:15:00Z" + }, + { + "VulnerabilityID": "CVE-2013-5661", + "PkgName": "bind-utils", + "InstalledVersion": "32:9.8.2-0.68.rc1.el6_10.1", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-5661", + "Title": "DNS response rate limiting can simplify cache poisoning attacks", + "Description": "Cache Poisoning issue exists in DNS Response Rate Limiting.", + "Severity": "LOW", + "CweIDs": [ + "CWE-290" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", + "V2Score": 2.6 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", + "V2Score": 2.6 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5661", + "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5661", + "https://security-tracker.debian.org/tracker/CVE-2013-5661" + ], + "PublishedDate": "2019-11-05T19:15:00Z", + "LastModifiedDate": "2019-11-08T19:04:00Z" + }, + { + "VulnerabilityID": "CVE-2016-6170", + "PkgName": "bind-utils", + "InstalledVersion": "32:9.8.2-0.68.rc1.el6_10.1", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6170", + "Title": "bind: Improper restriction of zone size limit", + "Description": "ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4, + "V3Score": 6.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4, + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/07/06/3", + "http://www.securityfocus.com/bid/91611", + "http://www.securitytracker.com/id/1036241", + "https://bugzilla.redhat.com/show_bug.cgi?id=1353563", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6170", + "https://github.com/sischkg/xfer-limit/blob/master/README.md", + "https://kb.isc.org/article/AA-01390", + "https://kb.isc.org/article/AA-01390/0/Operational-Notification%3A-A-party-that-is-allowed-control-over-zone-data-can-overwhelm-a-server-by-transferring-huge-quantities-of-data.html", + "https://kb.isc.org/article/AA-01390/169/CVE-2016-6170", + "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html", + "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015073.html", + "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015075.html", + "https://security.gentoo.org/glsa/201610-07" + ], + "PublishedDate": "2016-07-06T14:59:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-5745", + "PkgName": "bind-utils", + "InstalledVersion": "32:9.8.2-0.68.rc1.el6_10.1", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5745", + "Title": "bind: An assertion failure if a trust anchor rolls over to an unsupported key algorithm when using managed-keys", + "Description": "\"managed-keys\" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. Versions affected: BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.5-P1, 9.12.0 -\u003e 9.12.3-P1, and versions 9.9.3-S1 -\u003e 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -\u003e 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745.", + "Severity": "LOW", + "CweIDs": [ + "CWE-327" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", + "V2Score": 3.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 4.9 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-5745.html", + "http://linux.oracle.com/errata/ELSA-2019-3552.html", + "https://access.redhat.com/errata/RHSA-2019:3552", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5745", + "https://kb.isc.org/docs/cve-2018-5745", + "https://usn.ubuntu.com/usn/usn-3893-1", + "https://usn.ubuntu.com/usn/usn-3893-2" + ], + "PublishedDate": "2019-10-09T16:15:00Z", + "LastModifiedDate": "2019-11-06T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-6465", + "PkgName": "bind-utils", + "InstalledVersion": "32:9.8.2-0.68.rc1.el6_10.1", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-6465", + "Title": "bind: Controls for zone transfers may not be properly applied to DLZs if the zones are writable", + "Description": "Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.5-P2, 9.12.0 -\u003e 9.12.3-P2, and versions 9.9.3-S1 -\u003e 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -\u003e 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465.", + "Severity": "LOW", + "CweIDs": [ + "CWE-732" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-6465.html", + "http://linux.oracle.com/errata/ELSA-2019-3552.html", + "https://access.redhat.com/errata/RHSA-2019:3552", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6465", + "https://kb.isc.org/docs/cve-2019-6465", + "https://usn.ubuntu.com/usn/usn-3893-1", + "https://usn.ubuntu.com/usn/usn-3893-2" + ], + "PublishedDate": "2019-10-09T16:15:00Z", + "LastModifiedDate": "2019-12-16T16:57:00Z" + }, + { + "VulnerabilityID": "CVE-2012-3509", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2012-3509", + "Title": "libiberty: integer overflow, leading to heap-buffer overflow by processing certain file headers via bfd binary", + "Description": "Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the \"addition of CHUNK_HEADER_SIZE to the length,\" which triggers a heap-based buffer overflow.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-189" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + } + }, + "References": [ + "http://gcc.gnu.org/bugzilla/show_bug.cgi?id=54411", + "http://gcc.gnu.org/ml/gcc-patches/2012-08/msg01986.html", + "http://security-tracker.debian.org/tracker/CVE-2012-3509", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:029", + "http://www.openwall.com/lists/oss-security/2012/08/29/3", + "http://www.securityfocus.com/bid/55281", + "http://www.ubuntu.com/usn/USN-2496-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3509", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/78135", + "https://usn.ubuntu.com/usn/usn-2496-1" + ], + "PublishedDate": "2012-09-05T23:55:00Z", + "LastModifiedDate": "2017-08-29T01:31:00Z" + }, + { + "VulnerabilityID": "CVE-2014-8484", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-8484", + "Title": "binutils: invalid read flaw in libbfd", + "Description": "The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a small S-record.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2014-8484.html", + "http://linux.oracle.com/errata/ELSA-2015-2079.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145328.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145742.html", + "http://openwall.com/lists/oss-security/2014/10/23/4", + "http://openwall.com/lists/oss-security/2014/10/23/5", + "http://openwall.com/lists/oss-security/2014/10/26/2", + "http://secunia.com/advisories/62241", + "http://secunia.com/advisories/62746", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:029", + "http://www.openwall.com/lists/oss-security/2014/10/26", + "http://www.openwall.com/lists/oss-security/2014/10/26/2", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "http://www.securityfocus.com/bid/70714", + "http://www.ubuntu.com/usn/USN-2496-1", + "https://bugzilla.redhat.com/show_bug.cgi?id=1156272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8484", + "https://security.gentoo.org/glsa/201612-24", + "https://sourceware.org/bugzilla/show_bug.cgi?id=17509", + "https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=bd25671c6f202c4a5108883caa2adb24ff6f361f", + "https://usn.ubuntu.com/usn/usn-2496-1" + ], + "PublishedDate": "2014-12-09T23:59:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2014-8485", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-8485", + "Title": "binutils: lack of range checking leading to controlled write in _bfd_elf_setup_sections()", + "Description": "The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-94" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + } + }, + "References": [ + "http://lcamtuf.blogspot.co.uk/2014/10/psa-dont-run-strings-on-untrusted-files.html", + "http://lcamtuf.blogspot.com.au/2014/10/psa-dont-run-strings-on-untrusted-files.html", + "http://linux.oracle.com/cve/CVE-2014-8485.html", + "http://linux.oracle.com/errata/ELSA-2015-2079.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145328.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145742.html", + "http://secunia.com/advisories/62241", + "http://secunia.com/advisories/62746", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:029", + "http://www.openwall.com/lists/oss-security/2014/10/26", + "http://www.openwall.com/lists/oss-security/2014/10/26/2", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "http://www.securityfocus.com/bid/70741", + "http://www.ubuntu.com/usn/USN-2496-1", + "https://bugzilla.redhat.com/show_bug.cgi?id=1157276", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8485", + "https://security.gentoo.org/glsa/201612-24", + "https://sourceware.org/bugzilla/show_bug.cgi?id=17510", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=493a33860c71cac998f1a56d6d87d6faa801fbaa", + "https://usn.ubuntu.com/usn/usn-2496-1" + ], + "PublishedDate": "2014-12-09T23:59:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2014-8737", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-8737", + "Title": "binutils: directory traversal vulnerability", + "Description": "Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-22" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P", + "V2Score": 3.6 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", + "V2Score": 2.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2014-8737.html", + "http://linux.oracle.com/errata/ELSA-2015-2079.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145256.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145352.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145746.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148427.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148438.html", + "http://secunia.com/advisories/62241", + "http://secunia.com/advisories/62746", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:029", + "http://www.openwall.com/lists/oss-security/2014/11/13/1", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "http://www.securityfocus.com/bid/70908", + "http://www.ubuntu.com/usn/USN-2496-1", + "https://bugzilla.redhat.com/show_bug.cgi?id=1162655", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8737", + "https://security.gentoo.org/glsa/201612-24", + "https://sourceware.org/bugzilla/show_bug.cgi?id=17533", + "https://sourceware.org/bugzilla/show_bug.cgi?id=17552", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dd9b91de2149ee81d47f708e7b0bbf57da10ad42", + "https://usn.ubuntu.com/usn/usn-2496-1" + ], + "PublishedDate": "2014-12-09T23:59:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-6965", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6965", + "Title": "binutils: Heap-based buffer overflow in target_specific_reloc_handling in readelf", + "Description": "readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6965", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21137" + ], + "PublishedDate": "2017-03-17T09:59:00Z", + "LastModifiedDate": "2017-09-19T01:36:00Z" + }, + { + "VulnerabilityID": "CVE-2017-6966", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6966", + "Title": "binutils: Use-after-free in target_specific_reloc_handling in readelf", + "Description": "readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6966", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21139" + ], + "PublishedDate": "2017-03-17T09:59:00Z", + "LastModifiedDate": "2017-09-19T01:36:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1000876", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000876", + "Title": "binutils: integer overflow leads to heap-based buffer overflow in objdump", + "Description": "binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-1000876.html", + "http://linux.oracle.com/errata/ELSA-2019-2075.html", + "http://www.securityfocus.com/bid/106304", + "https://access.redhat.com/errata/RHSA-2019:2075", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000876", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23994", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3a551c7a1b80fca579461774860574eabfd7f18f" + ], + "PublishedDate": "2018-12-20T17:29:00Z", + "LastModifiedDate": "2019-08-06T15:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20673", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20673", + "Title": "libiberty: Integer overflow in demangle_template() function", + "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106454", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24039" + ], + "PublishedDate": "2019-01-04T18:29:00Z", + "LastModifiedDate": "2019-01-15T14:36:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9077", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9077", + "Title": "binutils: heap-based buffer overflow in function process_mips_specific in readelf.c", + "Description": "An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/107139", + "https://security.netapp.com/advisory/ntap-20190314-0003/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24243", + "https://support.f5.com/csp/article/K00056379" + ], + "PublishedDate": "2019-02-24T00:29:00Z", + "LastModifiedDate": "2019-05-24T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2014-8501", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-8501", + "Title": "binutils: out-of-bounds write when parsing specially crafted PE executable", + "Description": "The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:P", + "V2Score": 2.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2014-8501.html", + "http://linux.oracle.com/errata/ELSA-2015-2079.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145328.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145742.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148427.html", + "http://secunia.com/advisories/62241", + "http://secunia.com/advisories/62746", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:029", + "http://www.openwall.com/lists/oss-security/2014/10/26/3", + "http://www.openwall.com/lists/oss-security/2014/10/31", + "http://www.openwall.com/lists/oss-security/2014/10/31/1", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "http://www.securityfocus.com/bid/70866", + "http://www.ubuntu.com/usn/USN-2496-1", + "https://bugzilla.redhat.com/show_bug.cgi?id=1162570", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8501", + "https://security.gentoo.org/glsa/201612-24", + "https://sourceware.org/bugzilla/show_bug.cgi?id=17512", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e1e19887abd24aeb15066b141cdff5541e0ec8e", + "https://usn.ubuntu.com/usn/usn-2496-1", + "https://usn.ubuntu.com/usn/usn-3367-1" + ], + "PublishedDate": "2014-12-09T23:59:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2014-8502", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-8502", + "Title": "binutils: heap overflow in objdump when parsing a crafted ELF/PE binary file (incomplete fix for CVE-2014-8485)", + "Description": "Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:P", + "V2Score": 2.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2014-8502.html", + "http://linux.oracle.com/errata/ELSA-2015-2079.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145328.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145742.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148427.html", + "http://secunia.com/advisories/62241", + "http://secunia.com/advisories/62746", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:029", + "http://www.openwall.com/lists/oss-security/2014/10/31", + "http://www.openwall.com/lists/oss-security/2014/10/31/1", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "http://www.securityfocus.com/bid/70869", + "http://www.ubuntu.com/usn/USN-2496-1", + "https://bugzilla.redhat.com/show_bug.cgi?id=1162594", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8502", + "https://security.gentoo.org/glsa/201612-24", + "https://sourceware.org/bugzilla/show_bug.cgi?id=17512", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5a4b0ccc20ba30caef53b01bee2c0aaa5b855339", + "https://usn.ubuntu.com/usn/usn-2496-1" + ], + "PublishedDate": "2014-12-09T23:59:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2014-8503", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-8503", + "Title": "binutils: stack overflow in objdump when parsing specially crafted ihex file", + "Description": "Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted ihex file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:P", + "V2Score": 2.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2014-8503.html", + "http://linux.oracle.com/errata/ELSA-2015-2079.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145328.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145742.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148427.html", + "http://secunia.com/advisories/62241", + "http://secunia.com/advisories/62746", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:029", + "http://www.openwall.com/lists/oss-security/2014/10/31", + "http://www.openwall.com/lists/oss-security/2014/10/31/1", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "http://www.securityfocus.com/bid/70868", + "http://www.ubuntu.com/usn/USN-2496-1", + "https://bugzilla.redhat.com/show_bug.cgi?id=1162607", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8503", + "https://security.gentoo.org/glsa/201612-24", + "https://sourceware.org/bugzilla/show_bug.cgi?id=17512", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=0102ea8cec5fc509bba6c91df61b7ce23a799d32", + "https://usn.ubuntu.com/usn/usn-2496-1" + ], + "PublishedDate": "2014-12-09T23:59:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2014-8504", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-8504", + "Title": "binutils: stack overflow in the SREC parser", + "Description": "Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", + "V2Score": 1.2 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2014-8504.html", + "http://linux.oracle.com/errata/ELSA-2015-2079.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145328.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145742.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148427.html", + "http://openwall.com/lists/oss-security/2014/10/27/4", + "http://openwall.com/lists/oss-security/2014/10/27/5", + "http://secunia.com/advisories/62241", + "http://secunia.com/advisories/62746", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:029", + "http://www.openwall.com/lists/oss-security/2014/10/27/4", + "http://www.openwall.com/lists/oss-security/2014/10/27/5", + "http://www.openwall.com/lists/oss-security/2014/10/31", + "http://www.openwall.com/lists/oss-security/2014/10/31/1", + "http://www.securityfocus.com/bid/70761", + "http://www.ubuntu.com/usn/USN-2496-1", + "https://bugzilla.redhat.com/show_bug.cgi?id=1162621", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8504", + "https://security.gentoo.org/glsa/201612-24", + "https://sourceware.org/bugzilla/show_bug.cgi?id=17510", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=708d7d0d11f0f2d776171979aa3479e8e12a38a0", + "https://usn.ubuntu.com/usn/usn-2496-1" + ], + "PublishedDate": "2014-12-09T23:59:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2014-8738", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-8738", + "Title": "binutils: out of bounds memory write", + "Description": "The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:P", + "V2Score": 2.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2014-8738.html", + "http://linux.oracle.com/errata/ELSA-2015-2079.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148427.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148438.html", + "http://secunia.com/advisories/62241", + "http://secunia.com/advisories/62746", + "http://www.debian.org/security/2015/dsa-3123", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:029", + "http://www.openwall.com/lists/oss-security/2014/11/02/4", + "http://www.openwall.com/lists/oss-security/2014/11/05/7", + "http://www.openwall.com/lists/oss-security/2014/11/13/2", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "http://www.securityfocus.com/bid/71083", + "http://www.ubuntu.com/usn/USN-2496-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8738", + "https://security.gentoo.org/glsa/201612-24", + "https://sourceware.org/bugzilla/show_bug.cgi?id=17533", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bb0d867169d7e9743d229804106a8fbcab7f3b3f", + "https://usn.ubuntu.com/usn/usn-2496-1" + ], + "PublishedDate": "2015-01-15T15:59:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2014-9939", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9939", + "Title": "binutils: buffer overflow in ihex.c", + "Description": "ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", + "V2Score": 1.2 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2015/07/31/6", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9939", + "https://sourceware.org/bugzilla/show_bug.cgi?id=18750", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e27a9d5f22f9f7ead11738b1546d0b5c737266b", + "https://usn.ubuntu.com/usn/usn-3367-1" + ], + "PublishedDate": "2017-03-21T06:59:00Z", + "LastModifiedDate": "2017-03-22T19:12:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8538", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8538", + "Title": "libdwarf: Out-of-bounds read in dwarf_leb.c", + "Description": "dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV).", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "V2Score": 1.7 + } + }, + "References": [ + "http://sourceforge.net/p/libdwarf/code/ci/da724a0bc5eec8e9ec0b0cb0c238a80e34466459/", + "http://www.openwall.com/lists/oss-security/2015/12/09/2", + "http://www.openwall.com/lists/oss-security/2015/12/10/3", + "https://bugzilla.redhat.com/show_bug.cgi?id=1289385", + "https://bugzilla.redhat.com/show_bug.cgi?id=1291299", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8538" + ], + "PublishedDate": "2017-06-07T20:29:00Z", + "LastModifiedDate": "2017-06-14T18:17:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2226", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2226", + "Title": "gcc: Exploitable buffer overflow", + "Description": "Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190", + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V2Score": 6.8, + "V3Score": 3.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90103", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1", + "https://www.exploit-db.com/exploits/42386/" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-08-12T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4487", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4487", + "Title": "gcc: Invalid write due to a use-after-free to array btypevec", + "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"btypevec.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V2Score": 2.6, + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90025", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", + "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4488", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4488", + "Title": "gcc: Invalid write due to a use-after-free to array ktypevec", + "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"ktypevec.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V2Score": 5.1, + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90025", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", + "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4489", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4489", + "Title": "gcc: Invalid write due to integer overflow", + "Description": "Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the \"demangling of virtual tables.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 4, + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90017", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4490", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4490", + "Title": "gcc: Write access violation", + "Description": "Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 4, + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90019", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4491", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4491", + "Title": "gcc: Stack overflow due to infinite recursion in d_print_comp", + "Description": "The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90016", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909", + "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4492", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4492", + "Title": "gcc: Read access violations", + "Description": "Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 4.4 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 2.6, + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90014", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", + "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4493", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4493", + "Title": "gcc: Read access violations", + "Description": "The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 2.6, + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90014", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", + "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12449", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12449", + "Title": "binutils: out of bounds heap read in _bfd_vms_save_sized_string function", + "Description": "The _bfd_vms_save_sized_string function in vms-misc.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12449", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21840" + ], + "PublishedDate": "2017-08-04T15:29:00Z", + "LastModifiedDate": "2017-08-07T18:39:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12451", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12451", + "Title": "binutils: out of bounds stack read in _bfd_xcoff_read_ar_hdr function", + "Description": "The _bfd_xcoff_read_ar_hdr function in bfd/coff-rs6000.c and bfd/coff64-rs6000.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds stack read via a crafted COFF image file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12451", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21786" + ], + "PublishedDate": "2017-08-04T15:29:00Z", + "LastModifiedDate": "2017-08-07T18:37:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12452", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12452", + "Title": "binutils: out of bounds heap read in bfd_mach_o_i386_canonicalize_one_reloc function", + "Description": "The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted mach-o file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12452", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21813" + ], + "PublishedDate": "2017-08-04T15:29:00Z", + "LastModifiedDate": "2017-08-07T18:36:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12453", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12453", + "Title": "binutils: out of bounds heap read in __bfd_vms_slurp_eeom function", + "Description": "The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12453", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21813" + ], + "PublishedDate": "2017-08-04T15:29:00Z", + "LastModifiedDate": "2017-08-07T18:35:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12454", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12454", + "Title": "binutils: Arbitrary memory read in _bfd_vms_slurp_egs function", + "Description": "The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an arbitrary memory read via a crafted vms alpha file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12454", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21813" + ], + "PublishedDate": "2017-08-04T15:29:00Z", + "LastModifiedDate": "2017-08-07T13:05:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12455", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12455", + "Title": "binutils: out of bounds heap read in evax_bfd_print_emh function", + "Description": "The evax_bfd_print_emh function in vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12455", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21840" + ], + "PublishedDate": "2017-08-04T15:29:00Z", + "LastModifiedDate": "2017-08-07T13:05:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12456", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12456", + "Title": "binutils: out of bounds heap read in read_symbol_stabs_debugging_inf function", + "Description": "The read_symbol_stabs_debugging_info function in rddbg.c in GNU Binutils 2.29 and earlier allows remote attackers to cause an out of bounds heap read via a crafted binary file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12456", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21813" + ], + "PublishedDate": "2017-08-04T15:29:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12457", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12457", + "Title": "binutils: NULL pointer dereference in bfd_make_section_with_flags function", + "Description": "The bfd_make_section_with_flags function in section.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a NULL dereference via a crafted file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12457", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21840" + ], + "PublishedDate": "2017-08-04T15:29:00Z", + "LastModifiedDate": "2017-08-07T13:20:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12458", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12458", + "Title": "binutils: out of bounds heap read in nlm_swap_auxiliary_headers_in function", + "Description": "The nlm_swap_auxiliary_headers_in function in bfd/nlmcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted nlm file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12458", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21840" + ], + "PublishedDate": "2017-08-04T15:29:00Z", + "LastModifiedDate": "2017-08-07T14:23:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12799", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12799", + "Title": "binutils: Heap-based 1 byte buffer over-write in elf_read_notes function in bfd/elf.c", + "Description": "The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/100292", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12799", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21933" + ], + "PublishedDate": "2017-08-10T18:29:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12967", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12967", + "Title": "binutils: Stack-based buffer over-read in getsym function in tekhex.c", + "Description": "The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/100462", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12967", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21962" + ], + "PublishedDate": "2017-08-19T16:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13710", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13710", + "Title": "binutils: NULL pointer dereference in the setup_group function", + "Description": "The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a group section that is too small.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/100499", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13710", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0c54f69295208331faab9bc5e995111a35672f9b", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d6f8dea6798528de0fc762409595251eeeb1f547" + ], + "PublishedDate": "2017-08-27T16:29:00Z", + "LastModifiedDate": "2017-08-30T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13716", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13716", + "Title": "binutils: Memory leak with the C++ symbol demangler routine in libiberty", + "Description": "The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).", + "Severity": "LOW", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 7.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13716", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22009" + ], + "PublishedDate": "2017-08-28T21:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13757", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13757", + "Title": "binutils: heap-based buffer over-read in elf_i386_get_synthetic_symtab in elf32-i386.c and elf_x86_64_get_synthetic_symtab in elf64-x86-64.c", + "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the PLT section size, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to elf_i386_get_synthetic_symtab in elf32-i386.c and elf_x86_64_get_synthetic_symtab in elf64-x86-64.c.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/100532", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13757", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22018", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=90efb6422939ca031804266fba669f77c22a274a" + ], + "PublishedDate": "2017-08-29T23:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-14128", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14128", + "Title": "binutils: Heap-based buffer over-read in the decode_line_info function", + "Description": "The decode_line_info function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (read_1_byte heap-based buffer over-read and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/100623", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14128", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22059", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e8b60085eb3e6f2c41bc0c00c0d759fa7f72780" + ], + "PublishedDate": "2017-09-04T20:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-14129", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14129", + "Title": "binutils: Heap-based buffer over-read in the read_section function", + "Description": "The read_section function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (parse_comp_unit heap-based buffer over-read and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/100624", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14129", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22047", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e4f2723003859dc6b33ca0dadbc4a7659ebf1643" + ], + "PublishedDate": "2017-09-04T20:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-14130", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14130", + "Title": "binutils: Heap-based buffer over-read in the _bfd_elf_parse_attributes function", + "Description": "The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (_bfd_elf_attr_strdup heap-based buffer over-read and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/100625", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14130", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22058", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=2a143b99fc4a5094a9cf128f3184d8e6818c8229" + ], + "PublishedDate": "2017-09-04T20:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-14529", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14529", + "Title": "binutils: heap-based buffer over-read in bfd_getl16 function in peXXigen.c", + "Description": "The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PE file, related to the bfd_getl16 function.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14529", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22113", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4d465c689a8fb27212ef358d0aee89d60dee69a6", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dcaaca89e8618eba35193c27afcb1cfa54f74582" + ], + "PublishedDate": "2017-09-18T00:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-14729", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14729", + "Title": "binutils: Heap buffer overflow in the *_get_synthetic_symtab functions", + "Description": "The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://blogs.gentoo.org/ago/2017/09/25/binutils-heap-based-buffer-overflow-in-_bfd_x86_elf_get_synthetic_symtab-elfxx-x86-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14729", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22170", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=56933f9e3e90eebf1018ed7417d6c1184b91db6b", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=61e3bf5f83f7e505b6bc51ef65426e5b31e6e360" + ], + "PublishedDate": "2017-09-25T16:29:00Z", + "LastModifiedDate": "2017-09-28T16:51:00Z" + }, + { + "VulnerabilityID": "CVE-2017-14745", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14745", + "Title": "binutils: Integer overflow in the *_get_synthetic_symtab functions", + "Description": "The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, interpret a -1 value as a sorting count instead of an error flag, which allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14745", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22148" + ], + "PublishedDate": "2017-09-26T16:29:00Z", + "LastModifiedDate": "2017-09-29T18:37:00Z" + }, + { + "VulnerabilityID": "CVE-2017-14930", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14930", + "Title": "binutils: Memory leak in decode_line_info", + "Description": "Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 7.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14930", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22191" + ], + "PublishedDate": "2017-09-30T01:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-14932", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14932", + "Title": "binutils: Infinite loop in the decode_line_info", + "Description": "decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14932", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22204", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e338894dc2e603683bed2172e8e9f25b29051005" + ], + "PublishedDate": "2017-09-30T01:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-14933", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14933", + "Title": "binutils: Infinite loop in read_formatted_entries", + "Description": "read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/101203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14933", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22210", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=30d0157a2ad64e64e5ff9fcc0dbe78a3e682f573", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=33e0a9a056bd23e923b929a4f2ab049ade0b1c32" + ], + "PublishedDate": "2017-09-30T01:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-14934", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14934", + "Title": "binutils: Infinite loop in process_debug_info", + "Description": "process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure.", + "Severity": "LOW", + "CweIDs": [ + "CWE-131", + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/101204", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14934", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22219", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=19485196044b2521af979f1e5c4a89bfb90fba0b" + ], + "PublishedDate": "2017-09-30T01:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-14938", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14938", + "Title": "binutils: Excessive memory allocation in _bfd_elf_slurp_version_tables", + "Description": "_bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/101212", + "https://blogs.gentoo.org/ago/2017/09/26/binutils-memory-allocation-failure-in-_bfd_elf_slurp_version_tables-elf-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14938", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22166", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bd61e135492ecf624880e6b78e5fcde3c9716df6" + ], + "PublishedDate": "2017-09-30T01:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-14939", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14939", + "Title": "binutils: Heap-based buffer over-read in the decode_line_info", + "Description": "decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to read_1_byte.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/101216", + "https://blogs.gentoo.org/ago/2017/09/26/binutils-heap-based-buffer-overflow-in-read_1_byte-dwarf2-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14939", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22169", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=515f23e63c0074ab531bc954f84ca40c6281a724", + "https://www.exploit-db.com/exploits/42970/" + ], + "PublishedDate": "2017-09-30T01:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-14940", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14940", + "Title": "binutils: NULL pointer dereference in the scan_unit_for_symbols", + "Description": "scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://blogs.gentoo.org/ago/2017/09/26/binutils-null-pointer-dereference-in-scan_unit_for_symbols-dwarf2-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14940", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22166", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0d76029f92182c3682d8be2c833d45bc9a2068fe" + ], + "PublishedDate": "2017-09-30T01:29:00Z", + "LastModifiedDate": "2017-10-03T17:37:00Z" + }, + { + "VulnerabilityID": "CVE-2017-14974", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14974", + "Title": "binutils: NULL pointer dereference in the *_get_synthetic_symtab functions", + "Description": "The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14974", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22163", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e70c19e3a4c26e9c1ebf0c9170d105039b56d7cf" + ], + "PublishedDate": "2017-10-02T01:29:00Z", + "LastModifiedDate": "2017-10-05T16:23:00Z" + }, + { + "VulnerabilityID": "CVE-2017-15020", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15020", + "Title": "binutils: Heap-based buffer overflow in parse_die", + "Description": "dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles pointers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file, related to parse_die and parse_line_table, as demonstrated by a parse_die heap-based buffer over-read.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-parse_die-dwarf1-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15020", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22202", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1da5c9a485f3dcac4c45e96ef4b7dae5948314b5" + ], + "PublishedDate": "2017-10-05T01:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-15021", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15021", + "Title": "binutils: Heap-based buffer over-read in bfd_get_debug_link_info_1", + "Description": "bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to bfd_getl32.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-bfd_getl32-opncls-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15021", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22197", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=52b36c51e5bf6d7600fdc6ba115b170b0e78e31d" + ], + "PublishedDate": "2017-10-05T01:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-15022", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15022", + "Title": "binutils: NULL pointer dereference in dwarf2.c", + "Description": "dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of service (bfd_hash_hash NULL pointer dereference, or out-of-bounds access, and application crash) via a crafted ELF file, related to scan_unit_for_symbols and parse_comp_unit.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-bfd_hash_hash-hash-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15022", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22201", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=11855d8a1f11b102a702ab76e95b22082cccf2f8" + ], + "PublishedDate": "2017-10-05T01:29:00Z", + "LastModifiedDate": "2017-10-11T17:37:00Z" + }, + { + "VulnerabilityID": "CVE-2017-15023", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15023", + "Title": "binutils: NULL pointer dereference in read_formatted_entries", + "Description": "read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/101611", + "https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15023", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22200", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c361faae8d964db951b7100cada4dcdc983df1bf" + ], + "PublishedDate": "2017-10-05T01:29:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-15024", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15024", + "Title": "binutils: Infinite recursion in find_abstract_instance_name", + "Description": "find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://blogs.gentoo.org/ago/2017/10/03/binutils-infinite-loop-in-find_abstract_instance_name-dwarf2-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15024", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22187", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=52a93b95ec0771c97e26f0bb28630a271a667bd2" + ], + "PublishedDate": "2017-10-05T01:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-15025", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15025", + "Title": "binutils: Divide-by-zero in decode_line_info", + "Description": "decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-369" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://blogs.gentoo.org/ago/2017/10/03/binutils-divide-by-zero-in-decode_line_info-dwarf2-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15025", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22186", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d8010d3e75ec7194a4703774090b27486b742d48" + ], + "PublishedDate": "2017-10-05T01:29:00Z", + "LastModifiedDate": "2017-10-11T17:38:00Z" + }, + { + "VulnerabilityID": "CVE-2017-15225", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15225", + "Title": "binutils: Memory leak in _bfd_dwarf2_cleanup_debug_info", + "Description": "_bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15225", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22212", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b55ec8b676ed05d93ee49d6c79ae0403616c4fb0" + ], + "PublishedDate": "2017-10-10T23:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-15938", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15938", + "Title": "binutils: Invalid memory read in find_abstract_instance_name", + "Description": "dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash).", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/101610", + "https://blogs.gentoo.org/ago/2017/10/24/binutils-invalid-memory-read-in-find_abstract_instance_name-dwarf2-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15938", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22209", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1b86808a86077722ee4f42ff97f836b12420bb2a" + ], + "PublishedDate": "2017-10-27T21:29:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-15939", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15939", + "Title": "binutils: NULL pointer dereference in the concat_filename", + "Description": "dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. NOTE: this issue is caused by an incomplete fix for CVE-2017-15023.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/101613", + "https://blogs.gentoo.org/ago/2017/10/24/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c-incomplete-fix-for-cve-2017-15023/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15939", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22205", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a54018b72d75abf2e74bf36016702da06399c1d9" + ], + "PublishedDate": "2017-10-27T21:29:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-15996", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15996", + "Title": "binutils: Excessive memory allocation in elfcomm.c", + "Description": "elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a \"buffer overflow on fuzzed archive header,\" related to an uninitialized variable, an improper conditional jump, and the get_archive_member_name, process_archive_index_and_symbols, and setup_archive functions.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/101608", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15996", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22361", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d91f0b20e561e326ee91a09a76206257bde8438b" + ], + "PublishedDate": "2017-10-29T17:29:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16826", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16826", + "Title": "binutils: Invalid memory access in the coff_slurp_line_table function", + "Description": "The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16826", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22376", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a67d66eb97e7613a38ffe6622d837303b3ecd31d" + ], + "PublishedDate": "2017-11-15T08:29:00Z", + "LastModifiedDate": "2018-11-27T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16827", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16827", + "Title": "binutils: Invalid free in the aout_get_external_symbols function", + "Description": "The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16827", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22306", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0301ce1486b1450f219202677f30d0fa97335419" + ], + "PublishedDate": "2017-11-15T08:29:00Z", + "LastModifiedDate": "2018-11-27T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16828", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16828", + "Title": "binutils: Integer overflow in the display_debug_frames function", + "Description": "The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file, related to print_debug_frame.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16828", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22386", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bf59c5d5f4f5b8b4da1f5f605cfa546f8029b43d" + ], + "PublishedDate": "2017-11-15T08:29:00Z", + "LastModifiedDate": "2018-11-27T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16829", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16829", + "Title": "binutils: Out-of-bounds read in the _bfd_elf_parse_gnu_properties function", + "Description": "The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16829", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22307", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cf54ebff3b7361989712fd9c0128a9b255578163" + ], + "PublishedDate": "2017-11-15T08:29:00Z", + "LastModifiedDate": "2018-11-27T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16830", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16830", + "Title": "binutils: Segmentation fault in the print_gnu_property_note function", + "Description": "The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/101941", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16830", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22384", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6ab2c4ed51f9c4243691755e1b1d2149c6a426f4" + ], + "PublishedDate": "2017-11-15T08:29:00Z", + "LastModifiedDate": "2018-11-27T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16831", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16831", + "Title": "binutils: Integer overflow in coffgen.c", + "Description": "coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16831", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22385", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6cee897971d4d7cd37d2a686bb6d2aa3e759c8ca" + ], + "PublishedDate": "2017-11-15T08:29:00Z", + "LastModifiedDate": "2018-11-27T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16832", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16832", + "Title": "binutils: Segmentation fault in the pe_bfd_read_buildid function", + "Description": "The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16832", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22373", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0bb6961f18b8e832d88b490d421ca56cea16c45b" + ], + "PublishedDate": "2017-11-15T08:29:00Z", + "LastModifiedDate": "2018-11-27T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-17080", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17080", + "Title": "binutils: Heap-based buffer over-read in bfd_getl32", + "Description": "elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate sizes of core notes, which allows remote attackers to cause a denial of service (bfd_getl32 heap-based buffer over-read and application crash) via a crafted object file, related to elfcore_grok_netbsd_procinfo, elfcore_grok_openbsd_procinfo, and elfcore_grok_nto_status.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17080", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22421" + ], + "PublishedDate": "2017-11-30T21:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-17121", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17121", + "Title": "binutils: Memory access violation via a crafted COFF binary", + "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location after the end of the to-be-relocated section.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17121", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22506", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b23dc97fe237a1d9e850d7cbeee066183a00630b" + ], + "PublishedDate": "2017-12-04T08:29:00Z", + "LastModifiedDate": "2018-11-27T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-17122", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17122", + "Title": "binutils: Excessive memory allocation in the dump_relocs_in_section function", + "Description": "The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to cause a denial of service (excessive memory allocation, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PE file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17122", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22508", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d785b7d4b877ed465d04072e17ca19d0f47d840f" + ], + "PublishedDate": "2017-12-04T08:29:00Z", + "LastModifiedDate": "2019-03-14T02:32:00Z" + }, + { + "VulnerabilityID": "CVE-2017-17123", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17123", + "Title": "binutils: NULL pointer dereference in the coff_slurp_reloc_table function", + "Description": "The coff_slurp_reloc_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted COFF based file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17123", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22509", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4581a1c7d304ce14e714b27522ebf3d0188d6543" + ], + "PublishedDate": "2017-12-04T08:29:00Z", + "LastModifiedDate": "2018-11-27T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-17124", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17124", + "Title": "binutils: Heap buffer overflow in the _bfd_coff_read_string_table function", + "Description": "The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not properly validate the size of the external string table, which allows remote attackers to cause a denial of service (excessive memory consumption, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted COFF binary.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17124", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22507", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b0029dce6867de1a2828293177b0e030d2f0f03c" + ], + "PublishedDate": "2017-12-04T08:29:00Z", + "LastModifiedDate": "2018-11-27T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-17125", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17125", + "Title": "binutils: Buffer over-read in the _bfd_elf_get_symbol_version_string function", + "Description": "nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global symbols, which allows remote attackers to cause a denial of service (_bfd_elf_get_symbol_version_string buffer over-read and application crash) or possibly have unspecified other impact via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17125", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22443", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=160b1a618ad94988410dc81fce9189fcda5b7ff4" + ], + "PublishedDate": "2017-12-04T08:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-17126", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17126", + "Title": "binutils: Invalid memory access in the load_debug_section function", + "Description": "The load_debug_section function in readelf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via an ELF file that lacks section headers.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17126", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22510", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f425ec6600b69e39eb605f3128806ff688137ea8" + ], + "PublishedDate": "2017-12-04T08:29:00Z", + "LastModifiedDate": "2019-03-13T19:31:00Z" + }, + { + "VulnerabilityID": "CVE-2017-6969", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6969", + "Title": "binutils: Heap-based buffer over-read in readelf when processing corrupt RL78 binaries", + "Description": "readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2017/03/16/8", + "http://www.securityfocus.com/bid/97065", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6969", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21156" + ], + "PublishedDate": "2017-03-17T09:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7209", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7209", + "Title": "binutils: Null pointer dereference in dump_section_as_bytes function in readelf", + "Description": "The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/96994", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7209", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21135" + ], + "PublishedDate": "2017-03-21T06:59:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7210", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7210", + "Title": "binutils: Heap-based buffer over-reads in objdump", + "Description": "objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/96992", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7210", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21157" + ], + "PublishedDate": "2017-03-21T06:59:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7223", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7223", + "Title": "binutils: Global buffer overflow when attempting to unget EOF character", + "Description": "GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7223", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20898" + ], + "PublishedDate": "2017-03-22T16:59:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7224", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7224", + "Title": "binutils: Invalid write in find_nearest_line function", + "Description": "The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97277", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7224", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20892" + ], + "PublishedDate": "2017-03-22T16:59:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7225", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7225", + "Title": "binutils: Null pointer dereference and invalid write in find_nearest_line function in addr2line", + "Description": "The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97275", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7225", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20891" + ], + "PublishedDate": "2017-03-22T16:59:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7226", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7226", + "Title": "binutils: Heap-based buffer over-read in pe_ILF_object_p function in libbfd", + "Description": "The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7226", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20905" + ], + "PublishedDate": "2017-03-22T16:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7227", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7227", + "Title": "binutils: Heap-based buffer overflow in ld due to missing null termination", + "Description": "GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of '\\0' termination of a name field in ldlex.l.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97209", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7227", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20906" + ], + "PublishedDate": "2017-03-22T16:59:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7299", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7299", + "Title": "binutils: Out-of-bounds read in bfd_elf_final_link function", + "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) does not check the format of the input file before trying to read the ELF reloc section header. The vulnerability leads to a GNU linker (ld) program crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97217", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7299", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20908" + ], + "PublishedDate": "2017-03-29T15:59:00Z", + "LastModifiedDate": "2017-03-31T16:28:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7300", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7300", + "Title": "binutils: Heap-buffer overflow in aout_link_add_symbols function", + "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97219", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7300", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20909" + ], + "PublishedDate": "2017-03-29T15:59:00Z", + "LastModifiedDate": "2017-03-31T17:00:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7301", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7301", + "Title": "binutils: Off-by-one error in aout_link_add_symbols function", + "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully check the string offset. The vulnerability could lead to a GNU linker (ld) program crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97218", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7301", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20924" + ], + "PublishedDate": "2017-03-29T15:59:00Z", + "LastModifiedDate": "2017-03-31T17:02:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7302", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7302", + "Title": "binutils: Out-of-bounds read in wap_std_reloc_out function", + "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability causes Binutils utilities like strip to crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7302", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20921" + ], + "PublishedDate": "2017-03-29T15:59:00Z", + "LastModifiedDate": "2017-03-31T16:28:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7303", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7303", + "Title": "binutils: Out-of-bounds read in find_link function", + "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers before attempting to match them. This vulnerability causes Binutils utilities like strip to crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97213", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7303", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20922" + ], + "PublishedDate": "2017-03-29T15:59:00Z", + "LastModifiedDate": "2017-03-31T17:00:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7304", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7304", + "Title": "binutils: Out-of-bounds read in copy_special_section_fields function", + "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field before attempting to follow it. This vulnerability causes Binutils utilities like strip to crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7304", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20931" + ], + "PublishedDate": "2017-03-29T15:59:00Z", + "LastModifiedDate": "2017-03-31T17:06:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7614", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7614", + "Title": "binutils: NULL pointer dereference in bfd_elf_final_link function", + "Description": "elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a \"member access within null pointer\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an \"int main() {return 0;}\" program.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://blogs.gentoo.org/ago/2017/04/05/binutils-two-null-pointer-dereference-in-elflink-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7614", + "https://security.gentoo.org/glsa/201709-02" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2017-09-19T01:36:00Z" + }, + { + "VulnerabilityID": "CVE-2017-8392", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8392", + "Title": "binutils: NULL pointer dereference in the _bfd_dwarf2_find_nearest_line function", + "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21409" + ], + "PublishedDate": "2017-05-01T18:59:00Z", + "LastModifiedDate": "2017-09-19T01:36:00Z" + }, + { + "VulnerabilityID": "CVE-2017-8393", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8393", + "Title": "binutils: Out-of-bounds read due to wrong assumption for objcopy and strip", + "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy and strip, to crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8393", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21412" + ], + "PublishedDate": "2017-05-01T18:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-8394", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8394", + "Title": "binutils: NULL pointer dereference in the _bfd_elf_large_com_section", + "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8394", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21414" + ], + "PublishedDate": "2017-05-01T18:59:00Z", + "LastModifiedDate": "2017-09-19T01:36:00Z" + }, + { + "VulnerabilityID": "CVE-2017-8395", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8395", + "Title": "binutils: Out-of-bounds write in the _bfd_generic_get_section_contents function", + "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid write of size 8 because of missing a malloc() return-value check to see if memory had actually been allocated in the _bfd_generic_get_section_contents function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8395", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21431" + ], + "PublishedDate": "2017-05-01T18:59:00Z", + "LastModifiedDate": "2017-09-19T01:36:00Z" + }, + { + "VulnerabilityID": "CVE-2017-8396", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8396", + "Title": "binutils: Out-of-bounds read in the existing reloc offset range tests", + "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8396", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21432" + ], + "PublishedDate": "2017-05-01T18:59:00Z", + "LastModifiedDate": "2017-09-19T01:36:00Z" + }, + { + "VulnerabilityID": "CVE-2017-8397", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8397", + "Title": "binutils: Out-of-bounds read and write while processing binary containing reloc(s) with negative addresses", + "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 and an invalid write of size 1 during processing of a corrupt binary containing reloc(s) with negative addresses. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8397", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21434" + ], + "PublishedDate": "2017-05-01T18:59:00Z", + "LastModifiedDate": "2017-09-19T01:36:00Z" + }, + { + "VulnerabilityID": "CVE-2017-8398", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8398", + "Title": "binutils: Out-of-bounds read while dumping the debug information from a corrupt binary", + "Description": "dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8398", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21438" + ], + "PublishedDate": "2017-05-01T18:59:00Z", + "LastModifiedDate": "2017-09-19T01:36:00Z" + }, + { + "VulnerabilityID": "CVE-2017-8421", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8421", + "Title": "binutils: Memory exhaustion in objdump via a crafted PE file", + "Description": "The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file. Additional validation in dump_relocs_in_section in objdump.c can resolve this.", + "Severity": "LOW", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 7.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8421", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21440" + ], + "PublishedDate": "2017-05-02T17:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9038", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9038", + "Title": "binutils: Heap-buffer overflow in the byte_get_little_endian", + "Description": "GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to the byte_get_little_endian function in elfcomm.c, the get_unwind_section_word function in readelf.c, and ARM unwind information that contains invalid word offsets.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/98589", + "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9038", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f32ba72991d2406b21ab17edc234a2f3fa7fb23d" + ], + "PublishedDate": "2017-05-18T01:29:00Z", + "LastModifiedDate": "2017-09-19T01:36:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9039", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9039", + "Title": "binutils: Memory consumption via many program headers", + "Description": "GNU Binutils 2.28 allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file with many program headers, related to the get_program_headers function in readelf.c.", + "Severity": "LOW", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/98580", + "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9039", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=82156ab704b08b124d319c0decdbd48b3ca2dac5" + ], + "PublishedDate": "2017-05-18T01:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9040", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9040", + "Title": "binutils: NULL pointer dereference in the process_mips_specific_function", + "Description": "GNU Binutils 2017-04-03 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash), related to the process_mips_specific function in readelf.c, via a crafted ELF file that triggers a large memory-allocation attempt.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/98579", + "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9040", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf" + ], + "PublishedDate": "2017-05-18T01:29:00Z", + "LastModifiedDate": "2017-09-19T01:36:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9041", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9041", + "Title": "binutils: Heap buffer overflow in the process_mips_specific function", + "Description": "GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to MIPS GOT mishandling in the process_mips_specific function in readelf.c.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/98598", + "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9041", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75ec1fdbb797a389e4fe4aaf2e15358a070dcc19", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c4ab9505b53cdc899506ed421fddb7e1f8faf7a3" + ], + "PublishedDate": "2017-05-18T01:29:00Z", + "LastModifiedDate": "2017-09-19T01:36:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9042", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9042", + "Title": "binutils: Invalid variable type in readelf.c", + "Description": "readelf.c in GNU Binutils 2017-04-12 has a \"cannot be represented in type long\" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-704" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9042", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf" + ], + "PublishedDate": "2017-05-18T01:29:00Z", + "LastModifiedDate": "2017-09-19T01:36:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9043", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9043", + "Title": "binutils: Shift exponent too large for type unsigned long in readelf.c", + "Description": "readelf.c in GNU Binutils 2017-04-12 has a \"shift exponent too large for type unsigned long\" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/98591", + "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9043", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ddef72cdc10d82ba011a7ff81cafbbd3466acf54" + ], + "PublishedDate": "2017-05-18T01:29:00Z", + "LastModifiedDate": "2017-05-25T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9044", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9044", + "Title": "binutils: Out-of-bounds read in the print_symbol_for_build_attribute function", + "Description": "The print_symbol_for_build_attribute function in readelf.c in GNU Binutils 2017-04-12 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/98587", + "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9044" + ], + "PublishedDate": "2017-05-18T01:29:00Z", + "LastModifiedDate": "2017-05-25T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9742", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9742", + "Title": "binutils: Global buffer over-read in print_insn_score16 function while disassembling corrupt score binary", + "Description": "The score_opcodes function in opcodes/score7-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99105", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9742", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21576", + "https://www.exploit-db.com/exploits/42203/" + ], + "PublishedDate": "2017-06-19T04:29:00Z", + "LastModifiedDate": "2017-09-19T01:36:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9743", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9743", + "Title": "binutils: Global buffer over-read in print_insn_score32 function while disassembling corrupt score binary", + "Description": "The print_insn_score32 function in opcodes/score7-dis.c:552 in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99106", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9743", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21577" + ], + "PublishedDate": "2017-06-19T04:29:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9744", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9744", + "Title": "binutils: Address violation in sh_elf_set_mach_from_flags function when disassembling a corrupt SH binary", + "Description": "The sh_elf_set_mach_from_flags function in bfd/elf32-sh.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99108", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9744", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21578" + ], + "PublishedDate": "2017-06-19T04:29:00Z", + "LastModifiedDate": "2017-06-26T16:10:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9745", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9745", + "Title": "binutils: Heap buffer over-read in _bfd_vms_slurp_etir function when handling VMS alpha binaries", + "Description": "The _bfd_vms_slurp_etir function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99109", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9745", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21579" + ], + "PublishedDate": "2017-06-19T04:29:00Z", + "LastModifiedDate": "2017-06-26T16:13:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9746", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9746", + "Title": "binutils: Heap buffer over-read in disassemble_bytes function when disassembling a corrupt binary", + "Description": "The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing for this file during \"objdump -D\" execution.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99117", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9746", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21580", + "https://www.exploit-db.com/exploits/42199/" + ], + "PublishedDate": "2017-06-19T04:29:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9747", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9747", + "Title": "binutils: Stack-based buffer over-read in ieee_archive_p function while disassembling corrupt IEEE binary", + "Description": "The ieee_archive_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution. NOTE: this may be related to a compiler bug.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99114", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9747", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21581", + "https://www.exploit-db.com/exploits/42200/" + ], + "PublishedDate": "2017-06-19T04:29:00Z", + "LastModifiedDate": "2017-08-13T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9748", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9748", + "Title": "binutils: Stack-based buffer over-read in ieee_object_p function", + "Description": "The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution. NOTE: this may be related to a compiler bug.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99110", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9748", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21582", + "https://www.exploit-db.com/exploits/42202/" + ], + "PublishedDate": "2017-06-19T04:29:00Z", + "LastModifiedDate": "2017-08-12T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9749", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9749", + "Title": "binutils: Global buffer over-read in *regs* macros when disassembling corrupt bfin binary", + "Description": "The *regs* macros in opcodes/bfin-dis.c in GNU Binutils 2.28 allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99113", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9749", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21586", + "https://www.exploit-db.com/exploits/42201/" + ], + "PublishedDate": "2017-06-19T04:29:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9750", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9750", + "Title": "binutils: Global buffer over-read in opcodes/rx-decode.opc when disassembling a corrupt RX binary", + "Description": "opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain scale arrays, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99118", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9750", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21587", + "https://www.exploit-db.com/exploits/42198/" + ], + "PublishedDate": "2017-06-19T04:29:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9751", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9751", + "Title": "binutils: Stack-based buffer over-read in opcodes/rl78-decode.opc when disassembling a corrupt RL78 binary", + "Description": "opcodes/rl78-decode.opc in GNU Binutils 2.28 has an unbounded GETBYTE macro, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9751", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21588" + ], + "PublishedDate": "2017-06-19T04:29:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9752", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9752", + "Title": "binutils: Heap buffer over-read in f_bfd_vms_get_value function when processing a corrupt Alpha VMA binary", + "Description": "bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file in the _bfd_vms_get_value and _bfd_vms_slurp_etir functions during \"objdump -D\" execution.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99122", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9752", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21589" + ], + "PublishedDate": "2017-06-19T04:29:00Z", + "LastModifiedDate": "2017-06-26T16:20:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9753", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9753", + "Title": "binutils: Address violation in versados_mkobject function when disassembling a corrupt versados binary", + "Description": "The versados_mkobject function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not initialize a certain data structure, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99116", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9753", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21591" + ], + "PublishedDate": "2017-06-19T04:29:00Z", + "LastModifiedDate": "2017-06-26T16:20:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9754", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9754", + "Title": "binutils: Stack-based buffer over-read in process_otr function", + "Description": "The process_otr function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not validate a certain offset, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99125", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9754", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21591" + ], + "PublishedDate": "2017-06-19T04:29:00Z", + "LastModifiedDate": "2017-06-26T16:21:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9755", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9755", + "Title": "binutils: Global buffer over-read in opcodes/i386-dis.c while checking invalid registers", + "Description": "opcodes/i386-dis.c in GNU Binutils 2.28 does not consider the number of registers for bnd mode, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99124", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9755", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21594" + ], + "PublishedDate": "2017-06-19T04:29:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9756", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9756", + "Title": "binutils: Address violation in aarch64_ext_ldst_reglist function when disassembling corrupt aarch64 binary", + "Description": "The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99103", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9756", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21595", + "https://www.exploit-db.com/exploits/42204/" + ], + "PublishedDate": "2017-06-19T04:29:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9954", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9954", + "Title": "binutils: stack-based buffer over-read in getvalue function", + "Description": "The getvalue function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted tekhex file, as demonstrated by mishandling within the nm program.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99307", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9954", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21670" + ], + "PublishedDate": "2017-06-26T23:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9955", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9955", + "Title": "binutils: heap buffer over-read in get_build_id function", + "Description": "The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file in which a certain size field is larger than a corresponding data field, as demonstrated by mishandling within the objdump program.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99573", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9955", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21665" + ], + "PublishedDate": "2017-06-26T23:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-10373", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-10373", + "Title": "binutils: NULL pointer dereference in dwarf2.c:concat_filename() allows for denial of service via crafted file", + "Description": "concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-10373.html", + "http://linux.oracle.com/errata/ELSA-2018-3032.html", + "http://www.securityfocus.com/bid/104000", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3032", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10373", + "https://security.gentoo.org/glsa/201908-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23065" + ], + "PublishedDate": "2018-04-25T09:29:00Z", + "LastModifiedDate": "2019-08-03T13:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-10535", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-10535", + "Title": "binutils: NULL pointer dereference in elf.c", + "Description": "The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a \"SECTION\" type that has a \"0\" value, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 2.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-10535.html", + "http://linux.oracle.com/errata/ELSA-2018-3032.html", + "http://www.securityfocus.com/bid/104021", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3032", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10535", + "https://security.gentoo.org/glsa/201908-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23113" + ], + "PublishedDate": "2018-04-29T15:29:00Z", + "LastModifiedDate": "2019-08-03T13:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12641", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12641", + "Title": "binutils: Stack Exhaustion in the demangling functions provided by libiberty", + "Description": "An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new.", + "Severity": "LOW", + "CweIDs": [ + "CWE-400" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-12641.html", + "http://linux.oracle.com/errata/ELSA-2019-2075.html", + "https://access.redhat.com/errata/RHSA-2019:2075", + "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763099", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12641", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85452", + "https://security.gentoo.org/glsa/201908-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23058" + ], + "PublishedDate": "2018-06-22T12:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12697", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12697", + "Title": "binutils: NULL pointer dereference in work_stuff_copy_to_from in cplus-dem.c.", + "Description": "A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-12697.html", + "http://linux.oracle.com/errata/ELSA-2019-2075.html", + "http://www.securityfocus.com/bid/104538", + "https://access.redhat.com/errata/RHSA-2019:2075", + "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12697", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454", + "https://security.gentoo.org/glsa/201908-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23057" + ], + "PublishedDate": "2018-06-23T23:29:00Z", + "LastModifiedDate": "2019-08-03T13:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12698", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12698", + "Title": "binutils: excessive memory consumption in demangle_template in cplus-dem.c", + "Description": "demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the \"Create an array for saving the template argument values\" XNEWVEC call. This can occur during execution of objdump.", + "Severity": "LOW", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/104539", + "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12698", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454", + "https://security.gentoo.org/glsa/201908-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23057" + ], + "PublishedDate": "2018-06-23T23:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12699", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12699", + "Title": "binutils: heap-based buffer overflow in finish_stab in stabs.c", + "Description": "finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump.", + "Severity": "LOW", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/104540", + "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12699", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454", + "https://security.gentoo.org/glsa/201908-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23057" + ], + "PublishedDate": "2018-06-23T23:29:00Z", + "LastModifiedDate": "2019-08-03T13:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12700", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12700", + "Title": "binutils: Stack Exhaustion in debug_write_type in debug.c", + "Description": "A Stack Exhaustion issue was discovered in debug_write_type in debug.c in GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion.", + "Severity": "LOW", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/104541", + "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12700", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454", + "https://security.gentoo.org/glsa/201908-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23057" + ], + "PublishedDate": "2018-06-23T23:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12934", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12934", + "Title": "binutils: Uncontrolled Resource Consumption in remember_Ktype in cplus-dem.c", + "Description": "remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.", + "Severity": "LOW", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763101", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85453", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23059" + ], + "PublishedDate": "2018-06-28T14:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-13033", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-13033", + "Title": "binutils: Uncontrolled Resource Consumption in execution of nm", + "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm.", + "Severity": "LOW", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 2.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-13033.html", + "http://linux.oracle.com/errata/ELSA-2018-3032.html", + "http://www.securityfocus.com/bid/104584", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3032", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13033", + "https://security.gentoo.org/glsa/201908-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23361" + ], + "PublishedDate": "2018-07-01T16:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-17794", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17794", + "Title": "binutils: NULL pointer dereference in libiberty/cplus-dem.c:work_stuff_copy_to_from() via crafted input", + "Description": "An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in work_stuff_copy_to_from when called from iterate_demangle_function.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17794", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87350" + ], + "PublishedDate": "2018-09-30T20:29:00Z", + "LastModifiedDate": "2018-11-28T15:06:00Z" + }, + { + "VulnerabilityID": "CVE-2018-17985", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17985", + "Title": "binutils: Stack consumption problem caused by the cplus_demangle_type", + "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls to itself in certain scenarios involving many 'P' characters.", + "Severity": "LOW", + "CweIDs": [ + "CWE-400" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17985", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87335" + ], + "PublishedDate": "2018-10-04T23:29:00Z", + "LastModifiedDate": "2019-10-31T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18483", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18483", + "Title": "binutils: Integer overflow in cplus-dem.c:get_count() allows for denial of service", + "Description": "The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", + "http://www.securityfocus.com/bid/105689", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87602", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23767" + ], + "PublishedDate": "2018-10-18T21:29:00Z", + "LastModifiedDate": "2019-10-31T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18484", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18484", + "Title": "binutils: Stack exhaustion in cp-demangle.c allows for denial of service", + "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplus_demangle_type, d_bare_function_type, d_function_type.", + "Severity": "LOW", + "CweIDs": [ + "CWE-400" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", + "http://www.securityfocus.com/bid/105693", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18484", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87636" + ], + "PublishedDate": "2018-10-18T21:29:00Z", + "LastModifiedDate": "2019-10-31T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18605", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18605", + "Title": "binutils: heap-based buffer over-read in sec_merge_hash_lookup in merge.c", + "Description": "A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", + "http://www.securityfocus.com/bid/105754", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18605", + "https://deb.freexian.com/extended-lts/tracker/CVE-2018-18605", + "https://security.netapp.com/advisory/ntap-20190307-0003/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23804", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ab419ddbb2cdd17ca83618990f2cacf904ce1d61" + ], + "PublishedDate": "2018-10-23T17:29:00Z", + "LastModifiedDate": "2019-10-31T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18606", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18606", + "Title": "binutils: NULL pointer dereference in _bfd_add_merge_section in merge_strings function in merge.c", + "Description": "An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", + "http://www.securityfocus.com/bid/105754", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18606", + "https://deb.freexian.com/extended-lts/tracker/CVE-2018-18606", + "https://security.netapp.com/advisory/ntap-20190307-0003/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23806", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=45a0eaf77022963d639d6d19871dbab7b79703fc" + ], + "PublishedDate": "2018-10-23T17:29:00Z", + "LastModifiedDate": "2019-10-31T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18607", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18607", + "Title": "binutils: NULL pointer dereference in elf_link_input_bfd in elflink.c", + "Description": "An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", + "http://www.securityfocus.com/bid/105754", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18607", + "https://deb.freexian.com/extended-lts/tracker/CVE-2018-18607", + "https://security.netapp.com/advisory/ntap-20190307-0003/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23805", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=102def4da826b3d9e169741421e5e67e8731909a" + ], + "PublishedDate": "2018-10-23T17:29:00Z", + "LastModifiedDate": "2019-10-31T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18700", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18700", + "Title": "binutils: Recursive Stack Overflow within function d_name, d_encoding, and d_local_name in cp-demangle.c", + "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions d_name(), d_encoding(), and d_local_name() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.", + "Severity": "LOW", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18700", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87681" + ], + "PublishedDate": "2018-10-29T12:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18701", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18701", + "Title": "binutils: infinite recursion in next_is_type_qual and cplus_demangle_type functions in cp-demangle.c", + "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.", + "Severity": "LOW", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18701", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87675" + ], + "PublishedDate": "2018-10-29T12:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-19931", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19931", + "Title": "binutils: Heap-based buffer overflow in bfd_elf32_swap_phdr_in function resulting in a denial of service", + "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106144", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19931", + "https://security.gentoo.org/glsa/201908-01", + "https://security.netapp.com/advisory/ntap-20190221-0004/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23942", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5f60af5d24d181371d67534fa273dd221df20c07" + ], + "PublishedDate": "2018-12-07T07:29:00Z", + "LastModifiedDate": "2019-08-03T13:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-19932", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19932", + "Title": "binutils: Integer overflow due to the IS_CONTAINED_BY_LMA macro resulting in a denial of service", + "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106144", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19932", + "https://security.gentoo.org/glsa/201908-01", + "https://security.netapp.com/advisory/ntap-20190221-0004/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23932", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=beab453223769279cc1cef68a1622ab8978641f7" + ], + "PublishedDate": "2018-12-07T07:29:00Z", + "LastModifiedDate": "2019-08-03T13:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20002", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20002", + "Title": "binutils: memory leak in _bfd_generic_read_minisymbols function in syms.c", + "Description": "The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.", + "Severity": "LOW", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106142", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20002", + "https://security.gentoo.org/glsa/201908-01", + "https://security.netapp.com/advisory/ntap-20190221-0004/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23952", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c2f5dc30afa34696f2da0081c4ac50b958ecb0e9", + "https://support.f5.com/csp/article/K62602089" + ], + "PublishedDate": "2018-12-10T02:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20657", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20657", + "Title": "libiberty: Memory leak in demangle_template function resulting in a denial of service", + "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", + "Severity": "LOW", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-20657.html", + "http://linux.oracle.com/errata/ELSA-2019-3352.html", + "http://www.securityfocus.com/bid/106444", + "https://access.redhat.com/errata/RHSA-2019:3352", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539", + "https://support.f5.com/csp/article/K62602089" + ], + "PublishedDate": "2019-01-02T14:29:00Z", + "LastModifiedDate": "2019-11-06T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-6323", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6323", + "Title": "binutils: Integer overflow in elf_object_p function in elfcode.h", + "Description": "The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", + "http://www.securityfocus.com/bid/102821", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6323", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22746", + "https://www.exploit-db.com/exploits/44035/" + ], + "PublishedDate": "2018-01-26T08:29:00Z", + "LastModifiedDate": "2019-10-31T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-6759", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6759", + "Title": "binutils: Unchecked strnlen in opncls.c:bfd_get_debug_link_info_1() can allow lead to denial of service", + "Description": "The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", + "http://www.securityfocus.com/bid/103030", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6759", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22794" + ], + "PublishedDate": "2018-02-06T21:29:00Z", + "LastModifiedDate": "2019-10-31T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-6872", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6872", + "Title": "binutils: out of bounds read in elf_parse_notes function in elf.c file in libbfd library", + "Description": "The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", + "http://www.securityfocus.com/bid/103103", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6872", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22788", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=ef135d4314fd4c2d7da66b9d7b59af4a85b0f7e6" + ], + "PublishedDate": "2018-02-09T06:29:00Z", + "LastModifiedDate": "2019-10-31T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-7208", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7208", + "Title": "binutils: Improper bounds check in coffgen.c:coff_pointerize_aux() allows for denial of service when parsing a crafted COFF file", + "Description": "In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-7208.html", + "http://linux.oracle.com/errata/ELSA-2018-3032.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", + "http://www.securityfocus.com/bid/103077", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3032", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7208", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22741" + ], + "PublishedDate": "2018-02-18T04:29:00Z", + "LastModifiedDate": "2019-10-31T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-7568", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7568", + "Title": "binutils: integer overflow via an ELF file with corrupt dwarf1 debug information in libbfd library", + "Description": "The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-7568.html", + "http://linux.oracle.com/errata/ELSA-2018-3032.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3032", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7568", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22894" + ], + "PublishedDate": "2018-02-28T21:29:00Z", + "LastModifiedDate": "2019-10-31T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-7569", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7569", + "Title": "binutils: integer underflow or overflow via an ELF file with a corrupt DWARF FORM block in libbfd library", + "Description": "dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190", + "CWE-191" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-7569.html", + "http://linux.oracle.com/errata/ELSA-2018-3032.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3032", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7569", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22895" + ], + "PublishedDate": "2018-02-28T21:29:00Z", + "LastModifiedDate": "2019-10-31T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-7642", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7642", + "Title": "binutils: NULL pointer dereference in swap_std_reloc_in function in aoutx.h resulting in crash", + "Description": "The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-7642.html", + "http://linux.oracle.com/errata/ELSA-2018-3032.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3032", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7642", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22887", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=116acb2c268c89c89186673a7c92620d21825b25" + ], + "PublishedDate": "2018-03-02T15:29:00Z", + "LastModifiedDate": "2019-10-31T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-7643", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7643", + "Title": "binutils: Integer overflow in the display_debug_ranges function resulting in crash", + "Description": "The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-7643.html", + "http://linux.oracle.com/errata/ELSA-2018-3032.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", + "http://www.securityfocus.com/bid/103264", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3032", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7643", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22905" + ], + "PublishedDate": "2018-03-02T15:29:00Z", + "LastModifiedDate": "2019-10-31T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-8945", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-8945", + "Title": "binutils: Crash in elf.c:bfd_section_from_shdr() with crafted executable", + "Description": "The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-8945.html", + "http://linux.oracle.com/errata/ELSA-2018-3032.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3032", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8945", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22809" + ], + "PublishedDate": "2018-03-22T21:29:00Z", + "LastModifiedDate": "2019-10-31T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9070", + "PkgName": "binutils", + "InstalledVersion": "2.20.51.0.2-5.48.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9070", + "Title": "binutils: heap-based buffer over-read in function d_expression_1 in cp-demangle.c", + "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.9 + } + }, + "References": [ + "http://www.securityfocus.com/bid/107147", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9070", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89395", + "https://security.netapp.com/advisory/ntap-20190314-0003/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24229", + "https://support.f5.com/csp/article/K13534168" + ], + "PublishedDate": "2019-02-24T00:29:00Z", + "LastModifiedDate": "2019-05-24T19:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-3189", + "PkgName": "bzip2", + "InstalledVersion": "1.0.5-7.el6_0", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-3189", + "Title": "bzip2: heap use after free in bzip2recover", + "Description": "Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.", + "Severity": "LOW", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/06/20/1", + "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", + "http://www.securityfocus.com/bid/91297", + "http://www.securitytracker.com/id/1036132", + "https://bugzilla.redhat.com/show_bug.cgi?id=1319648", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3189", + "https://marc.info/?l=oss-security\u0026m=146642106322396\u0026w=2", + "https://security.gentoo.org/glsa/201708-08", + "https://usn.ubuntu.com/usn/usn-4038-1", + "https://usn.ubuntu.com/usn/usn-4038-2" + ], + "PublishedDate": "2016-06-30T17:59:00Z", + "LastModifiedDate": "2017-08-22T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-3189", + "PkgName": "bzip2-libs", + "InstalledVersion": "1.0.5-7.el6_0", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-3189", + "Title": "bzip2: heap use after free in bzip2recover", + "Description": "Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.", + "Severity": "LOW", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/06/20/1", + "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", + "http://www.securityfocus.com/bid/91297", + "http://www.securitytracker.com/id/1036132", + "https://bugzilla.redhat.com/show_bug.cgi?id=1319648", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3189", + "https://marc.info/?l=oss-security\u0026m=146642106322396\u0026w=2", + "https://security.gentoo.org/glsa/201708-08", + "https://usn.ubuntu.com/usn/usn-4038-1", + "https://usn.ubuntu.com/usn/usn-4038-2" + ], + "PublishedDate": "2016-06-30T17:59:00Z", + "LastModifiedDate": "2017-08-22T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2781", + "PkgName": "coreutils", + "InstalledVersion": "8.4-47.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2781", + "Title": "coreutils: Non-privileged session can escape to the parent session in chroot", + "Description": "chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", + "V2Score": 2.1, + "V3Score": 6.5 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "V2Score": 6.2, + "V3Score": 8.6 + } + }, + "References": [ + "http://seclists.org/oss-sec/2016/q1/452", + "http://www.openwall.com/lists/oss-security/2016/02/28/2", + "http://www.openwall.com/lists/oss-security/2016/02/28/3", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2781" + ], + "PublishedDate": "2017-02-07T15:59:00Z", + "LastModifiedDate": "2017-02-27T19:32:00Z" + }, + { + "VulnerabilityID": "CVE-2017-18018", + "PkgName": "coreutils", + "InstalledVersion": "8.4-47.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18018", + "Title": "coreutils: race condition vulnerability in chown and chgrp", + "Description": "In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX \"-R -L\" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-362" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 4.2 + } + }, + "References": [ + "http://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html" + ], + "PublishedDate": "2018-01-04T04:29:00Z", + "LastModifiedDate": "2018-01-19T15:46:00Z" + }, + { + "VulnerabilityID": "CVE-2014-9471", + "PkgName": "coreutils", + "InstalledVersion": "8.4-47.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9471", + "Title": "coreutils: memory corruption flaw in parse_datetime()", + "Description": "The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the \"--date=TZ=\"123\"345\" @1\" string to the touch or date command.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V2Score": 2.6 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2015-0029.html", + "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16872", + "http://debbugs.gnu.org/cgi/bugreport.cgi?msg=11;filename=date-tz-crash.patch;att=1;bug=16872", + "http://debbugs.gnu.org/cgi/bugreport.cgi?msg=19;filename=coreutils-date-crash.patch;att=1;bug=16872", + "http://secunia.com/advisories/62226", + "http://ubuntu.com/usn/usn-2473-1", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:179", + "http://www.openwall.com/lists/oss-security/2014/11/25/1", + "http://www.openwall.com/lists/oss-security/2014/11/25/4", + "http://www.openwall.com/lists/oss-security/2015/01/03/11", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766147", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9471", + "https://security.gentoo.org/glsa/201612-22", + "https://usn.ubuntu.com/usn/usn-2473-1" + ], + "PublishedDate": "2015-01-16T16:59:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-1865", + "PkgName": "coreutils", + "InstalledVersion": "8.4-47.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1865", + "Title": "coreutils: \"time of check to time of use\" race condition fts.c", + "Description": "fts.c in coreutils 8.4 allows local users to delete arbitrary files.", + "Severity": "LOW", + "CweIDs": [ + "CWE-362" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 3.3, + "V3Score": 4.7 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:P", + "V2Score": 2.6 + } + }, + "References": [ + "http://www.securityfocus.com/bid/76073", + "https://bugzilla.redhat.com/show_bug.cgi?id=1211300", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1865" + ], + "PublishedDate": "2017-09-20T18:29:00Z", + "LastModifiedDate": "2017-09-27T16:13:00Z" + }, + { + "VulnerabilityID": "CVE-2015-4041", + "PkgName": "coreutils", + "InstalledVersion": "8.4-47.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-4041", + "Title": "coreutils: heap buffer overflow in sort(1) keycompare_mb()", + "Description": "The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings.", + "Severity": "LOW", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", + "V2Score": 3.7 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2015/05/15/1", + "https://bugzilla.suse.com/show_bug.cgi?id=928749", + "https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940" + ], + "PublishedDate": "2020-01-24T17:15:00Z", + "LastModifiedDate": "2020-02-01T17:33:00Z" + }, + { + "VulnerabilityID": "CVE-2015-4042", + "PkgName": "coreutils", + "InstalledVersion": "8.4-47.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-4042", + "Title": "coreutils: possible buffer overflow in keycompare_mb()", + "Description": "Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", + "V2Score": 3.7 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2015/05/15/1", + "https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940" + ], + "PublishedDate": "2020-01-24T17:15:00Z", + "LastModifiedDate": "2020-02-01T17:33:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2781", + "PkgName": "coreutils-libs", + "InstalledVersion": "8.4-47.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2781", + "Title": "coreutils: Non-privileged session can escape to the parent session in chroot", + "Description": "chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", + "V2Score": 2.1, + "V3Score": 6.5 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "V2Score": 6.2, + "V3Score": 8.6 + } + }, + "References": [ + "http://seclists.org/oss-sec/2016/q1/452", + "http://www.openwall.com/lists/oss-security/2016/02/28/2", + "http://www.openwall.com/lists/oss-security/2016/02/28/3", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2781" + ], + "PublishedDate": "2017-02-07T15:59:00Z", + "LastModifiedDate": "2017-02-27T19:32:00Z" + }, + { + "VulnerabilityID": "CVE-2017-18018", + "PkgName": "coreutils-libs", + "InstalledVersion": "8.4-47.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18018", + "Title": "coreutils: race condition vulnerability in chown and chgrp", + "Description": "In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX \"-R -L\" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-362" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 4.2 + } + }, + "References": [ + "http://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html" + ], + "PublishedDate": "2018-01-04T04:29:00Z", + "LastModifiedDate": "2018-01-19T15:46:00Z" + }, + { + "VulnerabilityID": "CVE-2014-9471", + "PkgName": "coreutils-libs", + "InstalledVersion": "8.4-47.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9471", + "Title": "coreutils: memory corruption flaw in parse_datetime()", + "Description": "The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the \"--date=TZ=\"123\"345\" @1\" string to the touch or date command.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V2Score": 2.6 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2015-0029.html", + "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16872", + "http://debbugs.gnu.org/cgi/bugreport.cgi?msg=11;filename=date-tz-crash.patch;att=1;bug=16872", + "http://debbugs.gnu.org/cgi/bugreport.cgi?msg=19;filename=coreutils-date-crash.patch;att=1;bug=16872", + "http://secunia.com/advisories/62226", + "http://ubuntu.com/usn/usn-2473-1", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:179", + "http://www.openwall.com/lists/oss-security/2014/11/25/1", + "http://www.openwall.com/lists/oss-security/2014/11/25/4", + "http://www.openwall.com/lists/oss-security/2015/01/03/11", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766147", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9471", + "https://security.gentoo.org/glsa/201612-22", + "https://usn.ubuntu.com/usn/usn-2473-1" + ], + "PublishedDate": "2015-01-16T16:59:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-1865", + "PkgName": "coreutils-libs", + "InstalledVersion": "8.4-47.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1865", + "Title": "coreutils: \"time of check to time of use\" race condition fts.c", + "Description": "fts.c in coreutils 8.4 allows local users to delete arbitrary files.", + "Severity": "LOW", + "CweIDs": [ + "CWE-362" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 3.3, + "V3Score": 4.7 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:P", + "V2Score": 2.6 + } + }, + "References": [ + "http://www.securityfocus.com/bid/76073", + "https://bugzilla.redhat.com/show_bug.cgi?id=1211300", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1865" + ], + "PublishedDate": "2017-09-20T18:29:00Z", + "LastModifiedDate": "2017-09-27T16:13:00Z" + }, + { + "VulnerabilityID": "CVE-2015-4041", + "PkgName": "coreutils-libs", + "InstalledVersion": "8.4-47.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-4041", + "Title": "coreutils: heap buffer overflow in sort(1) keycompare_mb()", + "Description": "The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings.", + "Severity": "LOW", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", + "V2Score": 3.7 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2015/05/15/1", + "https://bugzilla.suse.com/show_bug.cgi?id=928749", + "https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940" + ], + "PublishedDate": "2020-01-24T17:15:00Z", + "LastModifiedDate": "2020-02-01T17:33:00Z" + }, + { + "VulnerabilityID": "CVE-2015-4042", + "PkgName": "coreutils-libs", + "InstalledVersion": "8.4-47.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-4042", + "Title": "coreutils: possible buffer overflow in keycompare_mb()", + "Description": "Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", + "V2Score": 3.7 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2015/05/15/1", + "https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940" + ], + "PublishedDate": "2020-01-24T17:15:00Z", + "LastModifiedDate": "2020-02-01T17:33:00Z" + }, + { + "VulnerabilityID": "CVE-2014-9112", + "PkgName": "cpio", + "InstalledVersion": "2.10-13.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9112", + "Title": "cpio: heap-based buffer overflow flaw in list_file()", + "Description": "Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", + "V2Score": 5.1 + } + }, + "References": [ + "http://lcamtuf.coredump.cx/afl/vulns/lesspipe-cpio-bad-write.cpio", + "http://linux.oracle.com/cve/CVE-2014-9112.html", + "http://linux.oracle.com/errata/ELSA-2015-2108.html", + "http://lists.gnu.org/archive/html/bug-cpio/2014-11/msg00007.html", + "http://seclists.org/fulldisclosure/2014/Nov/74", + "http://secunia.com/advisories/60167", + "http://secunia.com/advisories/62145", + "http://www.debian.org/security/2014/dsa-3111", + "http://www.openwall.com/lists/oss-security/2014/11/23/2", + "http://www.openwall.com/lists/oss-security/2014/11/25/2", + "http://www.openwall.com/lists/oss-security/2014/11/26/20", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "http://www.securityfocus.com/bid/71248", + "http://www.ubuntu.com/usn/USN-2456-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9112", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/98918", + "https://marc.info/?l=oss-security\u0026m=141702212015484\u0026w=2", + "https://savannah.gnu.org/bugs/?43709", + "https://usn.ubuntu.com/usn/usn-2456-1" + ], + "PublishedDate": "2014-12-02T16:59:00Z", + "LastModifiedDate": "2017-09-08T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-1197", + "PkgName": "cpio", + "InstalledVersion": "2.10-13.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1197", + "Title": "cpio: directory traversal through symlinks", + "Description": "cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.", + "Severity": "LOW", + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", + "V2Score": 1.9 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 2.1 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2015-0080.html", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:066", + "http://www.openwall.com/lists/oss-security/2015/01/07/5", + "http://www.openwall.com/lists/oss-security/2015/01/18/7", + "http://www.securityfocus.com/bid/71914", + "http://www.ubuntu.com/usn/USN-2906-1", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774669", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1197", + "https://lists.gnu.org/archive/html/bug-cpio/2015-01/msg00000.html", + "https://usn.ubuntu.com/usn/usn-2906-1" + ], + "PublishedDate": "2015-02-19T15:59:00Z", + "LastModifiedDate": "2016-12-06T02:59:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2037", + "PkgName": "cpio", + "InstalledVersion": "2.10-13.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2037", + "Title": "cpio: out of bounds write", + "Description": "The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V2Score": 4.3, + "V3Score": 4.3 + } + }, + "References": [ + "http://www.debian.org/security/2016/dsa-3483", + "http://www.openwall.com/lists/oss-security/2016/01/19/4", + "http://www.openwall.com/lists/oss-security/2016/01/22/4", + "http://www.securityfocus.com/bid/82293", + "http://www.securitytracker.com/id/1035067", + "http://www.ubuntu.com/usn/USN-2906-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2037", + "https://usn.ubuntu.com/usn/usn-2906-1" + ], + "PublishedDate": "2016-02-22T15:59:00Z", + "LastModifiedDate": "2016-12-06T03:07:00Z" + }, + { + "VulnerabilityID": "CVE-2016-6318", + "PkgName": "cracklib", + "InstalledVersion": "2.8.16-4.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6318", + "Title": "cracklib: Stack-based buffer overflow when parsing large GECOS field", + "Description": "Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V2Score": 1.9, + "V3Score": 4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-updates/2016-08/msg00122.html", + "http://seclists.org/oss-sec/2016/q3/290", + "http://www.openwall.com/lists/oss-security/2016/08/16/2", + "http://www.securityfocus.com/bid/92478", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6318", + "https://security.gentoo.org/glsa/201612-25" + ], + "PublishedDate": "2016-09-07T19:28:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2016-6318", + "PkgName": "cracklib-dicts", + "InstalledVersion": "2.8.16-4.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6318", + "Title": "cracklib: Stack-based buffer overflow when parsing large GECOS field", + "Description": "Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V2Score": 1.9, + "V3Score": 4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-updates/2016-08/msg00122.html", + "http://seclists.org/oss-sec/2016/q3/290", + "http://www.openwall.com/lists/oss-security/2016/08/16/2", + "http://www.securityfocus.com/bid/92478", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6318", + "https://security.gentoo.org/glsa/201612-25" + ], + "PublishedDate": "2016-09-07T19:28:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2015-3153", + "PkgName": "curl", + "InstalledVersion": "7.19.7-53.el6_9", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-3153", + "Title": "curl: sensitive HTTP server headers also sent to proxies", + "Description": "The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + } + }, + "References": [ + "http://curl.haxx.se/docs/adv_20150429.html", + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743", + "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", + "http://lists.opensuse.org/opensuse-updates/2015-05/msg00017.html", + "http://www.debian.org/security/2015/dsa-3240", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", + "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", + "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", + "http://www.securityfocus.com/bid/74408", + "http://www.securitytracker.com/id/1032233", + "http://www.ubuntu.com/usn/USN-2591-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3153", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10131", + "https://support.apple.com/kb/HT205031", + "https://usn.ubuntu.com/usn/usn-2591-1" + ], + "PublishedDate": "2015-05-01T15:59:00Z", + "LastModifiedDate": "2018-10-17T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-5419", + "PkgName": "curl", + "InstalledVersion": "7.19.7-53.el6_9", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5419", + "Title": "curl: TLS session resumption client cert bypass", + "Description": "curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V2Score": 5.8, + "V3Score": 4.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-5419.html", + "http://linux.oracle.com/errata/ELSA-2016-2575.html", + "http://lists.opensuse.org/opensuse-updates/2016-09/msg00011.html", + "http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html", + "http://rhn.redhat.com/errata/RHSA-2016-2575.html", + "http://rhn.redhat.com/errata/RHSA-2016-2957.html", + "http://www.debian.org/security/2016/dsa-3638", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/92292", + "http://www.securityfocus.com/bid/92319", + "http://www.securitytracker.com/id/1036538", + "http://www.securitytracker.com/id/1038341", + "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.563059", + "http://www.ubuntu.com/usn/USN-3048-1", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://curl.haxx.se/docs/adv_20160803A.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5419", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLPXQQKURBQFM4XM6645VRPTOE2AWG33/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3GQH4V3XAQ5Z53AMQRDEC3C3UHTW7QR/", + "https://security.gentoo.org/glsa/201701-47", + "https://source.android.com/security/bulletin/2016-12-01.html", + "https://usn.ubuntu.com/usn/usn-3048-1", + "https://www.tenable.com/security/tns-2016-18" + ], + "PublishedDate": "2016-08-10T14:59:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8615", + "PkgName": "curl", + "InstalledVersion": "7.19.7-53.el6_9", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8615", + "Title": "curl: Cookie injection for other servers", + "Description": "A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-254" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 4.3, + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8615.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94096", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8615", + "https://curl.haxx.se/CVE-2016-8615.patch", + "https://curl.haxx.se/docs/adv_20161102A.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-08-01T06:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8617", + "PkgName": "curl", + "InstalledVersion": "7.19.7-53.el6_9", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8617", + "Title": "curl: Out-of-bounds write via unchecked multiplication", + "Description": "The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.4, + "V3Score": 7 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 4.3, + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8617.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94097", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8617", + "https://curl.haxx.se/CVE-2016-8617.patch", + "https://curl.haxx.se/docs/adv_20161102C.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-07-31T22:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8618", + "PkgName": "curl", + "InstalledVersion": "7.19.7-53.el6_9", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8618", + "Title": "curl: Double-free in curl_maprintf", + "Description": "The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 4.3, + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8618.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94098", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8618", + "https://curl.haxx.se/docs/adv_20161102D.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-07-31T21:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8619", + "PkgName": "curl", + "InstalledVersion": "7.19.7-53.el6_9", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8619", + "Title": "curl: Double-free in krb5 code", + "Description": "The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 4.3, + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8619.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94100", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8619", + "https://curl.haxx.se/CVE-2016-8619.patch", + "https://curl.haxx.se/docs/adv_20161102E.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-08-01T06:29:00Z", + "LastModifiedDate": "2019-10-09T23:20:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8624", + "PkgName": "curl", + "InstalledVersion": "7.19.7-53.el6_9", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8624", + "Title": "curl: Invalid URL parsing with '#'", + "Description": "curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 4.3, + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8624.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94103", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8624", + "https://curl.haxx.se/docs/adv_20161102J.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-07-31T21:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8625", + "PkgName": "curl", + "InstalledVersion": "7.19.7-53.el6_9", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8625", + "Title": "curl: IDNA 2003 makes curl use wrong host", + "Description": "curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 4.3, + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8625.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.securityfocus.com/bid/94107", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8625", + "https://curl.haxx.se/CVE-2016-8625.patch", + "https://curl.haxx.se/docs/adv_20161102K.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8625", + "https://security.gentoo.org/glsa/201701-47", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-08-01T06:29:00Z", + "LastModifiedDate": "2019-10-09T23:20:00Z" + }, + { + "VulnerabilityID": "CVE-2017-1000254", + "PkgName": "curl", + "InstalledVersion": "7.19.7-53.el6_9", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000254", + "Title": "curl: FTP PWD response parser out of bounds read", + "Description": "libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "http://www.debian.org/security/2017/dsa-3992", + "http://www.securityfocus.com/bid/101115", + "http://www.securitytracker.com/id/1039509", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://curl.haxx.se/673d0cd8.patch", + "https://curl.haxx.se/docs/adv_20171004.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000254", + "https://security.gentoo.org/glsa/201712-04", + "https://support.apple.com/HT208331", + "https://usn.ubuntu.com/usn/usn-3441-1", + "https://usn.ubuntu.com/usn/usn-3441-2" + ], + "PublishedDate": "2017-10-06T13:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1000120", + "PkgName": "curl", + "InstalledVersion": "7.19.7-53.el6_9", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000120", + "Title": "curl: FTP path trickery leads to NIL byte out of bounds write", + "Description": "A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "V3Score": 5.4 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-1000120.html", + "http://linux.oracle.com/errata/ELSA-2018-3157.html", + "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/103414", + "http://www.securitytracker.com/id/1040531", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3157", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://access.redhat.com/errata/RHSA-2019:1543", + "https://curl.haxx.se/docs/adv_2018-9cd6.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000120", + "https://lists.debian.org/debian-lts-announce/2018/03/msg00012.html", + "https://usn.ubuntu.com/3598-1/", + "https://usn.ubuntu.com/3598-2/", + "https://usn.ubuntu.com/usn/usn-3598-1", + "https://usn.ubuntu.com/usn/usn-3598-2", + "https://www.debian.org/security/2018/dsa-4136", + "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + ], + "PublishedDate": "2018-03-14T18:29:00Z", + "LastModifiedDate": "2019-06-18T22:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-0755", + "PkgName": "curl", + "InstalledVersion": "7.19.7-53.el6_9", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-0755", + "Title": "curl: NTLM credentials not-checked for proxy connection re-use", + "Description": "The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.", + "Severity": "LOW", + "CweIDs": [ + "CWE-287" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 5, + "V3Score": 7.3 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", + "V2Score": 4 + } + }, + "References": [ + "http://curl.haxx.se/docs/adv_20160127A.html", + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176546.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177342.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177383.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176413.html", + "http://lists.opensuse.org/opensuse-updates/2016-02/msg00031.html", + "http://lists.opensuse.org/opensuse-updates/2016-02/msg00044.html", + "http://lists.opensuse.org/opensuse-updates/2016-02/msg00047.html", + "http://packetstormsecurity.com/files/135695/Slackware-Security-Advisory-curl-Updates.html", + "http://www.debian.org/security/2016/dsa-3455", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/82307", + "http://www.securitytracker.com/id/1034882", + "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.519965", + "http://www.ubuntu.com/usn/USN-2882-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0755", + "https://security.gentoo.org/glsa/201701-47", + "https://support.apple.com/HT207170", + "https://usn.ubuntu.com/usn/usn-2882-1" + ], + "PublishedDate": "2016-01-29T20:59:00Z", + "LastModifiedDate": "2018-10-17T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-5420", + "PkgName": "curl", + "InstalledVersion": "7.19.7-53.el6_9", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5420", + "Title": "curl: Re-using connection with wrong client cert", + "Description": "curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.", + "Severity": "LOW", + "CweIDs": [ + "CWE-285" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V2Score": 4.9, + "V3Score": 4.2 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-5420.html", + "http://linux.oracle.com/errata/ELSA-2016-2575.html", + "http://lists.opensuse.org/opensuse-updates/2016-09/msg00011.html", + "http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html", + "http://rhn.redhat.com/errata/RHSA-2016-2575.html", + "http://rhn.redhat.com/errata/RHSA-2016-2957.html", + "http://www.debian.org/security/2016/dsa-3638", + "http://www.openwall.com/lists/oss-security/2016/09/05/1", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/92309", + "http://www.securitytracker.com/id/1036537", + "http://www.securitytracker.com/id/1036739", + "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.563059", + "http://www.ubuntu.com/usn/USN-3048-1", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://curl.haxx.se/docs/adv_20160803B.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5420", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLPXQQKURBQFM4XM6645VRPTOE2AWG33/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3GQH4V3XAQ5Z53AMQRDEC3C3UHTW7QR/", + "https://security.gentoo.org/glsa/201701-47", + "https://source.android.com/security/bulletin/2016-12-01.html", + "https://usn.ubuntu.com/usn/usn-3048-1", + "https://www.tenable.com/security/tns-2016-18" + ], + "PublishedDate": "2016-08-10T14:59:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-7141", + "PkgName": "curl", + "InstalledVersion": "7.19.7-53.el6_9", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-7141", + "Title": "curl: Incorrect reuse of client certificates", + "Description": "curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.", + "Severity": "LOW", + "CweIDs": [ + "CWE-287" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V2Score": 4.9, + "V3Score": 4.2 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-7141.html", + "http://linux.oracle.com/errata/ELSA-2016-2575.html", + "http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html", + "http://rhn.redhat.com/errata/RHSA-2016-2575.html", + "http://rhn.redhat.com/errata/RHSA-2016-2957.html", + "http://seclists.org/oss-sec/2016/q3/419", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/92754", + "http://www.securitytracker.com/id/1036739", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=1373229", + "https://curl.haxx.se/docs/adv_20160907.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7141", + "https://github.com/curl/curl/commit/curl-7_50_2~32", + "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1" + ], + "PublishedDate": "2016-10-03T21:59:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-7167", + "PkgName": "curl", + "InstalledVersion": "7.19.7-53.el6_9", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-7167", + "Title": "curl: escape and unescape integer overflows", + "Description": "Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V2Score": 4.3, + "V3Score": 2.9 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-7167.html", + "http://linux.oracle.com/errata/ELSA-2017-2016.html", + "http://openwall.com/lists/oss-security/2016/09/14/1", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/92975", + "http://www.securitytracker.com/id/1036813", + "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.538632", + "https://access.redhat.com/errata/RHSA-2017:2016", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://curl.haxx.se/docs/adv_20160914.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7167", + "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B3IU2FRXQNU6UJIQT4NGLWWTP2GJQXO7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTH54DFOS4TSYPG5XKJDGAG4XPAR4T7M/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZMRWVISG7VUCYRMF23A2UHMYD72VQWAK/", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1" + ], + "PublishedDate": "2016-10-07T14:59:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8616", + "PkgName": "curl", + "InstalledVersion": "7.19.7-53.el6_9", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8616", + "Title": "curl: Case insensitive password comparison", + "Description": "A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.", + "Severity": "LOW", + "CweIDs": [ + "CWE-255" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 2.6, + "V3Score": 3.7 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8616.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94094", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8616", + "https://curl.haxx.se/CVE-2016-8616.patch", + "https://curl.haxx.se/docs/adv_20161102B.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-08-01T06:29:00Z", + "LastModifiedDate": "2019-10-09T23:20:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8621", + "PkgName": "curl", + "InstalledVersion": "7.19.7-53.el6_9", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8621", + "Title": "curl: curl_getdate out-of-bounds read", + "Description": "The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8621.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94101", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8621", + "https://curl.haxx.se/CVE-2016-8621.patch", + "https://curl.haxx.se/docs/adv_20161102G.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-07-31T22:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8623", + "PkgName": "curl", + "InstalledVersion": "7.19.7-53.el6_9", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8623", + "Title": "curl: Use-after-free via shared cookies", + "Description": "A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.", + "Severity": "LOW", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 4.3, + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8623.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94106", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8623", + "https://curl.haxx.se/CVE-2016-8623.patch", + "https://curl.haxx.se/docs/adv_20161102I.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-08-01T06:29:00Z", + "LastModifiedDate": "2019-10-09T23:20:00Z" + }, + { + "VulnerabilityID": "CVE-2016-9586", + "PkgName": "curl", + "InstalledVersion": "7.19.7-53.el6_9", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9586", + "Title": "curl: printf floating point buffer overflow", + "Description": "curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.1 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 2.6, + "V3Score": 5.9 + } + }, + "References": [ + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/95019", + "http://www.securitytracker.com/id/1037515", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9586", + "https://curl.haxx.se/docs/adv_20161221A.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9586", + "https://github.com/curl/curl/commit/curl-7_51_0-162-g3ab3c16", + "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3441-1", + "https://usn.ubuntu.com/usn/usn-3441-2" + ], + "PublishedDate": "2018-04-23T18:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-1000100", + "PkgName": "curl", + "InstalledVersion": "7.19.7-53.el6_9", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000100", + "Title": "curl: TFTP sends more than buffer size", + "Description": "When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.8 + } + }, + "References": [ + "http://www.debian.org/security/2017/dsa-3992", + "http://www.securityfocus.com/bid/100286", + "http://www.securitytracker.com/id/1039118", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://curl.haxx.se/docs/adv_20170809B.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000100", + "https://security.gentoo.org/glsa/201709-14", + "https://support.apple.com/HT208221", + "https://usn.ubuntu.com/usn/usn-3441-1", + "https://usn.ubuntu.com/usn/usn-3441-2" + ], + "PublishedDate": "2017-10-05T01:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7407", + "PkgName": "curl", + "InstalledVersion": "7.19.7-53.el6_9", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7407", + "Title": "curl: --write-out out of bounds read", + "Description": "The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 2.1, + "V3Score": 2.4 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", + "V3Score": 1.8 + } + }, + "References": [ + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://curl.haxx.se/docs/adv_20170403.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7407", + "https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13", + "https://security.gentoo.org/glsa/201709-14", + "https://usn.ubuntu.com/usn/usn-3441-1", + "https://usn.ubuntu.com/usn/usn-3441-2" + ], + "PublishedDate": "2017-04-03T20:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-14618", + "PkgName": "curl", + "InstalledVersion": "7.19.7-53.el6_9", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14618", + "Title": "curl: NTLM password overflow via integer overflow", + "Description": "curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 10, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-14618.html", + "http://linux.oracle.com/errata/ELSA-2019-1880.html", + "http://www.securitytracker.com/id/1041605", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618", + "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf", + "https://curl.haxx.se/docs/CVE-2018-14618.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14618", + "https://github.com/curl/curl/issues/2756", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0014", + "https://security.gentoo.org/glsa/201903-03", + "https://usn.ubuntu.com/3765-1/", + "https://usn.ubuntu.com/3765-2/", + "https://usn.ubuntu.com/usn/usn-3765-1", + "https://usn.ubuntu.com/usn/usn-3765-2", + "https://www.debian.org/security/2018/dsa-4286" + ], + "PublishedDate": "2018-09-05T19:29:00Z", + "LastModifiedDate": "2019-04-22T17:48:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16842", + "PkgName": "curl", + "InstalledVersion": "7.19.7-53.el6_9", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16842", + "Title": "curl: Heap-based buffer over-read in the curl tool warning formatting", + "Description": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", + "V3Score": 3.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16842.html", + "http://linux.oracle.com/errata/ELSA-2019-2181.html", + "http://www.securitytracker.com/id/1042014", + "https://access.redhat.com/errata/RHSA-2019:2181", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842", + "https://curl.haxx.se/docs/CVE-2018-16842.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16842", + "https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211", + "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", + "https://security.gentoo.org/glsa/201903-03", + "https://usn.ubuntu.com/3805-1/", + "https://usn.ubuntu.com/3805-2/", + "https://usn.ubuntu.com/usn/usn-3805-1", + "https://usn.ubuntu.com/usn/usn-3805-2", + "https://www.debian.org/security/2018/dsa-4331" + ], + "PublishedDate": "2018-10-31T19:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5436", + "PkgName": "curl", + "InstalledVersion": "7.19.7-53.el6_9", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5436", + "Title": "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function", + "Description": "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html", + "https://curl.haxx.se/docs/CVE-2019-5436.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/", + "https://security.netapp.com/advisory/ntap-20190606-0004/", + "https://usn.ubuntu.com/usn/usn-3993-1", + "https://usn.ubuntu.com/usn/usn-3993-2" + ], + "PublishedDate": "2019-05-28T19:29:00Z", + "LastModifiedDate": "2019-06-09T05:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-10140", + "PkgName": "db4", + "InstalledVersion": "4.7.25-22.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10140", + "Title": "libdb: Reads DB_CONFIG from the current working directory", + "Description": "Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 4.5 + } + }, + "References": [ + "http://seclists.org/oss-sec/2017/q3/285", + "http://www.openwall.com/lists/oss-security/2017/08/12/1", + "http://www.postfix.org/announcements/postfix-3.2.2.html", + "https://access.redhat.com/errata/RHSA-2019:0366", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10140", + "https://usn.ubuntu.com/usn/usn-3489-1", + "https://usn.ubuntu.com/usn/usn-3489-2" + ], + "PublishedDate": "2018-04-16T17:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-10140", + "PkgName": "db4-utils", + "InstalledVersion": "4.7.25-22.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10140", + "Title": "libdb: Reads DB_CONFIG from the current working directory", + "Description": "Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 4.5 + } + }, + "References": [ + "http://seclists.org/oss-sec/2017/q3/285", + "http://www.openwall.com/lists/oss-security/2017/08/12/1", + "http://www.postfix.org/announcements/postfix-3.2.2.html", + "https://access.redhat.com/errata/RHSA-2019:0366", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10140", + "https://usn.ubuntu.com/usn/usn-3489-1", + "https://usn.ubuntu.com/usn/usn-3489-2" + ], + "PublishedDate": "2018-04-16T17:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-12749", + "PkgName": "dbus-libs", + "InstalledVersion": "1:1.2.24-9.el6", + "FixedVersion": "1:1.2.24-11.el6_10", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12749", + "Title": "dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass", + "Description": "dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-287" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "V2Score": 3.6, + "V3Score": 7.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-12749.html", + "http://linux.oracle.com/errata/ELSA-2019-3707.html", + "http://www.openwall.com/lists/oss-security/2019/06/11/2", + "http://www.securityfocus.com/bid/108751", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12749", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00005.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2CQF37O73VH2JDVX2ILX2KD2KLXLQOU/", + "https://seclists.org/bugtraq/2019/Jun/16", + "https://usn.ubuntu.com/4015-1/", + "https://usn.ubuntu.com/4015-2/", + "https://usn.ubuntu.com/usn/usn-4015-1", + "https://usn.ubuntu.com/usn/usn-4015-2", + "https://www.debian.org/security/2019/dsa-4462", + "https://www.openwall.com/lists/oss-security/2019/06/11/2" + ], + "PublishedDate": "2019-06-11T17:29:00Z", + "LastModifiedDate": "2019-06-14T14:29:00Z" + }, + { + "VulnerabilityID": "CVE-2014-3477", + "PkgName": "dbus-libs", + "InstalledVersion": "1:1.2.24-9.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3477", + "Title": "dbus: denial of service flaw in dbus-daemon", + "Description": "The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P", + "V2Score": 3.6 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2014-0266.html", + "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8\u0026id=24c590703ca47eb71ddef453de43126b90954567", + "http://lists.opensuse.org/opensuse-updates/2014-06/msg00042.html", + "http://lists.opensuse.org/opensuse-updates/2014-07/msg00012.html", + "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", + "http://seclists.org/oss-sec/2014/q2/509", + "http://secunia.com/advisories/59428", + "http://secunia.com/advisories/59611", + "http://secunia.com/advisories/59798", + "http://www.debian.org/security/2014/dsa-2971", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", + "http://www.securityfocus.com/bid/67986", + "https://bugs.freedesktop.org/show_bug.cgi?id=78979", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3477", + "https://usn.ubuntu.com/usn/usn-2275-1" + ], + "PublishedDate": "2014-07-01T17:55:00Z", + "LastModifiedDate": "2015-04-15T02:00:00Z" + }, + { + "VulnerabilityID": "CVE-2014-3532", + "PkgName": "dbus-libs", + "InstalledVersion": "1:1.2.24-9.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3532", + "Title": "dbus: denial of service in file descriptor passing feature", + "Description": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2014-0294.html", + "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", + "http://openwall.com/lists/oss-security/2014/07/02/4", + "http://secunia.com/advisories/59611", + "http://secunia.com/advisories/59798", + "http://secunia.com/advisories/60236", + "http://www.debian.org/security/2014/dsa-2971", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", + "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", + "https://bugs.freedesktop.org/show_bug.cgi?id=80163", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3532", + "https://usn.ubuntu.com/usn/usn-2275-1" + ], + "PublishedDate": "2014-07-19T19:55:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2014-3533", + "PkgName": "dbus-libs", + "InstalledVersion": "1:1.2.24-9.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3533", + "Title": "dbus: denial of service when forwarding invalid file descriptors", + "Description": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2014-0294.html", + "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", + "http://openwall.com/lists/oss-security/2014/07/02/4", + "http://secunia.com/advisories/59611", + "http://secunia.com/advisories/59798", + "http://secunia.com/advisories/60236", + "http://www.debian.org/security/2014/dsa-2971", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", + "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", + "https://bugs.freedesktop.org/show_bug.cgi?id=79694", + "https://bugs.freedesktop.org/show_bug.cgi?id=80469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3533", + "https://usn.ubuntu.com/usn/usn-2275-1" + ], + "PublishedDate": "2014-07-19T19:55:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2011-2533", + "PkgName": "dbus-libs", + "InstalledVersion": "1:1.2.24-9.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-2533", + "Title": "dbus: Possibility of symlink attack in /tmp during compilation", + "Description": "The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/.", + "Severity": "LOW", + "CweIDs": [ + "CWE-59" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", + "V2Score": 3.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", + "V2Score": 1.9 + } + }, + "References": [ + "http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2", + "http://www.securitytracker.com/id?1025720", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2533", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/68173" + ], + "PublishedDate": "2011-06-22T23:55:00Z", + "LastModifiedDate": "2017-08-29T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2014-3636", + "PkgName": "dbus-libs", + "InstalledVersion": "1:1.2.24-9.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3636", + "Title": "dbus: denial of service by queuing or splitting file descriptors", + "Description": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 1.9 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2014-0395.html", + "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", + "http://secunia.com/advisories/61378", + "http://www.debian.org/security/2014/dsa-3026", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", + "http://www.openwall.com/lists/oss-security/2014/09/16/9", + "http://www.securitytracker.com/id/1030864", + "http://www.ubuntu.com/usn/USN-2352-1", + "https://bugs.freedesktop.org/show_bug.cgi?id=82820", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3636", + "https://usn.ubuntu.com/usn/usn-2352-1" + ], + "PublishedDate": "2014-10-25T20:55:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2014-3637", + "PkgName": "dbus-libs", + "InstalledVersion": "1:1.2.24-9.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3637", + "Title": "dbus: denial of service by creating unkillable D-Bus connections", + "Description": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.", + "Severity": "LOW", + "CweIDs": [ + "CWE-17" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2014-0395.html", + "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", + "http://secunia.com/advisories/61378", + "http://www.debian.org/security/2014/dsa-3026", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", + "http://www.openwall.com/lists/oss-security/2014/09/16/9", + "http://www.openwall.com/lists/oss-security/2019/06/24/13", + "http://www.openwall.com/lists/oss-security/2019/06/24/14", + "http://www.securitytracker.com/id/1030864", + "http://www.ubuntu.com/usn/USN-2352-1", + "https://bugs.freedesktop.org/show_bug.cgi?id=80559", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3637", + "https://usn.ubuntu.com/usn/usn-2352-1" + ], + "PublishedDate": "2014-09-22T15:55:00Z", + "LastModifiedDate": "2019-06-24T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2014-3638", + "PkgName": "dbus-libs", + "InstalledVersion": "1:1.2.24-9.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3638", + "Title": "dbus: denial of service in method call handling", + "Description": "The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2014-0395.html", + "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html", + "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", + "http://secunia.com/advisories/61378", + "http://secunia.com/advisories/61431", + "http://www.debian.org/security/2014/dsa-3026", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", + "http://www.openwall.com/lists/oss-security/2014/09/16/9", + "http://www.securitytracker.com/id/1030864", + "http://www.ubuntu.com/usn/USN-2352-1", + "https://bugs.freedesktop.org/show_bug.cgi?id=81053", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3638", + "https://usn.ubuntu.com/usn/usn-2352-1" + ], + "PublishedDate": "2014-09-22T15:55:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2014-3639", + "PkgName": "dbus-libs", + "InstalledVersion": "1:1.2.24-9.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3639", + "Title": "dbus: denial of service flaw in incomplete connection handling", + "Description": "The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2014-0395.html", + "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html", + "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", + "http://secunia.com/advisories/61378", + "http://secunia.com/advisories/61431", + "http://www.debian.org/security/2014/dsa-3026", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", + "http://www.openwall.com/lists/oss-security/2014/09/16/9", + "http://www.securitytracker.com/id/1030864", + "http://www.ubuntu.com/usn/USN-2352-1", + "https://bugs.freedesktop.org/show_bug.cgi?id=80919", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3639", + "https://usn.ubuntu.com/usn/usn-2352-1" + ], + "PublishedDate": "2014-09-22T15:55:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10254", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.164-2.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10254", + "Title": "elfutils: Memory allocation failure in allocate_elf", + "Description": "The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2017/03/22/2", + "https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-allocate_elf-common-h/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10254", + "https://lists.fedorahosted.org/archives/list/elfutils-devel@lists.fedorahosted.org/message/EJWVY7TMRDEMWPAPNVU3V4MZYG5HANF2/", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-03-23T16:59:00Z", + "LastModifiedDate": "2018-06-07T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10255", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.164-2.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10255", + "Title": "elfutils: Memory allocation failure in __libelf_set_rawdata_wrlock (elf_getdata.c)", + "Description": "The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2017/03/22/1", + "https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-__libelf_set_rawdata_wrlock-elf_getdata-c/", + "https://bugzilla.redhat.com/show_bug.cgi?id=1387584", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10255", + "https://lists.fedorahosted.org/archives/list/elfutils-devel@lists.fedorahosted.org/thread/Q4LE47FPEVRZANMV6JE2NMHYO4H5MHGJ/", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-03-23T16:59:00Z", + "LastModifiedDate": "2018-06-07T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7607", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.164-2.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7607", + "Title": "elfutils: Heap-buffer overflow in the handle_gnu_hash function", + "Description": "The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "http://www.securityfocus.com/bid/98608", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7607", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7608", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.164-2.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7608", + "Title": "elfutils: Heap-buffer overflow in the ebl_object_note_type_name function", + "Description": "The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "http://www.securityfocus.com/bid/98609", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7608", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7609", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.164-2.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7609", + "Title": "elfutils: Memory allocation failure in elf_compress.c", + "Description": "elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7609", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2018-06-07T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7610", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.164-2.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7610", + "Title": "elfutils: Heap-buffer overflow in the check_group function", + "Description": "The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7610", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7611", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.164-2.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7611", + "Title": "elfutils: Heap-buffer overflow in the check_symtab_shndx function", + "Description": "The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7611", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7612", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.164-2.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7612", + "Title": "elfutils: Heap-buffer overflow in the check_sysv_hash function", + "Description": "The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7612", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7613", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.164-2.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7613", + "Title": "elfutils: elflint.c does not validate the number of sections and segments", + "Description": "elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7613", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2019-06-20T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16062", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.164-2.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16062", + "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file", + "Description": "dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16062.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://access.redhat.com/errata/RHSA-2019:2197", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23541", + "https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-08-29T03:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16403", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.164-2.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16403", + "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash", + "Description": "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16403.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://access.redhat.com/errata/RHSA-2019:2197", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16403", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23529", + "https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-09-03T19:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18310", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.164-2.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18310", + "Title": "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl", + "Description": "An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-18310.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23752", + "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-10-15T02:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18520", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.164-2.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18520", + "Title": "elfutils: eu-size cannot handle recursive ar files", + "Description": "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-18520.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23787", + "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-10-19T17:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18521", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.164-2.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18521", + "Title": "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c", + "Description": "Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.", + "Severity": "LOW", + "CweIDs": [ + "CWE-369" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-18521.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23786", + "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-10-19T17:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7150", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.164-2.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7150", + "Title": "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c", + "Description": "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7150.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24103", + "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2019-01-29T00:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7664", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.164-2.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7664", + "Title": "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h", + "Description": "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7664.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://access.redhat.com/errata/RHSA-2019:2197", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24084" + ], + "PublishedDate": "2019-02-09T16:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7665", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.164-2.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7665", + "Title": "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c", + "Description": "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7665.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24089", + "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2019-02-09T16:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2012-6702", + "PkgName": "expat", + "InstalledVersion": "2.0.1-13.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2012-6702", + "Title": "expat: Using XML_Parse before rand() results into non-random output", + "Description": "Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + } + }, + "References": [ + "http://seclists.org/oss-sec/2016/q2/468", + "http://www.debian.org/security/2016/dsa-3597", + "http://www.openwall.com/lists/oss-security/2016/06/03/8", + "http://www.openwall.com/lists/oss-security/2016/06/04/1", + "http://www.securityfocus.com/bid/91483", + "http://www.ubuntu.com/usn/USN-3010-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6702", + "https://security.gentoo.org/glsa/201701-21", + "https://source.android.com/security/bulletin/2016-11-01.html", + "https://usn.ubuntu.com/usn/usn-3010-1", + "https://usn.ubuntu.com/usn/usn-3013-1", + "https://www.tenable.com/security/tns-2016-20" + ], + "PublishedDate": "2016-06-16T18:59:00Z", + "LastModifiedDate": "2019-01-18T17:55:00Z" + }, + { + "VulnerabilityID": "CVE-2013-0340", + "PkgName": "expat", + "InstalledVersion": "2.0.1-13.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-0340", + "Title": "expat: internal entity expansion", + "Description": "expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2013/02/22/3", + "http://securitytracker.com/id?1028213", + "http://www.openwall.com/lists/oss-security/2013/04/12/6", + "http://www.osvdb.org/90634", + "http://www.securityfocus.com/bid/58233", + "https://security.gentoo.org/glsa/201701-21" + ], + "PublishedDate": "2014-01-21T18:55:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-2716", + "PkgName": "expat", + "InstalledVersion": "2.0.1-13.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2716", + "Title": "Mozilla: Buffer overflow when parsing compressed XML (MFSA 2015-54)", + "Description": "Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2015-2716.html", + "http://linux.oracle.com/errata/ELSA-2015-1012.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html", + "http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html", + "http://rhn.redhat.com/errata/RHSA-2015-0988.html", + "http://rhn.redhat.com/errata/RHSA-2015-1012.html", + "http://www.debian.org/security/2015/dsa-3260", + "http://www.debian.org/security/2015/dsa-3264", + "http://www.mozilla.org/security/announce/2015/mfsa2015-54.html", + "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "http://www.securityfocus.com/bid/74611", + "http://www.ubuntu.com/usn/USN-2602-1", + "http://www.ubuntu.com/usn/USN-2603-1", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1140537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2716", + "https://hg.mozilla.org/releases/mozilla-esr31/rev/2f3e78643f5c", + "https://security.gentoo.org/glsa/201605-06", + "https://usn.ubuntu.com/usn/usn-2602-1", + "https://usn.ubuntu.com/usn/usn-2603-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2015-54/", + "https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7", + "https://www.tenable.com/security/tns-2016-20" + ], + "PublishedDate": "2015-05-14T10:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2016-5300", + "PkgName": "expat", + "InstalledVersion": "2.0.1-13.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5300", + "Title": "expat: Little entropy used for hash initialization", + "Description": "The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 7.8, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://seclists.org/oss-sec/2016/q2/468", + "http://www.debian.org/security/2016/dsa-3597", + "http://www.openwall.com/lists/oss-security/2016/06/04/4", + "http://www.openwall.com/lists/oss-security/2016/06/04/5", + "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", + "http://www.securityfocus.com/bid/91159", + "http://www.ubuntu.com/usn/USN-3010-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5300", + "https://security.gentoo.org/glsa/201701-21", + "https://source.android.com/security/bulletin/2016-11-01.html", + "https://usn.ubuntu.com/usn/usn-3010-1", + "https://usn.ubuntu.com/usn/usn-3013-1", + "https://www.tenable.com/security/tns-2016-20" + ], + "PublishedDate": "2016-06-16T18:59:00Z", + "LastModifiedDate": "2019-01-23T12:59:00Z" + }, + { + "VulnerabilityID": "CVE-2016-9063", + "PkgName": "expat", + "InstalledVersion": "2.0.1-13.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9063", + "Title": "firefox: Possible integer overflow to fix inside XML_Parse in Expat", + "Description": "An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox \u003c 50.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V2Score": 4.3, + "V3Score": 3.1 + } + }, + "References": [ + "http://www.securityfocus.com/bid/94337", + "http://www.securitytracker.com/id/1037298", + "http://www.securitytracker.com/id/1039427", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1274777", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063", + "https://usn.ubuntu.com/usn/usn-3124-1", + "https://www.debian.org/security/2017/dsa-3898", + "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/", + "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9063", + "https://www.mozilla.org/security/advisories/mfsa2016-89/" + ], + "PublishedDate": "2018-06-11T21:29:00Z", + "LastModifiedDate": "2018-07-30T18:31:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8865", + "PkgName": "file", + "InstalledVersion": "5.04-30.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8865", + "Title": "file: Buffer over-write in finfo_open with malformed magic file", + "Description": "The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 7.3 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 5.1, + "V3Score": 5.6 + } + }, + "References": [ + "http://bugs.gw.com/view.php?id=522", + "http://git.php.net/?p=php-src.git;a=commit;h=fe13566c93f118a15a96320a546c7878fd0cfc5e", + "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html", + "http://rhn.redhat.com/errata/RHSA-2016-2750.html", + "http://www.debian.org/security/2016/dsa-3560", + "http://www.openwall.com/lists/oss-security/2016/04/11/7", + "http://www.openwall.com/lists/oss-security/2016/04/24/1", + "http://www.php.net/ChangeLog-5.php", + "http://www.php.net/ChangeLog-7.php", + "http://www.securityfocus.com/bid/85802", + "http://www.ubuntu.com/usn/USN-2952-1", + "http://www.ubuntu.com/usn/USN-2952-2", + "https://bugs.php.net/bug.php?id=71527", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8865", + "https://github.com/file/file/commit/6713ca45e7757297381f4b4cdb9cf5e624a9ad36", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", + "https://security.gentoo.org/glsa/201611-22", + "https://security.gentoo.org/glsa/201701-42", + "https://support.apple.com/HT206567", + "https://usn.ubuntu.com/3686-1/", + "https://usn.ubuntu.com/3686-2/", + "https://usn.ubuntu.com/usn/usn-2952-1", + "https://usn.ubuntu.com/usn/usn-2984-1", + "https://usn.ubuntu.com/usn/usn-3686-1", + "https://usn.ubuntu.com/usn/usn-3686-2" + ], + "PublishedDate": "2016-05-20T10:59:00Z", + "LastModifiedDate": "2018-06-30T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-10360", + "PkgName": "file", + "InstalledVersion": "5.04-30.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-10360", + "Title": "file: out-of-bounds read via a crafted ELF file", + "Description": "The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10360", + "https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22", + "https://security.gentoo.org/glsa/201806-08", + "https://usn.ubuntu.com/3686-1/", + "https://usn.ubuntu.com/3686-2/", + "https://usn.ubuntu.com/usn/usn-3686-1", + "https://usn.ubuntu.com/usn/usn-3686-2" + ], + "PublishedDate": "2018-06-11T10:29:00Z", + "LastModifiedDate": "2019-05-02T14:40:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8865", + "PkgName": "file-libs", + "InstalledVersion": "5.04-30.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8865", + "Title": "file: Buffer over-write in finfo_open with malformed magic file", + "Description": "The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 7.3 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 5.1, + "V3Score": 5.6 + } + }, + "References": [ + "http://bugs.gw.com/view.php?id=522", + "http://git.php.net/?p=php-src.git;a=commit;h=fe13566c93f118a15a96320a546c7878fd0cfc5e", + "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html", + "http://rhn.redhat.com/errata/RHSA-2016-2750.html", + "http://www.debian.org/security/2016/dsa-3560", + "http://www.openwall.com/lists/oss-security/2016/04/11/7", + "http://www.openwall.com/lists/oss-security/2016/04/24/1", + "http://www.php.net/ChangeLog-5.php", + "http://www.php.net/ChangeLog-7.php", + "http://www.securityfocus.com/bid/85802", + "http://www.ubuntu.com/usn/USN-2952-1", + "http://www.ubuntu.com/usn/USN-2952-2", + "https://bugs.php.net/bug.php?id=71527", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8865", + "https://github.com/file/file/commit/6713ca45e7757297381f4b4cdb9cf5e624a9ad36", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", + "https://security.gentoo.org/glsa/201611-22", + "https://security.gentoo.org/glsa/201701-42", + "https://support.apple.com/HT206567", + "https://usn.ubuntu.com/3686-1/", + "https://usn.ubuntu.com/3686-2/", + "https://usn.ubuntu.com/usn/usn-2952-1", + "https://usn.ubuntu.com/usn/usn-2984-1", + "https://usn.ubuntu.com/usn/usn-3686-1", + "https://usn.ubuntu.com/usn/usn-3686-2" + ], + "PublishedDate": "2016-05-20T10:59:00Z", + "LastModifiedDate": "2018-06-30T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-10360", + "PkgName": "file-libs", + "InstalledVersion": "5.04-30.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-10360", + "Title": "file: out-of-bounds read via a crafted ELF file", + "Description": "The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10360", + "https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22", + "https://security.gentoo.org/glsa/201806-08", + "https://usn.ubuntu.com/3686-1/", + "https://usn.ubuntu.com/3686-2/", + "https://usn.ubuntu.com/usn/usn-3686-1", + "https://usn.ubuntu.com/usn/usn-3686-2" + ], + "PublishedDate": "2018-06-11T10:29:00Z", + "LastModifiedDate": "2019-05-02T14:40:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8385", + "PkgName": "glib2", + "InstalledVersion": "2.28.8-10.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8385", + "Title": "pcre: buffer overflow caused by named forward reference to duplicate group number (8.38/30)", + "Description": "PCRE before 8.38 mishandles the /(?|(\\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2015-8385.html", + "http://linux.oracle.com/errata/ELSA-2016-1025.html", + "http://rhn.redhat.com/errata/RHSA-2016-1025.html", + "http://rhn.redhat.com/errata/RHSA-2016-2750.html", + "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", + "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", + "http://www.openwall.com/lists/oss-security/2015/11/29/1", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "http://www.securityfocus.com/bid/85572", + "https://access.redhat.com/errata/RHSA-2016:1132", + "https://bto.bluecoat.com/security-advisory/sa128", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8385", + "https://security.gentoo.org/glsa/201607-02", + "https://usn.ubuntu.com/usn/usn-2943-1" + ], + "PublishedDate": "2015-12-02T01:59:00Z", + "LastModifiedDate": "2019-12-27T16:08:00Z" + }, + { + "VulnerabilityID": "CVE-2016-3191", + "PkgName": "glib2", + "InstalledVersion": "2.28.8-10.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-3191", + "Title": "pcre: workspace overflow for (*ACCEPT) with deeply nested parentheses (8.39/13, 10.22/12)", + "Description": "The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-3191.html", + "http://linux.oracle.com/errata/ELSA-2016-1025.html", + "http://rhn.redhat.com/errata/RHSA-2016-1025.html", + "http://vcs.pcre.org/pcre2?view=revision\u0026revision=489", + "http://vcs.pcre.org/pcre?view=revision\u0026revision=1631", + "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "http://www.securityfocus.com/bid/84810", + "https://access.redhat.com/errata/RHSA-2016:1132", + "https://bto.bluecoat.com/security-advisory/sa128", + "https://bugs.debian.org/815920", + "https://bugs.debian.org/815921", + "https://bugs.exim.org/show_bug.cgi?id=1791", + "https://bugzilla.redhat.com/show_bug.cgi?id=1311503", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3191", + "https://usn.ubuntu.com/usn/usn-2943-1", + "https://www.tenable.com/security/tns-2016-18" + ], + "PublishedDate": "2016-03-17T23:59:00Z", + "LastModifiedDate": "2018-01-05T02:30:00Z" + }, + { + "VulnerabilityID": "CVE-2012-0039", + "PkgName": "glib2", + "InstalledVersion": "2.28.8-10.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2012-0039", + "Title": "glib2: hash table collisions CPU usage DoS", + "Description": "** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + } + }, + "References": [ + "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655044", + "http://mail.gnome.org/archives/gtk-devel-list/2003-May/msg00111.html", + "http://openwall.com/lists/oss-security/2012/01/10/12", + "https://bugzilla.redhat.com/show_bug.cgi?id=772720" + ], + "PublishedDate": "2012-01-14T17:55:00Z", + "LastModifiedDate": "2012-02-08T05:00:00Z" + }, + { + "VulnerabilityID": "CVE-2015-2327", + "PkgName": "glib2", + "InstalledVersion": "2.28.8-10.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2327", + "Title": "pcre: infinite recursion compiling pattern with zero-repeated groups that include recursive back reference (8.36/19)", + "Description": "PCRE before 8.36 mishandles the /(((a\\2)|(a*)\\g\u003c-1\u003e))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://rhn.redhat.com/errata/RHSA-2016-2750.html", + "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", + "http://www.fortiguard.com/advisory/FG-VD-15-010/", + "http://www.openwall.com/lists/oss-security/2015/11/29/1", + "http://www.securityfocus.com/bid/74924", + "https://bugs.exim.org/show_bug.cgi?id=1503", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2327", + "https://jira.mongodb.org/browse/SERVER-17252", + "https://usn.ubuntu.com/usn/usn-2943-1" + ], + "PublishedDate": "2015-12-02T01:59:00Z", + "LastModifiedDate": "2018-01-05T02:30:00Z" + }, + { + "VulnerabilityID": "CVE-2015-3217", + "PkgName": "glib2", + "InstalledVersion": "2.28.8-10.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-3217", + "Title": "pcre: stack overflow caused by mishandled group empty match (8.38/11)", + "Description": "PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\\\.|([^\\\\\\\\W_])?)+)+$/.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2015-3217.html", + "http://linux.oracle.com/errata/ELSA-2016-1025.html", + "http://rhn.redhat.com/errata/RHSA-2016-1025.html", + "http://rhn.redhat.com/errata/RHSA-2016-2750.html", + "http://vcs.pcre.org/pcre?view=revision\u0026revision=1566", + "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", + "http://www.openwall.com/lists/oss-security/2015/06/03/7", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "http://www.securityfocus.com/bid/75018", + "https://access.redhat.com/errata/RHSA-2016:1132", + "https://bugs.exim.org/show_bug.cgi?id=1638", + "https://bugzilla.redhat.com/show_bug.cgi?id=1228283", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3217" + ], + "PublishedDate": "2016-12-13T16:59:00Z", + "LastModifiedDate": "2018-05-18T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-5073", + "PkgName": "glib2", + "InstalledVersion": "2.28.8-10.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5073", + "Title": "CVE-2015-8388 pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18)", + "Description": "Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119", + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2015-5073.html", + "http://linux.oracle.com/errata/ELSA-2016-1025.html", + "http://rhn.redhat.com/errata/RHSA-2016-1025.html", + "http://rhn.redhat.com/errata/RHSA-2016-2750.html", + "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?revision=1609\u0026view=markup", + "http://vcs.pcre.org/pcre?view=revision\u0026revision=1571", + "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", + "http://www.openwall.com/lists/oss-security/2015/06/26/1", + "http://www.openwall.com/lists/oss-security/2015/06/26/3", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "http://www.securityfocus.com/bid/75430", + "http://www.securitytracker.com/id/1033154", + "https://access.redhat.com/errata/RHSA-2016:1132", + "https://bugs.exim.org/show_bug.cgi?id=1651", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5073", + "https://security.gentoo.org/glsa/201607-02", + "https://usn.ubuntu.com/usn/usn-2694-1", + "https://usn.ubuntu.com/usn/usn-2943-1" + ], + "PublishedDate": "2016-12-13T16:59:00Z", + "LastModifiedDate": "2018-05-18T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8387", + "PkgName": "glib2", + "InstalledVersion": "2.28.8-10.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8387", + "Title": "pcre: Integer overflow in subroutine calls (8.38/8)", + "Description": "PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-189" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", + "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", + "http://www.openwall.com/lists/oss-security/2015/11/29/1", + "http://www.securityfocus.com/bid/82990", + "https://bto.bluecoat.com/security-advisory/sa128", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8387", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", + "https://security.gentoo.org/glsa/201607-02", + "https://usn.ubuntu.com/usn/usn-2943-1" + ], + "PublishedDate": "2015-12-02T01:59:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8388", + "PkgName": "glib2", + "InstalledVersion": "2.28.8-10.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8388", + "Title": "CVE-2015-5073 CVE-2015-8388 pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18)", + "Description": "PCRE before 8.38 mishandles the /(?=di(?\u003c=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119", + "CWE-185" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2015-8388.html", + "http://linux.oracle.com/errata/ELSA-2016-1025.html", + "http://rhn.redhat.com/errata/RHSA-2016-1025.html", + "http://rhn.redhat.com/errata/RHSA-2016-2750.html", + "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", + "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", + "http://www.openwall.com/lists/oss-security/2015/11/29/1", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "http://www.securityfocus.com/bid/85576", + "https://access.redhat.com/errata/RHSA-2016:1132", + "https://bto.bluecoat.com/security-advisory/sa128", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8388", + "https://security.gentoo.org/glsa/201607-02", + "https://usn.ubuntu.com/usn/usn-2943-1" + ], + "PublishedDate": "2015-12-02T01:59:00Z", + "LastModifiedDate": "2019-12-27T16:08:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8390", + "PkgName": "glib2", + "InstalledVersion": "2.28.8-10.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8390", + "Title": "pcre: uninitialized memory read triggered by malformed posix character class (8.38/22)", + "Description": "PCRE before 8.38 mishandles the [: and \\\\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", + "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", + "http://www.openwall.com/lists/oss-security/2015/11/29/1", + "http://www.securityfocus.com/bid/82990", + "https://bto.bluecoat.com/security-advisory/sa128", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8390", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", + "https://security.gentoo.org/glsa/201607-02", + "https://usn.ubuntu.com/usn/usn-2943-1" + ], + "PublishedDate": "2015-12-02T01:59:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8394", + "PkgName": "glib2", + "InstalledVersion": "2.28.8-10.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8394", + "Title": "pcre: Integer overflow caused by missing check for certain conditions (8.38/31)", + "Description": "PCRE before 8.38 mishandles the (?(\u003cdigits\u003e) and (?(R\u003cdigits\u003e) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-189" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", + "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", + "http://www.openwall.com/lists/oss-security/2015/11/29/1", + "http://www.securityfocus.com/bid/82990", + "https://bto.bluecoat.com/security-advisory/sa128", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8394", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", + "https://security.gentoo.org/glsa/201607-02", + "https://usn.ubuntu.com/usn/usn-2943-1" + ], + "PublishedDate": "2015-12-02T01:59:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9633", + "PkgName": "glib2", + "InstalledVersion": "2.28.8-10.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9633", + "Title": "glib: g_socket_client_connected_callback in gio/gsocketclient.c allows to cause denial of service", + "Description": "gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mishandling and application crash) via a crafted web site, as demonstrated by GNOME Web (aka Epiphany).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "V3Score": 8.2 + } + }, + "References": [ + "http://www.securityfocus.com/bid/107391", + "https://gitlab.gnome.org/GNOME/glib/issues/1649" + ], + "PublishedDate": "2019-03-08T08:29:00Z", + "LastModifiedDate": "2019-03-14T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8386", + "PkgName": "glib2", + "InstalledVersion": "2.28.8-10.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8386", + "Title": "pcre: Buffer overflow caused by lookbehind assertion (8.38/6)", + "Description": "PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V2Score": 2.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2015-8386.html", + "http://linux.oracle.com/errata/ELSA-2016-1025.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", + "http://rhn.redhat.com/errata/RHSA-2016-1025.html", + "http://rhn.redhat.com/errata/RHSA-2016-2750.html", + "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", + "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", + "http://www.openwall.com/lists/oss-security/2015/11/29/1", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "http://www.securityfocus.com/bid/82990", + "https://access.redhat.com/errata/RHSA-2016:1132", + "https://bto.bluecoat.com/security-advisory/sa128", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8386", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", + "https://security.gentoo.org/glsa/201607-02", + "https://usn.ubuntu.com/usn/usn-2943-1" + ], + "PublishedDate": "2015-12-02T01:59:00Z", + "LastModifiedDate": "2019-12-27T16:08:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11164", + "PkgName": "glib2", + "InstalledVersion": "2.28.8-10.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11164", + "Title": "pcre: OP_KETRMAX feature in the match function in pcre_exec.c", + "Description": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 7.8, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2017/07/11/3", + "http://www.securityfocus.com/bid/99575", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164" + ], + "PublishedDate": "2017-07-11T03:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7244", + "PkgName": "glib2", + "InstalledVersion": "2.28.8-10.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7244", + "Title": "pcre: invalid memory read in _pcre32_xclass (pcre_xclass.c)", + "Description": "The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97067", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7244", + "https://security.gentoo.org/glsa/201710-25" + ], + "PublishedDate": "2017-03-23T21:59:00Z", + "LastModifiedDate": "2018-08-17T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7245", + "PkgName": "glib2", + "InstalledVersion": "2.28.8-10.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7245", + "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", + "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97067", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7245", + "https://security.gentoo.org/glsa/201710-25" + ], + "PublishedDate": "2017-03-23T21:59:00Z", + "LastModifiedDate": "2018-08-17T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7246", + "PkgName": "glib2", + "InstalledVersion": "2.28.8-10.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7246", + "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", + "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97067", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7246", + "https://security.gentoo.org/glsa/201710-25" + ], + "PublishedDate": "2017-03-23T21:59:00Z", + "LastModifiedDate": "2018-08-17T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16428", + "PkgName": "glib2", + "InstalledVersion": "2.28.8-10.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16428", + "Title": "glib2: NULL pointer dereference in g_markup_parse_context_end_parse() function in gmarkup.c", + "Description": "In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.1 + } + }, + "References": [ + "http://www.securityfocus.com/bid/105210", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16428", + "https://gitlab.gnome.org/GNOME/glib/commit/fccef3cc822af74699cca84cd202719ae61ca3b9", + "https://gitlab.gnome.org/GNOME/glib/issues/1364", + "https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html", + "https://usn.ubuntu.com/3767-1/", + "https://usn.ubuntu.com/3767-2/", + "https://usn.ubuntu.com/usn/usn-3767-1", + "https://usn.ubuntu.com/usn/usn-3767-2" + ], + "PublishedDate": "2018-09-04T00:29:00Z", + "LastModifiedDate": "2019-07-31T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16429", + "PkgName": "glib2", + "InstalledVersion": "2.28.8-10.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16429", + "Title": "glib2: Out-of-bounds read in g_markup_parse_context_parse() in gmarkup.c", + "Description": "GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str().", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", + "V3Score": 3.6 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16429", + "https://gitlab.gnome.org/GNOME/glib/commit/cec71705406f0b2790422f0c1aa0ff3b4b464b1b", + "https://gitlab.gnome.org/GNOME/glib/issues/1361", + "https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html", + "https://usn.ubuntu.com/3767-1/", + "https://usn.ubuntu.com/3767-2/", + "https://usn.ubuntu.com/usn/usn-3767-1", + "https://usn.ubuntu.com/usn/usn-3767-2" + ], + "PublishedDate": "2018-09-04T00:29:00Z", + "LastModifiedDate": "2019-07-31T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1000001", + "PkgName": "glibc", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000001", + "Title": "glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation", + "Description": "In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-1000001.html", + "http://linux.oracle.com/errata/ELSA-2018-0805.html", + "http://seclists.org/oss-sec/2018/q1/38", + "http://www.openwall.com/lists/oss-security/2018/01/11/5", + "http://www.securityfocus.com/bid/102525", + "http://www.securitytracker.com/id/1040162", + "https://access.redhat.com/errata/RHSA-2018:0805", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000001", + "https://lists.samba.org/archive/rsync/2018-February/031478.html", + "https://security.netapp.com/advisory/ntap-20190404-0003/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=18203", + "https://usn.ubuntu.com/3534-1/", + "https://usn.ubuntu.com/3536-1/", + "https://usn.ubuntu.com/usn/usn-3534-1", + "https://usn.ubuntu.com/usn/usn-3536-1", + "https://www.exploit-db.com/exploits/43775/", + "https://www.exploit-db.com/exploits/44889/", + "https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/" + ], + "PublishedDate": "2018-01-31T14:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2009-5155", + "PkgName": "glibc", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2009-5155", + "Title": "glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result", + "Description": "In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-19" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5155", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=11053", + "https://sourceware.org/bugzilla/show_bug.cgi?id=18986", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672", + "https://support.f5.com/csp/article/K64119434" + ], + "PublishedDate": "2019-02-26T02:29:00Z", + "LastModifiedDate": "2019-03-25T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2012-4412", + "PkgName": "glibc", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2012-4412", + "Title": "glibc: strcoll() integer overflow leading to buffer overflow", + "Description": "Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-189" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 4.4 + } + }, + "References": [ + "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", + "http://seclists.org/fulldisclosure/2019/Jun/18", + "http://secunia.com/advisories/55113", + "http://sourceware.org/bugzilla/show_bug.cgi?id=14547", + "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283", + "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284", + "http://www.openwall.com/lists/oss-security/2012/09/07/9", + "http://www.ubuntu.com/usn/USN-1991-1", + "https://bugzilla.redhat.com/show_bug.cgi?id=855385", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4412", + "https://seclists.org/bugtraq/2019/Jun/14", + "https://security.gentoo.org/glsa/201503-04", + "https://usn.ubuntu.com/usn/usn-1991-1" + ], + "PublishedDate": "2013-10-09T22:55:00Z", + "LastModifiedDate": "2019-06-13T21:29:00Z" + }, + { + "VulnerabilityID": "CVE-2012-4424", + "PkgName": "glibc", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2012-4424", + "Title": "glibc: alloca() stack overflow in the strcoll() interface", + "Description": "Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", + "V2Score": 5.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", + "V2Score": 3.7 + } + }, + "References": [ + "http://sourceware.org/bugzilla/show_bug.cgi?id=14547", + "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283", + "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284", + "http://www.openwall.com/lists/oss-security/2012/09/13/16", + "http://www.ubuntu.com/usn/USN-1991-1", + "https://bugzilla.redhat.com/show_bug.cgi?id=858238", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4424", + "https://security.gentoo.org/glsa/201503-04", + "https://usn.ubuntu.com/usn/usn-1991-1" + ], + "PublishedDate": "2013-10-09T22:55:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8983", + "PkgName": "glibc", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8983", + "Title": "glibc: _IO_wstr_overflow integer overflow", + "Description": "Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 4.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2015/02/22/15", + "http://www.openwall.com/lists/oss-security/2017/02/14/9", + "http://www.securityfocus.com/bid/72740", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8983", + "https://sourceware.org/bugzilla/show_bug.cgi?id=17269", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bdf1ff052a8e23d637f2c838fa5642d78fcedc33", + "https://usn.ubuntu.com/usn/usn-3239-1", + "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html" + ], + "PublishedDate": "2017-03-20T16:59:00Z", + "LastModifiedDate": "2017-03-22T19:12:00Z" + }, + { + "VulnerabilityID": "CVE-2016-1234", + "PkgName": "glibc", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1234", + "Title": "glibc: Stack-based buffer overflow in glob with GLOB_ALTDIRFUNC and crafted directory", + "Description": "Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", + "V2Score": 4.6, + "V3Score": 4.8 + } + }, + "References": [ + "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html", + "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html", + "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html", + "http://www.openwall.com/lists/oss-security/2016/03/07/16", + "http://www.securityfocus.com/bid/84204", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1234", + "https://security.gentoo.org/glsa/201702-11", + "https://sourceware.org/bugzilla/show_bug.cgi?id=19779", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5171f3079f2cc53e0548fc4967361f4d1ce9d7ea", + "https://usn.ubuntu.com/usn/usn-3239-1" + ], + "PublishedDate": "2016-06-01T20:59:00Z", + "LastModifiedDate": "2019-05-31T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16997", + "PkgName": "glibc", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16997", + "Title": "glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries", + "Description": "elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the \"./\" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-426" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 9.3, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2017-16997.html", + "http://linux.oracle.com/errata/ELSA-2018-3092.html", + "http://www.securityfocus.com/bid/102228", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3092", + "https://bugs.debian.org/884615", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16997", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22625", + "https://sourceware.org/ml/libc-alpha/2017-12/msg00528.html", + "https://usn.ubuntu.com/usn/usn-3534-1" + ], + "PublishedDate": "2017-12-18T01:29:00Z", + "LastModifiedDate": "2019-04-26T12:41:00Z" + }, + { + "VulnerabilityID": "CVE-2017-8804", + "PkgName": "glibc", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8804", + "Title": "glibc: memory leak in sunrpc when decoding malformed XDR", + "Description": "The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-502" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 7.8, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2017/05/05/2", + "http://www.securityfocus.com/bid/98339", + "https://bugzilla.suse.com/show_bug.cgi?id=1037559#c7", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21461", + "https://sourceware.org/ml/libc-alpha/2017-05/msg00105.html" + ], + "PublishedDate": "2017-05-07T18:29:00Z", + "LastModifiedDate": "2017-05-16T01:34:00Z" + }, + { + "VulnerabilityID": "CVE-2018-11236", + "PkgName": "glibc", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-11236", + "Title": "glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow", + "Description": "stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-11236.html", + "http://linux.oracle.com/errata/ELSA-2018-3092.html", + "http://www.securityfocus.com/bid/104255", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3092", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11236", + "https://security.netapp.com/advisory/ntap-20190329-0001/", + "https://security.netapp.com/advisory/ntap-20190401-0001/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22786", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5460617d1567657621107d895ee2dd83bc1f88f2", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-05-18T16:29:00Z", + "LastModifiedDate": "2019-04-25T18:43:00Z" + }, + { + "VulnerabilityID": "CVE-2018-6485", + "PkgName": "glibc", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6485", + "Title": "glibc: Integer overflow in posix_memalign in memalign functions", + "Description": "An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://bugs.debian.org/878159", + "http://linux.oracle.com/cve/CVE-2018-6485.html", + "http://linux.oracle.com/errata/ELSA-2018-3092.html", + "http://www.securityfocus.com/bid/102912", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3092", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6485", + "https://security.netapp.com/advisory/ntap-20190404-0003/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22343", + "https://usn.ubuntu.com/4218-1/", + "https://usn.ubuntu.com/usn/usn-4218-1", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-02-01T14:29:00Z", + "LastModifiedDate": "2019-12-10T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9169", + "PkgName": "glibc", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9169", + "Title": "glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/107160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24114", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9", + "https://support.f5.com/csp/article/K54823184" + ], + "PublishedDate": "2019-02-26T02:29:00Z", + "LastModifiedDate": "2019-04-16T05:29:00Z" + }, + { + "VulnerabilityID": "CVE-2010-0015", + "PkgName": "glibc", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-0015", + "Title": "glibc NIS password hash disclosure", + "Description": "nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function.", + "Severity": "LOW", + "CweIDs": [ + "CWE-255" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:A/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 3.3 + } + }, + "References": [ + "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560333", + "http://marc.info/?l=oss-security\u0026m=126320356003425\u0026w=2", + "http://marc.info/?l=oss-security\u0026m=126320570505651\u0026w=2", + "http://sourceware.org/bugzilla/show_bug.cgi?id=11134", + "http://svn.debian.org/viewsvn/pkg-glibc/glibc-package/trunk/debian/patches/any/submitted-nis-shadow.diff?revision=4062\u0026view=markup", + "http://www.mandriva.com/security/advisories?name=MDVSA-2010:111", + "http://www.mandriva.com/security/advisories?name=MDVSA-2010:112", + "http://www.openwall.com/lists/oss-security/2010/01/07/3", + "http://www.openwall.com/lists/oss-security/2010/01/08/1", + "http://www.openwall.com/lists/oss-security/2010/01/08/2", + "http://www.openwall.com/lists/oss-security/2010/01/11/6", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0015", + "https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html" + ], + "PublishedDate": "2010-01-14T18:30:00Z", + "LastModifiedDate": "2016-12-07T02:59:00Z" + }, + { + "VulnerabilityID": "CVE-2010-4756", + "PkgName": "glibc", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4756", + "Title": "glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions", + "Description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "V2Score": 4 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + } + }, + "References": [ + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223" + ], + "PublishedDate": "2011-03-02T20:00:00Z", + "LastModifiedDate": "2011-03-04T05:00:00Z" + }, + { + "VulnerabilityID": "CVE-2011-5320", + "PkgName": "glibc", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-5320", + "Title": "glibc: scanf implementation crashes on certain inputs", + "Description": "scanf and related functions in glibc before 2.15 allow local users to cause a denial of service (segmentation fault) via a large string of 0s.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 2.1, + "V3Score": 6.2 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 1.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2015/03/12/14", + "https://bugzilla.redhat.com/show_bug.cgi?id=1196745", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5320", + "https://marc.info/?l=gimp-developer\u0026m=129567990905823\u0026w=2", + "https://sourceware.org/bugzilla/show_bug.cgi?id=13138#c4", + "https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=20b38e0", + "https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3f8cc204fdd0" + ], + "PublishedDate": "2017-10-18T14:29:00Z", + "LastModifiedDate": "2017-11-08T17:05:00Z" + }, + { + "VulnerabilityID": "CVE-2013-4788", + "PkgName": "glibc", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4788", + "Title": "glibc: PTR_MANGLE does not initialize to a random value for the pointer guard when compiling static executables", + "Description": "The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", + "V2Score": 5.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", + "V2Score": 3.7 + } + }, + "References": [ + "http://hmarco.org/bugs/CVE-2013-4788.html", + "http://seclists.org/fulldisclosure/2015/Sep/23", + "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283", + "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284", + "http://www.openwall.com/lists/oss-security/2013/07/15/9", + "http://www.securityfocus.com/bid/61183", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4788", + "https://security.gentoo.org/glsa/201503-04" + ], + "PublishedDate": "2013-10-04T17:55:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2014-4043", + "PkgName": "glibc", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-4043", + "Title": "glibc: posix_spawn_file_actions_addopen fails to copy the path argument", + "Description": "The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.", + "Severity": "LOW", + "CweIDs": [ + "CWE-94" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:S/C:P/I:N/A:N", + "V2Score": 1 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00012.html", + "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", + "http://seclists.org/fulldisclosure/2019/Jun/18", + "http://www.mandriva.com/security/advisories?name=MDVSA-2014:152", + "http://www.openwall.com/lists/oss-security/2014/06/13/2", + "http://www.securityfocus.com/bid/68006", + "https://bugzilla.redhat.com/show_bug.cgi?id=1109263", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/93784", + "https://seclists.org/bugtraq/2019/Jun/14", + "https://security.gentoo.org/glsa/201503-04", + "https://sourceware.org/bugzilla/show_bug.cgi?id=17048", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=ChangeLog;h=3020b9ac232315df362521aeaf85f21cb9926db8;hp=d86e73963dd9fb5e21b1a28326630337226812aa;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=posix/spawn_faction_addopen.c;h=40800b8e6e81341501c0fb8a91009529e2048dec;hp=47f62425b696a4fdd511b2a057746322eb6518db;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=89e435f3559c53084498e9baad22172b64429362", + "https://usn.ubuntu.com/usn/usn-2306-1" + ], + "PublishedDate": "2014-10-06T23:55:00Z", + "LastModifiedDate": "2019-06-13T21:29:00Z" + }, + { + "VulnerabilityID": "CVE-2014-8121", + "PkgName": "glibc", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-8121", + "Title": "glibc: Unexpected closing of nss_files databases after lookups causes denial of service", + "Description": "DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.", + "Severity": "LOW", + "CweIDs": [ + "CWE-17" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2014-8121.html", + "http://linux.oracle.com/errata/ELSA-2015-0327.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html", + "http://rhn.redhat.com/errata/RHSA-2015-0327.html", + "http://www.debian.org/security/2016/dsa-3480", + "http://www.securityfocus.com/bid/73038", + "http://www.ubuntu.com/usn/USN-2985-1", + "http://www.ubuntu.com/usn/USN-2985-2", + "https://bugzilla.redhat.com/show_bug.cgi?id=1165192", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8121", + "https://security.gentoo.org/glsa/201602-02", + "https://sourceware.org/ml/libc-alpha/2015-02/msg00617.html", + "https://usn.ubuntu.com/usn/usn-2985-1" + ], + "PublishedDate": "2015-03-27T14:59:00Z", + "LastModifiedDate": "2018-10-17T19:01:00Z" + }, + { + "VulnerabilityID": "CVE-2014-9402", + "PkgName": "glibc", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9402", + "Title": "glibc: denial of service in getnetbyname function", + "Description": "The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "V2Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", + "V2Score": 1.2 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2014-9402.html", + "http://linux.oracle.com/errata/ELSA-2018-0805.html", + "http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html", + "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", + "http://seclists.org/fulldisclosure/2019/Jun/18", + "http://www.openwall.com/lists/oss-security/2014/12/18/1", + "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "http://www.securityfocus.com/bid/71670", + "http://www.ubuntu.com/usn/USN-2519-1", + "https://access.redhat.com/errata/RHSA-2018:0805", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9402", + "https://seclists.org/bugtraq/2019/Jun/14", + "https://security.gentoo.org/glsa/201602-02", + "https://sourceware.org/bugzilla/show_bug.cgi?id=17630", + "https://usn.ubuntu.com/usn/usn-2519-1" + ], + "PublishedDate": "2015-02-24T15:59:00Z", + "LastModifiedDate": "2019-06-13T21:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-5180", + "PkgName": "glibc", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5180", + "Title": "glibc: DNS resolver NULL pointer dereference with crafted record type", + "Description": "res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", + "V2Score": 1.2 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2015-5180.html", + "http://linux.oracle.com/errata/ELSA-2018-0805.html", + "http://www.securityfocus.com/bid/99324", + "http://www.ubuntu.com/usn/USN-3239-1", + "http://www.ubuntu.com/usn/USN-3239-2", + "https://access.redhat.com/errata/RHSA-2018:0805", + "https://bugzilla.redhat.com/show_bug.cgi?id=1249603", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5180", + "https://security.gentoo.org/glsa/201706-19", + "https://sourceware.org/bugzilla/attachment.cgi?id=8492", + "https://sourceware.org/bugzilla/show_bug.cgi?id=18784", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=fc82b0a2dfe7dbd35671c10510a8da1043d746a5", + "https://sourceware.org/ml/libc-alpha/2017-02/msg00079.html", + "https://usn.ubuntu.com/usn/usn-3239-1", + "https://usn.ubuntu.com/usn/usn-3239-2" + ], + "PublishedDate": "2017-06-27T20:29:00Z", + "LastModifiedDate": "2018-04-12T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8777", + "PkgName": "glibc", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8777", + "Title": "glibc: LD_POINTER_GUARD in the environment is not sanitized", + "Description": "The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.", + "Severity": "LOW", + "CweIDs": [ + "CWE-254" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 2.1, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 3.7, + "V3Score": 7 + } + }, + "References": [ + "http://hmarco.org/bugs/glibc_ptr_mangle_weakness.html", + "http://linux.oracle.com/cve/CVE-2015-8777.html", + "http://linux.oracle.com/errata/ELSA-2017-1916.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html", + "http://www.debian.org/security/2016/dsa-3480", + "http://www.openwall.com/lists/oss-security/2015/09/05/8", + "http://www.openwall.com/lists/oss-security/2016/01/20/1", + "http://www.securityfocus.com/bid/81469", + "http://www.securitytracker.com/id/1034811", + "http://www.ubuntu.com/usn/USN-2985-1", + "http://www.ubuntu.com/usn/USN-2985-2", + "https://access.redhat.com/errata/RHSA-2017:1916", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8777", + "https://security.gentoo.org/glsa/201702-11", + "https://sourceware.org/bugzilla/show_bug.cgi?id=18928", + "https://usn.ubuntu.com/usn/usn-2985-1" + ], + "PublishedDate": "2016-01-20T05:59:00Z", + "LastModifiedDate": "2018-01-05T02:30:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8982", + "PkgName": "glibc", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8982", + "Title": "glibc: multiple overflows in strxfrm()", + "Description": "Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:N", + "V2Score": 2.6 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2015/09/08/2", + "http://www.openwall.com/lists/oss-security/2015/02/13/3", + "http://www.openwall.com/lists/oss-security/2017/02/14/9", + "http://www.securityfocus.com/bid/72602", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8982", + "https://sourceware.org/bugzilla/show_bug.cgi?id=16009", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=0f9e585480ed", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0f9e585480ed", + "https://usn.ubuntu.com/usn/usn-3239-1" + ], + "PublishedDate": "2017-03-15T19:59:00Z", + "LastModifiedDate": "2017-03-17T12:26:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8984", + "PkgName": "glibc", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8984", + "Title": "glibc: potential denial of service in internal_fnmatch()", + "Description": "The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", + "V2Score": 1.2 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2015/02/26/5", + "http://www.openwall.com/lists/oss-security/2017/02/14/9", + "http://www.securityfocus.com/bid/72789", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8984", + "https://sourceware.org/bugzilla/show_bug.cgi?id=18032", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a28f4d55a6cc33474c0792fe93b5942d81bf185", + "https://usn.ubuntu.com/usn/usn-3239-1", + "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html" + ], + "PublishedDate": "2017-03-20T16:59:00Z", + "LastModifiedDate": "2017-03-22T19:12:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8985", + "PkgName": "glibc", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8985", + "Title": "glibc: potential denial of service in pop_fail_stack()", + "Description": "The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.", + "Severity": "LOW", + "CweIDs": [ + "CWE-19" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 1.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2017/02/14/9", + "http://www.securityfocus.com/bid/76916", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8985", + "https://security.gentoo.org/glsa/201908-06" + ], + "PublishedDate": "2017-03-20T16:59:00Z", + "LastModifiedDate": "2019-08-15T18:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10228", + "PkgName": "glibc", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228", + "Title": "glibc: iconv program can hang when invoked with the -c option", + "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2017/03/01/10", + "http://www.securityfocus.com/bid/96525", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228", + "https://sourceware.org/bugzilla/show_bug.cgi?id=19519" + ], + "PublishedDate": "2017-03-02T01:59:00Z", + "LastModifiedDate": "2017-03-04T02:59:00Z" + }, + { + "VulnerabilityID": "CVE-2016-3075", + "PkgName": "glibc", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-3075", + "Title": "glibc: Stack overflow in nss_dns_getnetbyname_r", + "Description": "Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:M/C:P/I:P/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", + "V2Score": 5.8, + "V3Score": 7 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-3075.html", + "http://linux.oracle.com/errata/ELSA-2016-2573.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html", + "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html", + "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html", + "http://rhn.redhat.com/errata/RHSA-2016-2573.html", + "http://www.securityfocus.com/bid/85732", + "http://www.ubuntu.com/usn/USN-2985-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3075", + "https://security.gentoo.org/glsa/201702-11", + "https://sourceware.org/bugzilla/show_bug.cgi?id=19879", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=317b199b4aff8cfa27f2302ab404d2bb5032b9a4", + "https://usn.ubuntu.com/usn/usn-2985-1" + ], + "PublishedDate": "2016-06-01T20:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2016-3706", + "PkgName": "glibc", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-3706", + "Title": "glibc: stack (frame) overflow in getaddrinfo() when called with AF_INET, AF_INET6 (incomplete fix for CVE-2013-4458)", + "Description": "Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html", + "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html", + "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", + "http://www.securityfocus.com/bid/102073", + "http://www.securityfocus.com/bid/88440", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3706", + "https://source.android.com/security/bulletin/2017-12-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20010", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9", + "https://usn.ubuntu.com/usn/usn-3239-1", + "https://usn.ubuntu.com/usn/usn-3239-3" + ], + "PublishedDate": "2016-06-10T15:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4429", + "PkgName": "glibc", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4429", + "Title": "glibc: libtirpc: stack (frame) overflow in Sun RPC clntudp_call()", + "Description": "Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V2Score": 2.6 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html", + "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html", + "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", + "http://www.securityfocus.com/bid/102073", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4429", + "https://source.android.com/security/bulletin/2017-12-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20112", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bc779a1a5b3035133024b21e2f339fe4219fb11c", + "https://usn.ubuntu.com/3759-1/", + "https://usn.ubuntu.com/3759-2/", + "https://usn.ubuntu.com/usn/usn-3239-1", + "https://usn.ubuntu.com/usn/usn-3759-1", + "https://usn.ubuntu.com/usn/usn-3759-2" + ], + "PublishedDate": "2016-06-10T15:59:00Z", + "LastModifiedDate": "2019-03-22T17:32:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12132", + "PkgName": "glibc", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12132", + "Title": "glibc: Fragmentation attacks possible when EDNS0 is enabled", + "Description": "The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.", + "Severity": "LOW", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", + "V3Score": 3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2017-12132.html", + "http://linux.oracle.com/errata/ELSA-2018-0805.html", + "http://www.securityfocus.com/bid/100598", + "https://access.redhat.com/errata/RHSA-2018:0805", + "https://arxiv.org/pdf/1205.4011.pdf", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12132", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21361" + ], + "PublishedDate": "2017-08-01T16:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-15671", + "PkgName": "glibc", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15671", + "Title": "glibc: Memory leak in glob with GLOB_TILDE", + "Description": "The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).", + "Severity": "LOW", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/101517", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15671", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22325" + ], + "PublishedDate": "2017-10-20T17:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1000001", + "PkgName": "glibc-common", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000001", + "Title": "glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation", + "Description": "In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-1000001.html", + "http://linux.oracle.com/errata/ELSA-2018-0805.html", + "http://seclists.org/oss-sec/2018/q1/38", + "http://www.openwall.com/lists/oss-security/2018/01/11/5", + "http://www.securityfocus.com/bid/102525", + "http://www.securitytracker.com/id/1040162", + "https://access.redhat.com/errata/RHSA-2018:0805", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000001", + "https://lists.samba.org/archive/rsync/2018-February/031478.html", + "https://security.netapp.com/advisory/ntap-20190404-0003/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=18203", + "https://usn.ubuntu.com/3534-1/", + "https://usn.ubuntu.com/3536-1/", + "https://usn.ubuntu.com/usn/usn-3534-1", + "https://usn.ubuntu.com/usn/usn-3536-1", + "https://www.exploit-db.com/exploits/43775/", + "https://www.exploit-db.com/exploits/44889/", + "https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/" + ], + "PublishedDate": "2018-01-31T14:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2009-5155", + "PkgName": "glibc-common", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2009-5155", + "Title": "glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result", + "Description": "In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-19" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5155", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=11053", + "https://sourceware.org/bugzilla/show_bug.cgi?id=18986", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672", + "https://support.f5.com/csp/article/K64119434" + ], + "PublishedDate": "2019-02-26T02:29:00Z", + "LastModifiedDate": "2019-03-25T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2012-4412", + "PkgName": "glibc-common", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2012-4412", + "Title": "glibc: strcoll() integer overflow leading to buffer overflow", + "Description": "Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-189" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 4.4 + } + }, + "References": [ + "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", + "http://seclists.org/fulldisclosure/2019/Jun/18", + "http://secunia.com/advisories/55113", + "http://sourceware.org/bugzilla/show_bug.cgi?id=14547", + "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283", + "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284", + "http://www.openwall.com/lists/oss-security/2012/09/07/9", + "http://www.ubuntu.com/usn/USN-1991-1", + "https://bugzilla.redhat.com/show_bug.cgi?id=855385", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4412", + "https://seclists.org/bugtraq/2019/Jun/14", + "https://security.gentoo.org/glsa/201503-04", + "https://usn.ubuntu.com/usn/usn-1991-1" + ], + "PublishedDate": "2013-10-09T22:55:00Z", + "LastModifiedDate": "2019-06-13T21:29:00Z" + }, + { + "VulnerabilityID": "CVE-2012-4424", + "PkgName": "glibc-common", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2012-4424", + "Title": "glibc: alloca() stack overflow in the strcoll() interface", + "Description": "Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", + "V2Score": 5.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", + "V2Score": 3.7 + } + }, + "References": [ + "http://sourceware.org/bugzilla/show_bug.cgi?id=14547", + "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283", + "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284", + "http://www.openwall.com/lists/oss-security/2012/09/13/16", + "http://www.ubuntu.com/usn/USN-1991-1", + "https://bugzilla.redhat.com/show_bug.cgi?id=858238", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4424", + "https://security.gentoo.org/glsa/201503-04", + "https://usn.ubuntu.com/usn/usn-1991-1" + ], + "PublishedDate": "2013-10-09T22:55:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8983", + "PkgName": "glibc-common", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8983", + "Title": "glibc: _IO_wstr_overflow integer overflow", + "Description": "Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 4.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2015/02/22/15", + "http://www.openwall.com/lists/oss-security/2017/02/14/9", + "http://www.securityfocus.com/bid/72740", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8983", + "https://sourceware.org/bugzilla/show_bug.cgi?id=17269", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bdf1ff052a8e23d637f2c838fa5642d78fcedc33", + "https://usn.ubuntu.com/usn/usn-3239-1", + "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html" + ], + "PublishedDate": "2017-03-20T16:59:00Z", + "LastModifiedDate": "2017-03-22T19:12:00Z" + }, + { + "VulnerabilityID": "CVE-2016-1234", + "PkgName": "glibc-common", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1234", + "Title": "glibc: Stack-based buffer overflow in glob with GLOB_ALTDIRFUNC and crafted directory", + "Description": "Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", + "V2Score": 4.6, + "V3Score": 4.8 + } + }, + "References": [ + "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html", + "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html", + "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html", + "http://www.openwall.com/lists/oss-security/2016/03/07/16", + "http://www.securityfocus.com/bid/84204", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1234", + "https://security.gentoo.org/glsa/201702-11", + "https://sourceware.org/bugzilla/show_bug.cgi?id=19779", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5171f3079f2cc53e0548fc4967361f4d1ce9d7ea", + "https://usn.ubuntu.com/usn/usn-3239-1" + ], + "PublishedDate": "2016-06-01T20:59:00Z", + "LastModifiedDate": "2019-05-31T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16997", + "PkgName": "glibc-common", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16997", + "Title": "glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries", + "Description": "elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the \"./\" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-426" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 9.3, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2017-16997.html", + "http://linux.oracle.com/errata/ELSA-2018-3092.html", + "http://www.securityfocus.com/bid/102228", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3092", + "https://bugs.debian.org/884615", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16997", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22625", + "https://sourceware.org/ml/libc-alpha/2017-12/msg00528.html", + "https://usn.ubuntu.com/usn/usn-3534-1" + ], + "PublishedDate": "2017-12-18T01:29:00Z", + "LastModifiedDate": "2019-04-26T12:41:00Z" + }, + { + "VulnerabilityID": "CVE-2017-8804", + "PkgName": "glibc-common", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8804", + "Title": "glibc: memory leak in sunrpc when decoding malformed XDR", + "Description": "The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-502" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 7.8, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2017/05/05/2", + "http://www.securityfocus.com/bid/98339", + "https://bugzilla.suse.com/show_bug.cgi?id=1037559#c7", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21461", + "https://sourceware.org/ml/libc-alpha/2017-05/msg00105.html" + ], + "PublishedDate": "2017-05-07T18:29:00Z", + "LastModifiedDate": "2017-05-16T01:34:00Z" + }, + { + "VulnerabilityID": "CVE-2018-11236", + "PkgName": "glibc-common", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-11236", + "Title": "glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow", + "Description": "stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-11236.html", + "http://linux.oracle.com/errata/ELSA-2018-3092.html", + "http://www.securityfocus.com/bid/104255", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3092", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11236", + "https://security.netapp.com/advisory/ntap-20190329-0001/", + "https://security.netapp.com/advisory/ntap-20190401-0001/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22786", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5460617d1567657621107d895ee2dd83bc1f88f2", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-05-18T16:29:00Z", + "LastModifiedDate": "2019-04-25T18:43:00Z" + }, + { + "VulnerabilityID": "CVE-2018-6485", + "PkgName": "glibc-common", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6485", + "Title": "glibc: Integer overflow in posix_memalign in memalign functions", + "Description": "An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://bugs.debian.org/878159", + "http://linux.oracle.com/cve/CVE-2018-6485.html", + "http://linux.oracle.com/errata/ELSA-2018-3092.html", + "http://www.securityfocus.com/bid/102912", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3092", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6485", + "https://security.netapp.com/advisory/ntap-20190404-0003/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22343", + "https://usn.ubuntu.com/4218-1/", + "https://usn.ubuntu.com/usn/usn-4218-1", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-02-01T14:29:00Z", + "LastModifiedDate": "2019-12-10T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9169", + "PkgName": "glibc-common", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9169", + "Title": "glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/107160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24114", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9", + "https://support.f5.com/csp/article/K54823184" + ], + "PublishedDate": "2019-02-26T02:29:00Z", + "LastModifiedDate": "2019-04-16T05:29:00Z" + }, + { + "VulnerabilityID": "CVE-2010-0015", + "PkgName": "glibc-common", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-0015", + "Title": "glibc NIS password hash disclosure", + "Description": "nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function.", + "Severity": "LOW", + "CweIDs": [ + "CWE-255" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:A/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 3.3 + } + }, + "References": [ + "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560333", + "http://marc.info/?l=oss-security\u0026m=126320356003425\u0026w=2", + "http://marc.info/?l=oss-security\u0026m=126320570505651\u0026w=2", + "http://sourceware.org/bugzilla/show_bug.cgi?id=11134", + "http://svn.debian.org/viewsvn/pkg-glibc/glibc-package/trunk/debian/patches/any/submitted-nis-shadow.diff?revision=4062\u0026view=markup", + "http://www.mandriva.com/security/advisories?name=MDVSA-2010:111", + "http://www.mandriva.com/security/advisories?name=MDVSA-2010:112", + "http://www.openwall.com/lists/oss-security/2010/01/07/3", + "http://www.openwall.com/lists/oss-security/2010/01/08/1", + "http://www.openwall.com/lists/oss-security/2010/01/08/2", + "http://www.openwall.com/lists/oss-security/2010/01/11/6", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0015", + "https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html" + ], + "PublishedDate": "2010-01-14T18:30:00Z", + "LastModifiedDate": "2016-12-07T02:59:00Z" + }, + { + "VulnerabilityID": "CVE-2010-4756", + "PkgName": "glibc-common", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4756", + "Title": "glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions", + "Description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "V2Score": 4 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + } + }, + "References": [ + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223" + ], + "PublishedDate": "2011-03-02T20:00:00Z", + "LastModifiedDate": "2011-03-04T05:00:00Z" + }, + { + "VulnerabilityID": "CVE-2011-5320", + "PkgName": "glibc-common", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-5320", + "Title": "glibc: scanf implementation crashes on certain inputs", + "Description": "scanf and related functions in glibc before 2.15 allow local users to cause a denial of service (segmentation fault) via a large string of 0s.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 2.1, + "V3Score": 6.2 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 1.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2015/03/12/14", + "https://bugzilla.redhat.com/show_bug.cgi?id=1196745", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5320", + "https://marc.info/?l=gimp-developer\u0026m=129567990905823\u0026w=2", + "https://sourceware.org/bugzilla/show_bug.cgi?id=13138#c4", + "https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=20b38e0", + "https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3f8cc204fdd0" + ], + "PublishedDate": "2017-10-18T14:29:00Z", + "LastModifiedDate": "2017-11-08T17:05:00Z" + }, + { + "VulnerabilityID": "CVE-2013-4788", + "PkgName": "glibc-common", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4788", + "Title": "glibc: PTR_MANGLE does not initialize to a random value for the pointer guard when compiling static executables", + "Description": "The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", + "V2Score": 5.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", + "V2Score": 3.7 + } + }, + "References": [ + "http://hmarco.org/bugs/CVE-2013-4788.html", + "http://seclists.org/fulldisclosure/2015/Sep/23", + "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283", + "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284", + "http://www.openwall.com/lists/oss-security/2013/07/15/9", + "http://www.securityfocus.com/bid/61183", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4788", + "https://security.gentoo.org/glsa/201503-04" + ], + "PublishedDate": "2013-10-04T17:55:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2014-4043", + "PkgName": "glibc-common", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-4043", + "Title": "glibc: posix_spawn_file_actions_addopen fails to copy the path argument", + "Description": "The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.", + "Severity": "LOW", + "CweIDs": [ + "CWE-94" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:S/C:P/I:N/A:N", + "V2Score": 1 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00012.html", + "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", + "http://seclists.org/fulldisclosure/2019/Jun/18", + "http://www.mandriva.com/security/advisories?name=MDVSA-2014:152", + "http://www.openwall.com/lists/oss-security/2014/06/13/2", + "http://www.securityfocus.com/bid/68006", + "https://bugzilla.redhat.com/show_bug.cgi?id=1109263", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/93784", + "https://seclists.org/bugtraq/2019/Jun/14", + "https://security.gentoo.org/glsa/201503-04", + "https://sourceware.org/bugzilla/show_bug.cgi?id=17048", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=ChangeLog;h=3020b9ac232315df362521aeaf85f21cb9926db8;hp=d86e73963dd9fb5e21b1a28326630337226812aa;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=posix/spawn_faction_addopen.c;h=40800b8e6e81341501c0fb8a91009529e2048dec;hp=47f62425b696a4fdd511b2a057746322eb6518db;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=89e435f3559c53084498e9baad22172b64429362", + "https://usn.ubuntu.com/usn/usn-2306-1" + ], + "PublishedDate": "2014-10-06T23:55:00Z", + "LastModifiedDate": "2019-06-13T21:29:00Z" + }, + { + "VulnerabilityID": "CVE-2014-8121", + "PkgName": "glibc-common", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-8121", + "Title": "glibc: Unexpected closing of nss_files databases after lookups causes denial of service", + "Description": "DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.", + "Severity": "LOW", + "CweIDs": [ + "CWE-17" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2014-8121.html", + "http://linux.oracle.com/errata/ELSA-2015-0327.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html", + "http://rhn.redhat.com/errata/RHSA-2015-0327.html", + "http://www.debian.org/security/2016/dsa-3480", + "http://www.securityfocus.com/bid/73038", + "http://www.ubuntu.com/usn/USN-2985-1", + "http://www.ubuntu.com/usn/USN-2985-2", + "https://bugzilla.redhat.com/show_bug.cgi?id=1165192", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8121", + "https://security.gentoo.org/glsa/201602-02", + "https://sourceware.org/ml/libc-alpha/2015-02/msg00617.html", + "https://usn.ubuntu.com/usn/usn-2985-1" + ], + "PublishedDate": "2015-03-27T14:59:00Z", + "LastModifiedDate": "2018-10-17T19:01:00Z" + }, + { + "VulnerabilityID": "CVE-2014-9402", + "PkgName": "glibc-common", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9402", + "Title": "glibc: denial of service in getnetbyname function", + "Description": "The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "V2Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", + "V2Score": 1.2 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2014-9402.html", + "http://linux.oracle.com/errata/ELSA-2018-0805.html", + "http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html", + "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", + "http://seclists.org/fulldisclosure/2019/Jun/18", + "http://www.openwall.com/lists/oss-security/2014/12/18/1", + "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "http://www.securityfocus.com/bid/71670", + "http://www.ubuntu.com/usn/USN-2519-1", + "https://access.redhat.com/errata/RHSA-2018:0805", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9402", + "https://seclists.org/bugtraq/2019/Jun/14", + "https://security.gentoo.org/glsa/201602-02", + "https://sourceware.org/bugzilla/show_bug.cgi?id=17630", + "https://usn.ubuntu.com/usn/usn-2519-1" + ], + "PublishedDate": "2015-02-24T15:59:00Z", + "LastModifiedDate": "2019-06-13T21:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-5180", + "PkgName": "glibc-common", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5180", + "Title": "glibc: DNS resolver NULL pointer dereference with crafted record type", + "Description": "res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", + "V2Score": 1.2 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2015-5180.html", + "http://linux.oracle.com/errata/ELSA-2018-0805.html", + "http://www.securityfocus.com/bid/99324", + "http://www.ubuntu.com/usn/USN-3239-1", + "http://www.ubuntu.com/usn/USN-3239-2", + "https://access.redhat.com/errata/RHSA-2018:0805", + "https://bugzilla.redhat.com/show_bug.cgi?id=1249603", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5180", + "https://security.gentoo.org/glsa/201706-19", + "https://sourceware.org/bugzilla/attachment.cgi?id=8492", + "https://sourceware.org/bugzilla/show_bug.cgi?id=18784", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=fc82b0a2dfe7dbd35671c10510a8da1043d746a5", + "https://sourceware.org/ml/libc-alpha/2017-02/msg00079.html", + "https://usn.ubuntu.com/usn/usn-3239-1", + "https://usn.ubuntu.com/usn/usn-3239-2" + ], + "PublishedDate": "2017-06-27T20:29:00Z", + "LastModifiedDate": "2018-04-12T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8777", + "PkgName": "glibc-common", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8777", + "Title": "glibc: LD_POINTER_GUARD in the environment is not sanitized", + "Description": "The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.", + "Severity": "LOW", + "CweIDs": [ + "CWE-254" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 2.1, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 3.7, + "V3Score": 7 + } + }, + "References": [ + "http://hmarco.org/bugs/glibc_ptr_mangle_weakness.html", + "http://linux.oracle.com/cve/CVE-2015-8777.html", + "http://linux.oracle.com/errata/ELSA-2017-1916.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html", + "http://www.debian.org/security/2016/dsa-3480", + "http://www.openwall.com/lists/oss-security/2015/09/05/8", + "http://www.openwall.com/lists/oss-security/2016/01/20/1", + "http://www.securityfocus.com/bid/81469", + "http://www.securitytracker.com/id/1034811", + "http://www.ubuntu.com/usn/USN-2985-1", + "http://www.ubuntu.com/usn/USN-2985-2", + "https://access.redhat.com/errata/RHSA-2017:1916", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8777", + "https://security.gentoo.org/glsa/201702-11", + "https://sourceware.org/bugzilla/show_bug.cgi?id=18928", + "https://usn.ubuntu.com/usn/usn-2985-1" + ], + "PublishedDate": "2016-01-20T05:59:00Z", + "LastModifiedDate": "2018-01-05T02:30:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8982", + "PkgName": "glibc-common", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8982", + "Title": "glibc: multiple overflows in strxfrm()", + "Description": "Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:N", + "V2Score": 2.6 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2015/09/08/2", + "http://www.openwall.com/lists/oss-security/2015/02/13/3", + "http://www.openwall.com/lists/oss-security/2017/02/14/9", + "http://www.securityfocus.com/bid/72602", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8982", + "https://sourceware.org/bugzilla/show_bug.cgi?id=16009", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=0f9e585480ed", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0f9e585480ed", + "https://usn.ubuntu.com/usn/usn-3239-1" + ], + "PublishedDate": "2017-03-15T19:59:00Z", + "LastModifiedDate": "2017-03-17T12:26:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8984", + "PkgName": "glibc-common", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8984", + "Title": "glibc: potential denial of service in internal_fnmatch()", + "Description": "The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", + "V2Score": 1.2 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2015/02/26/5", + "http://www.openwall.com/lists/oss-security/2017/02/14/9", + "http://www.securityfocus.com/bid/72789", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8984", + "https://sourceware.org/bugzilla/show_bug.cgi?id=18032", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a28f4d55a6cc33474c0792fe93b5942d81bf185", + "https://usn.ubuntu.com/usn/usn-3239-1", + "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html" + ], + "PublishedDate": "2017-03-20T16:59:00Z", + "LastModifiedDate": "2017-03-22T19:12:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8985", + "PkgName": "glibc-common", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8985", + "Title": "glibc: potential denial of service in pop_fail_stack()", + "Description": "The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.", + "Severity": "LOW", + "CweIDs": [ + "CWE-19" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 1.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2017/02/14/9", + "http://www.securityfocus.com/bid/76916", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8985", + "https://security.gentoo.org/glsa/201908-06" + ], + "PublishedDate": "2017-03-20T16:59:00Z", + "LastModifiedDate": "2019-08-15T18:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10228", + "PkgName": "glibc-common", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228", + "Title": "glibc: iconv program can hang when invoked with the -c option", + "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2017/03/01/10", + "http://www.securityfocus.com/bid/96525", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228", + "https://sourceware.org/bugzilla/show_bug.cgi?id=19519" + ], + "PublishedDate": "2017-03-02T01:59:00Z", + "LastModifiedDate": "2017-03-04T02:59:00Z" + }, + { + "VulnerabilityID": "CVE-2016-3075", + "PkgName": "glibc-common", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-3075", + "Title": "glibc: Stack overflow in nss_dns_getnetbyname_r", + "Description": "Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:M/C:P/I:P/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", + "V2Score": 5.8, + "V3Score": 7 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-3075.html", + "http://linux.oracle.com/errata/ELSA-2016-2573.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html", + "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html", + "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html", + "http://rhn.redhat.com/errata/RHSA-2016-2573.html", + "http://www.securityfocus.com/bid/85732", + "http://www.ubuntu.com/usn/USN-2985-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3075", + "https://security.gentoo.org/glsa/201702-11", + "https://sourceware.org/bugzilla/show_bug.cgi?id=19879", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=317b199b4aff8cfa27f2302ab404d2bb5032b9a4", + "https://usn.ubuntu.com/usn/usn-2985-1" + ], + "PublishedDate": "2016-06-01T20:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2016-3706", + "PkgName": "glibc-common", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-3706", + "Title": "glibc: stack (frame) overflow in getaddrinfo() when called with AF_INET, AF_INET6 (incomplete fix for CVE-2013-4458)", + "Description": "Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html", + "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html", + "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", + "http://www.securityfocus.com/bid/102073", + "http://www.securityfocus.com/bid/88440", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3706", + "https://source.android.com/security/bulletin/2017-12-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20010", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9", + "https://usn.ubuntu.com/usn/usn-3239-1", + "https://usn.ubuntu.com/usn/usn-3239-3" + ], + "PublishedDate": "2016-06-10T15:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4429", + "PkgName": "glibc-common", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4429", + "Title": "glibc: libtirpc: stack (frame) overflow in Sun RPC clntudp_call()", + "Description": "Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V2Score": 2.6 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html", + "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html", + "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", + "http://www.securityfocus.com/bid/102073", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4429", + "https://source.android.com/security/bulletin/2017-12-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20112", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bc779a1a5b3035133024b21e2f339fe4219fb11c", + "https://usn.ubuntu.com/3759-1/", + "https://usn.ubuntu.com/3759-2/", + "https://usn.ubuntu.com/usn/usn-3239-1", + "https://usn.ubuntu.com/usn/usn-3759-1", + "https://usn.ubuntu.com/usn/usn-3759-2" + ], + "PublishedDate": "2016-06-10T15:59:00Z", + "LastModifiedDate": "2019-03-22T17:32:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12132", + "PkgName": "glibc-common", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12132", + "Title": "glibc: Fragmentation attacks possible when EDNS0 is enabled", + "Description": "The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.", + "Severity": "LOW", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", + "V3Score": 3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2017-12132.html", + "http://linux.oracle.com/errata/ELSA-2018-0805.html", + "http://www.securityfocus.com/bid/100598", + "https://access.redhat.com/errata/RHSA-2018:0805", + "https://arxiv.org/pdf/1205.4011.pdf", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12132", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21361" + ], + "PublishedDate": "2017-08-01T16:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-15671", + "PkgName": "glibc-common", + "InstalledVersion": "2.12-1.212.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15671", + "Title": "glibc: Memory leak in glob with GLOB_TILDE", + "Description": "The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).", + "Severity": "LOW", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/101517", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15671", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22325" + ], + "PublishedDate": "2017-10-20T17:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2014-4617", + "PkgName": "gnupg2", + "InstalledVersion": "2.0.14-9.el6_10", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-4617", + "Title": "gnupg: infinite loop when decompressing data packets", + "Description": "The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + } + }, + "References": [ + "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=014b2103fcb12f261135e3954f26e9e07b39e342", + "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=11fdfcf82bd8d2b5bc38292a29876e10770f4b0a", + "http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html", + "http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html", + "http://lists.opensuse.org/opensuse-updates/2014-07/msg00010.html", + "http://secunia.com/advisories/59213", + "http://secunia.com/advisories/59351", + "http://secunia.com/advisories/59534", + "http://secunia.com/advisories/59578", + "http://www.debian.org/security/2014/dsa-2967", + "http://www.debian.org/security/2014/dsa-2968", + "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", + "http://www.ubuntu.com/usn/USN-2258-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4617", + "https://usn.ubuntu.com/usn/usn-2258-1" + ], + "PublishedDate": "2014-06-25T11:19:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2019-13050", + "PkgName": "gnupg2", + "InstalledVersion": "2.0.14-9.el6_10", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13050", + "Title": "GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack which leads to persistent DoS", + "Description": "Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-297" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/articles/4264021", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13050", + "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f", + "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html", + "https://twitter.com/lambdafu/status/1147162583969009664" + ], + "PublishedDate": "2019-06-29T17:15:00Z", + "LastModifiedDate": "2019-07-09T20:15:00Z" + }, + { + "VulnerabilityID": "CVE-2014-3591", + "PkgName": "gnupg2", + "InstalledVersion": "2.0.14-9.el6_10", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3591", + "Title": "libgcrypt: use ciphertext blinding for Elgamal decryption (new side-channel attack)", + "Description": "Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 1.9 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", + "V2Score": 1.2 + } + }, + "References": [ + "http://www.cs.tau.ac.il/~tromer/radioexp/", + "http://www.debian.org/security/2015/dsa-3184", + "http://www.debian.org/security/2015/dsa-3185", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3591", + "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html", + "https://usn.ubuntu.com/usn/usn-2554-1", + "https://usn.ubuntu.com/usn/usn-2555-1" + ], + "PublishedDate": "2019-11-29T22:15:00Z", + "LastModifiedDate": "2019-12-05T18:06:00Z" + }, + { + "VulnerabilityID": "CVE-2015-0837", + "PkgName": "gnupg2", + "InstalledVersion": "2.0.14-9.el6_10", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-0837", + "Title": "libgcrypt: last-level cache side-channel attack", + "Description": "The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a \"Last-Level Cache Side-Channel Attack.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-203" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", + "V2Score": 1.2 + } + }, + "References": [ + "http://www.debian.org/security/2015/dsa-3184", + "http://www.debian.org/security/2015/dsa-3185", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0837", + "https://ieeexplore.ieee.org/document/7163050", + "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html", + "https://usn.ubuntu.com/usn/usn-2554-1", + "https://usn.ubuntu.com/usn/usn-2555-1" + ], + "PublishedDate": "2019-11-29T22:15:00Z", + "LastModifiedDate": "2019-12-14T13:59:00Z" + }, + { + "VulnerabilityID": "CVE-2015-1606", + "PkgName": "gnupg2", + "InstalledVersion": "2.0.14-9.el6_10", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1606", + "Title": "gnupg2: invalid memory read using a garbled keyring", + "Description": "The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", + "V2Score": 1.2 + } + }, + "References": [ + "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=f0f71a721ccd7ab9e40b8b6b028b59632c0cc648", + "http://www.debian.org/security/2015/dsa-3184", + "http://www.openwall.com/lists/oss-security/2015/02/13/14", + "http://www.openwall.com/lists/oss-security/2015/02/14/6", + "http://www.securitytracker.com/id/1031876", + "https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1606", + "https://usn.ubuntu.com/usn/usn-2554-1" + ], + "PublishedDate": "2019-11-20T19:15:00Z", + "LastModifiedDate": "2019-11-22T16:33:00Z" + }, + { + "VulnerabilityID": "CVE-2015-1607", + "PkgName": "gnupg2", + "InstalledVersion": "2.0.14-9.el6_10", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1607", + "Title": "gnupg2: memcpy with overlapping ranges (keybox_search.c)", + "Description": "kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and \"memcpy with overlapping ranges.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", + "V2Score": 1.2 + } + }, + "References": [ + "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=2183683bd633818dd031b090b5530951de76f392", + "http://www.openwall.com/lists/oss-security/2015/02/13/14", + "http://www.openwall.com/lists/oss-security/2015/02/14/6", + "http://www.securityfocus.com/bid/72610", + "http://www.ubuntu.com/usn/usn-2554-1/", + "https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1607", + "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000361.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000362.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", + "https://usn.ubuntu.com/usn/usn-2554-1" + ], + "PublishedDate": "2019-11-20T19:15:00Z", + "LastModifiedDate": "2019-11-22T16:19:00Z" + }, + { + "VulnerabilityID": "CVE-2018-9234", + "PkgName": "gnupg2", + "InstalledVersion": "2.0.14-9.el6_10", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-9234", + "Title": "GnuPG: Unenforced configuration allows for apparently valid certifications actually signed by signing subkeys", + "Description": "GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.", + "Severity": "LOW", + "CweIDs": [ + "CWE-320" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", + "V3Score": 2.2 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9234", + "https://dev.gnupg.org/T3844", + "https://usn.ubuntu.com/3675-1/", + "https://usn.ubuntu.com/usn/usn-3675-1" + ], + "PublishedDate": "2018-04-04T00:29:00Z", + "LastModifiedDate": "2019-02-27T19:37:00Z" + }, + { + "VulnerabilityID": "CVE-2014-3564", + "PkgName": "gpgme", + "InstalledVersion": "1.1.8-3.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3564", + "Title": "gpgme: heap-based buffer overflow in gpgsm status handler", + "Description": "Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to \"different line lengths in a specific order.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", + "V2Score": 5.1 + } + }, + "References": [ + "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f7911fc215845e89b50d6af5ff4a83dd77", + "http://seclists.org/oss-sec/2014/q3/266", + "http://www.debian.org/security/2014/dsa-3005", + "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "http://www.osvdb.org/109699", + "http://www.securityfocus.com/bid/68990", + "https://bugzilla.redhat.com/show_bug.cgi?id=1113267", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3564", + "https://usn.ubuntu.com/usn/usn-2307-1" + ], + "PublishedDate": "2014-10-20T17:55:00Z", + "LastModifiedDate": "2016-10-18T03:44:00Z" + }, + { + "VulnerabilityID": "CVE-2009-5080", + "PkgName": "groff", + "InstalledVersion": "1.18.1.4-21.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2009-5080", + "Title": "groff: improper handling of failed attempts to create temporary directories in eqn2graph/pic2graph/grap2graph", + "Description": "The (1) contrib/eqn2graph/eqn2graph.sh, (2) contrib/grap2graph/grap2graph.sh, and (3) contrib/pic2graph/pic2graph.sh scripts in GNU troff (aka groff) 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to overwrite arbitrary files via a symlink attack on a file in a temporary directory, a different vulnerability than CVE-2004-1296.", + "Severity": "LOW", + "CweIDs": [ + "CWE-59" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", + "V2Score": 3.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", + "V2Score": 1.9 + } + }, + "References": [ + "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff", + "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1;r2=1.2;f=h", + "http://openwall.com/lists/oss-security/2009/08/14/4", + "http://openwall.com/lists/oss-security/2009/08/14/5", + "http://www.mandriva.com/security/advisories?name=MDVSA-2013:085", + "http://www.mandriva.com/security/advisories?name=MDVSA-2013:086", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5080" + ], + "PublishedDate": "2011-06-30T15:55:00Z", + "LastModifiedDate": "2013-12-13T04:34:00Z" + }, + { + "VulnerabilityID": "CVE-2011-0283", + "PkgName": "krb5-libs", + "InstalledVersion": "1.10.3-65.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-0283", + "Title": "krb5: uninitialized pointer use in krb5kdc leads to KDC crash", + "Description": "The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed request packet that does not trigger a response packet.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + } + }, + "References": [ + "http://secunia.com/advisories/43260", + "http://securityreason.com/securityalert/8073", + "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt", + "http://www.securityfocus.com/archive/1/516299/100/0/threaded", + "http://www.securityfocus.com/bid/46272", + "http://www.securitytracker.com/id?1025037", + "http://www.vupen.com/english/advisories/2011/0330" + ], + "PublishedDate": "2011-02-10T18:00:00Z", + "LastModifiedDate": "2020-01-21T15:46:00Z" + }, + { + "VulnerabilityID": "CVE-2011-4151", + "PkgName": "krb5-libs", + "InstalledVersion": "1.10.3-65.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-4151", + "Title": "CVE-2011-1527 CVE-2011-1528 CVE-2011-1529 CVE-2011-4151 krb5: KDC denial of service vulnerabilities (MITKRB5-SA-2011-006)", + "Description": "The krb5_db2_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4, when the db2 (aka Berkeley DB) back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, a different vulnerability than CVE-2011-1528.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "V2Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + } + }, + "References": [ + "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt", + "http://www.kb.cert.org/vuls/id/659251", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4151", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/70891" + ], + "PublishedDate": "2011-10-20T21:55:00Z", + "LastModifiedDate": "2020-01-21T15:46:00Z" + }, + { + "VulnerabilityID": "CVE-2014-5351", + "PkgName": "krb5-libs", + "InstalledVersion": "1.10.3-65.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-5351", + "Title": "krb5: current keys returned when randomizing the keys for a service principal", + "Description": "The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-255" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:H/Au:S/C:P/I:N/A:N", + "V2Score": 2.1 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:S/C:P/I:N/A:N", + "V2Score": 2.1 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2014-0477.html", + "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8018", + "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140132.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html", + "http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html", + "http://security.gentoo.org/glsa/glsa-201412-53.xml", + "http://www.mandriva.com/security/advisories?name=MDVSA-2014:224", + "http://www.securityfocus.com/bid/70380", + "http://www.securitytracker.com/id/1031003", + "http://www.ubuntu.com/usn/USN-2498-1", + "https://bugzilla.redhat.com/show_bug.cgi?id=1145425", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5351", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/97028", + "https://github.com/krb5/krb5/commit/af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6ca", + "https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html", + "https://usn.ubuntu.com/usn/usn-2498-1" + ], + "PublishedDate": "2014-10-10T01:55:00Z", + "LastModifiedDate": "2020-01-21T15:46:00Z" + }, + { + "VulnerabilityID": "CVE-2015-2695", + "PkgName": "krb5-libs", + "InstalledVersion": "1.10.3-65.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2695", + "Title": "krb5: SPNEGO context aliasing bugs", + "Description": "lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-18" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", + "V2Score": 7.1 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8244", + "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00007.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html", + "http://www.debian.org/security/2015/dsa-3395", + "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "http://www.securityfocus.com/bid/90687", + "http://www.securitytracker.com/id/1034084", + "http://www.ubuntu.com/usn/USN-2810-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2695", + "https://github.com/krb5/krb5/commit/b51b33f2bc5d1497ddf5bd107f791c101695000d", + "https://security.gentoo.org/glsa/201611-14", + "https://usn.ubuntu.com/usn/usn-2810-1" + ], + "PublishedDate": "2015-11-09T03:59:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-2696", + "PkgName": "krb5-libs", + "InstalledVersion": "1.10.3-65.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2696", + "Title": "krb5: IAKERB context aliasing flaw", + "Description": "lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-18" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", + "V2Score": 7.1 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8244", + "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html", + "http://www.debian.org/security/2015/dsa-3395", + "http://www.securityfocus.com/bid/90675", + "http://www.securitytracker.com/id/1034084", + "http://www.ubuntu.com/usn/USN-2810-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2696", + "https://github.com/krb5/krb5/commit/e04f0283516e80d2f93366e0d479d13c9b5c8c2a", + "https://security.gentoo.org/glsa/201611-14", + "https://usn.ubuntu.com/usn/usn-2810-1" + ], + "PublishedDate": "2015-11-09T03:59:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-2697", + "PkgName": "krb5-libs", + "InstalledVersion": "1.10.3-65.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2697", + "Title": "krb5: build_principal() memory flaw", + "Description": "The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\\0' character in a long realm field within a TGS request.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C", + "V2Score": 6.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "V2Score": 4 + } + }, + "References": [ + "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8252", + "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html", + "http://www.debian.org/security/2015/dsa-3395", + "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "http://www.securityfocus.com/bid/77581", + "http://www.securitytracker.com/id/1034084", + "http://www.ubuntu.com/usn/USN-2810-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2697", + "https://github.com/krb5/krb5/commit/f0c094a1b745d91ef2f9a4eae2149aac026a5789", + "https://security.gentoo.org/glsa/201611-14", + "https://usn.ubuntu.com/usn/usn-2810-1" + ], + "PublishedDate": "2015-11-09T03:59:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11368", + "PkgName": "krb5-libs", + "InstalledVersion": "1.10.3-65.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11368", + "Title": "krb5: Invalid S4U2Self or S4U2Proxy request causes assertion failure", + "Description": "In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-617" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2017-11368.html", + "http://linux.oracle.com/errata/ELSA-2018-0666.html", + "http://www.securityfocus.com/bid/100291", + "https://access.redhat.com/errata/RHSA-2018:0666", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11368", + "https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970", + "https://github.com/krb5/krb5/pull/678/files", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HNWXM6OQU7G23MG7XWIOBRGP43ECLDT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBUTXMNZWMVJLQ4NDX5OQFPUVCJRLV3W/" + ], + "PublishedDate": "2017-08-09T18:29:00Z", + "LastModifiedDate": "2020-01-21T15:47:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20217", + "PkgName": "krb5-libs", + "InstalledVersion": "1.10.3-65.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20217", + "Title": "krb5: Reachable assertion in the KDC using S4U2Self requests", + "Description": "A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-617" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 3.5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.3 + } + }, + "References": [ + "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20217", + "https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086", + "https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2KNHELH4YHNT6H2ESJWX2UIDXLBNGB2O/", + "https://security.netapp.com/advisory/ntap-20190416-0006/" + ], + "PublishedDate": "2018-12-26T21:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2016-3119", + "PkgName": "krb5-libs", + "InstalledVersion": "1.10.3-65.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-3119", + "Title": "krb5: null pointer dereference in kadmin", + "Description": "The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.", + "Severity": "LOW", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 3.5, + "V3Score": 5.3 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:S/C:N/I:N/A:P", + "V2Score": 2.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-3119.html", + "http://linux.oracle.com/errata/ELSA-2016-2591.html", + "http://lists.opensuse.org/opensuse-updates/2016-04/msg00007.html", + "http://lists.opensuse.org/opensuse-updates/2016-04/msg00055.html", + "http://rhn.redhat.com/errata/RHSA-2016-2591.html", + "http://www.securityfocus.com/bid/85392", + "http://www.securitytracker.com/id/1035399", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3119", + "https://github.com/krb5/krb5/commit/08c642c09c38a9c6454ab43a9b53b2a89b9eef99", + "https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html" + ], + "PublishedDate": "2016-03-26T01:59:00Z", + "LastModifiedDate": "2020-01-21T15:47:00Z" + }, + { + "VulnerabilityID": "CVE-2016-3120", + "PkgName": "krb5-libs", + "InstalledVersion": "1.10.3-65.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-3120", + "Title": "krb5: S4U2Self KDC crash when anon is restricted", + "Description": "The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4, + "V3Score": 6.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 3.5, + "V3Score": 5.3 + } + }, + "References": [ + "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8458", + "http://linux.oracle.com/cve/CVE-2016-3120.html", + "http://linux.oracle.com/errata/ELSA-2016-2591.html", + "http://lists.opensuse.org/opensuse-updates/2016-09/msg00035.html", + "http://rhn.redhat.com/errata/RHSA-2016-2591.html", + "http://web.mit.edu/kerberos/krb5-1.13/", + "http://web.mit.edu/kerberos/krb5-1.14/", + "http://www.securityfocus.com/bid/92132", + "http://www.securitytracker.com/id/1036442", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3120", + "https://github.com/krb5/krb5/commit/93b4a6306a0026cf1cc31ac4bd8a49ba5d034ba7", + "https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AWL3KYFRJIX37EAM4DKCQQIQP2WBKL35/" + ], + "PublishedDate": "2016-08-01T02:59:00Z", + "LastModifiedDate": "2020-01-21T15:47:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11462", + "PkgName": "krb5-libs", + "InstalledVersion": "1.10.3-65.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11462", + "Title": "krb5: Automatic sec context deletion could lead to double-free", + "Description": "Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.", + "Severity": "LOW", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598", + "https://bugzilla.redhat.com/show_bug.cgi?id=1488873", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11462", + "https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2FPRUP4YVOEBGEROUYWZFEQ64HTMGNED/" + ], + "PublishedDate": "2017-09-13T16:29:00Z", + "LastModifiedDate": "2020-01-21T15:47:00Z" + }, + { + "VulnerabilityID": "CVE-2018-5729", + "PkgName": "krb5-libs", + "InstalledVersion": "1.10.3-65.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5729", + "Title": "krb5: null dereference in kadmind or DN container check bypass by supplying special crafted data", + "Description": "MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 6.5, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 4.7 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-5729.html", + "http://linux.oracle.com/errata/ELSA-2018-3071.html", + "http://www.securitytracker.com/id/1042071", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3071", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869", + "https://bugzilla.redhat.com/show_bug.cgi?id=1551083", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5729", + "https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1", + "https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GK5T6JPMBHBPKS7HNGHYUUF4KKRMNSNU/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIFUL3CPM4S5TOXTTOCQ3CUZN6XCXUTR/" + ], + "PublishedDate": "2018-03-06T20:29:00Z", + "LastModifiedDate": "2020-01-21T15:47:00Z" + }, + { + "VulnerabilityID": "CVE-2018-5730", + "PkgName": "krb5-libs", + "InstalledVersion": "1.10.3-65.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5730", + "Title": "krb5: DN container check bypass by supplying special crafted data", + "Description": "MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a \"linkdn\" and \"containerdn\" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.", + "Severity": "LOW", + "CweIDs": [ + "CWE-90" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", + "V2Score": 5.5, + "V3Score": 3.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 3.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-5730.html", + "http://linux.oracle.com/errata/ELSA-2018-3071.html", + "http://www.securitytracker.com/id/1042071", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3071", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869", + "https://bugzilla.redhat.com/show_bug.cgi?id=1551082", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5730", + "https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1", + "https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GK5T6JPMBHBPKS7HNGHYUUF4KKRMNSNU/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIFUL3CPM4S5TOXTTOCQ3CUZN6XCXUTR/" + ], + "PublishedDate": "2018-03-06T20:29:00Z", + "LastModifiedDate": "2020-01-21T15:47:00Z" + }, + { + "VulnerabilityID": "CVE-2014-9488", + "PkgName": "less", + "InstalledVersion": "436-13.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9488", + "Title": "less: out of bounds read access in is_utf8_well_formed()", + "Description": "The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "V2Score": 10 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V2Score": 1.2, + "V3Score": 2.5 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2015-0139.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159449.html", + "http://lists.opensuse.org/opensuse-updates/2015-03/msg00077.html", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:199", + "http://www.openwall.com/lists/oss-security/2015/03/10/14", + "https://blog.fuzzing-project.org/3-less-out-of-bounds-read-access-TFPA-0022014.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9488" + ], + "PublishedDate": "2015-04-14T18:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2014-9114", + "PkgName": "libblkid", + "InstalledVersion": "2.17.2-12.28.el6_9.2", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9114", + "Title": "util-linux: command injection flaw in blkid", + "Description": "Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-77" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V2Score": 6.2 + } + }, + "References": [ + "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146229.html", + "http://lists.opensuse.org/opensuse-updates/2015-01/msg00035.html", + "http://www.openwall.com/lists/oss-security/2014/11/26/21", + "http://www.securityfocus.com/bid/71327", + "https://bugzilla.redhat.com/show_bug.cgi?id=1168485", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9114", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/98993", + "https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc", + "https://security.gentoo.org/glsa/201612-14" + ], + "PublishedDate": "2017-03-31T16:59:00Z", + "LastModifiedDate": "2019-01-04T14:14:00Z" + }, + { + "VulnerabilityID": "CVE-2010-3879", + "PkgName": "libblkid", + "InstalledVersion": "2.17.2-12.28.el6_9.2", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-3879", + "Title": "CVE-2011-0541 CVE-2011-0542 CVE-2011-0543 fuse: unprivileged user can unmount arbitrary locations via symlink attack", + "Description": "FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE filesystem, a different vulnerability than CVE-2010-0789.", + "Severity": "LOW", + "CweIDs": [ + "CWE-59" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P", + "V2Score": 5.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:N/I:P/A:P", + "V2Score": 2.6 + } + }, + "References": [ + "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602333", + "http://linux.oracle.com/cve/CVE-2010-3879.html", + "http://linux.oracle.com/errata/ELSA-2011-1083.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053792.html", + "http://lists.grok.org.uk/pipermail/full-disclosure/2010-November/077247.html", + "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html", + "http://openwall.com/lists/oss-security/2010/11/04/8", + "http://openwall.com/lists/oss-security/2010/11/05/2", + "http://osvdb.org/70520", + "http://secunia.com/advisories/42961", + "http://secunia.com/advisories/42965", + "http://www.halfdog.net/Security/FuseTimerace/", + "http://www.mandriva.com/security/advisories?name=MDVSA-2013:155", + "http://www.securityfocus.com/bid/44623", + "http://www.ubuntu.com/usn/USN-1045-1", + "http://www.ubuntu.com/usn/USN-1045-2", + "http://www.vupen.com/english/advisories/2011/0181", + "http://www.vupen.com/english/advisories/2011/0302", + "https://bugs.launchpad.net/bugs/670622", + "https://bugzilla.novell.com/show_bug.cgi?id=651598", + "https://bugzilla.redhat.com/show_bug.cgi?id=651183", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3879", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/62986" + ], + "PublishedDate": "2011-01-22T22:00:00Z", + "LastModifiedDate": "2017-08-17T01:33:00Z" + }, + { + "VulnerabilityID": "CVE-2011-0541", + "PkgName": "libblkid", + "InstalledVersion": "2.17.2-12.28.el6_9.2", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-0541", + "Title": "CVE-2010-3879 CVE-2011-0541 CVE-2011-0542 CVE-2011-0543 fuse: unprivileged user can unmount arbitrary locations via symlink attack", + "Description": "fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-59" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", + "V2Score": 3.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:N/I:P/A:P", + "V2Score": 2.6 + } + }, + "References": [ + "http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=bf5ffb5fd8558bd799791834def431c0cee5a11f", + "http://linux.oracle.com/cve/CVE-2011-0541.html", + "http://linux.oracle.com/errata/ELSA-2011-1083.html", + "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html", + "http://www.openwall.com/lists/oss-security/2011/02/02/2", + "http://www.openwall.com/lists/oss-security/2011/02/03/5", + "http://www.openwall.com/lists/oss-security/2011/02/08/4", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0541" + ], + "PublishedDate": "2011-09-02T23:55:00Z", + "LastModifiedDate": "2014-02-12T04:26:00Z" + }, + { + "VulnerabilityID": "CVE-2011-0542", + "PkgName": "libblkid", + "InstalledVersion": "2.17.2-12.28.el6_9.2", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-0542", + "Title": "CVE-2010-3879 CVE-2011-0541 CVE-2011-0542 CVE-2011-0543 fuse: unprivileged user can unmount arbitrary locations via symlink attack", + "Description": "fusermount in fuse 2.8.5 and earlier does not perform a chdir to / before performing a mount or umount, which allows local users to unmount arbitrary directories via unspecified vectors.", + "Severity": "LOW", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", + "V2Score": 3.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:N/I:P/A:P", + "V2Score": 2.6 + } + }, + "References": [ + "http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=1e7607ff89c65b005f69e27aeb1649d624099873", + "http://linux.oracle.com/cve/CVE-2011-0542.html", + "http://linux.oracle.com/errata/ELSA-2011-1083.html", + "http://www.openwall.com/lists/oss-security/2011/02/02/2", + "http://www.openwall.com/lists/oss-security/2011/02/03/5", + "http://www.openwall.com/lists/oss-security/2011/02/08/4", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0542" + ], + "PublishedDate": "2011-09-02T23:55:00Z", + "LastModifiedDate": "2011-09-05T04:00:00Z" + }, + { + "VulnerabilityID": "CVE-2011-0543", + "PkgName": "libblkid", + "InstalledVersion": "2.17.2-12.28.el6_9.2", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-0543", + "Title": "CVE-2010-3879 CVE-2011-0541 CVE-2011-0542 CVE-2011-0543 fuse: unprivileged user can unmount arbitrary locations via symlink attack", + "Description": "Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when util-linux does not support the --no-canonicalize option, allows local users to bypass intended access restrictions and unmount arbitrary directories via a symlink attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", + "V2Score": 3.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:N/I:P/A:P", + "V2Score": 2.6 + } + }, + "References": [ + "http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=cbd3a2a84068aae6e3fe32939d88470d712dbf47", + "http://linux.oracle.com/cve/CVE-2011-0543.html", + "http://linux.oracle.com/errata/ELSA-2011-1083.html", + "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html", + "http://www.openwall.com/lists/oss-security/2011/02/02/2", + "http://www.openwall.com/lists/oss-security/2011/02/03/5", + "http://www.openwall.com/lists/oss-security/2011/02/08/4", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0543" + ], + "PublishedDate": "2011-09-02T23:55:00Z", + "LastModifiedDate": "2014-02-12T04:26:00Z" + }, + { + "VulnerabilityID": "CVE-2015-5218", + "PkgName": "libblkid", + "InstalledVersion": "2.17.2-12.28.el6_9.2", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5218", + "Title": "colcrt: global-buffer-overflow", + "Description": "Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", + "V2Score": 3.7 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-updates/2015-11/msg00035.html", + "http://www.spinics.net/lists/util-linux-ng/msg11873.html", + "https://bugzilla.redhat.com/show_bug.cgi?id=1259322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5218", + "https://github.com/kerolasa/lelux-utiliteetit/commit/70e3fcf293c1827a2655a86584ab13075124a8a8", + "https://github.com/kerolasa/lelux-utiliteetit/commit/d883d64d96ab9bef510745d064a351145b9babec", + "https://www.kernel.org/pub/linux/utils/util-linux/v2.27/v2.27-ReleaseNotes" + ], + "PublishedDate": "2015-11-09T16:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2016-5011", + "PkgName": "libblkid", + "InstalledVersion": "2.17.2-12.28.el6_9.2", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5011", + "Title": "util-linux: Extended partition loop in MBR partition table leads to DOS", + "Description": "The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.7, + "V3Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.9, + "V3Score": 4.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-5011.html", + "http://linux.oracle.com/errata/ELSA-2016-2605.html", + "http://rhn.redhat.com/errata/RHSA-2016-2605.html", + "http://www-01.ibm.com/support/docview.wss?uid=isg3T1024543", + "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021801", + "http://www.openwall.com/lists/oss-security/2016/07/11/2", + "http://www.securityfocus.com/bid/91683", + "http://www.securitytracker.com/id/1036272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5011", + "https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=7164a1c3" + ], + "PublishedDate": "2017-04-11T15:59:00Z", + "LastModifiedDate": "2017-04-17T16:50:00Z" + }, + { + "VulnerabilityID": "CVE-2015-0247", + "PkgName": "libcom_err", + "InstalledVersion": "1.41.12-24.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-0247", + "Title": "e2fsprogs: ext2fs_open2() missing first_meta_bg boundary check leading to heap buffer overflow (oCERT-015-002)", + "Description": "Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", + "V2Score": 6.9 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2015-0061.html", + "http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149434.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150606.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150805.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00019.html", + "http://lists.opensuse.org/opensuse-updates/2015-06/msg00010.html", + "http://packetstormsecurity.com/files/130283/e2fsprogs-Input-Sanitization.html", + "http://www.debian.org/security/2015/dsa-3166", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:045", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:067", + "http://www.ocert.org/advisories/ocert-2015-002.html", + "http://www.securityfocus.com/archive/1/534633/100/0/threaded", + "http://www.securityfocus.com/bid/72520", + "http://www.ubuntu.com/usn/USN-2507-1", + "https://bugzilla.redhat.com/show_bug.cgi?id=1187032", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0247", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/100740", + "https://security.gentoo.org/glsa/201701-06", + "https://usn.ubuntu.com/usn/usn-2507-1" + ], + "PublishedDate": "2015-02-17T15:59:00Z", + "LastModifiedDate": "2018-10-09T19:55:00Z" + }, + { + "VulnerabilityID": "CVE-2015-1572", + "PkgName": "libcom_err", + "InstalledVersion": "1.41.12-24.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1572", + "Title": "e2fsprogs: potential buffer overflow in closefs() (incomplete CVE-2015-0247 fix)", + "Description": "Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V2Score": 6.2 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2015-0088.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150606.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150805.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00019.html", + "http://lists.opensuse.org/opensuse-updates/2015-06/msg00006.html", + "http://lists.opensuse.org/opensuse-updates/2015-06/msg00010.html", + "http://www.debian.org/security/2015/dsa-3166", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:067", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:068", + "http://www.securityfocus.com/bid/72709", + "http://www.ubuntu.com/usn/USN-2507-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1572", + "https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=49d0fe2a14f2a23da2fe299643379b8c1d37df73", + "https://security.gentoo.org/glsa/201507-22", + "https://usn.ubuntu.com/usn/usn-2507-1" + ], + "PublishedDate": "2015-02-24T15:59:00Z", + "LastModifiedDate": "2017-11-08T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-3153", + "PkgName": "libcurl", + "InstalledVersion": "7.19.7-53.el6_9", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-3153", + "Title": "curl: sensitive HTTP server headers also sent to proxies", + "Description": "The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + } + }, + "References": [ + "http://curl.haxx.se/docs/adv_20150429.html", + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743", + "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", + "http://lists.opensuse.org/opensuse-updates/2015-05/msg00017.html", + "http://www.debian.org/security/2015/dsa-3240", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", + "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", + "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", + "http://www.securityfocus.com/bid/74408", + "http://www.securitytracker.com/id/1032233", + "http://www.ubuntu.com/usn/USN-2591-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3153", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10131", + "https://support.apple.com/kb/HT205031", + "https://usn.ubuntu.com/usn/usn-2591-1" + ], + "PublishedDate": "2015-05-01T15:59:00Z", + "LastModifiedDate": "2018-10-17T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-5419", + "PkgName": "libcurl", + "InstalledVersion": "7.19.7-53.el6_9", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5419", + "Title": "curl: TLS session resumption client cert bypass", + "Description": "curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V2Score": 5.8, + "V3Score": 4.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-5419.html", + "http://linux.oracle.com/errata/ELSA-2016-2575.html", + "http://lists.opensuse.org/opensuse-updates/2016-09/msg00011.html", + "http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html", + "http://rhn.redhat.com/errata/RHSA-2016-2575.html", + "http://rhn.redhat.com/errata/RHSA-2016-2957.html", + "http://www.debian.org/security/2016/dsa-3638", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/92292", + "http://www.securityfocus.com/bid/92319", + "http://www.securitytracker.com/id/1036538", + "http://www.securitytracker.com/id/1038341", + "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.563059", + "http://www.ubuntu.com/usn/USN-3048-1", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://curl.haxx.se/docs/adv_20160803A.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5419", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLPXQQKURBQFM4XM6645VRPTOE2AWG33/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3GQH4V3XAQ5Z53AMQRDEC3C3UHTW7QR/", + "https://security.gentoo.org/glsa/201701-47", + "https://source.android.com/security/bulletin/2016-12-01.html", + "https://usn.ubuntu.com/usn/usn-3048-1", + "https://www.tenable.com/security/tns-2016-18" + ], + "PublishedDate": "2016-08-10T14:59:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8615", + "PkgName": "libcurl", + "InstalledVersion": "7.19.7-53.el6_9", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8615", + "Title": "curl: Cookie injection for other servers", + "Description": "A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-254" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 4.3, + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8615.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94096", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8615", + "https://curl.haxx.se/CVE-2016-8615.patch", + "https://curl.haxx.se/docs/adv_20161102A.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-08-01T06:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8617", + "PkgName": "libcurl", + "InstalledVersion": "7.19.7-53.el6_9", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8617", + "Title": "curl: Out-of-bounds write via unchecked multiplication", + "Description": "The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.4, + "V3Score": 7 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 4.3, + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8617.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94097", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8617", + "https://curl.haxx.se/CVE-2016-8617.patch", + "https://curl.haxx.se/docs/adv_20161102C.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-07-31T22:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8618", + "PkgName": "libcurl", + "InstalledVersion": "7.19.7-53.el6_9", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8618", + "Title": "curl: Double-free in curl_maprintf", + "Description": "The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 4.3, + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8618.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94098", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8618", + "https://curl.haxx.se/docs/adv_20161102D.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-07-31T21:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8619", + "PkgName": "libcurl", + "InstalledVersion": "7.19.7-53.el6_9", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8619", + "Title": "curl: Double-free in krb5 code", + "Description": "The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 4.3, + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8619.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94100", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8619", + "https://curl.haxx.se/CVE-2016-8619.patch", + "https://curl.haxx.se/docs/adv_20161102E.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-08-01T06:29:00Z", + "LastModifiedDate": "2019-10-09T23:20:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8624", + "PkgName": "libcurl", + "InstalledVersion": "7.19.7-53.el6_9", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8624", + "Title": "curl: Invalid URL parsing with '#'", + "Description": "curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 4.3, + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8624.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94103", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8624", + "https://curl.haxx.se/docs/adv_20161102J.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-07-31T21:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8625", + "PkgName": "libcurl", + "InstalledVersion": "7.19.7-53.el6_9", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8625", + "Title": "curl: IDNA 2003 makes curl use wrong host", + "Description": "curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 4.3, + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8625.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.securityfocus.com/bid/94107", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8625", + "https://curl.haxx.se/CVE-2016-8625.patch", + "https://curl.haxx.se/docs/adv_20161102K.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8625", + "https://security.gentoo.org/glsa/201701-47", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-08-01T06:29:00Z", + "LastModifiedDate": "2019-10-09T23:20:00Z" + }, + { + "VulnerabilityID": "CVE-2017-1000254", + "PkgName": "libcurl", + "InstalledVersion": "7.19.7-53.el6_9", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000254", + "Title": "curl: FTP PWD response parser out of bounds read", + "Description": "libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "http://www.debian.org/security/2017/dsa-3992", + "http://www.securityfocus.com/bid/101115", + "http://www.securitytracker.com/id/1039509", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://curl.haxx.se/673d0cd8.patch", + "https://curl.haxx.se/docs/adv_20171004.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000254", + "https://security.gentoo.org/glsa/201712-04", + "https://support.apple.com/HT208331", + "https://usn.ubuntu.com/usn/usn-3441-1", + "https://usn.ubuntu.com/usn/usn-3441-2" + ], + "PublishedDate": "2017-10-06T13:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1000120", + "PkgName": "libcurl", + "InstalledVersion": "7.19.7-53.el6_9", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000120", + "Title": "curl: FTP path trickery leads to NIL byte out of bounds write", + "Description": "A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "V3Score": 5.4 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-1000120.html", + "http://linux.oracle.com/errata/ELSA-2018-3157.html", + "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/103414", + "http://www.securitytracker.com/id/1040531", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3157", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://access.redhat.com/errata/RHSA-2019:1543", + "https://curl.haxx.se/docs/adv_2018-9cd6.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000120", + "https://lists.debian.org/debian-lts-announce/2018/03/msg00012.html", + "https://usn.ubuntu.com/3598-1/", + "https://usn.ubuntu.com/3598-2/", + "https://usn.ubuntu.com/usn/usn-3598-1", + "https://usn.ubuntu.com/usn/usn-3598-2", + "https://www.debian.org/security/2018/dsa-4136", + "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + ], + "PublishedDate": "2018-03-14T18:29:00Z", + "LastModifiedDate": "2019-06-18T22:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-0755", + "PkgName": "libcurl", + "InstalledVersion": "7.19.7-53.el6_9", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-0755", + "Title": "curl: NTLM credentials not-checked for proxy connection re-use", + "Description": "The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.", + "Severity": "LOW", + "CweIDs": [ + "CWE-287" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 5, + "V3Score": 7.3 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", + "V2Score": 4 + } + }, + "References": [ + "http://curl.haxx.se/docs/adv_20160127A.html", + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176546.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177342.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177383.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176413.html", + "http://lists.opensuse.org/opensuse-updates/2016-02/msg00031.html", + "http://lists.opensuse.org/opensuse-updates/2016-02/msg00044.html", + "http://lists.opensuse.org/opensuse-updates/2016-02/msg00047.html", + "http://packetstormsecurity.com/files/135695/Slackware-Security-Advisory-curl-Updates.html", + "http://www.debian.org/security/2016/dsa-3455", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/82307", + "http://www.securitytracker.com/id/1034882", + "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.519965", + "http://www.ubuntu.com/usn/USN-2882-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0755", + "https://security.gentoo.org/glsa/201701-47", + "https://support.apple.com/HT207170", + "https://usn.ubuntu.com/usn/usn-2882-1" + ], + "PublishedDate": "2016-01-29T20:59:00Z", + "LastModifiedDate": "2018-10-17T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-5420", + "PkgName": "libcurl", + "InstalledVersion": "7.19.7-53.el6_9", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5420", + "Title": "curl: Re-using connection with wrong client cert", + "Description": "curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.", + "Severity": "LOW", + "CweIDs": [ + "CWE-285" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V2Score": 4.9, + "V3Score": 4.2 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-5420.html", + "http://linux.oracle.com/errata/ELSA-2016-2575.html", + "http://lists.opensuse.org/opensuse-updates/2016-09/msg00011.html", + "http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html", + "http://rhn.redhat.com/errata/RHSA-2016-2575.html", + "http://rhn.redhat.com/errata/RHSA-2016-2957.html", + "http://www.debian.org/security/2016/dsa-3638", + "http://www.openwall.com/lists/oss-security/2016/09/05/1", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/92309", + "http://www.securitytracker.com/id/1036537", + "http://www.securitytracker.com/id/1036739", + "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.563059", + "http://www.ubuntu.com/usn/USN-3048-1", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://curl.haxx.se/docs/adv_20160803B.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5420", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLPXQQKURBQFM4XM6645VRPTOE2AWG33/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3GQH4V3XAQ5Z53AMQRDEC3C3UHTW7QR/", + "https://security.gentoo.org/glsa/201701-47", + "https://source.android.com/security/bulletin/2016-12-01.html", + "https://usn.ubuntu.com/usn/usn-3048-1", + "https://www.tenable.com/security/tns-2016-18" + ], + "PublishedDate": "2016-08-10T14:59:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-7141", + "PkgName": "libcurl", + "InstalledVersion": "7.19.7-53.el6_9", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-7141", + "Title": "curl: Incorrect reuse of client certificates", + "Description": "curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.", + "Severity": "LOW", + "CweIDs": [ + "CWE-287" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V2Score": 4.9, + "V3Score": 4.2 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-7141.html", + "http://linux.oracle.com/errata/ELSA-2016-2575.html", + "http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html", + "http://rhn.redhat.com/errata/RHSA-2016-2575.html", + "http://rhn.redhat.com/errata/RHSA-2016-2957.html", + "http://seclists.org/oss-sec/2016/q3/419", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/92754", + "http://www.securitytracker.com/id/1036739", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=1373229", + "https://curl.haxx.se/docs/adv_20160907.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7141", + "https://github.com/curl/curl/commit/curl-7_50_2~32", + "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1" + ], + "PublishedDate": "2016-10-03T21:59:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-7167", + "PkgName": "libcurl", + "InstalledVersion": "7.19.7-53.el6_9", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-7167", + "Title": "curl: escape and unescape integer overflows", + "Description": "Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V2Score": 4.3, + "V3Score": 2.9 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-7167.html", + "http://linux.oracle.com/errata/ELSA-2017-2016.html", + "http://openwall.com/lists/oss-security/2016/09/14/1", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/92975", + "http://www.securitytracker.com/id/1036813", + "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.538632", + "https://access.redhat.com/errata/RHSA-2017:2016", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://curl.haxx.se/docs/adv_20160914.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7167", + "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B3IU2FRXQNU6UJIQT4NGLWWTP2GJQXO7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTH54DFOS4TSYPG5XKJDGAG4XPAR4T7M/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZMRWVISG7VUCYRMF23A2UHMYD72VQWAK/", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1" + ], + "PublishedDate": "2016-10-07T14:59:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8616", + "PkgName": "libcurl", + "InstalledVersion": "7.19.7-53.el6_9", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8616", + "Title": "curl: Case insensitive password comparison", + "Description": "A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.", + "Severity": "LOW", + "CweIDs": [ + "CWE-255" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 2.6, + "V3Score": 3.7 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8616.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94094", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8616", + "https://curl.haxx.se/CVE-2016-8616.patch", + "https://curl.haxx.se/docs/adv_20161102B.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-08-01T06:29:00Z", + "LastModifiedDate": "2019-10-09T23:20:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8621", + "PkgName": "libcurl", + "InstalledVersion": "7.19.7-53.el6_9", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8621", + "Title": "curl: curl_getdate out-of-bounds read", + "Description": "The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8621.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94101", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8621", + "https://curl.haxx.se/CVE-2016-8621.patch", + "https://curl.haxx.se/docs/adv_20161102G.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-07-31T22:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8623", + "PkgName": "libcurl", + "InstalledVersion": "7.19.7-53.el6_9", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8623", + "Title": "curl: Use-after-free via shared cookies", + "Description": "A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.", + "Severity": "LOW", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 4.3, + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8623.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94106", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8623", + "https://curl.haxx.se/CVE-2016-8623.patch", + "https://curl.haxx.se/docs/adv_20161102I.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-08-01T06:29:00Z", + "LastModifiedDate": "2019-10-09T23:20:00Z" + }, + { + "VulnerabilityID": "CVE-2016-9586", + "PkgName": "libcurl", + "InstalledVersion": "7.19.7-53.el6_9", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9586", + "Title": "curl: printf floating point buffer overflow", + "Description": "curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.1 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 2.6, + "V3Score": 5.9 + } + }, + "References": [ + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/95019", + "http://www.securitytracker.com/id/1037515", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9586", + "https://curl.haxx.se/docs/adv_20161221A.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9586", + "https://github.com/curl/curl/commit/curl-7_51_0-162-g3ab3c16", + "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3441-1", + "https://usn.ubuntu.com/usn/usn-3441-2" + ], + "PublishedDate": "2018-04-23T18:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-1000100", + "PkgName": "libcurl", + "InstalledVersion": "7.19.7-53.el6_9", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000100", + "Title": "curl: TFTP sends more than buffer size", + "Description": "When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.8 + } + }, + "References": [ + "http://www.debian.org/security/2017/dsa-3992", + "http://www.securityfocus.com/bid/100286", + "http://www.securitytracker.com/id/1039118", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://curl.haxx.se/docs/adv_20170809B.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000100", + "https://security.gentoo.org/glsa/201709-14", + "https://support.apple.com/HT208221", + "https://usn.ubuntu.com/usn/usn-3441-1", + "https://usn.ubuntu.com/usn/usn-3441-2" + ], + "PublishedDate": "2017-10-05T01:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7407", + "PkgName": "libcurl", + "InstalledVersion": "7.19.7-53.el6_9", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7407", + "Title": "curl: --write-out out of bounds read", + "Description": "The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 2.1, + "V3Score": 2.4 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", + "V3Score": 1.8 + } + }, + "References": [ + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://curl.haxx.se/docs/adv_20170403.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7407", + "https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13", + "https://security.gentoo.org/glsa/201709-14", + "https://usn.ubuntu.com/usn/usn-3441-1", + "https://usn.ubuntu.com/usn/usn-3441-2" + ], + "PublishedDate": "2017-04-03T20:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-14618", + "PkgName": "libcurl", + "InstalledVersion": "7.19.7-53.el6_9", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14618", + "Title": "curl: NTLM password overflow via integer overflow", + "Description": "curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 10, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-14618.html", + "http://linux.oracle.com/errata/ELSA-2019-1880.html", + "http://www.securitytracker.com/id/1041605", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618", + "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf", + "https://curl.haxx.se/docs/CVE-2018-14618.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14618", + "https://github.com/curl/curl/issues/2756", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0014", + "https://security.gentoo.org/glsa/201903-03", + "https://usn.ubuntu.com/3765-1/", + "https://usn.ubuntu.com/3765-2/", + "https://usn.ubuntu.com/usn/usn-3765-1", + "https://usn.ubuntu.com/usn/usn-3765-2", + "https://www.debian.org/security/2018/dsa-4286" + ], + "PublishedDate": "2018-09-05T19:29:00Z", + "LastModifiedDate": "2019-04-22T17:48:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16842", + "PkgName": "libcurl", + "InstalledVersion": "7.19.7-53.el6_9", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16842", + "Title": "curl: Heap-based buffer over-read in the curl tool warning formatting", + "Description": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", + "V3Score": 3.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16842.html", + "http://linux.oracle.com/errata/ELSA-2019-2181.html", + "http://www.securitytracker.com/id/1042014", + "https://access.redhat.com/errata/RHSA-2019:2181", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842", + "https://curl.haxx.se/docs/CVE-2018-16842.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16842", + "https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211", + "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", + "https://security.gentoo.org/glsa/201903-03", + "https://usn.ubuntu.com/3805-1/", + "https://usn.ubuntu.com/3805-2/", + "https://usn.ubuntu.com/usn/usn-3805-1", + "https://usn.ubuntu.com/usn/usn-3805-2", + "https://www.debian.org/security/2018/dsa-4331" + ], + "PublishedDate": "2018-10-31T19:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5436", + "PkgName": "libcurl", + "InstalledVersion": "7.19.7-53.el6_9", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5436", + "Title": "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function", + "Description": "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html", + "https://curl.haxx.se/docs/CVE-2019-5436.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/", + "https://security.netapp.com/advisory/ntap-20190606-0004/", + "https://usn.ubuntu.com/usn/usn-3993-1", + "https://usn.ubuntu.com/usn/usn-3993-2" + ], + "PublishedDate": "2019-05-28T19:29:00Z", + "LastModifiedDate": "2019-06-09T05:29:00Z" + }, + { + "VulnerabilityID": "CVE-2002-2439", + "PkgName": "libgcc", + "InstalledVersion": "4.4.7-23.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2002-2439", + "Title": "gcc: Integer overflow can occur during the computation of the memory region size for new[] operator", + "Description": "Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", + "V2Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/cve-2002-2439", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2002-2439", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2439", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=19351", + "https://security-tracker.debian.org/tracker/CVE-2002-2439" + ], + "PublishedDate": "2019-10-23T18:15:00Z", + "LastModifiedDate": "2019-10-31T02:39:00Z" + }, + { + "VulnerabilityID": "CVE-2014-5044", + "PkgName": "libgcc", + "InstalledVersion": "4.4.7-23.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-5044", + "Title": "gcc: integer overflow flaws in libgfortran", + "Description": "Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2014/07/23/7", + "http://www.openwall.com/lists/oss-security/2014/07/24/1", + "http://www.openwall.com/lists/oss-security/2014/07/31/6", + "https://bugzilla.redhat.com/show_bug.cgi?id=1122812", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5044", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/94849", + "https://gcc.gnu.org/viewcvs/gcc/trunk/libgfortran/ChangeLog?limit_changes=0\u0026view=markup\u0026pathrev=211721", + "https://gcc.gnu.org/viewcvs/gcc?limit_changes=0\u0026view=revision\u0026revision=211721" + ], + "PublishedDate": "2018-03-07T15:29:00Z", + "LastModifiedDate": "2018-03-27T23:48:00Z" + }, + { + "VulnerabilityID": "CVE-2016-9427", + "PkgName": "libgcc", + "InstalledVersion": "4.4.7-23.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9427", + "Title": "gc: Integer overflow in GC_MALLOC_ATOMIC", + "Description": "Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190", + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 5.1, + "V3Score": 7.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-updates/2016-12/msg00089.html", + "http://lists.opensuse.org/opensuse-updates/2016-12/msg00115.html", + "http://www.openwall.com/lists/oss-security/2016/11/18/3", + "http://www.securityfocus.com/bid/94407", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9427", + "https://github.com/ivmai/bdwgc/issues/135", + "https://usn.ubuntu.com/usn/usn-3197-1" + ], + "PublishedDate": "2016-12-12T02:59:00Z", + "LastModifiedDate": "2017-01-07T03:00:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20673", + "PkgName": "libgcc", + "InstalledVersion": "4.4.7-23.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20673", + "Title": "libiberty: Integer overflow in demangle_template() function", + "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106454", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24039" + ], + "PublishedDate": "2019-01-04T18:29:00Z", + "LastModifiedDate": "2019-01-15T14:36:00Z" + }, + { + "VulnerabilityID": "CVE-2015-5276", + "PkgName": "libgcc", + "InstalledVersion": "4.4.7-23.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5276", + "Title": "gcc: Predictable randomness from std::random_device", + "Description": "The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "V2Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-updates/2015-11/msg00054.html", + "http://lists.opensuse.org/opensuse-updates/2016-04/msg00052.html", + "http://www.securitytracker.com/id/1034375", + "https://bugzilla.redhat.com/show_bug.cgi?id=1262846", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5276", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65142", + "https://gcc.gnu.org/ml/gcc-patches/2015-09/msg01050.html" + ], + "PublishedDate": "2015-11-17T15:59:00Z", + "LastModifiedDate": "2019-02-12T19:05:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2226", + "PkgName": "libgcc", + "InstalledVersion": "4.4.7-23.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2226", + "Title": "gcc: Exploitable buffer overflow", + "Description": "Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190", + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V2Score": 6.8, + "V3Score": 3.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90103", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1", + "https://www.exploit-db.com/exploits/42386/" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-08-12T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4487", + "PkgName": "libgcc", + "InstalledVersion": "4.4.7-23.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4487", + "Title": "gcc: Invalid write due to a use-after-free to array btypevec", + "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"btypevec.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V2Score": 2.6, + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90025", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", + "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4488", + "PkgName": "libgcc", + "InstalledVersion": "4.4.7-23.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4488", + "Title": "gcc: Invalid write due to a use-after-free to array ktypevec", + "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"ktypevec.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V2Score": 5.1, + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90025", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", + "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4489", + "PkgName": "libgcc", + "InstalledVersion": "4.4.7-23.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4489", + "Title": "gcc: Invalid write due to integer overflow", + "Description": "Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the \"demangling of virtual tables.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 4, + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90017", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4490", + "PkgName": "libgcc", + "InstalledVersion": "4.4.7-23.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4490", + "Title": "gcc: Write access violation", + "Description": "Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 4, + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90019", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4491", + "PkgName": "libgcc", + "InstalledVersion": "4.4.7-23.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4491", + "Title": "gcc: Stack overflow due to infinite recursion in d_print_comp", + "Description": "The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90016", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909", + "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4492", + "PkgName": "libgcc", + "InstalledVersion": "4.4.7-23.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4492", + "Title": "gcc: Read access violations", + "Description": "Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 4.4 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 2.6, + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90014", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", + "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4493", + "PkgName": "libgcc", + "InstalledVersion": "4.4.7-23.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4493", + "Title": "gcc: Read access violations", + "Description": "The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 2.6, + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90014", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", + "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20657", + "PkgName": "libgcc", + "InstalledVersion": "4.4.7-23.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20657", + "Title": "libiberty: Memory leak in demangle_template function resulting in a denial of service", + "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", + "Severity": "LOW", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-20657.html", + "http://linux.oracle.com/errata/ELSA-2019-3352.html", + "http://www.securityfocus.com/bid/106444", + "https://access.redhat.com/errata/RHSA-2019:3352", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539", + "https://support.f5.com/csp/article/K62602089" + ], + "PublishedDate": "2019-01-02T14:29:00Z", + "LastModifiedDate": "2019-11-06T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2014-5270", + "PkgName": "libgcrypt", + "InstalledVersion": "1.4.5-12.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-5270", + "Title": "libgcrypt: ELGAMAL side-channel attack", + "Description": "Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 2.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 1.9 + } + }, + "References": [ + "http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000352.html", + "http://openwall.com/lists/oss-security/2014/08/16/2", + "http://www.cs.tau.ac.il/~tromer/handsoff/", + "http://www.debian.org/security/2014/dsa-3024", + "http://www.debian.org/security/2014/dsa-3073", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5270", + "https://usn.ubuntu.com/usn/usn-2339-1", + "https://usn.ubuntu.com/usn/usn-2339-2" + ], + "PublishedDate": "2014-10-10T01:55:00Z", + "LastModifiedDate": "2017-11-04T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7526", + "PkgName": "libgcrypt", + "InstalledVersion": "1.4.5-12.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7526", + "Title": "libgcrypt: Use of left-to-right sliding window method allows full RSA key recovery", + "Description": "libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99338", + "http://www.securitytracker.com/id/1038915", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7526", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7526", + "https://eprint.iacr.org/2017/627", + "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=78130828e9a140a9de4dafadbc844dbb64cb709a", + "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=8725c99ffa41778f382ca97233183bcd687bb0ce", + "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=e6a3dc9900433bbc8ad362a595a3837318c28fa9", + "https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html", + "https://usn.ubuntu.com/3733-1/", + "https://usn.ubuntu.com/3733-2/", + "https://usn.ubuntu.com/usn/usn-3347-1", + "https://usn.ubuntu.com/usn/usn-3347-2", + "https://usn.ubuntu.com/usn/usn-3733-1", + "https://usn.ubuntu.com/usn/usn-3733-2", + "https://www.debian.org/security/2017/dsa-3901", + "https://www.debian.org/security/2017/dsa-3960" + ], + "PublishedDate": "2018-07-26T13:29:00Z", + "LastModifiedDate": "2019-10-09T23:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-12904", + "PkgName": "libgcrypt", + "InstalledVersion": "1.4.5-12.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12904", + "Title": "Libgcrypt: physical addresses being available to other processes leads to a flush-and-reload side-channel attack", + "Description": "In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.)", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00049.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12904", + "https://dev.gnupg.org/T4541", + "https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020", + "https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762", + "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html" + ], + "PublishedDate": "2019-06-20T00:15:00Z", + "LastModifiedDate": "2019-07-23T18:15:00Z" + }, + { + "VulnerabilityID": "CVE-2014-3591", + "PkgName": "libgcrypt", + "InstalledVersion": "1.4.5-12.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3591", + "Title": "libgcrypt: use ciphertext blinding for Elgamal decryption (new side-channel attack)", + "Description": "Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 1.9 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", + "V2Score": 1.2 + } + }, + "References": [ + "http://www.cs.tau.ac.il/~tromer/radioexp/", + "http://www.debian.org/security/2015/dsa-3184", + "http://www.debian.org/security/2015/dsa-3185", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3591", + "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html", + "https://usn.ubuntu.com/usn/usn-2554-1", + "https://usn.ubuntu.com/usn/usn-2555-1" + ], + "PublishedDate": "2019-11-29T22:15:00Z", + "LastModifiedDate": "2019-12-05T18:06:00Z" + }, + { + "VulnerabilityID": "CVE-2015-0837", + "PkgName": "libgcrypt", + "InstalledVersion": "1.4.5-12.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-0837", + "Title": "libgcrypt: last-level cache side-channel attack", + "Description": "The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a \"Last-Level Cache Side-Channel Attack.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-203" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", + "V2Score": 1.2 + } + }, + "References": [ + "http://www.debian.org/security/2015/dsa-3184", + "http://www.debian.org/security/2015/dsa-3185", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0837", + "https://ieeexplore.ieee.org/document/7163050", + "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html", + "https://usn.ubuntu.com/usn/usn-2554-1", + "https://usn.ubuntu.com/usn/usn-2555-1" + ], + "PublishedDate": "2019-11-29T22:15:00Z", + "LastModifiedDate": "2019-12-14T13:59:00Z" + }, + { + "VulnerabilityID": "CVE-2015-2059", + "PkgName": "libidn", + "InstalledVersion": "1.18-2.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2059", + "Title": "libidn: out-of-bounds read with stringprep on invalid UTF-8", + "Description": "The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", + "V2Score": 2.6 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=2e97c279", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162537.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162549.html", + "http://lists.opensuse.org/opensuse-updates/2015-07/msg00042.html", + "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html", + "http://www.debian.org/security/2016/dsa-3578", + "http://www.openwall.com/lists/oss-security/2015/02/23/25", + "http://www.securityfocus.com/bid/72736", + "http://www.ubuntu.com/usn/USN-3068-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2059", + "https://github.com/jabberd2/jabberd2/issues/85", + "https://lists.gnu.org/archive/html/help-libidn/2015-07/msg00026.html (regression)", + "https://usn.ubuntu.com/usn/usn-3068-1" + ], + "PublishedDate": "2015-08-12T14:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8948", + "PkgName": "libidn", + "InstalledVersion": "1.18-2.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8948", + "Title": "libidn: Out-of-bounds read due to use of fgets with fixed-size buffer", + "Description": "idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 2.6, + "V3Score": 3.7 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=570e68886c41c2e765e6218cb317d9a9a447a041", + "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html", + "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html", + "http://www.debian.org/security/2016/dsa-3658", + "http://www.openwall.com/lists/oss-security/2016/07/20/6", + "http://www.openwall.com/lists/oss-security/2016/07/21/4", + "http://www.securityfocus.com/bid/92070", + "http://www.ubuntu.com/usn/USN-3068-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8948", + "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html", + "https://marc.info/?l=oss-security\u0026m=146910769415616\u0026w=2", + "https://usn.ubuntu.com/usn/usn-3068-1" + ], + "PublishedDate": "2016-09-07T20:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2016-6261", + "PkgName": "libidn", + "InstalledVersion": "1.18-2.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6261", + "Title": "libidn: Out of bounds stack read in idna_to_ascii_4i", + "Description": "The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 2.6, + "V3Score": 3.7 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d", + "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html", + "http://www.debian.org/security/2016/dsa-3658", + "http://www.openwall.com/lists/oss-security/2016/07/20/6", + "http://www.openwall.com/lists/oss-security/2016/07/21/4", + "http://www.securityfocus.com/bid/92070", + "http://www.ubuntu.com/usn/USN-3068-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6261", + "https://lists.gnu.org/archive/html/help-libidn/2015-07/msg00016.html", + "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html", + "https://usn.ubuntu.com/usn/usn-3068-1" + ], + "PublishedDate": "2016-09-07T20:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2016-6262", + "PkgName": "libidn", + "InstalledVersion": "1.18-2.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6262", + "Title": "libidn: Out-of-bounds read when reading zero byte as input", + "Description": "idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V2Score": 2.6, + "V3Score": 3.7 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60", + "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html", + "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html", + "http://www.openwall.com/lists/oss-security/2016/07/20/6", + "http://www.openwall.com/lists/oss-security/2016/07/21/4", + "http://www.securityfocus.com/bid/92070", + "http://www.ubuntu.com/usn/USN-3068-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6262", + "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html", + "https://usn.ubuntu.com/usn/usn-3068-1" + ], + "PublishedDate": "2016-09-07T20:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2016-6263", + "PkgName": "libidn", + "InstalledVersion": "1.18-2.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6263", + "Title": "libidn: Crash when given invalid UTF-8 data on input", + "Description": "The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V2Score": 2.6, + "V3Score": 3.7 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f425555", + "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html", + "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html", + "http://www.debian.org/security/2016/dsa-3658", + "http://www.openwall.com/lists/oss-security/2016/07/20/6", + "http://www.openwall.com/lists/oss-security/2016/07/21/4", + "http://www.securityfocus.com/bid/92070", + "http://www.ubuntu.com/usn/USN-3068-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6263", + "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html", + "https://usn.ubuntu.com/usn/usn-3068-1" + ], + "PublishedDate": "2016-09-07T20:59:00Z", + "LastModifiedDate": "2016-11-28T20:31:00Z" + }, + { + "VulnerabilityID": "CVE-2017-14062", + "PkgName": "libidn", + "InstalledVersion": "1.18-2.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14062", + "Title": "libidn2: Integer overflow in puny_decode.c/decode_digit", + "Description": "Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.debian.org/security/2017/dsa-3988", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14062", + "https://gitlab.com/libidn/libidn2/blob/master/NEWS", + "https://gitlab.com/libidn/libidn2/commit/3284eb342cd0ed1a18786e3fcdf0cdd7e76676bd", + "https://lists.debian.org/debian-lts-announce/2018/07/msg00040.html", + "https://usn.ubuntu.com/usn/usn-3421-1", + "https://usn.ubuntu.com/usn/usn-3434-1", + "https://usn.ubuntu.com/usn/usn-3434-2" + ], + "PublishedDate": "2017-08-31T16:29:00Z", + "LastModifiedDate": "2020-02-18T19:27:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3855", + "PkgName": "libssh2", + "InstalledVersion": "1.4.2-2.el6_7.1", + "FixedVersion": "1.4.2-3.el6_10.1", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3855", + "Title": "libssh2: Integer overflow in transport read resulting in out of bounds write", + "Description": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 9.3, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-3855.html", + "http://linux.oracle.com/errata/ELSA-2019-1652.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", + "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", + "http://www.openwall.com/lists/oss-security/2019/03/18/3", + "http://www.securityfocus.com/bid/107485", + "https://access.redhat.com/errata/RHSA-2019:0679", + "https://access.redhat.com/errata/RHSA-2019:1175", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3855", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3855", + "https://github.com/libssh2/libssh2/pull/315", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", + "https://seclists.org/bugtraq/2019/Apr/25", + "https://seclists.org/bugtraq/2019/Mar/25", + "https://security.netapp.com/advisory/ntap-20190327-0005/", + "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", + "https://www.debian.org/security/2019/dsa-4431", + "https://www.libssh2.org/CVE-2019-3855.html" + ], + "PublishedDate": "2019-03-21T21:29:00Z", + "LastModifiedDate": "2019-05-14T21:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3856", + "PkgName": "libssh2", + "InstalledVersion": "1.4.2-2.el6_7.1", + "FixedVersion": "1.4.2-3.el6_10.1", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3856", + "Title": "libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write", + "Description": "An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-3856.html", + "http://linux.oracle.com/errata/ELSA-2019-1652.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", + "https://access.redhat.com/errata/RHSA-2019:0679", + "https://access.redhat.com/errata/RHSA-2019:1175", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3856", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3856", + "https://github.com/libssh2/libssh2/pull/315", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", + "https://seclists.org/bugtraq/2019/Apr/25", + "https://security.netapp.com/advisory/ntap-20190327-0005/", + "https://www.debian.org/security/2019/dsa-4431", + "https://www.libssh2.org/CVE-2019-3856.html" + ], + "PublishedDate": "2019-03-25T19:29:00Z", + "LastModifiedDate": "2019-05-14T21:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3857", + "PkgName": "libssh2", + "InstalledVersion": "1.4.2-2.el6_7.1", + "FixedVersion": "1.4.2-3.el6_10.1", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3857", + "Title": "libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write", + "Description": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-3857.html", + "http://linux.oracle.com/errata/ELSA-2019-1652.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", + "https://access.redhat.com/errata/RHSA-2019:0679", + "https://access.redhat.com/errata/RHSA-2019:1175", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3857", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3857", + "https://github.com/libssh2/libssh2/pull/315", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", + "https://seclists.org/bugtraq/2019/Apr/25", + "https://security.netapp.com/advisory/ntap-20190327-0005/", + "https://www.debian.org/security/2019/dsa-4431", + "https://www.libssh2.org/CVE-2019-3857.html" + ], + "PublishedDate": "2019-03-25T19:29:00Z", + "LastModifiedDate": "2019-05-14T21:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3863", + "PkgName": "libssh2", + "InstalledVersion": "1.4.2-2.el6_7.1", + "FixedVersion": "1.4.2-3.el6_10.1", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3863", + "Title": "libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes", + "Description": "A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-3863.html", + "http://linux.oracle.com/errata/ELSA-2019-1652.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", + "https://access.redhat.com/errata/RHSA-2019:0679", + "https://access.redhat.com/errata/RHSA-2019:1175", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3863", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3863", + "https://github.com/libssh2/libssh2/pull/315", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", + "https://seclists.org/bugtraq/2019/Apr/25", + "https://security.netapp.com/advisory/ntap-20190327-0005/", + "https://www.debian.org/security/2019/dsa-4431", + "https://www.libssh2.org/CVE-2019-3863.html" + ], + "PublishedDate": "2019-03-25T18:29:00Z", + "LastModifiedDate": "2019-05-14T21:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3858", + "PkgName": "libssh2", + "InstalledVersion": "1.4.2-2.el6_7.1", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3858", + "Title": "libssh2: Zero-byte allocation with a specially crafted SFTP packed leading to an out-of-bounds read", + "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-3858.html", + "http://linux.oracle.com/errata/ELSA-2019-2136.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", + "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", + "http://www.openwall.com/lists/oss-security/2019/03/18/3", + "http://www.securityfocus.com/bid/107485", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3858", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3858", + "https://github.com/libssh2/libssh2/pull/316", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", + "https://seclists.org/bugtraq/2019/Apr/25", + "https://seclists.org/bugtraq/2019/Mar/25", + "https://security.netapp.com/advisory/ntap-20190327-0005/", + "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", + "https://www.debian.org/security/2019/dsa-4431", + "https://www.libssh2.org/CVE-2019-3858.html" + ], + "PublishedDate": "2019-03-21T21:29:00Z", + "LastModifiedDate": "2019-04-15T12:31:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3859", + "PkgName": "libssh2", + "InstalledVersion": "1.4.2-2.el6_7.1", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3859", + "Title": "libssh2: Unchecked use of _libssh2_packet_require and _libssh2_packet_requirev resulting in out-of-bounds read", + "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00102.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00103.html", + "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", + "http://www.openwall.com/lists/oss-security/2019/03/18/3", + "http://www.securityfocus.com/bid/107485", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3859", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3859", + "https://github.com/libssh2/libssh2/pull/315", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", + "https://lists.debian.org/debian-lts-announce/2019/04/msg00006.html", + "https://lists.debian.org/debian-lts-announce/2019/07/msg00024.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", + "https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00102.html", + "https://seclists.org/bugtraq/2019/Apr/25", + "https://seclists.org/bugtraq/2019/Mar/25", + "https://security.netapp.com/advisory/ntap-20190327-0005/", + "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", + "https://www.debian.org/security/2019/dsa-4431", + "https://www.libssh2.org/CVE-2019-3859.html" + ], + "PublishedDate": "2019-03-21T16:01:00Z", + "LastModifiedDate": "2019-07-25T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3860", + "PkgName": "libssh2", + "InstalledVersion": "1.4.2-2.el6_7.1", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3860", + "Title": "libssh2: Out-of-bounds reads with specially crafted SFTP packets", + "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3860", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3860", + "https://github.com/libssh2/libssh2/pull/316", + "https://libssh2.org/CVE-2019-3860.html", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", + "https://seclists.org/bugtraq/2019/Apr/25", + "https://security.netapp.com/advisory/ntap-20190327-0005/", + "https://www.debian.org/security/2019/dsa-4431", + "https://www.libssh2.org/CVE-2019-3860.html" + ], + "PublishedDate": "2019-03-25T19:29:00Z", + "LastModifiedDate": "2019-04-15T12:31:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3861", + "PkgName": "libssh2", + "InstalledVersion": "1.4.2-2.el6_7.1", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3861", + "Title": "libssh2: Out-of-bounds reads with specially crafted SSH packets", + "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-3861.html", + "http://linux.oracle.com/errata/ELSA-2019-2136.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3861", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3861", + "https://github.com/libssh2/libssh2/pull/316", + "https://libssh2.org/CVE-2019-3861.html", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", + "https://seclists.org/bugtraq/2019/Apr/25", + "https://security.netapp.com/advisory/ntap-20190327-0005/", + "https://www.debian.org/security/2019/dsa-4431", + "https://www.libssh2.org/CVE-2019-3861.html" + ], + "PublishedDate": "2019-03-25T19:29:00Z", + "LastModifiedDate": "2019-04-15T12:31:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3862", + "PkgName": "libssh2", + "InstalledVersion": "1.4.2-2.el6_7.1", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3862", + "Title": "libssh2: Out-of-bounds memory comparison with specially crafted message channel request", + "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-3862.html", + "http://linux.oracle.com/errata/ELSA-2019-4693.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", + "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", + "http://www.openwall.com/lists/oss-security/2019/03/18/3", + "http://www.securityfocus.com/bid/107485", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3862", + "https://github.com/libssh2/libssh2/pull/316", + "https://libssh2.org/CVE-2019-3862.html", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", + "https://seclists.org/bugtraq/2019/Apr/25", + "https://seclists.org/bugtraq/2019/Mar/25", + "https://security.netapp.com/advisory/ntap-20190327-0005/", + "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", + "https://www.debian.org/security/2019/dsa-4431", + "https://www.libssh2.org/CVE-2019-3862.html" + ], + "PublishedDate": "2019-03-21T16:01:00Z", + "LastModifiedDate": "2019-04-15T12:31:00Z" + }, + { + "VulnerabilityID": "CVE-2015-1782", + "PkgName": "libssh2", + "InstalledVersion": "1.4.2-2.el6_7.1", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1782", + "Title": "libssh2: Using SSH_MSG_KEXINIT data unbounded", + "Description": "The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "V2Score": 7.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2015-1782.html", + "http://linux.oracle.com/errata/ELSA-2015-2140.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151943.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152362.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153933.html", + "http://www.debian.org/security/2015/dsa-3182", + "http://www.libssh2.org/adv_20150311.html", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:148", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "http://www.securityfocus.com/bid/73061", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1782" + ], + "PublishedDate": "2015-03-13T14:59:00Z", + "LastModifiedDate": "2017-01-03T02:59:00Z" + }, + { + "VulnerabilityID": "CVE-2002-2439", + "PkgName": "libstdc++", + "InstalledVersion": "4.4.7-23.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2002-2439", + "Title": "gcc: Integer overflow can occur during the computation of the memory region size for new[] operator", + "Description": "Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", + "V2Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/cve-2002-2439", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2002-2439", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2439", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=19351", + "https://security-tracker.debian.org/tracker/CVE-2002-2439" + ], + "PublishedDate": "2019-10-23T18:15:00Z", + "LastModifiedDate": "2019-10-31T02:39:00Z" + }, + { + "VulnerabilityID": "CVE-2014-5044", + "PkgName": "libstdc++", + "InstalledVersion": "4.4.7-23.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-5044", + "Title": "gcc: integer overflow flaws in libgfortran", + "Description": "Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2014/07/23/7", + "http://www.openwall.com/lists/oss-security/2014/07/24/1", + "http://www.openwall.com/lists/oss-security/2014/07/31/6", + "https://bugzilla.redhat.com/show_bug.cgi?id=1122812", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5044", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/94849", + "https://gcc.gnu.org/viewcvs/gcc/trunk/libgfortran/ChangeLog?limit_changes=0\u0026view=markup\u0026pathrev=211721", + "https://gcc.gnu.org/viewcvs/gcc?limit_changes=0\u0026view=revision\u0026revision=211721" + ], + "PublishedDate": "2018-03-07T15:29:00Z", + "LastModifiedDate": "2018-03-27T23:48:00Z" + }, + { + "VulnerabilityID": "CVE-2016-9427", + "PkgName": "libstdc++", + "InstalledVersion": "4.4.7-23.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9427", + "Title": "gc: Integer overflow in GC_MALLOC_ATOMIC", + "Description": "Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190", + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 5.1, + "V3Score": 7.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-updates/2016-12/msg00089.html", + "http://lists.opensuse.org/opensuse-updates/2016-12/msg00115.html", + "http://www.openwall.com/lists/oss-security/2016/11/18/3", + "http://www.securityfocus.com/bid/94407", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9427", + "https://github.com/ivmai/bdwgc/issues/135", + "https://usn.ubuntu.com/usn/usn-3197-1" + ], + "PublishedDate": "2016-12-12T02:59:00Z", + "LastModifiedDate": "2017-01-07T03:00:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20673", + "PkgName": "libstdc++", + "InstalledVersion": "4.4.7-23.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20673", + "Title": "libiberty: Integer overflow in demangle_template() function", + "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106454", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24039" + ], + "PublishedDate": "2019-01-04T18:29:00Z", + "LastModifiedDate": "2019-01-15T14:36:00Z" + }, + { + "VulnerabilityID": "CVE-2015-5276", + "PkgName": "libstdc++", + "InstalledVersion": "4.4.7-23.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5276", + "Title": "gcc: Predictable randomness from std::random_device", + "Description": "The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "V2Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-updates/2015-11/msg00054.html", + "http://lists.opensuse.org/opensuse-updates/2016-04/msg00052.html", + "http://www.securitytracker.com/id/1034375", + "https://bugzilla.redhat.com/show_bug.cgi?id=1262846", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5276", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65142", + "https://gcc.gnu.org/ml/gcc-patches/2015-09/msg01050.html" + ], + "PublishedDate": "2015-11-17T15:59:00Z", + "LastModifiedDate": "2019-02-12T19:05:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2226", + "PkgName": "libstdc++", + "InstalledVersion": "4.4.7-23.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2226", + "Title": "gcc: Exploitable buffer overflow", + "Description": "Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190", + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V2Score": 6.8, + "V3Score": 3.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90103", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1", + "https://www.exploit-db.com/exploits/42386/" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-08-12T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4487", + "PkgName": "libstdc++", + "InstalledVersion": "4.4.7-23.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4487", + "Title": "gcc: Invalid write due to a use-after-free to array btypevec", + "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"btypevec.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V2Score": 2.6, + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90025", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", + "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4488", + "PkgName": "libstdc++", + "InstalledVersion": "4.4.7-23.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4488", + "Title": "gcc: Invalid write due to a use-after-free to array ktypevec", + "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"ktypevec.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V2Score": 5.1, + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90025", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", + "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4489", + "PkgName": "libstdc++", + "InstalledVersion": "4.4.7-23.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4489", + "Title": "gcc: Invalid write due to integer overflow", + "Description": "Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the \"demangling of virtual tables.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 4, + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90017", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4490", + "PkgName": "libstdc++", + "InstalledVersion": "4.4.7-23.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4490", + "Title": "gcc: Write access violation", + "Description": "Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 4, + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90019", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4491", + "PkgName": "libstdc++", + "InstalledVersion": "4.4.7-23.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4491", + "Title": "gcc: Stack overflow due to infinite recursion in d_print_comp", + "Description": "The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90016", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909", + "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4492", + "PkgName": "libstdc++", + "InstalledVersion": "4.4.7-23.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4492", + "Title": "gcc: Read access violations", + "Description": "Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 4.4 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 2.6, + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90014", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", + "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4493", + "PkgName": "libstdc++", + "InstalledVersion": "4.4.7-23.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4493", + "Title": "gcc: Read access violations", + "Description": "The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 2.6, + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90014", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", + "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20657", + "PkgName": "libstdc++", + "InstalledVersion": "4.4.7-23.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20657", + "Title": "libiberty: Memory leak in demangle_template function resulting in a denial of service", + "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", + "Severity": "LOW", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-20657.html", + "http://linux.oracle.com/errata/ELSA-2019-3352.html", + "http://www.securityfocus.com/bid/106444", + "https://access.redhat.com/errata/RHSA-2019:3352", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539", + "https://support.f5.com/csp/article/K62602089" + ], + "PublishedDate": "2019-01-02T14:29:00Z", + "LastModifiedDate": "2019-11-06T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2015-3622", + "PkgName": "libtasn1", + "InstalledVersion": "2.3-6.el6_5", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-3622", + "Title": "libtasn1: heap overflow flaw in _asn1_extract_der_octet()", + "Description": "The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2015-3622.html", + "http://linux.oracle.com/errata/ELSA-2017-1860.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158225.html", + "http://lists.opensuse.org/opensuse-updates/2015-08/msg00014.html", + "http://lists.opensuse.org/opensuse-updates/2016-06/msg00047.html", + "http://lists.opensuse.org/opensuse-updates/2016-06/msg00097.html", + "http://packetstormsecurity.com/files/131711/libtasn1-Heap-Overflow.html", + "http://seclists.org/fulldisclosure/2015/Apr/109", + "http://www.debian.org/security/2015/dsa-3256", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:232", + "http://www.securityfocus.com/bid/74419", + "http://www.securitytracker.com/id/1032246", + "http://www.ubuntu.com/usn/USN-2604-1", + "https://access.redhat.com/errata/RHSA-2017:1860", + "https://blog.fuzzing-project.org/9-Heap-overflow-invalid-read-in-Libtasn1-TFPA-0052015.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3622", + "https://lists.gnu.org/archive/html/help-libtasn1/2015-04/msg00000.html", + "https://security.gentoo.org/glsa/201509-04", + "https://usn.ubuntu.com/usn/usn-2604-1" + ], + "PublishedDate": "2015-05-12T19:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4008", + "PkgName": "libtasn1", + "InstalledVersion": "2.3-6.el6_5", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4008", + "Title": "libtasn1: infinite loop while parsing DER certificates", + "Description": "The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=a6e0a0b58f5cdaf4e9beca5bce69c09808cbb625", + "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=f435825c0f527a8e52e6ffbc3ad0bc60531d537e", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182299.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182907.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183221.html", + "http://lists.opensuse.org/opensuse-updates/2016-06/msg00047.html", + "http://lists.opensuse.org/opensuse-updates/2016-06/msg00097.html", + "http://www.debian.org/security/2016/dsa-3568", + "http://www.openwall.com/lists/oss-security/2016/04/11/3", + "http://www.ubuntu.com/usn/USN-2957-1", + "http://www.ubuntu.com/usn/USN-2957-2", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4008", + "https://lists.gnu.org/archive/html/help-libtasn1/2016-04/msg00009.html", + "https://security.gentoo.org/glsa/201703-05", + "https://usn.ubuntu.com/usn/usn-2957-1", + "https://usn.ubuntu.com/usn/usn-2957-2" + ], + "PublishedDate": "2016-05-05T18:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2015-2806", + "PkgName": "libtasn1", + "InstalledVersion": "2.3-6.el6_5", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2806", + "Title": "libtasn1: stack overflow in asn1_der_decoding", + "Description": "Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "V2Score": 10 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V2Score": 2.6, + "V3Score": 3.3 + } + }, + "References": [ + "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=4d4f992826a4962790ecd0cce6fbba4a415ce149", + "http://linux.oracle.com/cve/CVE-2015-2806.html", + "http://linux.oracle.com/errata/ELSA-2017-1860.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154741.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154805.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155117.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155270.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155435.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155483.html", + "http://www.debian.org/security/2015/dsa-3220", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:193", + "http://www.openwall.com/lists/oss-security/2015/03/29/4", + "http://www.openwall.com/lists/oss-security/2015/03/31/2", + "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "http://www.securityfocus.com/bid/73436", + "http://www.securitytracker.com/id/1032080", + "http://www.ubuntu.com/usn/USN-2559-1", + "https://access.redhat.com/errata/RHSA-2017:1860", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2806", + "https://security.gentoo.org/glsa/201509-04", + "https://usn.ubuntu.com/usn/usn-2559-1" + ], + "PublishedDate": "2015-04-10T15:00:00Z", + "LastModifiedDate": "2018-01-05T02:30:00Z" + }, + { + "VulnerabilityID": "CVE-2017-10790", + "PkgName": "libtasn1", + "InstalledVersion": "2.3-6.el6_5", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10790", + "Title": "libtasn1: NULL pointer dereference in the _asn1_check_identifier function", + "Description": "The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464141", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10790", + "https://security.gentoo.org/glsa/201710-11", + "https://usn.ubuntu.com/3547-1/", + "https://usn.ubuntu.com/usn/usn-3547-1", + "https://www.debian.org/security/2018/dsa-4106" + ], + "PublishedDate": "2017-07-02T03:29:00Z", + "LastModifiedDate": "2018-03-16T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-6891", + "PkgName": "libtasn1", + "InstalledVersion": "2.3-6.el6_5", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6891", + "Title": "libtasn1: Stack-based buffer overflow in asn1_find_node()", + "Description": "Two errors in the \"asn1_find_node()\" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=5520704d075802df25ce4ffccc010ba1641bd484", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html", + "http://www.debian.org/security/2017/dsa-3861", + "http://www.securityfocus.com/bid/98641", + "http://www.securitytracker.com/id/1038619", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6891", + "https://secuniaresearch.flexerasoftware.com/advisories/76125/", + "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/", + "https://security.gentoo.org/glsa/201710-11", + "https://usn.ubuntu.com/usn/usn-3309-1", + "https://usn.ubuntu.com/usn/usn-3309-2" + ], + "PublishedDate": "2017-05-22T19:29:00Z", + "LastModifiedDate": "2019-06-05T15:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1000654", + "PkgName": "libtasn1", + "InstalledVersion": "2.3-6.el6_5", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000654", + "Title": "libtasn1: Infinite loop in _asn1_expand_object_id(ptree) leads to memory exhaustion", + "Description": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", + "Severity": "LOW", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 7.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html", + "http://www.securityfocus.com/bid/105151", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000654", + "https://gitlab.com/gnutls/libtasn1/issues/4" + ], + "PublishedDate": "2018-08-20T19:31:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2012-5630", + "PkgName": "libuser", + "InstalledVersion": "0.56.13-8.el6_7", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2012-5630", + "Title": "libuser: TOCTOU race conditions by copying and removing directory trees", + "Description": "libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees.", + "Severity": "LOW", + "CweIDs": [ + "CWE-367" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", + "V2Score": 3.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", + "V2Score": 3.7 + } + }, + "References": [ + "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102068.html", + "https://access.redhat.com/security/cve/cve-2012-5630", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5630", + "https://security-tracker.debian.org/tracker/CVE-2012-5630", + "https://www.securityfocus.com/bid/59285" + ], + "PublishedDate": "2019-11-25T14:15:00Z", + "LastModifiedDate": "2019-12-04T15:43:00Z" + }, + { + "VulnerabilityID": "CVE-2012-5644", + "PkgName": "libuser", + "InstalledVersion": "0.56.13-8.el6_7", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2012-5644", + "Title": "libuser: (Complete) Information disclosure when moving user's home directory", + "Description": "libuser has information disclosure when moving user's home directory", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N", + "V2Score": 4.9 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N", + "V2Score": 4.7 + } + }, + "References": [ + "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102068.html", + "https://access.redhat.com/security/cve/cve-2012-5644", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5644", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5644", + "https://security-tracker.debian.org/tracker/CVE-2012-5644" + ], + "PublishedDate": "2019-11-25T15:15:00Z", + "LastModifiedDate": "2019-12-04T15:47:00Z" + }, + { + "VulnerabilityID": "CVE-2014-9114", + "PkgName": "libuuid", + "InstalledVersion": "2.17.2-12.28.el6_9.2", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9114", + "Title": "util-linux: command injection flaw in blkid", + "Description": "Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-77" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V2Score": 6.2 + } + }, + "References": [ + "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146229.html", + "http://lists.opensuse.org/opensuse-updates/2015-01/msg00035.html", + "http://www.openwall.com/lists/oss-security/2014/11/26/21", + "http://www.securityfocus.com/bid/71327", + "https://bugzilla.redhat.com/show_bug.cgi?id=1168485", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9114", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/98993", + "https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc", + "https://security.gentoo.org/glsa/201612-14" + ], + "PublishedDate": "2017-03-31T16:59:00Z", + "LastModifiedDate": "2019-01-04T14:14:00Z" + }, + { + "VulnerabilityID": "CVE-2010-3879", + "PkgName": "libuuid", + "InstalledVersion": "2.17.2-12.28.el6_9.2", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-3879", + "Title": "CVE-2011-0541 CVE-2011-0542 CVE-2011-0543 fuse: unprivileged user can unmount arbitrary locations via symlink attack", + "Description": "FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE filesystem, a different vulnerability than CVE-2010-0789.", + "Severity": "LOW", + "CweIDs": [ + "CWE-59" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P", + "V2Score": 5.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:N/I:P/A:P", + "V2Score": 2.6 + } + }, + "References": [ + "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602333", + "http://linux.oracle.com/cve/CVE-2010-3879.html", + "http://linux.oracle.com/errata/ELSA-2011-1083.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053792.html", + "http://lists.grok.org.uk/pipermail/full-disclosure/2010-November/077247.html", + "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html", + "http://openwall.com/lists/oss-security/2010/11/04/8", + "http://openwall.com/lists/oss-security/2010/11/05/2", + "http://osvdb.org/70520", + "http://secunia.com/advisories/42961", + "http://secunia.com/advisories/42965", + "http://www.halfdog.net/Security/FuseTimerace/", + "http://www.mandriva.com/security/advisories?name=MDVSA-2013:155", + "http://www.securityfocus.com/bid/44623", + "http://www.ubuntu.com/usn/USN-1045-1", + "http://www.ubuntu.com/usn/USN-1045-2", + "http://www.vupen.com/english/advisories/2011/0181", + "http://www.vupen.com/english/advisories/2011/0302", + "https://bugs.launchpad.net/bugs/670622", + "https://bugzilla.novell.com/show_bug.cgi?id=651598", + "https://bugzilla.redhat.com/show_bug.cgi?id=651183", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3879", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/62986" + ], + "PublishedDate": "2011-01-22T22:00:00Z", + "LastModifiedDate": "2017-08-17T01:33:00Z" + }, + { + "VulnerabilityID": "CVE-2011-0541", + "PkgName": "libuuid", + "InstalledVersion": "2.17.2-12.28.el6_9.2", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-0541", + "Title": "CVE-2010-3879 CVE-2011-0541 CVE-2011-0542 CVE-2011-0543 fuse: unprivileged user can unmount arbitrary locations via symlink attack", + "Description": "fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-59" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", + "V2Score": 3.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:N/I:P/A:P", + "V2Score": 2.6 + } + }, + "References": [ + "http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=bf5ffb5fd8558bd799791834def431c0cee5a11f", + "http://linux.oracle.com/cve/CVE-2011-0541.html", + "http://linux.oracle.com/errata/ELSA-2011-1083.html", + "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html", + "http://www.openwall.com/lists/oss-security/2011/02/02/2", + "http://www.openwall.com/lists/oss-security/2011/02/03/5", + "http://www.openwall.com/lists/oss-security/2011/02/08/4", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0541" + ], + "PublishedDate": "2011-09-02T23:55:00Z", + "LastModifiedDate": "2014-02-12T04:26:00Z" + }, + { + "VulnerabilityID": "CVE-2011-0542", + "PkgName": "libuuid", + "InstalledVersion": "2.17.2-12.28.el6_9.2", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-0542", + "Title": "CVE-2010-3879 CVE-2011-0541 CVE-2011-0542 CVE-2011-0543 fuse: unprivileged user can unmount arbitrary locations via symlink attack", + "Description": "fusermount in fuse 2.8.5 and earlier does not perform a chdir to / before performing a mount or umount, which allows local users to unmount arbitrary directories via unspecified vectors.", + "Severity": "LOW", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", + "V2Score": 3.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:N/I:P/A:P", + "V2Score": 2.6 + } + }, + "References": [ + "http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=1e7607ff89c65b005f69e27aeb1649d624099873", + "http://linux.oracle.com/cve/CVE-2011-0542.html", + "http://linux.oracle.com/errata/ELSA-2011-1083.html", + "http://www.openwall.com/lists/oss-security/2011/02/02/2", + "http://www.openwall.com/lists/oss-security/2011/02/03/5", + "http://www.openwall.com/lists/oss-security/2011/02/08/4", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0542" + ], + "PublishedDate": "2011-09-02T23:55:00Z", + "LastModifiedDate": "2011-09-05T04:00:00Z" + }, + { + "VulnerabilityID": "CVE-2011-0543", + "PkgName": "libuuid", + "InstalledVersion": "2.17.2-12.28.el6_9.2", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-0543", + "Title": "CVE-2010-3879 CVE-2011-0541 CVE-2011-0542 CVE-2011-0543 fuse: unprivileged user can unmount arbitrary locations via symlink attack", + "Description": "Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when util-linux does not support the --no-canonicalize option, allows local users to bypass intended access restrictions and unmount arbitrary directories via a symlink attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", + "V2Score": 3.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:N/I:P/A:P", + "V2Score": 2.6 + } + }, + "References": [ + "http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=cbd3a2a84068aae6e3fe32939d88470d712dbf47", + "http://linux.oracle.com/cve/CVE-2011-0543.html", + "http://linux.oracle.com/errata/ELSA-2011-1083.html", + "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html", + "http://www.openwall.com/lists/oss-security/2011/02/02/2", + "http://www.openwall.com/lists/oss-security/2011/02/03/5", + "http://www.openwall.com/lists/oss-security/2011/02/08/4", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0543" + ], + "PublishedDate": "2011-09-02T23:55:00Z", + "LastModifiedDate": "2014-02-12T04:26:00Z" + }, + { + "VulnerabilityID": "CVE-2015-5218", + "PkgName": "libuuid", + "InstalledVersion": "2.17.2-12.28.el6_9.2", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5218", + "Title": "colcrt: global-buffer-overflow", + "Description": "Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", + "V2Score": 3.7 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-updates/2015-11/msg00035.html", + "http://www.spinics.net/lists/util-linux-ng/msg11873.html", + "https://bugzilla.redhat.com/show_bug.cgi?id=1259322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5218", + "https://github.com/kerolasa/lelux-utiliteetit/commit/70e3fcf293c1827a2655a86584ab13075124a8a8", + "https://github.com/kerolasa/lelux-utiliteetit/commit/d883d64d96ab9bef510745d064a351145b9babec", + "https://www.kernel.org/pub/linux/utils/util-linux/v2.27/v2.27-ReleaseNotes" + ], + "PublishedDate": "2015-11-09T16:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2016-5011", + "PkgName": "libuuid", + "InstalledVersion": "2.17.2-12.28.el6_9.2", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5011", + "Title": "util-linux: Extended partition loop in MBR partition table leads to DOS", + "Description": "The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.7, + "V3Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.9, + "V3Score": 4.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-5011.html", + "http://linux.oracle.com/errata/ELSA-2016-2605.html", + "http://rhn.redhat.com/errata/RHSA-2016-2605.html", + "http://www-01.ibm.com/support/docview.wss?uid=isg3T1024543", + "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021801", + "http://www.openwall.com/lists/oss-security/2016/07/11/2", + "http://www.securityfocus.com/bid/91683", + "http://www.securitytracker.com/id/1036272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5011", + "https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=7164a1c3" + ], + "PublishedDate": "2017-04-11T15:59:00Z", + "LastModifiedDate": "2017-04-17T16:50:00Z" + }, + { + "VulnerabilityID": "CVE-2016-5131", + "PkgName": "libxml2", + "InstalledVersion": "2.7.6-21.el6_8.1", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5131", + "Title": "libxml2: use after free triggered by XPointer paths beginning with range-to", + "Description": "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + } + }, + "References": [ + "http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html", + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html", + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html", + "http://rhn.redhat.com/errata/RHSA-2016-1485.html", + "http://www.debian.org/security/2016/dsa-3637", + "http://www.securityfocus.com/bid/92053", + "http://www.securitytracker.com/id/1036428", + "http://www.securitytracker.com/id/1038623", + "http://www.ubuntu.com/usn/USN-3041-1", + "https://bugzilla.redhat.com/show_bug.cgi?id=1358641", + "https://codereview.chromium.org/2127493002", + "https://crbug.com/623378", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131", + "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", + "https://security.gentoo.org/glsa/201610-09", + "https://security.gentoo.org/glsa/201701-37", + "https://source.android.com/security/bulletin/2017-05-01", + "https://support.apple.com/HT207141", + "https://support.apple.com/HT207142", + "https://support.apple.com/HT207143", + "https://support.apple.com/HT207170", + "https://usn.ubuntu.com/usn/usn-3041-1", + "https://usn.ubuntu.com/usn/usn-3235-1" + ], + "PublishedDate": "2016-07-23T19:59:00Z", + "LastModifiedDate": "2019-03-26T17:14:00Z" + }, + { + "VulnerabilityID": "CVE-2013-0339", + "PkgName": "libxml2", + "InstalledVersion": "2.7.6-21.el6_8.1", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-0339", + "Title": "libxml2: CPU consumption DoS and other effects when performing string substitutions during external entities expansion", + "Description": "libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because libxml2 already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed and each affected application would need its own CVE.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html", + "http://openwall.com/lists/oss-security/2013/02/21/24", + "http://openwall.com/lists/oss-security/2013/02/22/3", + "http://seclists.org/oss-sec/2013/q4/182", + "http://seclists.org/oss-sec/2013/q4/184", + "http://seclists.org/oss-sec/2013/q4/188", + "http://secunia.com/advisories/52662", + "http://secunia.com/advisories/54172", + "http://secunia.com/advisories/55568", + "http://www.debian.org/security/2013/dsa-2652", + "http://www.openwall.com/lists/oss-security/2013/04/12/6", + "http://www.ubuntu.com/usn/USN-1904-1", + "http://www.ubuntu.com/usn/USN-1904-2", + "https://bugzilla.redhat.com/show_bug.cgi?id=915149", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0339", + "https://git.gnome.org/browse/libxml2/commit/?id=4629ee02ac649c27f9c0cf98ba017c6b5526070f", + "https://usn.ubuntu.com/usn/usn-1904-1" + ], + "PublishedDate": "2014-01-21T18:55:00Z", + "LastModifiedDate": "2016-05-05T15:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4483", + "PkgName": "libxml2", + "InstalledVersion": "2.7.6-21.el6_8.1", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4483", + "Title": "libxml2: out-of-bounds read", + "Description": "The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://rhn.redhat.com/errata/RHSA-2016-2957.html", + "http://www.debian.org/security/2016/dsa-3593", + "http://www.openwall.com/lists/oss-security/2016/05/03/8", + "http://www.openwall.com/lists/oss-security/2016/05/04/7", + "http://www.openwall.com/lists/oss-security/2016/06/07/4", + "http://www.openwall.com/lists/oss-security/2016/06/07/5", + "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", + "http://www.securityfocus.com/bid/90013", + "http://www.securitytracker.com/id/1036348", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483", + "https://git.gnome.org/browse/libxml2/commit/?id=c97750d11bb8b6f3303e7131fe526a61ac65bcfd", + "https://security.gentoo.org/glsa/201701-37", + "https://usn.ubuntu.com/usn/usn-2994-1", + "https://www.tenable.com/security/tns-2016-18" + ], + "PublishedDate": "2017-04-11T16:59:00Z", + "LastModifiedDate": "2018-01-05T02:30:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4658", + "PkgName": "libxml2", + "InstalledVersion": "2.7.6-21.el6_8.1", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4658", + "Title": "libxml2: Use after free via namespace node in XPointer ranges", + "Description": "xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 10, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.3 + } + }, + "References": [ + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html", + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html", + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html", + "http://www.securityfocus.com/bid/93054", + "http://www.securitytracker.com/id/1036858", + "http://www.securitytracker.com/id/1038623", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658", + "https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b", + "https://github.com/sparklemotion/nokogiri/issues/1615", + "https://nvd.nist.gov/vuln/detail/CVE-2016-4658", + "https://security.gentoo.org/glsa/201701-37", + "https://support.apple.com/HT207141", + "https://support.apple.com/HT207142", + "https://support.apple.com/HT207143", + "https://support.apple.com/HT207170", + "https://usn.ubuntu.com/usn/usn-3235-1" + ], + "PublishedDate": "2016-09-25T10:59:00Z", + "LastModifiedDate": "2019-03-13T14:05:00Z" + }, + { + "VulnerabilityID": "CVE-2016-9318", + "PkgName": "libxml2", + "InstalledVersion": "2.7.6-21.el6_8.1", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9318", + "Title": "libxml2: XML External Entity vulnerability", + "Description": "libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-611" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L", + "V2Score": 5.8, + "V3Score": 6.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/94347", + "https://bugzilla.gnome.org/show_bug.cgi?id=772726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9318", + "https://github.com/lsh123/xmlsec/issues/43", + "https://security.gentoo.org/glsa/201711-01", + "https://usn.ubuntu.com/3739-1/", + "https://usn.ubuntu.com/3739-2/", + "https://usn.ubuntu.com/usn/usn-3739-1", + "https://usn.ubuntu.com/usn/usn-3739-2" + ], + "PublishedDate": "2016-11-16T00:59:00Z", + "LastModifiedDate": "2018-08-15T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-0663", + "PkgName": "libxml2", + "InstalledVersion": "2.7.6-21.el6_8.1", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-0663", + "Title": "libxml2: Heap buffer overflow in xmlAddID", + "Description": "A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://www.debian.org/security/2017/dsa-3952", + "http://www.securityfocus.com/bid/98877", + "http://www.securitytracker.com/id/1038623", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663", + "https://security.gentoo.org/glsa/201711-01", + "https://source.android.com/security/bulletin/2017-06-01", + "https://usn.ubuntu.com/usn/usn-3424-1", + "https://usn.ubuntu.com/usn/usn-3424-2" + ], + "PublishedDate": "2017-06-14T13:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16931", + "PkgName": "libxml2", + "InstalledVersion": "2.7.6-21.el6_8.1", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16931", + "Title": "libxml2: Mishandling parameter-entity references", + "Description": "parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://xmlsoft.org/news.html", + "https://bugzilla.gnome.org/show_bug.cgi?id=766956", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16931", + "https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3", + "https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html" + ], + "PublishedDate": "2017-11-23T21:29:00Z", + "LastModifiedDate": "2018-02-04T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16932", + "PkgName": "libxml2", + "InstalledVersion": "2.7.6-21.el6_8.1", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16932", + "Title": "libxml2: Infinite recursion in parameter entities", + "Description": "parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://xmlsoft.org/news.html", + "https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html", + "https://bugzilla.gnome.org/show_bug.cgi?id=759579", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932", + "https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961", + "https://github.com/sparklemotion/nokogiri/issues/1714", + "https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html", + "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16932.html", + "https://usn.ubuntu.com/3739-1/", + "https://usn.ubuntu.com/usn/usn-3504-1", + "https://usn.ubuntu.com/usn/usn-3504-1/", + "https://usn.ubuntu.com/usn/usn-3504-2", + "https://usn.ubuntu.com/usn/usn-3739-1" + ], + "PublishedDate": "2017-11-23T21:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7375", + "PkgName": "libxml2", + "InstalledVersion": "2.7.6-21.el6_8.1", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7375", + "Title": "libxml2: Missing validation for external entities in xmlParsePEReference", + "Description": "A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-611" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/98877", + "http://www.securitytracker.com/id/1038623", + "https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa", + "https://bugzilla.redhat.com/show_bug.cgi?id=1462203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375", + "https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e", + "https://security.gentoo.org/glsa/201711-01", + "https://source.android.com/security/bulletin/2017-06-01", + "https://usn.ubuntu.com/usn/usn-3424-1", + "https://usn.ubuntu.com/usn/usn-3424-2", + "https://www.debian.org/security/2017/dsa-3952" + ], + "PublishedDate": "2018-02-19T19:29:00Z", + "LastModifiedDate": "2018-03-18T14:17:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9047", + "PkgName": "libxml2", + "InstalledVersion": "2.7.6-21.el6_8.1", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9047", + "Title": "libxml2: Buffer overflow in function xmlSnprintfElementContent", + "Description": "A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content-\u003etype is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content-\u003eprefix is appended to buf (if it actually fits) whereupon (ii) content-\u003ename is written to the buffer. However, the check for whether the content-\u003ename actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about \"size\" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.debian.org/security/2017/dsa-3952", + "http://www.openwall.com/lists/oss-security/2017/05/15/1", + "http://www.securityfocus.com/bid/98599", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047", + "https://security.gentoo.org/glsa/201711-01", + "https://usn.ubuntu.com/usn/usn-3424-1", + "https://usn.ubuntu.com/usn/usn-3424-2" + ], + "PublishedDate": "2017-05-18T06:29:00Z", + "LastModifiedDate": "2017-11-11T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9049", + "PkgName": "libxml2", + "InstalledVersion": "2.7.6-21.el6_8.1", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9049", + "Title": "libxml2: Heap-based buffer over-read in function xmlDictComputeFastKey", + "Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.debian.org/security/2017/dsa-3952", + "http://www.openwall.com/lists/oss-security/2017/05/15/1", + "http://www.securityfocus.com/bid/98601", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049", + "https://security.gentoo.org/glsa/201711-01", + "https://usn.ubuntu.com/usn/usn-3424-1", + "https://usn.ubuntu.com/usn/usn-3424-2" + ], + "PublishedDate": "2017-05-18T06:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9050", + "PkgName": "libxml2", + "InstalledVersion": "2.7.6-21.el6_8.1", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9050", + "Title": "libxml2: Heap-based buffer over-read in function xmlDictAddString", + "Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.debian.org/security/2017/dsa-3952", + "http://www.openwall.com/lists/oss-security/2017/05/15/1", + "http://www.securityfocus.com/bid/98568", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050", + "https://github.com/sparklemotion/nokogiri/issues/1673", + "https://nvd.nist.gov/vuln/detail/CVE-2017-9050", + "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0663.html", + "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7375.html", + "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7376.html", + "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9047.html", + "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9048.html", + "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9049.html", + "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9050.html", + "https://security.gentoo.org/glsa/201711-01", + "https://usn.ubuntu.com/usn/usn-3424-1", + "https://usn.ubuntu.com/usn/usn-3424-1/", + "https://usn.ubuntu.com/usn/usn-3424-2" + ], + "PublishedDate": "2017-05-18T06:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-14404", + "PkgName": "libxml2", + "InstalledVersion": "2.7.6-21.el6_8.1", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14404", + "Title": "libxml2: NULL pointer dereference in xpath.c:xmlXPathCompOpEval() can allow attackers to cause a denial of service", + "Description": "A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817", + "https://bugzilla.redhat.com/show_bug.cgi?id=1595985", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14404", + "https://github.com/sparklemotion/nokogiri/issues/1785", + "https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74", + "https://gitlab.gnome.org/GNOME/libxml2/commit/a436374994c47b12d5de1b8b1d191a098fa23594", + "https://gitlab.gnome.org/GNOME/libxml2/issues/10", + "https://groups.google.com/forum/#!msg/ruby-security-ann/uVrmO2HjqQw/Fw3ocLI0BQAJ", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2018-14404", + "https://usn.ubuntu.com/3739-1/", + "https://usn.ubuntu.com/3739-2/", + "https://usn.ubuntu.com/usn/usn-3739-1", + "https://usn.ubuntu.com/usn/usn-3739-2" + ], + "PublishedDate": "2018-07-19T13:29:00Z", + "LastModifiedDate": "2018-09-28T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-5969", + "PkgName": "libxml2", + "InstalledVersion": "2.7.6-21.el6_8.1", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-5969", + "Title": "libxml2: Null pointer dereference in xmlSaveDoc implementation", + "Description": "** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states \"I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 2.6, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/11/05/3", + "http://www.openwall.com/lists/oss-security/2017/02/13/1", + "http://www.securityfocus.com/bid/96188", + "https://bugzilla.gnome.org/show_bug.cgi?id=778519", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5969", + "https://security.gentoo.org/glsa/201711-01" + ], + "PublishedDate": "2017-04-11T16:59:00Z", + "LastModifiedDate": "2017-11-11T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-8872", + "PkgName": "libxml2", + "InstalledVersion": "2.7.6-21.el6_8.1", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8872", + "Title": "libxml2: Out-of-bounds read in htmlParseTryOrFinish", + "Description": "The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "V3Score": 5.4 + } + }, + "References": [ + "https://bugzilla.gnome.org/show_bug.cgi?id=775200", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8872" + ], + "PublishedDate": "2017-05-10T05:29:00Z", + "LastModifiedDate": "2017-05-15T18:37:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9048", + "PkgName": "libxml2", + "InstalledVersion": "2.7.6-21.el6_8.1", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9048", + "Title": "libxml2: Stack-based buffer overflow in function xmlSnprintfElementContent", + "Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 \u003c size. This vulnerability causes programs that use libxml2, such as PHP, to crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", + "V3Score": 4.8 + } + }, + "References": [ + "http://www.debian.org/security/2017/dsa-3952", + "http://www.openwall.com/lists/oss-security/2017/05/15/1", + "http://www.securityfocus.com/bid/98556", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048", + "https://security.gentoo.org/glsa/201711-01", + "https://usn.ubuntu.com/usn/usn-3424-1", + "https://usn.ubuntu.com/usn/usn-3424-2" + ], + "PublishedDate": "2017-05-18T06:29:00Z", + "LastModifiedDate": "2017-11-11T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2014-5461", + "PkgName": "lua", + "InstalledVersion": "5.1.4-4.1.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-5461", + "Title": "lua: overflow flaw in vararg functions", + "Description": "Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 4.4 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2014-0414.html", + "http://lists.opensuse.org/opensuse-updates/2014-09/msg00030.html", + "http://secunia.com/advisories/59890", + "http://secunia.com/advisories/60869", + "http://secunia.com/advisories/61411", + "http://www.debian.org/security/2014/dsa-3015", + "http://www.debian.org/security/2014/dsa-3016", + "http://www.lua.org/bugs.html#5.2.2-1", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:144", + "http://www.openwall.com/lists/oss-security/2014/08/21/1", + "http://www.openwall.com/lists/oss-security/2014/08/21/4", + "http://www.openwall.com/lists/oss-security/2014/08/27/2", + "http://www.securityfocus.com/bid/69342", + "http://www.ubuntu.com/usn/USN-2338-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5461", + "https://security.gentoo.org/glsa/201701-53", + "https://usn.ubuntu.com/usn/usn-2338-1" + ], + "PublishedDate": "2014-09-04T17:55:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2017-10685", + "PkgName": "ncurses", + "InstalledVersion": "5.7-4.20090207.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10685", + "Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function", + "Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-134" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464692", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-06-29T23:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11112", + "PkgName": "ncurses", + "InstalledVersion": "5.7-4.20090207.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11112", + "Title": "ncurses: Illegal address access in append_acs function", + "Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464686", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-07-08T17:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11113", + "PkgName": "ncurses", + "InstalledVersion": "5.7-4.20090207.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11113", + "Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function", + "Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464691", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-07-08T17:29:00Z", + "LastModifiedDate": "2019-05-06T15:00:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13728", + "PkgName": "ncurses", + "InstalledVersion": "5.7-4.20090207.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13728", + "Title": "ncurses: Infinite loop in the next_char function", + "Description": "There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484274", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13729", + "PkgName": "ncurses", + "InstalledVersion": "5.7-4.20090207.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13729", + "Title": "ncurses: Illegal address access in the _nc_save_str function", + "Description": "There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484276", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13729", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13730", + "PkgName": "ncurses", + "InstalledVersion": "5.7-4.20090207.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13730", + "Title": "ncurses: Illegal address access in the function _nc_read_entry_source()", + "Description": "There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484284", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13730", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13731", + "PkgName": "ncurses", + "InstalledVersion": "5.7-4.20090207.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13731", + "Title": "ncurses: Illegal address access in the function postprocess_termcap()", + "Description": "There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484285", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13731", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13732", + "PkgName": "ncurses", + "InstalledVersion": "5.7-4.20090207.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13732", + "Title": "ncurses: Illegal address access in the function dump_uses()", + "Description": "There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484287", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13732", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13733", + "PkgName": "ncurses", + "InstalledVersion": "5.7-4.20090207.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13733", + "Title": "ncurses: Illegal address access in the function fmt_entry", + "Description": "There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13733", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13734", + "PkgName": "ncurses", + "InstalledVersion": "5.7-4.20090207.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13734", + "Title": "ncurses: Illegal address access in the function _nc_safe_strcat", + "Description": "There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484291", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13734", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16879", + "PkgName": "ncurses", + "InstalledVersion": "5.7-4.20090207.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16879", + "Title": "ncurses: Stack-based buffer overflow in the _nc_write_entry function", + "Description": "Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 2.5 + } + }, + "References": [ + "http://invisible-island.net/ncurses/NEWS.html#t20171125", + "http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16879", + "https://security.gentoo.org/glsa/201804-13", + "https://tools.cisco.com/security/center/viewAlert.x?alertId=57695" + ], + "PublishedDate": "2017-11-22T22:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-19211", + "PkgName": "ncurses", + "InstalledVersion": "5.7-4.20090207.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19211", + "Title": "ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c", + "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1643754", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19211" + ], + "PublishedDate": "2018-11-12T19:29:00Z", + "LastModifiedDate": "2019-04-23T13:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-19217", + "PkgName": "ncurses", + "InstalledVersion": "5.7-4.20090207.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19217", + "Title": "ncurses: Null pointer dereference at function _nc_name_match", + "Description": "** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1643753", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19217" + ], + "PublishedDate": "2018-11-12T19:29:00Z", + "LastModifiedDate": "2019-04-18T16:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-10685", + "PkgName": "ncurses-base", + "InstalledVersion": "5.7-4.20090207.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10685", + "Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function", + "Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-134" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464692", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-06-29T23:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11112", + "PkgName": "ncurses-base", + "InstalledVersion": "5.7-4.20090207.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11112", + "Title": "ncurses: Illegal address access in append_acs function", + "Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464686", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-07-08T17:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11113", + "PkgName": "ncurses-base", + "InstalledVersion": "5.7-4.20090207.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11113", + "Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function", + "Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464691", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-07-08T17:29:00Z", + "LastModifiedDate": "2019-05-06T15:00:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13728", + "PkgName": "ncurses-base", + "InstalledVersion": "5.7-4.20090207.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13728", + "Title": "ncurses: Infinite loop in the next_char function", + "Description": "There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484274", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13729", + "PkgName": "ncurses-base", + "InstalledVersion": "5.7-4.20090207.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13729", + "Title": "ncurses: Illegal address access in the _nc_save_str function", + "Description": "There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484276", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13729", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13730", + "PkgName": "ncurses-base", + "InstalledVersion": "5.7-4.20090207.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13730", + "Title": "ncurses: Illegal address access in the function _nc_read_entry_source()", + "Description": "There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484284", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13730", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13731", + "PkgName": "ncurses-base", + "InstalledVersion": "5.7-4.20090207.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13731", + "Title": "ncurses: Illegal address access in the function postprocess_termcap()", + "Description": "There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484285", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13731", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13732", + "PkgName": "ncurses-base", + "InstalledVersion": "5.7-4.20090207.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13732", + "Title": "ncurses: Illegal address access in the function dump_uses()", + "Description": "There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484287", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13732", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13733", + "PkgName": "ncurses-base", + "InstalledVersion": "5.7-4.20090207.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13733", + "Title": "ncurses: Illegal address access in the function fmt_entry", + "Description": "There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13733", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13734", + "PkgName": "ncurses-base", + "InstalledVersion": "5.7-4.20090207.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13734", + "Title": "ncurses: Illegal address access in the function _nc_safe_strcat", + "Description": "There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484291", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13734", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16879", + "PkgName": "ncurses-base", + "InstalledVersion": "5.7-4.20090207.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16879", + "Title": "ncurses: Stack-based buffer overflow in the _nc_write_entry function", + "Description": "Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 2.5 + } + }, + "References": [ + "http://invisible-island.net/ncurses/NEWS.html#t20171125", + "http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16879", + "https://security.gentoo.org/glsa/201804-13", + "https://tools.cisco.com/security/center/viewAlert.x?alertId=57695" + ], + "PublishedDate": "2017-11-22T22:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-19211", + "PkgName": "ncurses-base", + "InstalledVersion": "5.7-4.20090207.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19211", + "Title": "ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c", + "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1643754", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19211" + ], + "PublishedDate": "2018-11-12T19:29:00Z", + "LastModifiedDate": "2019-04-23T13:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-19217", + "PkgName": "ncurses-base", + "InstalledVersion": "5.7-4.20090207.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19217", + "Title": "ncurses: Null pointer dereference at function _nc_name_match", + "Description": "** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1643753", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19217" + ], + "PublishedDate": "2018-11-12T19:29:00Z", + "LastModifiedDate": "2019-04-18T16:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-10685", + "PkgName": "ncurses-libs", + "InstalledVersion": "5.7-4.20090207.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10685", + "Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function", + "Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-134" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464692", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-06-29T23:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11112", + "PkgName": "ncurses-libs", + "InstalledVersion": "5.7-4.20090207.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11112", + "Title": "ncurses: Illegal address access in append_acs function", + "Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464686", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-07-08T17:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11113", + "PkgName": "ncurses-libs", + "InstalledVersion": "5.7-4.20090207.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11113", + "Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function", + "Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464691", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-07-08T17:29:00Z", + "LastModifiedDate": "2019-05-06T15:00:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13728", + "PkgName": "ncurses-libs", + "InstalledVersion": "5.7-4.20090207.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13728", + "Title": "ncurses: Infinite loop in the next_char function", + "Description": "There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484274", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13729", + "PkgName": "ncurses-libs", + "InstalledVersion": "5.7-4.20090207.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13729", + "Title": "ncurses: Illegal address access in the _nc_save_str function", + "Description": "There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484276", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13729", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13730", + "PkgName": "ncurses-libs", + "InstalledVersion": "5.7-4.20090207.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13730", + "Title": "ncurses: Illegal address access in the function _nc_read_entry_source()", + "Description": "There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484284", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13730", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13731", + "PkgName": "ncurses-libs", + "InstalledVersion": "5.7-4.20090207.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13731", + "Title": "ncurses: Illegal address access in the function postprocess_termcap()", + "Description": "There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484285", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13731", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13732", + "PkgName": "ncurses-libs", + "InstalledVersion": "5.7-4.20090207.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13732", + "Title": "ncurses: Illegal address access in the function dump_uses()", + "Description": "There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484287", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13732", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13733", + "PkgName": "ncurses-libs", + "InstalledVersion": "5.7-4.20090207.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13733", + "Title": "ncurses: Illegal address access in the function fmt_entry", + "Description": "There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13733", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13734", + "PkgName": "ncurses-libs", + "InstalledVersion": "5.7-4.20090207.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13734", + "Title": "ncurses: Illegal address access in the function _nc_safe_strcat", + "Description": "There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484291", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13734", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16879", + "PkgName": "ncurses-libs", + "InstalledVersion": "5.7-4.20090207.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16879", + "Title": "ncurses: Stack-based buffer overflow in the _nc_write_entry function", + "Description": "Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 2.5 + } + }, + "References": [ + "http://invisible-island.net/ncurses/NEWS.html#t20171125", + "http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16879", + "https://security.gentoo.org/glsa/201804-13", + "https://tools.cisco.com/security/center/viewAlert.x?alertId=57695" + ], + "PublishedDate": "2017-11-22T22:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-19211", + "PkgName": "ncurses-libs", + "InstalledVersion": "5.7-4.20090207.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19211", + "Title": "ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c", + "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1643754", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19211" + ], + "PublishedDate": "2018-11-12T19:29:00Z", + "LastModifiedDate": "2019-04-23T13:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-19217", + "PkgName": "ncurses-libs", + "InstalledVersion": "5.7-4.20090207.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19217", + "Title": "ncurses: Null pointer dereference at function _nc_name_match", + "Description": "** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1643753", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19217" + ], + "PublishedDate": "2018-11-12T19:29:00Z", + "LastModifiedDate": "2019-04-18T16:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-1951", + "PkgName": "nspr", + "InstalledVersion": "4.19.0-1.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1951", + "Title": "nspr: Memory allocation issue related to PR_*printf functions", + "Description": "Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before 4.12 allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long string to a PR_*printf function.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", + "V2Score": 7.5, + "V3Score": 8.6 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + } + }, + "References": [ + "http://www.securityfocus.com/bid/92385", + "http://www.securitytracker.com/id/1036590", + "http://www.ubuntu.com/usn/USN-3023-1", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1174015", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1951", + "https://groups.google.com/forum/#!topic/mozilla.dev.tech.nspr/dV4MyMsg6jw", + "https://groups.google.com/forum/message/raw?msg=mozilla.dev.tech.nspr/dV4MyMsg6jw/hhWcXOgJDQAJ", + "https://hg.mozilla.org/projects/nspr/rev/96381e3aaae2", + "https://usn.ubuntu.com/usn/usn-3023-1", + "https://usn.ubuntu.com/usn/usn-3028-1" + ], + "PublishedDate": "2016-08-07T19:59:00Z", + "LastModifiedDate": "2016-11-28T20:02:00Z" + }, + { + "VulnerabilityID": "CVE-2011-3640", + "PkgName": "nss", + "InstalledVersion": "3.36.0-8.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-3640", + "Title": "nss: /pkcs11.txt and /secmod.db files read on initialization", + "Description": "** DISPUTED ** Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was \"Strange behavior, but we're not treating this as a security bug.\"", + "Severity": "HIGH", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", + "V2Score": 9.3 + } + }, + "References": [ + "http://blog.acrossecurity.com/2011/10/google-chrome-pkcs11txt-file-planting.html", + "http://code.google.com/p/chromium/issues/detail?id=97426", + "http://securityreason.com/securityalert/8483", + "https://bugzilla.mozilla.org/show_bug.cgi?id=641052", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3640", + "https://hermes.opensuse.org/messages/13154861", + "https://hermes.opensuse.org/messages/13155432", + "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13414" + ], + "PublishedDate": "2011-10-28T02:49:00Z", + "LastModifiedDate": "2017-09-19T01:34:00Z" + }, + { + "VulnerabilityID": "CVE-2011-3389", + "PkgName": "nss", + "InstalledVersion": "3.36.0-8.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-3389", + "Title": "HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)", + "Description": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + } + }, + "References": [ + "http://arcticdog.wordpress.com/2012/08/29/beast-openssl-and-apache/", + "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/", + "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx", + "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx", + "http://curl.haxx.se/docs/adv_20120124B.html", + "http://downloads.asterisk.org/pub/security/AST-2016-001.html", + "http://ekoparty.org/2011/juliano-rizzo.php", + "http://eprint.iacr.org/2004/111", + "http://eprint.iacr.org/2006/136", + "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html", + "http://isc.sans.edu/diary/SSL+TLS+part+3+/11635", + "http://linux.oracle.com/cve/CVE-2011-3389.html", + "http://linux.oracle.com/errata/ELSA-2011-1380.html", + "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html", + "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html", + "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html", + "http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html", + "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html", + "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html", + "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html", + "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html", + "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html", + "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html", + "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2", + "http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue", + "http://osvdb.org/74829", + "http://rhn.redhat.com/errata/RHSA-2012-0508.html", + "http://rhn.redhat.com/errata/RHSA-2013-1455.html", + "http://secunia.com/advisories/45791", + "http://secunia.com/advisories/47998", + "http://secunia.com/advisories/48256", + "http://secunia.com/advisories/48692", + "http://secunia.com/advisories/48915", + "http://secunia.com/advisories/48948", + "http://secunia.com/advisories/49198", + "http://secunia.com/advisories/55322", + "http://secunia.com/advisories/55350", + "http://secunia.com/advisories/55351", + "http://security.gentoo.org/glsa/glsa-201203-02.xml", + "http://security.gentoo.org/glsa/glsa-201406-32.xml", + "http://support.apple.com/kb/HT4999", + "http://support.apple.com/kb/HT5001", + "http://support.apple.com/kb/HT5130", + "http://support.apple.com/kb/HT5281", + "http://support.apple.com/kb/HT5501", + "http://support.apple.com/kb/HT6150", + "http://technet.microsoft.com/security/advisory/2588513", + "http://vnhacker.blogspot.com/2011/09/beast.html", + "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf", + "http://www.debian.org/security/2012/dsa-2398", + "http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html", + "http://www.ibm.com/developerworks/java/jdk/alerts/", + "http://www.imperialviolet.org/2011/09/23/chromeandbeast.html", + "http://www.insecure.cl/Beast-SSL.rar", + "http://www.kb.cert.org/vuls/id/864643", + "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058", + "http://www.opera.com/docs/changelogs/mac/1151/", + "http://www.opera.com/docs/changelogs/mac/1160/", + "http://www.opera.com/docs/changelogs/unix/1151/", + "http://www.opera.com/docs/changelogs/unix/1160/", + "http://www.opera.com/docs/changelogs/windows/1151/", + "http://www.opera.com/docs/changelogs/windows/1160/", + "http://www.opera.com/support/kb/view/1004/", + "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", + "http://www.redhat.com/support/errata/RHSA-2011-1384.html", + "http://www.redhat.com/support/errata/RHSA-2012-0006.html", + "http://www.securityfocus.com/bid/49388", + "http://www.securityfocus.com/bid/49778", + "http://www.securitytracker.com/id/1029190", + "http://www.securitytracker.com/id?1025997", + "http://www.securitytracker.com/id?1026103", + "http://www.securitytracker.com/id?1026704", + "http://www.ubuntu.com/usn/USN-1263-1", + "http://www.us-cert.gov/cas/techalerts/TA12-010A.html", + "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail", + "https://bugzilla.novell.com/show_bug.cgi?id=719047", + "https://bugzilla.redhat.com/show_bug.cgi?id=737506", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389", + "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006", + "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862", + "https://hermes.opensuse.org/messages/13154861", + "https://hermes.opensuse.org/messages/13155432", + "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", + "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752", + "https://usn.ubuntu.com/usn/usn-1263-1" + ], + "PublishedDate": "2011-09-06T19:55:00Z", + "LastModifiedDate": "2018-10-12T22:01:00Z" + }, + { + "VulnerabilityID": "CVE-2013-2566", + "PkgName": "nss", + "InstalledVersion": "3.36.0-8.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-2566", + "Title": "SSL/TLS: Attack against RC4 stream cipher", + "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + } + }, + "References": [ + "http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html", + "http://cr.yp.to/talks/2013.03.12/slides.pdf", + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", + "http://marc.info/?l=bugtraq\u0026m=143039468003789\u0026w=2", + "http://my.opera.com/securitygroup/blog/2013/03/20/on-the-precariousness-of-rc4", + "http://security.gentoo.org/glsa/glsa-201406-19.xml", + "http://www.isg.rhul.ac.uk/tls/", + "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html", + "http://www.opera.com/docs/changelogs/unified/1215/", + "http://www.opera.com/security/advisory/1046", + "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", + "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "http://www.securityfocus.com/bid/58796", + "http://www.ubuntu.com/usn/USN-2031-1", + "http://www.ubuntu.com/usn/USN-2032-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2566", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", + "https://security.gentoo.org/glsa/201504-01", + "https://usn.ubuntu.com/usn/usn-2031-1", + "https://usn.ubuntu.com/usn/usn-2032-1" + ], + "PublishedDate": "2013-03-15T21:55:00Z", + "LastModifiedDate": "2018-01-18T18:18:00Z" + }, + { + "VulnerabilityID": "CVE-2015-2808", + "PkgName": "nss", + "InstalledVersion": "3.36.0-8.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2808", + "Title": "SSL/TLS: \"Invariance Weakness\" vulnerability in RC4 stream cipher", + "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + } + }, + "References": [ + "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", + "http://linux.oracle.com/cve/CVE-2015-2808.html", + "http://linux.oracle.com/errata/ELSA-2015-1526.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html", + "http://marc.info/?l=bugtraq\u0026m=143456209711959\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143629696317098\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144059660127919\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144059703728085\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144104565600964\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2", + "http://rhn.redhat.com/errata/RHSA-2015-1006.html", + "http://rhn.redhat.com/errata/RHSA-2015-1007.html", + "http://rhn.redhat.com/errata/RHSA-2015-1020.html", + "http://rhn.redhat.com/errata/RHSA-2015-1021.html", + "http://rhn.redhat.com/errata/RHSA-2015-1091.html", + "http://rhn.redhat.com/errata/RHSA-2015-1228.html", + "http://rhn.redhat.com/errata/RHSA-2015-1229.html", + "http://rhn.redhat.com/errata/RHSA-2015-1230.html", + "http://rhn.redhat.com/errata/RHSA-2015-1241.html", + "http://rhn.redhat.com/errata/RHSA-2015-1242.html", + "http://rhn.redhat.com/errata/RHSA-2015-1243.html", + "http://rhn.redhat.com/errata/RHSA-2015-1526.html", + "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888", + "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892", + "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", + "http://www-304.ibm.com/support/docview.wss?uid=swg21903565", + "http://www-304.ibm.com/support/docview.wss?uid=swg21960015", + "http://www-304.ibm.com/support/docview.wss?uid=swg21960769", + "http://www.debian.org/security/2015/dsa-3316", + "http://www.debian.org/security/2015/dsa-3339", + "http://www.huawei.com/en/psirt/security-advisories/hw-454055", + "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", + "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", + "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "http://www.securityfocus.com/bid/73684", + "http://www.securityfocus.com/bid/91787", + "http://www.securitytracker.com/id/1032599", + "http://www.securitytracker.com/id/1032600", + "http://www.securitytracker.com/id/1032707", + "http://www.securitytracker.com/id/1032708", + "http://www.securitytracker.com/id/1032734", + "http://www.securitytracker.com/id/1032788", + "http://www.securitytracker.com/id/1032858", + "http://www.securitytracker.com/id/1032868", + "http://www.securitytracker.com/id/1032910", + "http://www.securitytracker.com/id/1032990", + "http://www.securitytracker.com/id/1033071", + "http://www.securitytracker.com/id/1033072", + "http://www.securitytracker.com/id/1033386", + "http://www.securitytracker.com/id/1033415", + "http://www.securitytracker.com/id/1033431", + "http://www.securitytracker.com/id/1033432", + "http://www.securitytracker.com/id/1033737", + "http://www.securitytracker.com/id/1033769", + "http://www.securitytracker.com/id/1036222", + "http://www.ubuntu.com/usn/USN-2696-1", + "http://www.ubuntu.com/usn/USN-2706-1", + "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808", + "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789", + "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650", + "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", + "https://kb.juniper.net/JSA10783", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163", + "https://security.gentoo.org/glsa/201512-10", + "https://usn.ubuntu.com/usn/usn-2696-1", + "https://usn.ubuntu.com/usn/usn-2706-1", + "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709", + "https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf" + ], + "PublishedDate": "2015-04-01T02:00:00Z", + "LastModifiedDate": "2018-01-18T18:18:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2183", + "PkgName": "nss", + "InstalledVersion": "3.36.0-8.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2183", + "Title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)", + "Description": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 4.3, + "V3Score": 3.7 + } + }, + "References": [ + "http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/5d2bb853ae31", + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759", + "http://linux.oracle.com/cve/CVE-2016-2183.html", + "http://linux.oracle.com/errata/ELSA-2018-2123.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", + "http://rhn.redhat.com/errata/RHSA-2017-0336.html", + "http://rhn.redhat.com/errata/RHSA-2017-0337.html", + "http://rhn.redhat.com/errata/RHSA-2017-0338.html", + "http://rhn.redhat.com/errata/RHSA-2017-0462.html", + "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697", + "http://www-01.ibm.com/support/docview.wss?uid=swg21991482", + "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", + "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", + "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", + "http://www.securityfocus.com/bid/92630", + "http://www.securityfocus.com/bid/95568", + "http://www.securitytracker.com/id/1036696", + "http://www.splunk.com/view/SP-CAAAPSV", + "http://www.splunk.com/view/SP-CAAAPUE", + "https://access.redhat.com/articles/2548661", + "https://access.redhat.com/errata/RHSA-2016:1940", + "https://access.redhat.com/errata/RHSA-2017:1216", + "https://access.redhat.com/errata/RHSA-2017:2708", + "https://access.redhat.com/errata/RHSA-2017:2709", + "https://access.redhat.com/errata/RHSA-2017:2710", + "https://access.redhat.com/errata/RHSA-2017:3113", + "https://access.redhat.com/errata/RHSA-2017:3114", + "https://access.redhat.com/errata/RHSA-2017:3239", + "https://access.redhat.com/errata/RHSA-2017:3240", + "https://access.redhat.com/errata/RHSA-2018:2123", + "https://access.redhat.com/errata/RHSA-2019:1245", + "https://access.redhat.com/errata/RHSA-2019:2859", + "https://access.redhat.com/security/cve/cve-2016-2183", + "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/", + "https://bto.bluecoat.com/security-advisory/sa133", + "https://bugzilla.redhat.com/show_bug.cgi?id=1369383", + "https://community.qualys.com/thread/16555", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183", + "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633", + "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03765en_us", + "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849", + "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", + "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171", + "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/", + "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", + "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvb05575", + "https://security-tracker.debian.org/tracker/CVE-2016-2183", + "https://security.gentoo.org/glsa/201612-16", + "https://security.gentoo.org/glsa/201701-65", + "https://security.gentoo.org/glsa/201707-01", + "https://security.netapp.com/advisory/ntap-20160915-0001/", + "https://security.netapp.com/advisory/ntap-20170119-0001/", + "https://sweet32.info/", + "https://twitter.com/symantec/status/768786631159603200", + "https://usn.ubuntu.com/usn/usn-3087-1", + "https://usn.ubuntu.com/usn/usn-3179-1", + "https://usn.ubuntu.com/usn/usn-3194-1", + "https://usn.ubuntu.com/usn/usn-3198-1", + "https://usn.ubuntu.com/usn/usn-3270-1", + "https://usn.ubuntu.com/usn/usn-3372-1", + "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html", + "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008", + "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/", + "https://www.openssl.org/blog/blog/2016/08/24/sweet32/", + "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "https://www.sigsac.org/ccs/CCS2016/accepted-papers/", + "https://www.suse.com/security/cve/CVE-2016-2183.html", + "https://www.tenable.com/security/tns-2016-16", + "https://www.tenable.com/security/tns-2016-20", + "https://www.tenable.com/security/tns-2016-21", + "https://www.tenable.com/security/tns-2017-09", + "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue" + ], + "PublishedDate": "2016-09-01T00:59:00Z", + "LastModifiedDate": "2019-10-25T11:53:00Z" + }, + { + "VulnerabilityID": "CVE-2016-9074", + "PkgName": "nss", + "InstalledVersion": "3.36.0-8.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9074", + "Title": "nss: Insufficient timing side-channel resistance in divSpoiler", + "Description": "An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 4.3, + "V3Score": 3.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/94341", + "http://www.securitytracker.com/id/1037298", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1293334", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", + "https://security.gentoo.org/glsa/201701-15", + "https://security.gentoo.org/glsa/201701-46", + "https://usn.ubuntu.com/usn/usn-3163-1", + "https://www.debian.org/security/2016/dsa-3730", + "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9074", + "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/", + "https://www.mozilla.org/security/advisories/mfsa2016-89/", + "https://www.mozilla.org/security/advisories/mfsa2016-90/", + "https://www.mozilla.org/security/advisories/mfsa2016-93/" + ], + "PublishedDate": "2018-06-11T21:29:00Z", + "LastModifiedDate": "2018-08-09T15:12:00Z" + }, + { + "VulnerabilityID": "CVE-2016-9574", + "PkgName": "nss", + "InstalledVersion": "3.36.0-8.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9574", + "Title": "nss: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA", + "Description": "nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-384" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + } + }, + "References": [ + "https://bugzilla.mozilla.org/show_bug.cgi?id=1320695", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9574", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9574" + ], + "PublishedDate": "2018-07-19T13:29:00Z", + "LastModifiedDate": "2019-10-09T23:20:00Z" + }, + { + "VulnerabilityID": "CVE-2018-0495", + "PkgName": "nss", + "InstalledVersion": "3.36.0-8.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", + "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", + "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-0495.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://www.securitytracker.com/id/1041144", + "http://www.securitytracker.com/id/1041147", + "https://access.redhat.com/errata/RHSA-2018:3221", + "https://access.redhat.com/errata/RHSA-2018:3505", + "https://access.redhat.com/errata/RHSA-2019:1296", + "https://access.redhat.com/errata/RHSA-2019:1297", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", + "https://dev.gnupg.org/T4011", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", + "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", + "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", + "https://usn.ubuntu.com/3689-1/", + "https://usn.ubuntu.com/3689-2/", + "https://usn.ubuntu.com/3692-1/", + "https://usn.ubuntu.com/3692-2/", + "https://usn.ubuntu.com/3850-1/", + "https://usn.ubuntu.com/3850-2/", + "https://usn.ubuntu.com/usn/usn-3689-1", + "https://usn.ubuntu.com/usn/usn-3689-2", + "https://usn.ubuntu.com/usn/usn-3692-1", + "https://usn.ubuntu.com/usn/usn-3692-2", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2", + "https://www.debian.org/security/2018/dsa-4231", + "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-06-13T23:29:00Z", + "LastModifiedDate": "2019-05-30T18:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12384", + "PkgName": "nss", + "InstalledVersion": "3.36.0-8.el6", + "FixedVersion": "3.36.0-9.el6_10", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12384", + "Title": "nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello", + "Description": "When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-254" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-12384.html", + "http://linux.oracle.com/errata/ELSA-2018-2898.html", + "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12384", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12384", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.5_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.39_release_notes", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2", + "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + ], + "PublishedDate": "2019-04-29T15:29:00Z", + "LastModifiedDate": "2019-10-16T18:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12404", + "PkgName": "nss", + "InstalledVersion": "3.36.0-8.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", + "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", + "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://cat.eyalro.net/", + "http://linux.oracle.com/cve/CVE-2018-12404.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", + "http://www.securityfocus.com/bid/107260", + "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2" + ], + "PublishedDate": "2019-05-02T17:29:00Z", + "LastModifiedDate": "2019-07-20T12:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18508", + "PkgName": "nss", + "InstalledVersion": "3.36.0-8.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18508", + "Title": "nss: NULL pointer dereference in several CMS functions resulting in a denial of service", + "Description": "No description is available for this CVE.", + "Severity": "MEDIUM", + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-18508.html", + "http://linux.oracle.com/errata/ELSA-2019-1951.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.42.1_release_notes", + "https://usn.ubuntu.com/usn/usn-3898-1", + "https://usn.ubuntu.com/usn/usn-3898-2" + ] + }, + { + "VulnerabilityID": "CVE-2011-5094", + "PkgName": "nss", + "InstalledVersion": "3.36.0-8.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-5094", + "Title": "nss: DoS via repeated SSL session renegotiations", + "Description": "** DISPUTED ** Mozilla Network Security Services (NSS) 3.x, with certain settings of the SSL_ENABLE_RENEGOTIATION option, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-1473. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment.", + "Severity": "LOW", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://orchilles.com/2011/03/ssl-renegotiation-dos.html", + "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html", + "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html", + "http://www.ietf.org/mail-archive/web/tls/current/msg07553.html", + "http://www.ietf.org/mail-archive/web/tls/current/msg07564.html", + "http://www.ietf.org/mail-archive/web/tls/current/msg07567.html", + "http://www.ietf.org/mail-archive/web/tls/current/msg07576.html", + "http://www.ietf.org/mail-archive/web/tls/current/msg07577.html", + "http://www.openwall.com/lists/oss-security/2011/07/08/2", + "https://bugzilla.redhat.com/show_bug.cgi?id=707065" + ], + "PublishedDate": "2012-06-16T21:55:00Z", + "LastModifiedDate": "2012-06-18T04:00:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11745", + "PkgName": "nss-softokn", + "InstalledVersion": "3.14.3-23.3.el6_8", + "FixedVersion": "3.44.0-6.el6_10", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", + "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", + "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11745.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", + "https://usn.ubuntu.com/4241-1/", + "https://usn.ubuntu.com/usn/usn-4203-1", + "https://usn.ubuntu.com/usn/usn-4203-2", + "https://usn.ubuntu.com/usn/usn-4216-1", + "https://usn.ubuntu.com/usn/usn-4216-2", + "https://usn.ubuntu.com/usn/usn-4241-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", + "https://www.mozilla.org/security/advisories/mfsa2019-36/", + "https://www.mozilla.org/security/advisories/mfsa2019-37/", + "https://www.mozilla.org/security/advisories/mfsa2019-38/" + ], + "PublishedDate": "2020-01-08T20:15:00Z", + "LastModifiedDate": "2020-01-16T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2015-2613", + "PkgName": "nss-softokn", + "InstalledVersion": "3.14.3-23.3.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2613", + "Title": "NSS / JCE: missing EC parameter validation in ECDH_Derive() (OpenJDK JCE, 8075833)", + "Description": "Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + } + }, + "References": [ + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", + "http://rhn.redhat.com/errata/RHSA-2015-1241.html", + "http://rhn.redhat.com/errata/RHSA-2015-1242.html", + "http://rhn.redhat.com/errata/RHSA-2015-1485.html", + "http://rhn.redhat.com/errata/RHSA-2015-1488.html", + "http://www.debian.org/security/2015/dsa-3316", + "http://www.debian.org/security/2015/dsa-3339", + "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA", + "http://www.securityfocus.com/bid/75871", + "http://www.securitytracker.com/id/1032910", + "http://www.ubuntu.com/usn/USN-2696-1", + "http://www.ubuntu.com/usn/USN-2706-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10139", + "https://security.gentoo.org/glsa/201603-11", + "https://security.gentoo.org/glsa/201603-14", + "https://usn.ubuntu.com/usn/usn-2696-1" + ], + "PublishedDate": "2015-07-16T10:59:00Z", + "LastModifiedDate": "2018-01-05T02:30:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7781", + "PkgName": "nss-softokn", + "InstalledVersion": "3.14.3-23.3.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7781", + "Title": "Mozilla: Elliptic curve point addition error when using mixed Jacobian-affine coordinates (MFSA 2017-18)", + "Description": "An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result \"POINT_AT_INFINITY\" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret. This vulnerability affects Firefox \u003c 55.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "http://www.securityfocus.com/bid/100383", + "http://www.securitytracker.com/id/1039124", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1352039", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7781", + "https://usn.ubuntu.com/usn/usn-3391-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7781", + "https://www.mozilla.org/security/advisories/mfsa2017-18/" + ], + "PublishedDate": "2018-06-11T21:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2016-1938", + "PkgName": "nss-softokn", + "InstalledVersion": "3.14.3-23.3.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1938", + "Title": "Mozilla NSS: Errors in mp_div and mp_exptmod cryptographic functions", + "Description": "The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.", + "Severity": "LOW", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V2Score": 6.4, + "V3Score": 6.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", + "V2Score": 2.6 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html", + "http://www.debian.org/security/2016/dsa-3688", + "http://www.mozilla.org/security/announce/2016/mfsa2016-07.html", + "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "http://www.securityfocus.com/bid/81955", + "http://www.securityfocus.com/bid/91787", + "http://www.securitytracker.com/id/1034825", + "http://www.ubuntu.com/usn/USN-2880-1", + "http://www.ubuntu.com/usn/USN-2880-2", + "http://www.ubuntu.com/usn/USN-2903-1", + "http://www.ubuntu.com/usn/USN-2903-2", + "http://www.ubuntu.com/usn/USN-2973-1", + "https://blog.fuzzing-project.org/37-Mozilla-NSS-Wrong-calculation-results-in-mp_div-and-mp_exptmod.html", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1190248", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1194947", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1938", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes", + "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_div.c", + "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_exptmod.c", + "https://hg.mozilla.org/projects/nss/diff/a555bf0fc23a/lib/freebl/mpi/mpi.c", + "https://security.gentoo.org/glsa/201605-06", + "https://security.gentoo.org/glsa/201701-46", + "https://usn.ubuntu.com/usn/usn-2880-1", + "https://usn.ubuntu.com/usn/usn-2903-1", + "https://usn.ubuntu.com/usn/usn-2973-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2016-07/" + ], + "PublishedDate": "2016-01-31T18:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11745", + "PkgName": "nss-softokn-freebl", + "InstalledVersion": "3.14.3-23.3.el6_8", + "FixedVersion": "3.44.0-6.el6_10", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", + "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", + "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11745.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", + "https://usn.ubuntu.com/4241-1/", + "https://usn.ubuntu.com/usn/usn-4203-1", + "https://usn.ubuntu.com/usn/usn-4203-2", + "https://usn.ubuntu.com/usn/usn-4216-1", + "https://usn.ubuntu.com/usn/usn-4216-2", + "https://usn.ubuntu.com/usn/usn-4241-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", + "https://www.mozilla.org/security/advisories/mfsa2019-36/", + "https://www.mozilla.org/security/advisories/mfsa2019-37/", + "https://www.mozilla.org/security/advisories/mfsa2019-38/" + ], + "PublishedDate": "2020-01-08T20:15:00Z", + "LastModifiedDate": "2020-01-16T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2015-2613", + "PkgName": "nss-softokn-freebl", + "InstalledVersion": "3.14.3-23.3.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2613", + "Title": "NSS / JCE: missing EC parameter validation in ECDH_Derive() (OpenJDK JCE, 8075833)", + "Description": "Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + } + }, + "References": [ + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", + "http://rhn.redhat.com/errata/RHSA-2015-1241.html", + "http://rhn.redhat.com/errata/RHSA-2015-1242.html", + "http://rhn.redhat.com/errata/RHSA-2015-1485.html", + "http://rhn.redhat.com/errata/RHSA-2015-1488.html", + "http://www.debian.org/security/2015/dsa-3316", + "http://www.debian.org/security/2015/dsa-3339", + "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA", + "http://www.securityfocus.com/bid/75871", + "http://www.securitytracker.com/id/1032910", + "http://www.ubuntu.com/usn/USN-2696-1", + "http://www.ubuntu.com/usn/USN-2706-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10139", + "https://security.gentoo.org/glsa/201603-11", + "https://security.gentoo.org/glsa/201603-14", + "https://usn.ubuntu.com/usn/usn-2696-1" + ], + "PublishedDate": "2015-07-16T10:59:00Z", + "LastModifiedDate": "2018-01-05T02:30:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7781", + "PkgName": "nss-softokn-freebl", + "InstalledVersion": "3.14.3-23.3.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7781", + "Title": "Mozilla: Elliptic curve point addition error when using mixed Jacobian-affine coordinates (MFSA 2017-18)", + "Description": "An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result \"POINT_AT_INFINITY\" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret. This vulnerability affects Firefox \u003c 55.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "http://www.securityfocus.com/bid/100383", + "http://www.securitytracker.com/id/1039124", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1352039", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7781", + "https://usn.ubuntu.com/usn/usn-3391-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7781", + "https://www.mozilla.org/security/advisories/mfsa2017-18/" + ], + "PublishedDate": "2018-06-11T21:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2016-1938", + "PkgName": "nss-softokn-freebl", + "InstalledVersion": "3.14.3-23.3.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1938", + "Title": "Mozilla NSS: Errors in mp_div and mp_exptmod cryptographic functions", + "Description": "The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.", + "Severity": "LOW", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V2Score": 6.4, + "V3Score": 6.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", + "V2Score": 2.6 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html", + "http://www.debian.org/security/2016/dsa-3688", + "http://www.mozilla.org/security/announce/2016/mfsa2016-07.html", + "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "http://www.securityfocus.com/bid/81955", + "http://www.securityfocus.com/bid/91787", + "http://www.securitytracker.com/id/1034825", + "http://www.ubuntu.com/usn/USN-2880-1", + "http://www.ubuntu.com/usn/USN-2880-2", + "http://www.ubuntu.com/usn/USN-2903-1", + "http://www.ubuntu.com/usn/USN-2903-2", + "http://www.ubuntu.com/usn/USN-2973-1", + "https://blog.fuzzing-project.org/37-Mozilla-NSS-Wrong-calculation-results-in-mp_div-and-mp_exptmod.html", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1190248", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1194947", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1938", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes", + "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_div.c", + "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_exptmod.c", + "https://hg.mozilla.org/projects/nss/diff/a555bf0fc23a/lib/freebl/mpi/mpi.c", + "https://security.gentoo.org/glsa/201605-06", + "https://security.gentoo.org/glsa/201701-46", + "https://usn.ubuntu.com/usn/usn-2880-1", + "https://usn.ubuntu.com/usn/usn-2903-1", + "https://usn.ubuntu.com/usn/usn-2973-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2016-07/" + ], + "PublishedDate": "2016-01-31T18:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2011-3640", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.36.0-8.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-3640", + "Title": "nss: /pkcs11.txt and /secmod.db files read on initialization", + "Description": "** DISPUTED ** Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was \"Strange behavior, but we're not treating this as a security bug.\"", + "Severity": "HIGH", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", + "V2Score": 9.3 + } + }, + "References": [ + "http://blog.acrossecurity.com/2011/10/google-chrome-pkcs11txt-file-planting.html", + "http://code.google.com/p/chromium/issues/detail?id=97426", + "http://securityreason.com/securityalert/8483", + "https://bugzilla.mozilla.org/show_bug.cgi?id=641052", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3640", + "https://hermes.opensuse.org/messages/13154861", + "https://hermes.opensuse.org/messages/13155432", + "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13414" + ], + "PublishedDate": "2011-10-28T02:49:00Z", + "LastModifiedDate": "2017-09-19T01:34:00Z" + }, + { + "VulnerabilityID": "CVE-2011-3389", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.36.0-8.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-3389", + "Title": "HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)", + "Description": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + } + }, + "References": [ + "http://arcticdog.wordpress.com/2012/08/29/beast-openssl-and-apache/", + "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/", + "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx", + "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx", + "http://curl.haxx.se/docs/adv_20120124B.html", + "http://downloads.asterisk.org/pub/security/AST-2016-001.html", + "http://ekoparty.org/2011/juliano-rizzo.php", + "http://eprint.iacr.org/2004/111", + "http://eprint.iacr.org/2006/136", + "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html", + "http://isc.sans.edu/diary/SSL+TLS+part+3+/11635", + "http://linux.oracle.com/cve/CVE-2011-3389.html", + "http://linux.oracle.com/errata/ELSA-2011-1380.html", + "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html", + "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html", + "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html", + "http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html", + "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html", + "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html", + "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html", + "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html", + "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html", + "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html", + "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2", + "http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue", + "http://osvdb.org/74829", + "http://rhn.redhat.com/errata/RHSA-2012-0508.html", + "http://rhn.redhat.com/errata/RHSA-2013-1455.html", + "http://secunia.com/advisories/45791", + "http://secunia.com/advisories/47998", + "http://secunia.com/advisories/48256", + "http://secunia.com/advisories/48692", + "http://secunia.com/advisories/48915", + "http://secunia.com/advisories/48948", + "http://secunia.com/advisories/49198", + "http://secunia.com/advisories/55322", + "http://secunia.com/advisories/55350", + "http://secunia.com/advisories/55351", + "http://security.gentoo.org/glsa/glsa-201203-02.xml", + "http://security.gentoo.org/glsa/glsa-201406-32.xml", + "http://support.apple.com/kb/HT4999", + "http://support.apple.com/kb/HT5001", + "http://support.apple.com/kb/HT5130", + "http://support.apple.com/kb/HT5281", + "http://support.apple.com/kb/HT5501", + "http://support.apple.com/kb/HT6150", + "http://technet.microsoft.com/security/advisory/2588513", + "http://vnhacker.blogspot.com/2011/09/beast.html", + "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf", + "http://www.debian.org/security/2012/dsa-2398", + "http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html", + "http://www.ibm.com/developerworks/java/jdk/alerts/", + "http://www.imperialviolet.org/2011/09/23/chromeandbeast.html", + "http://www.insecure.cl/Beast-SSL.rar", + "http://www.kb.cert.org/vuls/id/864643", + "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058", + "http://www.opera.com/docs/changelogs/mac/1151/", + "http://www.opera.com/docs/changelogs/mac/1160/", + "http://www.opera.com/docs/changelogs/unix/1151/", + "http://www.opera.com/docs/changelogs/unix/1160/", + "http://www.opera.com/docs/changelogs/windows/1151/", + "http://www.opera.com/docs/changelogs/windows/1160/", + "http://www.opera.com/support/kb/view/1004/", + "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", + "http://www.redhat.com/support/errata/RHSA-2011-1384.html", + "http://www.redhat.com/support/errata/RHSA-2012-0006.html", + "http://www.securityfocus.com/bid/49388", + "http://www.securityfocus.com/bid/49778", + "http://www.securitytracker.com/id/1029190", + "http://www.securitytracker.com/id?1025997", + "http://www.securitytracker.com/id?1026103", + "http://www.securitytracker.com/id?1026704", + "http://www.ubuntu.com/usn/USN-1263-1", + "http://www.us-cert.gov/cas/techalerts/TA12-010A.html", + "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail", + "https://bugzilla.novell.com/show_bug.cgi?id=719047", + "https://bugzilla.redhat.com/show_bug.cgi?id=737506", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389", + "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006", + "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862", + "https://hermes.opensuse.org/messages/13154861", + "https://hermes.opensuse.org/messages/13155432", + "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", + "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752", + "https://usn.ubuntu.com/usn/usn-1263-1" + ], + "PublishedDate": "2011-09-06T19:55:00Z", + "LastModifiedDate": "2018-10-12T22:01:00Z" + }, + { + "VulnerabilityID": "CVE-2013-2566", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.36.0-8.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-2566", + "Title": "SSL/TLS: Attack against RC4 stream cipher", + "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + } + }, + "References": [ + "http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html", + "http://cr.yp.to/talks/2013.03.12/slides.pdf", + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", + "http://marc.info/?l=bugtraq\u0026m=143039468003789\u0026w=2", + "http://my.opera.com/securitygroup/blog/2013/03/20/on-the-precariousness-of-rc4", + "http://security.gentoo.org/glsa/glsa-201406-19.xml", + "http://www.isg.rhul.ac.uk/tls/", + "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html", + "http://www.opera.com/docs/changelogs/unified/1215/", + "http://www.opera.com/security/advisory/1046", + "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", + "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "http://www.securityfocus.com/bid/58796", + "http://www.ubuntu.com/usn/USN-2031-1", + "http://www.ubuntu.com/usn/USN-2032-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2566", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", + "https://security.gentoo.org/glsa/201504-01", + "https://usn.ubuntu.com/usn/usn-2031-1", + "https://usn.ubuntu.com/usn/usn-2032-1" + ], + "PublishedDate": "2013-03-15T21:55:00Z", + "LastModifiedDate": "2018-01-18T18:18:00Z" + }, + { + "VulnerabilityID": "CVE-2015-2808", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.36.0-8.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2808", + "Title": "SSL/TLS: \"Invariance Weakness\" vulnerability in RC4 stream cipher", + "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + } + }, + "References": [ + "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", + "http://linux.oracle.com/cve/CVE-2015-2808.html", + "http://linux.oracle.com/errata/ELSA-2015-1526.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html", + "http://marc.info/?l=bugtraq\u0026m=143456209711959\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143629696317098\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144059660127919\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144059703728085\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144104565600964\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2", + "http://rhn.redhat.com/errata/RHSA-2015-1006.html", + "http://rhn.redhat.com/errata/RHSA-2015-1007.html", + "http://rhn.redhat.com/errata/RHSA-2015-1020.html", + "http://rhn.redhat.com/errata/RHSA-2015-1021.html", + "http://rhn.redhat.com/errata/RHSA-2015-1091.html", + "http://rhn.redhat.com/errata/RHSA-2015-1228.html", + "http://rhn.redhat.com/errata/RHSA-2015-1229.html", + "http://rhn.redhat.com/errata/RHSA-2015-1230.html", + "http://rhn.redhat.com/errata/RHSA-2015-1241.html", + "http://rhn.redhat.com/errata/RHSA-2015-1242.html", + "http://rhn.redhat.com/errata/RHSA-2015-1243.html", + "http://rhn.redhat.com/errata/RHSA-2015-1526.html", + "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888", + "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892", + "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", + "http://www-304.ibm.com/support/docview.wss?uid=swg21903565", + "http://www-304.ibm.com/support/docview.wss?uid=swg21960015", + "http://www-304.ibm.com/support/docview.wss?uid=swg21960769", + "http://www.debian.org/security/2015/dsa-3316", + "http://www.debian.org/security/2015/dsa-3339", + "http://www.huawei.com/en/psirt/security-advisories/hw-454055", + "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", + "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", + "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "http://www.securityfocus.com/bid/73684", + "http://www.securityfocus.com/bid/91787", + "http://www.securitytracker.com/id/1032599", + "http://www.securitytracker.com/id/1032600", + "http://www.securitytracker.com/id/1032707", + "http://www.securitytracker.com/id/1032708", + "http://www.securitytracker.com/id/1032734", + "http://www.securitytracker.com/id/1032788", + "http://www.securitytracker.com/id/1032858", + "http://www.securitytracker.com/id/1032868", + "http://www.securitytracker.com/id/1032910", + "http://www.securitytracker.com/id/1032990", + "http://www.securitytracker.com/id/1033071", + "http://www.securitytracker.com/id/1033072", + "http://www.securitytracker.com/id/1033386", + "http://www.securitytracker.com/id/1033415", + "http://www.securitytracker.com/id/1033431", + "http://www.securitytracker.com/id/1033432", + "http://www.securitytracker.com/id/1033737", + "http://www.securitytracker.com/id/1033769", + "http://www.securitytracker.com/id/1036222", + "http://www.ubuntu.com/usn/USN-2696-1", + "http://www.ubuntu.com/usn/USN-2706-1", + "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808", + "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789", + "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650", + "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", + "https://kb.juniper.net/JSA10783", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163", + "https://security.gentoo.org/glsa/201512-10", + "https://usn.ubuntu.com/usn/usn-2696-1", + "https://usn.ubuntu.com/usn/usn-2706-1", + "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709", + "https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf" + ], + "PublishedDate": "2015-04-01T02:00:00Z", + "LastModifiedDate": "2018-01-18T18:18:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2183", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.36.0-8.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2183", + "Title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)", + "Description": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 4.3, + "V3Score": 3.7 + } + }, + "References": [ + "http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/5d2bb853ae31", + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759", + "http://linux.oracle.com/cve/CVE-2016-2183.html", + "http://linux.oracle.com/errata/ELSA-2018-2123.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", + "http://rhn.redhat.com/errata/RHSA-2017-0336.html", + "http://rhn.redhat.com/errata/RHSA-2017-0337.html", + "http://rhn.redhat.com/errata/RHSA-2017-0338.html", + "http://rhn.redhat.com/errata/RHSA-2017-0462.html", + "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697", + "http://www-01.ibm.com/support/docview.wss?uid=swg21991482", + "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", + "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", + "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", + "http://www.securityfocus.com/bid/92630", + "http://www.securityfocus.com/bid/95568", + "http://www.securitytracker.com/id/1036696", + "http://www.splunk.com/view/SP-CAAAPSV", + "http://www.splunk.com/view/SP-CAAAPUE", + "https://access.redhat.com/articles/2548661", + "https://access.redhat.com/errata/RHSA-2016:1940", + "https://access.redhat.com/errata/RHSA-2017:1216", + "https://access.redhat.com/errata/RHSA-2017:2708", + "https://access.redhat.com/errata/RHSA-2017:2709", + "https://access.redhat.com/errata/RHSA-2017:2710", + "https://access.redhat.com/errata/RHSA-2017:3113", + "https://access.redhat.com/errata/RHSA-2017:3114", + "https://access.redhat.com/errata/RHSA-2017:3239", + "https://access.redhat.com/errata/RHSA-2017:3240", + "https://access.redhat.com/errata/RHSA-2018:2123", + "https://access.redhat.com/errata/RHSA-2019:1245", + "https://access.redhat.com/errata/RHSA-2019:2859", + "https://access.redhat.com/security/cve/cve-2016-2183", + "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/", + "https://bto.bluecoat.com/security-advisory/sa133", + "https://bugzilla.redhat.com/show_bug.cgi?id=1369383", + "https://community.qualys.com/thread/16555", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183", + "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633", + "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03765en_us", + "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849", + "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", + "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171", + "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/", + "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", + "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvb05575", + "https://security-tracker.debian.org/tracker/CVE-2016-2183", + "https://security.gentoo.org/glsa/201612-16", + "https://security.gentoo.org/glsa/201701-65", + "https://security.gentoo.org/glsa/201707-01", + "https://security.netapp.com/advisory/ntap-20160915-0001/", + "https://security.netapp.com/advisory/ntap-20170119-0001/", + "https://sweet32.info/", + "https://twitter.com/symantec/status/768786631159603200", + "https://usn.ubuntu.com/usn/usn-3087-1", + "https://usn.ubuntu.com/usn/usn-3179-1", + "https://usn.ubuntu.com/usn/usn-3194-1", + "https://usn.ubuntu.com/usn/usn-3198-1", + "https://usn.ubuntu.com/usn/usn-3270-1", + "https://usn.ubuntu.com/usn/usn-3372-1", + "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html", + "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008", + "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/", + "https://www.openssl.org/blog/blog/2016/08/24/sweet32/", + "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "https://www.sigsac.org/ccs/CCS2016/accepted-papers/", + "https://www.suse.com/security/cve/CVE-2016-2183.html", + "https://www.tenable.com/security/tns-2016-16", + "https://www.tenable.com/security/tns-2016-20", + "https://www.tenable.com/security/tns-2016-21", + "https://www.tenable.com/security/tns-2017-09", + "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue" + ], + "PublishedDate": "2016-09-01T00:59:00Z", + "LastModifiedDate": "2019-10-25T11:53:00Z" + }, + { + "VulnerabilityID": "CVE-2016-9074", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.36.0-8.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9074", + "Title": "nss: Insufficient timing side-channel resistance in divSpoiler", + "Description": "An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 4.3, + "V3Score": 3.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/94341", + "http://www.securitytracker.com/id/1037298", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1293334", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", + "https://security.gentoo.org/glsa/201701-15", + "https://security.gentoo.org/glsa/201701-46", + "https://usn.ubuntu.com/usn/usn-3163-1", + "https://www.debian.org/security/2016/dsa-3730", + "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9074", + "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/", + "https://www.mozilla.org/security/advisories/mfsa2016-89/", + "https://www.mozilla.org/security/advisories/mfsa2016-90/", + "https://www.mozilla.org/security/advisories/mfsa2016-93/" + ], + "PublishedDate": "2018-06-11T21:29:00Z", + "LastModifiedDate": "2018-08-09T15:12:00Z" + }, + { + "VulnerabilityID": "CVE-2016-9574", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.36.0-8.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9574", + "Title": "nss: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA", + "Description": "nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-384" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + } + }, + "References": [ + "https://bugzilla.mozilla.org/show_bug.cgi?id=1320695", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9574", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9574" + ], + "PublishedDate": "2018-07-19T13:29:00Z", + "LastModifiedDate": "2019-10-09T23:20:00Z" + }, + { + "VulnerabilityID": "CVE-2018-0495", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.36.0-8.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", + "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", + "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-0495.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://www.securitytracker.com/id/1041144", + "http://www.securitytracker.com/id/1041147", + "https://access.redhat.com/errata/RHSA-2018:3221", + "https://access.redhat.com/errata/RHSA-2018:3505", + "https://access.redhat.com/errata/RHSA-2019:1296", + "https://access.redhat.com/errata/RHSA-2019:1297", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", + "https://dev.gnupg.org/T4011", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", + "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", + "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", + "https://usn.ubuntu.com/3689-1/", + "https://usn.ubuntu.com/3689-2/", + "https://usn.ubuntu.com/3692-1/", + "https://usn.ubuntu.com/3692-2/", + "https://usn.ubuntu.com/3850-1/", + "https://usn.ubuntu.com/3850-2/", + "https://usn.ubuntu.com/usn/usn-3689-1", + "https://usn.ubuntu.com/usn/usn-3689-2", + "https://usn.ubuntu.com/usn/usn-3692-1", + "https://usn.ubuntu.com/usn/usn-3692-2", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2", + "https://www.debian.org/security/2018/dsa-4231", + "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-06-13T23:29:00Z", + "LastModifiedDate": "2019-05-30T18:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12384", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.36.0-8.el6", + "FixedVersion": "3.36.0-9.el6_10", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12384", + "Title": "nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello", + "Description": "When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-254" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-12384.html", + "http://linux.oracle.com/errata/ELSA-2018-2898.html", + "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12384", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12384", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.5_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.39_release_notes", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2", + "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + ], + "PublishedDate": "2019-04-29T15:29:00Z", + "LastModifiedDate": "2019-10-16T18:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12404", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.36.0-8.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", + "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", + "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://cat.eyalro.net/", + "http://linux.oracle.com/cve/CVE-2018-12404.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", + "http://www.securityfocus.com/bid/107260", + "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2" + ], + "PublishedDate": "2019-05-02T17:29:00Z", + "LastModifiedDate": "2019-07-20T12:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18508", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.36.0-8.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18508", + "Title": "nss: NULL pointer dereference in several CMS functions resulting in a denial of service", + "Description": "No description is available for this CVE.", + "Severity": "MEDIUM", + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-18508.html", + "http://linux.oracle.com/errata/ELSA-2019-1951.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.42.1_release_notes", + "https://usn.ubuntu.com/usn/usn-3898-1", + "https://usn.ubuntu.com/usn/usn-3898-2" + ] + }, + { + "VulnerabilityID": "CVE-2011-5094", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.36.0-8.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-5094", + "Title": "nss: DoS via repeated SSL session renegotiations", + "Description": "** DISPUTED ** Mozilla Network Security Services (NSS) 3.x, with certain settings of the SSL_ENABLE_RENEGOTIATION option, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-1473. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment.", + "Severity": "LOW", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://orchilles.com/2011/03/ssl-renegotiation-dos.html", + "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html", + "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html", + "http://www.ietf.org/mail-archive/web/tls/current/msg07553.html", + "http://www.ietf.org/mail-archive/web/tls/current/msg07564.html", + "http://www.ietf.org/mail-archive/web/tls/current/msg07567.html", + "http://www.ietf.org/mail-archive/web/tls/current/msg07576.html", + "http://www.ietf.org/mail-archive/web/tls/current/msg07577.html", + "http://www.openwall.com/lists/oss-security/2011/07/08/2", + "https://bugzilla.redhat.com/show_bug.cgi?id=707065" + ], + "PublishedDate": "2012-06-16T21:55:00Z", + "LastModifiedDate": "2012-06-18T04:00:00Z" + }, + { + "VulnerabilityID": "CVE-2011-3640", + "PkgName": "nss-tools", + "InstalledVersion": "3.36.0-8.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-3640", + "Title": "nss: /pkcs11.txt and /secmod.db files read on initialization", + "Description": "** DISPUTED ** Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was \"Strange behavior, but we're not treating this as a security bug.\"", + "Severity": "HIGH", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", + "V2Score": 9.3 + } + }, + "References": [ + "http://blog.acrossecurity.com/2011/10/google-chrome-pkcs11txt-file-planting.html", + "http://code.google.com/p/chromium/issues/detail?id=97426", + "http://securityreason.com/securityalert/8483", + "https://bugzilla.mozilla.org/show_bug.cgi?id=641052", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3640", + "https://hermes.opensuse.org/messages/13154861", + "https://hermes.opensuse.org/messages/13155432", + "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13414" + ], + "PublishedDate": "2011-10-28T02:49:00Z", + "LastModifiedDate": "2017-09-19T01:34:00Z" + }, + { + "VulnerabilityID": "CVE-2011-3389", + "PkgName": "nss-tools", + "InstalledVersion": "3.36.0-8.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-3389", + "Title": "HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)", + "Description": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + } + }, + "References": [ + "http://arcticdog.wordpress.com/2012/08/29/beast-openssl-and-apache/", + "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/", + "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx", + "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx", + "http://curl.haxx.se/docs/adv_20120124B.html", + "http://downloads.asterisk.org/pub/security/AST-2016-001.html", + "http://ekoparty.org/2011/juliano-rizzo.php", + "http://eprint.iacr.org/2004/111", + "http://eprint.iacr.org/2006/136", + "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html", + "http://isc.sans.edu/diary/SSL+TLS+part+3+/11635", + "http://linux.oracle.com/cve/CVE-2011-3389.html", + "http://linux.oracle.com/errata/ELSA-2011-1380.html", + "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html", + "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html", + "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html", + "http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html", + "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html", + "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html", + "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html", + "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html", + "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html", + "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html", + "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2", + "http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue", + "http://osvdb.org/74829", + "http://rhn.redhat.com/errata/RHSA-2012-0508.html", + "http://rhn.redhat.com/errata/RHSA-2013-1455.html", + "http://secunia.com/advisories/45791", + "http://secunia.com/advisories/47998", + "http://secunia.com/advisories/48256", + "http://secunia.com/advisories/48692", + "http://secunia.com/advisories/48915", + "http://secunia.com/advisories/48948", + "http://secunia.com/advisories/49198", + "http://secunia.com/advisories/55322", + "http://secunia.com/advisories/55350", + "http://secunia.com/advisories/55351", + "http://security.gentoo.org/glsa/glsa-201203-02.xml", + "http://security.gentoo.org/glsa/glsa-201406-32.xml", + "http://support.apple.com/kb/HT4999", + "http://support.apple.com/kb/HT5001", + "http://support.apple.com/kb/HT5130", + "http://support.apple.com/kb/HT5281", + "http://support.apple.com/kb/HT5501", + "http://support.apple.com/kb/HT6150", + "http://technet.microsoft.com/security/advisory/2588513", + "http://vnhacker.blogspot.com/2011/09/beast.html", + "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf", + "http://www.debian.org/security/2012/dsa-2398", + "http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html", + "http://www.ibm.com/developerworks/java/jdk/alerts/", + "http://www.imperialviolet.org/2011/09/23/chromeandbeast.html", + "http://www.insecure.cl/Beast-SSL.rar", + "http://www.kb.cert.org/vuls/id/864643", + "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058", + "http://www.opera.com/docs/changelogs/mac/1151/", + "http://www.opera.com/docs/changelogs/mac/1160/", + "http://www.opera.com/docs/changelogs/unix/1151/", + "http://www.opera.com/docs/changelogs/unix/1160/", + "http://www.opera.com/docs/changelogs/windows/1151/", + "http://www.opera.com/docs/changelogs/windows/1160/", + "http://www.opera.com/support/kb/view/1004/", + "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", + "http://www.redhat.com/support/errata/RHSA-2011-1384.html", + "http://www.redhat.com/support/errata/RHSA-2012-0006.html", + "http://www.securityfocus.com/bid/49388", + "http://www.securityfocus.com/bid/49778", + "http://www.securitytracker.com/id/1029190", + "http://www.securitytracker.com/id?1025997", + "http://www.securitytracker.com/id?1026103", + "http://www.securitytracker.com/id?1026704", + "http://www.ubuntu.com/usn/USN-1263-1", + "http://www.us-cert.gov/cas/techalerts/TA12-010A.html", + "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail", + "https://bugzilla.novell.com/show_bug.cgi?id=719047", + "https://bugzilla.redhat.com/show_bug.cgi?id=737506", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389", + "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006", + "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862", + "https://hermes.opensuse.org/messages/13154861", + "https://hermes.opensuse.org/messages/13155432", + "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", + "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752", + "https://usn.ubuntu.com/usn/usn-1263-1" + ], + "PublishedDate": "2011-09-06T19:55:00Z", + "LastModifiedDate": "2018-10-12T22:01:00Z" + }, + { + "VulnerabilityID": "CVE-2013-2566", + "PkgName": "nss-tools", + "InstalledVersion": "3.36.0-8.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-2566", + "Title": "SSL/TLS: Attack against RC4 stream cipher", + "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + } + }, + "References": [ + "http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html", + "http://cr.yp.to/talks/2013.03.12/slides.pdf", + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", + "http://marc.info/?l=bugtraq\u0026m=143039468003789\u0026w=2", + "http://my.opera.com/securitygroup/blog/2013/03/20/on-the-precariousness-of-rc4", + "http://security.gentoo.org/glsa/glsa-201406-19.xml", + "http://www.isg.rhul.ac.uk/tls/", + "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html", + "http://www.opera.com/docs/changelogs/unified/1215/", + "http://www.opera.com/security/advisory/1046", + "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", + "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "http://www.securityfocus.com/bid/58796", + "http://www.ubuntu.com/usn/USN-2031-1", + "http://www.ubuntu.com/usn/USN-2032-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2566", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", + "https://security.gentoo.org/glsa/201504-01", + "https://usn.ubuntu.com/usn/usn-2031-1", + "https://usn.ubuntu.com/usn/usn-2032-1" + ], + "PublishedDate": "2013-03-15T21:55:00Z", + "LastModifiedDate": "2018-01-18T18:18:00Z" + }, + { + "VulnerabilityID": "CVE-2015-2808", + "PkgName": "nss-tools", + "InstalledVersion": "3.36.0-8.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2808", + "Title": "SSL/TLS: \"Invariance Weakness\" vulnerability in RC4 stream cipher", + "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + } + }, + "References": [ + "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", + "http://linux.oracle.com/cve/CVE-2015-2808.html", + "http://linux.oracle.com/errata/ELSA-2015-1526.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html", + "http://marc.info/?l=bugtraq\u0026m=143456209711959\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143629696317098\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144059660127919\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144059703728085\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144104565600964\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2", + "http://rhn.redhat.com/errata/RHSA-2015-1006.html", + "http://rhn.redhat.com/errata/RHSA-2015-1007.html", + "http://rhn.redhat.com/errata/RHSA-2015-1020.html", + "http://rhn.redhat.com/errata/RHSA-2015-1021.html", + "http://rhn.redhat.com/errata/RHSA-2015-1091.html", + "http://rhn.redhat.com/errata/RHSA-2015-1228.html", + "http://rhn.redhat.com/errata/RHSA-2015-1229.html", + "http://rhn.redhat.com/errata/RHSA-2015-1230.html", + "http://rhn.redhat.com/errata/RHSA-2015-1241.html", + "http://rhn.redhat.com/errata/RHSA-2015-1242.html", + "http://rhn.redhat.com/errata/RHSA-2015-1243.html", + "http://rhn.redhat.com/errata/RHSA-2015-1526.html", + "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888", + "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892", + "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", + "http://www-304.ibm.com/support/docview.wss?uid=swg21903565", + "http://www-304.ibm.com/support/docview.wss?uid=swg21960015", + "http://www-304.ibm.com/support/docview.wss?uid=swg21960769", + "http://www.debian.org/security/2015/dsa-3316", + "http://www.debian.org/security/2015/dsa-3339", + "http://www.huawei.com/en/psirt/security-advisories/hw-454055", + "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", + "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", + "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "http://www.securityfocus.com/bid/73684", + "http://www.securityfocus.com/bid/91787", + "http://www.securitytracker.com/id/1032599", + "http://www.securitytracker.com/id/1032600", + "http://www.securitytracker.com/id/1032707", + "http://www.securitytracker.com/id/1032708", + "http://www.securitytracker.com/id/1032734", + "http://www.securitytracker.com/id/1032788", + "http://www.securitytracker.com/id/1032858", + "http://www.securitytracker.com/id/1032868", + "http://www.securitytracker.com/id/1032910", + "http://www.securitytracker.com/id/1032990", + "http://www.securitytracker.com/id/1033071", + "http://www.securitytracker.com/id/1033072", + "http://www.securitytracker.com/id/1033386", + "http://www.securitytracker.com/id/1033415", + "http://www.securitytracker.com/id/1033431", + "http://www.securitytracker.com/id/1033432", + "http://www.securitytracker.com/id/1033737", + "http://www.securitytracker.com/id/1033769", + "http://www.securitytracker.com/id/1036222", + "http://www.ubuntu.com/usn/USN-2696-1", + "http://www.ubuntu.com/usn/USN-2706-1", + "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808", + "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789", + "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650", + "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", + "https://kb.juniper.net/JSA10783", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163", + "https://security.gentoo.org/glsa/201512-10", + "https://usn.ubuntu.com/usn/usn-2696-1", + "https://usn.ubuntu.com/usn/usn-2706-1", + "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709", + "https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf" + ], + "PublishedDate": "2015-04-01T02:00:00Z", + "LastModifiedDate": "2018-01-18T18:18:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2183", + "PkgName": "nss-tools", + "InstalledVersion": "3.36.0-8.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2183", + "Title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)", + "Description": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 4.3, + "V3Score": 3.7 + } + }, + "References": [ + "http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/5d2bb853ae31", + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759", + "http://linux.oracle.com/cve/CVE-2016-2183.html", + "http://linux.oracle.com/errata/ELSA-2018-2123.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", + "http://rhn.redhat.com/errata/RHSA-2017-0336.html", + "http://rhn.redhat.com/errata/RHSA-2017-0337.html", + "http://rhn.redhat.com/errata/RHSA-2017-0338.html", + "http://rhn.redhat.com/errata/RHSA-2017-0462.html", + "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697", + "http://www-01.ibm.com/support/docview.wss?uid=swg21991482", + "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", + "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", + "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", + "http://www.securityfocus.com/bid/92630", + "http://www.securityfocus.com/bid/95568", + "http://www.securitytracker.com/id/1036696", + "http://www.splunk.com/view/SP-CAAAPSV", + "http://www.splunk.com/view/SP-CAAAPUE", + "https://access.redhat.com/articles/2548661", + "https://access.redhat.com/errata/RHSA-2016:1940", + "https://access.redhat.com/errata/RHSA-2017:1216", + "https://access.redhat.com/errata/RHSA-2017:2708", + "https://access.redhat.com/errata/RHSA-2017:2709", + "https://access.redhat.com/errata/RHSA-2017:2710", + "https://access.redhat.com/errata/RHSA-2017:3113", + "https://access.redhat.com/errata/RHSA-2017:3114", + "https://access.redhat.com/errata/RHSA-2017:3239", + "https://access.redhat.com/errata/RHSA-2017:3240", + "https://access.redhat.com/errata/RHSA-2018:2123", + "https://access.redhat.com/errata/RHSA-2019:1245", + "https://access.redhat.com/errata/RHSA-2019:2859", + "https://access.redhat.com/security/cve/cve-2016-2183", + "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/", + "https://bto.bluecoat.com/security-advisory/sa133", + "https://bugzilla.redhat.com/show_bug.cgi?id=1369383", + "https://community.qualys.com/thread/16555", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183", + "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633", + "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03765en_us", + "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849", + "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", + "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171", + "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/", + "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", + "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvb05575", + "https://security-tracker.debian.org/tracker/CVE-2016-2183", + "https://security.gentoo.org/glsa/201612-16", + "https://security.gentoo.org/glsa/201701-65", + "https://security.gentoo.org/glsa/201707-01", + "https://security.netapp.com/advisory/ntap-20160915-0001/", + "https://security.netapp.com/advisory/ntap-20170119-0001/", + "https://sweet32.info/", + "https://twitter.com/symantec/status/768786631159603200", + "https://usn.ubuntu.com/usn/usn-3087-1", + "https://usn.ubuntu.com/usn/usn-3179-1", + "https://usn.ubuntu.com/usn/usn-3194-1", + "https://usn.ubuntu.com/usn/usn-3198-1", + "https://usn.ubuntu.com/usn/usn-3270-1", + "https://usn.ubuntu.com/usn/usn-3372-1", + "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html", + "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008", + "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/", + "https://www.openssl.org/blog/blog/2016/08/24/sweet32/", + "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "https://www.sigsac.org/ccs/CCS2016/accepted-papers/", + "https://www.suse.com/security/cve/CVE-2016-2183.html", + "https://www.tenable.com/security/tns-2016-16", + "https://www.tenable.com/security/tns-2016-20", + "https://www.tenable.com/security/tns-2016-21", + "https://www.tenable.com/security/tns-2017-09", + "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue" + ], + "PublishedDate": "2016-09-01T00:59:00Z", + "LastModifiedDate": "2019-10-25T11:53:00Z" + }, + { + "VulnerabilityID": "CVE-2016-9074", + "PkgName": "nss-tools", + "InstalledVersion": "3.36.0-8.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9074", + "Title": "nss: Insufficient timing side-channel resistance in divSpoiler", + "Description": "An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 4.3, + "V3Score": 3.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/94341", + "http://www.securitytracker.com/id/1037298", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1293334", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", + "https://security.gentoo.org/glsa/201701-15", + "https://security.gentoo.org/glsa/201701-46", + "https://usn.ubuntu.com/usn/usn-3163-1", + "https://www.debian.org/security/2016/dsa-3730", + "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9074", + "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/", + "https://www.mozilla.org/security/advisories/mfsa2016-89/", + "https://www.mozilla.org/security/advisories/mfsa2016-90/", + "https://www.mozilla.org/security/advisories/mfsa2016-93/" + ], + "PublishedDate": "2018-06-11T21:29:00Z", + "LastModifiedDate": "2018-08-09T15:12:00Z" + }, + { + "VulnerabilityID": "CVE-2016-9574", + "PkgName": "nss-tools", + "InstalledVersion": "3.36.0-8.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9574", + "Title": "nss: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA", + "Description": "nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-384" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + } + }, + "References": [ + "https://bugzilla.mozilla.org/show_bug.cgi?id=1320695", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9574", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9574" + ], + "PublishedDate": "2018-07-19T13:29:00Z", + "LastModifiedDate": "2019-10-09T23:20:00Z" + }, + { + "VulnerabilityID": "CVE-2018-0495", + "PkgName": "nss-tools", + "InstalledVersion": "3.36.0-8.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", + "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", + "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-0495.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://www.securitytracker.com/id/1041144", + "http://www.securitytracker.com/id/1041147", + "https://access.redhat.com/errata/RHSA-2018:3221", + "https://access.redhat.com/errata/RHSA-2018:3505", + "https://access.redhat.com/errata/RHSA-2019:1296", + "https://access.redhat.com/errata/RHSA-2019:1297", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", + "https://dev.gnupg.org/T4011", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", + "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", + "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", + "https://usn.ubuntu.com/3689-1/", + "https://usn.ubuntu.com/3689-2/", + "https://usn.ubuntu.com/3692-1/", + "https://usn.ubuntu.com/3692-2/", + "https://usn.ubuntu.com/3850-1/", + "https://usn.ubuntu.com/3850-2/", + "https://usn.ubuntu.com/usn/usn-3689-1", + "https://usn.ubuntu.com/usn/usn-3689-2", + "https://usn.ubuntu.com/usn/usn-3692-1", + "https://usn.ubuntu.com/usn/usn-3692-2", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2", + "https://www.debian.org/security/2018/dsa-4231", + "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-06-13T23:29:00Z", + "LastModifiedDate": "2019-05-30T18:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12384", + "PkgName": "nss-tools", + "InstalledVersion": "3.36.0-8.el6", + "FixedVersion": "3.36.0-9.el6_10", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12384", + "Title": "nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello", + "Description": "When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-254" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-12384.html", + "http://linux.oracle.com/errata/ELSA-2018-2898.html", + "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12384", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12384", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.5_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.39_release_notes", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2", + "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + ], + "PublishedDate": "2019-04-29T15:29:00Z", + "LastModifiedDate": "2019-10-16T18:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12404", + "PkgName": "nss-tools", + "InstalledVersion": "3.36.0-8.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", + "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", + "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://cat.eyalro.net/", + "http://linux.oracle.com/cve/CVE-2018-12404.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", + "http://www.securityfocus.com/bid/107260", + "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2" + ], + "PublishedDate": "2019-05-02T17:29:00Z", + "LastModifiedDate": "2019-07-20T12:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18508", + "PkgName": "nss-tools", + "InstalledVersion": "3.36.0-8.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18508", + "Title": "nss: NULL pointer dereference in several CMS functions resulting in a denial of service", + "Description": "No description is available for this CVE.", + "Severity": "MEDIUM", + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-18508.html", + "http://linux.oracle.com/errata/ELSA-2019-1951.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.42.1_release_notes", + "https://usn.ubuntu.com/usn/usn-3898-1", + "https://usn.ubuntu.com/usn/usn-3898-2" + ] + }, + { + "VulnerabilityID": "CVE-2011-5094", + "PkgName": "nss-tools", + "InstalledVersion": "3.36.0-8.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-5094", + "Title": "nss: DoS via repeated SSL session renegotiations", + "Description": "** DISPUTED ** Mozilla Network Security Services (NSS) 3.x, with certain settings of the SSL_ENABLE_RENEGOTIATION option, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-1473. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment.", + "Severity": "LOW", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://orchilles.com/2011/03/ssl-renegotiation-dos.html", + "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html", + "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html", + "http://www.ietf.org/mail-archive/web/tls/current/msg07553.html", + "http://www.ietf.org/mail-archive/web/tls/current/msg07564.html", + "http://www.ietf.org/mail-archive/web/tls/current/msg07567.html", + "http://www.ietf.org/mail-archive/web/tls/current/msg07576.html", + "http://www.ietf.org/mail-archive/web/tls/current/msg07577.html", + "http://www.openwall.com/lists/oss-security/2011/07/08/2", + "https://bugzilla.redhat.com/show_bug.cgi?id=707065" + ], + "PublishedDate": "2012-06-16T21:55:00Z", + "LastModifiedDate": "2012-06-18T04:00:00Z" + }, + { + "VulnerabilityID": "CVE-2009-3767", + "PkgName": "openldap", + "InstalledVersion": "2.4.40-16.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2009-3767", + "Title": "OpenLDAP: Doesn't properly handle NULL character in subject Common Name", + "Description": "libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", + "V2Score": 2.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2009-3767.html", + "http://linux.oracle.com/errata/ELSA-2010-0198.html", + "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036138.html", + "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html", + "http://marc.info/?l=oss-security\u0026m=125198917018936\u0026w=2", + "http://marc.info/?l=oss-security\u0026m=125369675820512\u0026w=2", + "http://secunia.com/advisories/38769", + "http://secunia.com/advisories/40677", + "http://security.gentoo.org/glsa/glsa-201406-36.xml", + "http://support.apple.com/kb/HT3937", + "http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_o.c.diff?r1=1.8\u0026r2=1.11\u0026f=h", + "http://www.redhat.com/support/errata/RHSA-2010-0543.html", + "http://www.redhat.com/support/errata/RHSA-2011-0896.html", + "http://www.vupen.com/english/advisories/2009/3056", + "http://www.vupen.com/english/advisories/2010/1858", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3767", + "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11178", + "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7274" + ], + "PublishedDate": "2009-10-23T19:30:00Z", + "LastModifiedDate": "2017-09-19T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-1546", + "PkgName": "openldap", + "InstalledVersion": "2.4.40-16.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1546", + "Title": "openldap: slapd crash in valueReturnFilter cleanup", + "Description": "Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matched values control.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + } + }, + "References": [ + "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html", + "http://lists.opensuse.org/opensuse-updates/2015-07/msg00069.html", + "http://secunia.com/advisories/62787", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:073", + "http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=2f1a2dd329b91afe561cd06b872d09630d4edb6a", + "http://www.openldap.org/its/?findid=8046", + "http://www.openwall.com/lists/oss-security/2015/02/07/3", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776991", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1546", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/100938", + "https://support.apple.com/HT204659" + ], + "PublishedDate": "2015-02-12T16:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2015-3276", + "PkgName": "openldap", + "InstalledVersion": "2.4.40-16.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-3276", + "Title": "openldap: incorrect multi-keyword mode cipherstring parsing", + "Description": "The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V2Score": 4.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2015-3276.html", + "http://linux.oracle.com/errata/ELSA-2015-2131.html", + "http://rhn.redhat.com/errata/RHSA-2015-2131.html", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "http://www.securitytracker.com/id/1034221", + "https://bugzilla.redhat.com/show_bug.cgi?id=1238322" + ], + "PublishedDate": "2015-12-07T20:59:00Z", + "LastModifiedDate": "2016-10-15T02:01:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9287", + "PkgName": "openldap", + "InstalledVersion": "2.4.40-16.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9287", + "Title": "openldap: Double free vulnerability in servers/slapd/back-mdb/search.c", + "Description": "servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2017-9287.html", + "http://linux.oracle.com/errata/ELSA-2017-1852.html", + "http://www.debian.org/security/2017/dsa-3868", + "http://www.openldap.org/its/?findid=8655", + "http://www.securityfocus.com/bid/98736", + "http://www.securitytracker.com/id/1038591", + "https://access.redhat.com/errata/RHSA-2017:1852", + "https://bugs.debian.org/863563", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9287", + "https://usn.ubuntu.com/usn/usn-3307-1", + "https://usn.ubuntu.com/usn/usn-3307-2" + ], + "PublishedDate": "2017-05-29T16:29:00Z", + "LastModifiedDate": "2018-01-05T02:31:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4984", + "PkgName": "openldap", + "InstalledVersion": "2.4.40-16.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4984", + "Title": "openldap-servers: /usr/libexec/openldap/generate-server-cert.sh create world readable password file", + "Description": "/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it.", + "Severity": "LOW", + "CweIDs": [ + "CWE-362" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "V2Score": 1.9, + "V3Score": 2.7 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1346120" + ], + "PublishedDate": "2017-07-17T13:18:00Z", + "LastModifiedDate": "2019-04-22T17:48:00Z" + }, + { + "VulnerabilityID": "CVE-2011-3389", + "PkgName": "openssl", + "InstalledVersion": "1.0.1e-57.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-3389", + "Title": "HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)", + "Description": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + } + }, + "References": [ + "http://arcticdog.wordpress.com/2012/08/29/beast-openssl-and-apache/", + "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/", + "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx", + "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx", + "http://curl.haxx.se/docs/adv_20120124B.html", + "http://downloads.asterisk.org/pub/security/AST-2016-001.html", + "http://ekoparty.org/2011/juliano-rizzo.php", + "http://eprint.iacr.org/2004/111", + "http://eprint.iacr.org/2006/136", + "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html", + "http://isc.sans.edu/diary/SSL+TLS+part+3+/11635", + "http://linux.oracle.com/cve/CVE-2011-3389.html", + "http://linux.oracle.com/errata/ELSA-2011-1380.html", + "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html", + "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html", + "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html", + "http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html", + "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html", + "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html", + "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html", + "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html", + "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html", + "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html", + "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2", + "http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue", + "http://osvdb.org/74829", + "http://rhn.redhat.com/errata/RHSA-2012-0508.html", + "http://rhn.redhat.com/errata/RHSA-2013-1455.html", + "http://secunia.com/advisories/45791", + "http://secunia.com/advisories/47998", + "http://secunia.com/advisories/48256", + "http://secunia.com/advisories/48692", + "http://secunia.com/advisories/48915", + "http://secunia.com/advisories/48948", + "http://secunia.com/advisories/49198", + "http://secunia.com/advisories/55322", + "http://secunia.com/advisories/55350", + "http://secunia.com/advisories/55351", + "http://security.gentoo.org/glsa/glsa-201203-02.xml", + "http://security.gentoo.org/glsa/glsa-201406-32.xml", + "http://support.apple.com/kb/HT4999", + "http://support.apple.com/kb/HT5001", + "http://support.apple.com/kb/HT5130", + "http://support.apple.com/kb/HT5281", + "http://support.apple.com/kb/HT5501", + "http://support.apple.com/kb/HT6150", + "http://technet.microsoft.com/security/advisory/2588513", + "http://vnhacker.blogspot.com/2011/09/beast.html", + "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf", + "http://www.debian.org/security/2012/dsa-2398", + "http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html", + "http://www.ibm.com/developerworks/java/jdk/alerts/", + "http://www.imperialviolet.org/2011/09/23/chromeandbeast.html", + "http://www.insecure.cl/Beast-SSL.rar", + "http://www.kb.cert.org/vuls/id/864643", + "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058", + "http://www.opera.com/docs/changelogs/mac/1151/", + "http://www.opera.com/docs/changelogs/mac/1160/", + "http://www.opera.com/docs/changelogs/unix/1151/", + "http://www.opera.com/docs/changelogs/unix/1160/", + "http://www.opera.com/docs/changelogs/windows/1151/", + "http://www.opera.com/docs/changelogs/windows/1160/", + "http://www.opera.com/support/kb/view/1004/", + "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", + "http://www.redhat.com/support/errata/RHSA-2011-1384.html", + "http://www.redhat.com/support/errata/RHSA-2012-0006.html", + "http://www.securityfocus.com/bid/49388", + "http://www.securityfocus.com/bid/49778", + "http://www.securitytracker.com/id/1029190", + "http://www.securitytracker.com/id?1025997", + "http://www.securitytracker.com/id?1026103", + "http://www.securitytracker.com/id?1026704", + "http://www.ubuntu.com/usn/USN-1263-1", + "http://www.us-cert.gov/cas/techalerts/TA12-010A.html", + "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail", + "https://bugzilla.novell.com/show_bug.cgi?id=719047", + "https://bugzilla.redhat.com/show_bug.cgi?id=737506", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389", + "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006", + "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862", + "https://hermes.opensuse.org/messages/13154861", + "https://hermes.opensuse.org/messages/13155432", + "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", + "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752", + "https://usn.ubuntu.com/usn/usn-1263-1" + ], + "PublishedDate": "2011-09-06T19:55:00Z", + "LastModifiedDate": "2018-10-12T22:01:00Z" + }, + { + "VulnerabilityID": "CVE-2013-2566", + "PkgName": "openssl", + "InstalledVersion": "1.0.1e-57.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-2566", + "Title": "SSL/TLS: Attack against RC4 stream cipher", + "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + } + }, + "References": [ + "http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html", + "http://cr.yp.to/talks/2013.03.12/slides.pdf", + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", + "http://marc.info/?l=bugtraq\u0026m=143039468003789\u0026w=2", + "http://my.opera.com/securitygroup/blog/2013/03/20/on-the-precariousness-of-rc4", + "http://security.gentoo.org/glsa/glsa-201406-19.xml", + "http://www.isg.rhul.ac.uk/tls/", + "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html", + "http://www.opera.com/docs/changelogs/unified/1215/", + "http://www.opera.com/security/advisory/1046", + "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", + "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "http://www.securityfocus.com/bid/58796", + "http://www.ubuntu.com/usn/USN-2031-1", + "http://www.ubuntu.com/usn/USN-2032-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2566", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", + "https://security.gentoo.org/glsa/201504-01", + "https://usn.ubuntu.com/usn/usn-2031-1", + "https://usn.ubuntu.com/usn/usn-2032-1" + ], + "PublishedDate": "2013-03-15T21:55:00Z", + "LastModifiedDate": "2018-01-18T18:18:00Z" + }, + { + "VulnerabilityID": "CVE-2015-2808", + "PkgName": "openssl", + "InstalledVersion": "1.0.1e-57.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2808", + "Title": "SSL/TLS: \"Invariance Weakness\" vulnerability in RC4 stream cipher", + "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + } + }, + "References": [ + "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", + "http://linux.oracle.com/cve/CVE-2015-2808.html", + "http://linux.oracle.com/errata/ELSA-2015-1526.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html", + "http://marc.info/?l=bugtraq\u0026m=143456209711959\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143629696317098\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144059660127919\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144059703728085\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144104565600964\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2", + "http://rhn.redhat.com/errata/RHSA-2015-1006.html", + "http://rhn.redhat.com/errata/RHSA-2015-1007.html", + "http://rhn.redhat.com/errata/RHSA-2015-1020.html", + "http://rhn.redhat.com/errata/RHSA-2015-1021.html", + "http://rhn.redhat.com/errata/RHSA-2015-1091.html", + "http://rhn.redhat.com/errata/RHSA-2015-1228.html", + "http://rhn.redhat.com/errata/RHSA-2015-1229.html", + "http://rhn.redhat.com/errata/RHSA-2015-1230.html", + "http://rhn.redhat.com/errata/RHSA-2015-1241.html", + "http://rhn.redhat.com/errata/RHSA-2015-1242.html", + "http://rhn.redhat.com/errata/RHSA-2015-1243.html", + "http://rhn.redhat.com/errata/RHSA-2015-1526.html", + "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888", + "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892", + "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", + "http://www-304.ibm.com/support/docview.wss?uid=swg21903565", + "http://www-304.ibm.com/support/docview.wss?uid=swg21960015", + "http://www-304.ibm.com/support/docview.wss?uid=swg21960769", + "http://www.debian.org/security/2015/dsa-3316", + "http://www.debian.org/security/2015/dsa-3339", + "http://www.huawei.com/en/psirt/security-advisories/hw-454055", + "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", + "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", + "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "http://www.securityfocus.com/bid/73684", + "http://www.securityfocus.com/bid/91787", + "http://www.securitytracker.com/id/1032599", + "http://www.securitytracker.com/id/1032600", + "http://www.securitytracker.com/id/1032707", + "http://www.securitytracker.com/id/1032708", + "http://www.securitytracker.com/id/1032734", + "http://www.securitytracker.com/id/1032788", + "http://www.securitytracker.com/id/1032858", + "http://www.securitytracker.com/id/1032868", + "http://www.securitytracker.com/id/1032910", + "http://www.securitytracker.com/id/1032990", + "http://www.securitytracker.com/id/1033071", + "http://www.securitytracker.com/id/1033072", + "http://www.securitytracker.com/id/1033386", + "http://www.securitytracker.com/id/1033415", + "http://www.securitytracker.com/id/1033431", + "http://www.securitytracker.com/id/1033432", + "http://www.securitytracker.com/id/1033737", + "http://www.securitytracker.com/id/1033769", + "http://www.securitytracker.com/id/1036222", + "http://www.ubuntu.com/usn/USN-2696-1", + "http://www.ubuntu.com/usn/USN-2706-1", + "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808", + "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789", + "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650", + "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", + "https://kb.juniper.net/JSA10783", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163", + "https://security.gentoo.org/glsa/201512-10", + "https://usn.ubuntu.com/usn/usn-2696-1", + "https://usn.ubuntu.com/usn/usn-2706-1", + "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709", + "https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf" + ], + "PublishedDate": "2015-04-01T02:00:00Z", + "LastModifiedDate": "2018-01-18T18:18:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2183", + "PkgName": "openssl", + "InstalledVersion": "1.0.1e-57.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2183", + "Title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)", + "Description": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 4.3, + "V3Score": 3.7 + } + }, + "References": [ + "http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/5d2bb853ae31", + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759", + "http://linux.oracle.com/cve/CVE-2016-2183.html", + "http://linux.oracle.com/errata/ELSA-2018-2123.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", + "http://rhn.redhat.com/errata/RHSA-2017-0336.html", + "http://rhn.redhat.com/errata/RHSA-2017-0337.html", + "http://rhn.redhat.com/errata/RHSA-2017-0338.html", + "http://rhn.redhat.com/errata/RHSA-2017-0462.html", + "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697", + "http://www-01.ibm.com/support/docview.wss?uid=swg21991482", + "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", + "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", + "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", + "http://www.securityfocus.com/bid/92630", + "http://www.securityfocus.com/bid/95568", + "http://www.securitytracker.com/id/1036696", + "http://www.splunk.com/view/SP-CAAAPSV", + "http://www.splunk.com/view/SP-CAAAPUE", + "https://access.redhat.com/articles/2548661", + "https://access.redhat.com/errata/RHSA-2016:1940", + "https://access.redhat.com/errata/RHSA-2017:1216", + "https://access.redhat.com/errata/RHSA-2017:2708", + "https://access.redhat.com/errata/RHSA-2017:2709", + "https://access.redhat.com/errata/RHSA-2017:2710", + "https://access.redhat.com/errata/RHSA-2017:3113", + "https://access.redhat.com/errata/RHSA-2017:3114", + "https://access.redhat.com/errata/RHSA-2017:3239", + "https://access.redhat.com/errata/RHSA-2017:3240", + "https://access.redhat.com/errata/RHSA-2018:2123", + "https://access.redhat.com/errata/RHSA-2019:1245", + "https://access.redhat.com/errata/RHSA-2019:2859", + "https://access.redhat.com/security/cve/cve-2016-2183", + "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/", + "https://bto.bluecoat.com/security-advisory/sa133", + "https://bugzilla.redhat.com/show_bug.cgi?id=1369383", + "https://community.qualys.com/thread/16555", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183", + "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633", + "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03765en_us", + "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849", + "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", + "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171", + "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/", + "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", + "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvb05575", + "https://security-tracker.debian.org/tracker/CVE-2016-2183", + "https://security.gentoo.org/glsa/201612-16", + "https://security.gentoo.org/glsa/201701-65", + "https://security.gentoo.org/glsa/201707-01", + "https://security.netapp.com/advisory/ntap-20160915-0001/", + "https://security.netapp.com/advisory/ntap-20170119-0001/", + "https://sweet32.info/", + "https://twitter.com/symantec/status/768786631159603200", + "https://usn.ubuntu.com/usn/usn-3087-1", + "https://usn.ubuntu.com/usn/usn-3179-1", + "https://usn.ubuntu.com/usn/usn-3194-1", + "https://usn.ubuntu.com/usn/usn-3198-1", + "https://usn.ubuntu.com/usn/usn-3270-1", + "https://usn.ubuntu.com/usn/usn-3372-1", + "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html", + "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008", + "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/", + "https://www.openssl.org/blog/blog/2016/08/24/sweet32/", + "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "https://www.sigsac.org/ccs/CCS2016/accepted-papers/", + "https://www.suse.com/security/cve/CVE-2016-2183.html", + "https://www.tenable.com/security/tns-2016-16", + "https://www.tenable.com/security/tns-2016-20", + "https://www.tenable.com/security/tns-2016-21", + "https://www.tenable.com/security/tns-2017-09", + "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue" + ], + "PublishedDate": "2016-09-01T00:59:00Z", + "LastModifiedDate": "2019-10-25T11:53:00Z" + }, + { + "VulnerabilityID": "CVE-2018-0495", + "PkgName": "openssl", + "InstalledVersion": "1.0.1e-57.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", + "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", + "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-0495.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://www.securitytracker.com/id/1041144", + "http://www.securitytracker.com/id/1041147", + "https://access.redhat.com/errata/RHSA-2018:3221", + "https://access.redhat.com/errata/RHSA-2018:3505", + "https://access.redhat.com/errata/RHSA-2019:1296", + "https://access.redhat.com/errata/RHSA-2019:1297", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", + "https://dev.gnupg.org/T4011", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", + "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", + "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", + "https://usn.ubuntu.com/3689-1/", + "https://usn.ubuntu.com/3689-2/", + "https://usn.ubuntu.com/3692-1/", + "https://usn.ubuntu.com/3692-2/", + "https://usn.ubuntu.com/3850-1/", + "https://usn.ubuntu.com/3850-2/", + "https://usn.ubuntu.com/usn/usn-3689-1", + "https://usn.ubuntu.com/usn/usn-3689-2", + "https://usn.ubuntu.com/usn/usn-3692-1", + "https://usn.ubuntu.com/usn/usn-3692-2", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2", + "https://www.debian.org/security/2018/dsa-4231", + "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-06-13T23:29:00Z", + "LastModifiedDate": "2019-05-30T18:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-0732", + "PkgName": "openssl", + "InstalledVersion": "1.0.1e-57.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0732", + "Title": "openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang", + "Description": "During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-320" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-0732.html", + "http://linux.oracle.com/errata/ELSA-2018-4249.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/104442", + "http://www.securitytracker.com/id/1041090", + "https://access.redhat.com/errata/RHSA-2018:2552", + "https://access.redhat.com/errata/RHSA-2018:2553", + "https://access.redhat.com/errata/RHSA-2018:3221", + "https://access.redhat.com/errata/RHSA-2018:3505", + "https://access.redhat.com/errata/RHSA-2019:1296", + "https://access.redhat.com/errata/RHSA-2019:1297", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3984ef0b72831da8b3ece4745cac4f8575b19098", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ea7abeeabf92b7aca160bdd0208636d4da69f4f4", + "https://lists.debian.org/debian-lts-announce/2018/07/msg00043.html", + "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/", + "https://security.gentoo.org/glsa/201811-03", + "https://security.netapp.com/advisory/ntap-20181105-0001/", + "https://security.netapp.com/advisory/ntap-20190118-0002/", + "https://securityadvisories.paloaltonetworks.com/Home/Detail/133", + "https://usn.ubuntu.com/3692-1/", + "https://usn.ubuntu.com/3692-2/", + "https://usn.ubuntu.com/usn/usn-3692-1", + "https://usn.ubuntu.com/usn/usn-3692-2", + "https://www.debian.org/security/2018/dsa-4348", + "https://www.debian.org/security/2018/dsa-4355", + "https://www.openssl.org/news/secadv/20180612.txt", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "https://www.tenable.com/security/tns-2018-12", + "https://www.tenable.com/security/tns-2018-13", + "https://www.tenable.com/security/tns-2018-14", + "https://www.tenable.com/security/tns-2018-17" + ], + "PublishedDate": "2018-06-12T13:29:00Z", + "LastModifiedDate": "2019-05-30T18:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-0739", + "PkgName": "openssl", + "InstalledVersion": "1.0.1e-57.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0739", + "Title": "openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service", + "Description": "Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-400" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-0739.html", + "http://linux.oracle.com/errata/ELSA-2018-4228.html", + "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/103518", + "http://www.securityfocus.com/bid/105609", + "http://www.securitytracker.com/id/1040576", + "https://access.redhat.com/errata/RHSA-2018:3090", + "https://access.redhat.com/errata/RHSA-2018:3221", + "https://access.redhat.com/errata/RHSA-2018:3505", + "https://access.redhat.com/errata/RHSA-2019:0366", + "https://access.redhat.com/errata/RHSA-2019:0367", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0739", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9310d45087ae546e27e61ddf8f6367f29848220d", + "https://lists.debian.org/debian-lts-announce/2018/03/msg00033.html", + "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/", + "https://security.gentoo.org/glsa/201811-21", + "https://security.netapp.com/advisory/ntap-20180330-0002/", + "https://security.netapp.com/advisory/ntap-20180726-0002/", + "https://securityadvisories.paloaltonetworks.com/Home/Detail/133", + "https://usn.ubuntu.com/3611-1/", + "https://usn.ubuntu.com/3611-2/", + "https://usn.ubuntu.com/usn/usn-3611-1", + "https://usn.ubuntu.com/usn/usn-3611-2", + "https://www.debian.org/security/2018/dsa-4157", + "https://www.debian.org/security/2018/dsa-4158", + "https://www.openssl.org/news/secadv/20180327.txt", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "https://www.tenable.com/security/tns-2018-04", + "https://www.tenable.com/security/tns-2018-06", + "https://www.tenable.com/security/tns-2018-07" + ], + "PublishedDate": "2018-03-27T21:29:00Z", + "LastModifiedDate": "2019-04-23T19:31:00Z" + }, + { + "VulnerabilityID": "CVE-2018-5407", + "PkgName": "openssl", + "InstalledVersion": "1.0.1e-57.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5407", + "Title": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)", + "Description": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-5407.html", + "http://linux.oracle.com/errata/ELSA-2019-2125.html", + "http://www.securityfocus.com/bid/105897", + "https://access.redhat.com/errata/RHSA-2019:0483", + "https://access.redhat.com/errata/RHSA-2019:0651", + "https://access.redhat.com/errata/RHSA-2019:0652", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407", + "https://eprint.iacr.org/2018/1060.pdf", + "https://github.com/bbbrumley/portsmash", + "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html", + "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", + "https://security.gentoo.org/glsa/201903-10", + "https://security.netapp.com/advisory/ntap-20181126-0001/", + "https://usn.ubuntu.com/3840-1/", + "https://usn.ubuntu.com/usn/usn-3840-1", + "https://www.debian.org/security/2018/dsa-4348", + "https://www.debian.org/security/2018/dsa-4355", + "https://www.exploit-db.com/exploits/45785/", + "https://www.openssl.org/news/secadv/20181112.txt", + "https://www.openwall.com/lists/oss-security/2018/11/01/4", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "https://www.tenable.com/security/tns-2018-16", + "https://www.tenable.com/security/tns-2018-17" + ], + "PublishedDate": "2018-11-15T21:29:00Z", + "LastModifiedDate": "2019-07-23T23:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1559", + "PkgName": "openssl", + "InstalledVersion": "1.0.1e-57.el6", + "FixedVersion": "1.0.1e-58.el6_10", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1559", + "Title": "openssl: 0-byte record padding oracle", + "Description": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 6.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-1559.html", + "http://linux.oracle.com/errata/ELSA-2019-2471.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html", + "http://www.securityfocus.com/bid/107174", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e", + "https://github.com/RUB-NDS/TLS-Padding-Oracles", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html", + "https://security.gentoo.org/glsa/201903-10", + "https://security.netapp.com/advisory/ntap-20190301-0001/", + "https://security.netapp.com/advisory/ntap-20190301-0002/", + "https://security.netapp.com/advisory/ntap-20190423-0002/", + "https://support.f5.com/csp/article/K18549143", + "https://usn.ubuntu.com/3899-1/", + "https://usn.ubuntu.com/usn/usn-3899-1", + "https://www.debian.org/security/2019/dsa-4400", + "https://www.openssl.org/news/secadv/20190226.txt", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "https://www.tenable.com/security/tns-2019-02", + "https://www.tenable.com/security/tns-2019-03" + ], + "PublishedDate": "2019-02-27T23:29:00Z", + "LastModifiedDate": "2019-05-22T00:29:00Z" + }, + { + "VulnerabilityID": "CVE-2011-1473", + "PkgName": "openssl", + "InstalledVersion": "1.0.1e-57.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-1473", + "Title": "openssl: DoS via repeated SSL session renegotiations", + "Description": "** DISPUTED ** OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment.", + "Severity": "LOW", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html", + "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2", + "http://orchilles.com/2011/03/ssl-renegotiation-dos.html", + "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html", + "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html", + "http://www.ietf.org/mail-archive/web/tls/current/msg07553.html", + "http://www.ietf.org/mail-archive/web/tls/current/msg07564.html", + "http://www.ietf.org/mail-archive/web/tls/current/msg07567.html", + "http://www.ietf.org/mail-archive/web/tls/current/msg07576.html", + "http://www.ietf.org/mail-archive/web/tls/current/msg07577.html", + "http://www.openwall.com/lists/oss-security/2011/07/08/2", + "https://bugzilla.redhat.com/show_bug.cgi?id=707065", + "https://lists.apache.org/thread.html/142b93d261e8ac7c5ceffdce848d622404abc1c286bbc999f43a9e10@%3Cdev.rocketmq.apache.org%3E" + ], + "PublishedDate": "2012-06-16T21:55:00Z", + "LastModifiedDate": "2019-05-27T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-3735", + "PkgName": "openssl", + "InstalledVersion": "1.0.1e-57.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-3735", + "Title": "openssl: Malformed X.509 IPAdressFamily could cause OOB read", + "Description": "While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2017-3735.html", + "http://linux.oracle.com/errata/ELSA-2018-3221.html", + "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/100515", + "http://www.securitytracker.com/id/1039726", + "https://access.redhat.com/errata/RHSA-2018:3221", + "https://access.redhat.com/errata/RHSA-2018:3505", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3735", + "https://github.com/openssl/openssl/commit/068b963bb7afc57f5bdd723de0dd15e7795d5822", + "https://lists.debian.org/debian-lts-announce/2017/11/msg00011.html", + "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:11.openssl.asc", + "https://security.gentoo.org/glsa/201712-03", + "https://security.netapp.com/advisory/ntap-20170927-0001/", + "https://security.netapp.com/advisory/ntap-20171107-0002/", + "https://support.apple.com/HT208331", + "https://usn.ubuntu.com/3611-2/", + "https://usn.ubuntu.com/usn/usn-3475-1", + "https://usn.ubuntu.com/usn/usn-3611-2", + "https://www.debian.org/security/2017/dsa-4017", + "https://www.debian.org/security/2017/dsa-4018", + "https://www.openssl.org/news/secadv/20170828.txt", + "https://www.openssl.org/news/secadv/20171102.txt", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "https://www.tenable.com/security/tns-2017-14", + "https://www.tenable.com/security/tns-2017-15" + ], + "PublishedDate": "2017-08-28T19:29:00Z", + "LastModifiedDate": "2019-04-23T19:30:00Z" + }, + { + "VulnerabilityID": "CVE-2018-0734", + "PkgName": "openssl", + "InstalledVersion": "1.0.1e-57.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0734", + "Title": "openssl: timing side channel attack in the DSA signature algorithm", + "Description": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).", + "Severity": "LOW", + "CweIDs": [ + "CWE-320" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-0734.html", + "http://linux.oracle.com/errata/ELSA-2019-3700.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html", + "http://www.securityfocus.com/bid/105758", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7", + "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", + "https://security.netapp.com/advisory/ntap-20181105-0002/", + "https://security.netapp.com/advisory/ntap-20190118-0002/", + "https://security.netapp.com/advisory/ntap-20190423-0002/", + "https://usn.ubuntu.com/3840-1/", + "https://usn.ubuntu.com/usn/usn-3840-1", + "https://www.debian.org/security/2018/dsa-4348", + "https://www.debian.org/security/2018/dsa-4355", + "https://www.openssl.org/news/secadv/20181030.txt", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "https://www.tenable.com/security/tns-2018-16", + "https://www.tenable.com/security/tns-2018-17" + ], + "PublishedDate": "2018-10-30T12:29:00Z", + "LastModifiedDate": "2019-06-11T22:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-0735", + "PkgName": "openssl", + "InstalledVersion": "1.0.1e-57.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0735", + "Title": "openssl: timing side channel attack in the ECDSA signature generation", + "Description": "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).", + "Severity": "LOW", + "CweIDs": [ + "CWE-320" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-0735.html", + "http://linux.oracle.com/errata/ELSA-2019-3700.html", + "http://www.securityfocus.com/bid/105750", + "http://www.securitytracker.com/id/1041986", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0735", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56fb454d281a023b3f950d969693553d3f3ceea1", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4", + "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html", + "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", + "https://security.netapp.com/advisory/ntap-20181105-0002/", + "https://usn.ubuntu.com/3840-1/", + "https://usn.ubuntu.com/usn/usn-3840-1", + "https://www.debian.org/security/2018/dsa-4348", + "https://www.openssl.org/news/secadv/20181029.txt", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + ], + "PublishedDate": "2018-10-29T13:29:00Z", + "LastModifiedDate": "2019-07-23T23:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-0737", + "PkgName": "openssl", + "InstalledVersion": "1.0.1e-57.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0737", + "Title": "openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys", + "Description": "The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).", + "Severity": "LOW", + "CweIDs": [ + "CWE-327" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-0737.html", + "http://linux.oracle.com/errata/ELSA-2018-4249.html", + "http://www.openwall.com/lists/oss-security/2018/04/16/3", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/103766", + "http://www.securitytracker.com/id/1040685", + "https://access.redhat.com/errata/RHSA-2018:3221", + "https://access.redhat.com/errata/RHSA-2018:3505", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0737", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=349a41da1ad88ad87825414752a8ff5fdd6a6c3f", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6939eab03a6e23d2bd2c3f5e34fe1d48e542e787", + "https://lists.debian.org/debian-lts-announce/2018/07/msg00043.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/", + "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/", + "https://security.gentoo.org/glsa/201811-21", + "https://security.netapp.com/advisory/ntap-20180726-0003/", + "https://securityadvisories.paloaltonetworks.com/Home/Detail/133", + "https://usn.ubuntu.com/3628-1/", + "https://usn.ubuntu.com/3628-2/", + "https://usn.ubuntu.com/3692-1/", + "https://usn.ubuntu.com/3692-2/", + "https://usn.ubuntu.com/usn/usn-3628-1", + "https://usn.ubuntu.com/usn/usn-3628-2", + "https://usn.ubuntu.com/usn/usn-3692-1", + "https://usn.ubuntu.com/usn/usn-3692-2", + "https://www.debian.org/security/2018/dsa-4348", + "https://www.debian.org/security/2018/dsa-4355", + "https://www.openssl.org/news/secadv/20180416.txt", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "https://www.tenable.com/security/tns-2018-12", + "https://www.tenable.com/security/tns-2018-13", + "https://www.tenable.com/security/tns-2018-14", + "https://www.tenable.com/security/tns-2018-17" + ], + "PublishedDate": "2018-04-16T18:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2014-2583", + "PkgName": "pam", + "InstalledVersion": "1.1.1-24.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-2583", + "Title": "pam: path traversal issue in pam_timestamp's format_timestamp_name()", + "Description": "Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty function, which is used by the format_timestamp_name function.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-22" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", + "V2Score": 5.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V2Score": 6.2 + } + }, + "References": [ + "http://secunia.com/advisories/57317", + "http://www.openwall.com/lists/oss-security/2014/03/24/5", + "http://www.openwall.com/lists/oss-security/2014/03/26", + "http://www.openwall.com/lists/oss-security/2014/03/26/10", + "http://www.openwall.com/lists/oss-security/2014/03/31/6", + "http://www.securityfocus.com/bid/66493", + "http://www.ubuntu.com/usn/USN-2935-1", + "http://www.ubuntu.com/usn/USN-2935-2", + "http://www.ubuntu.com/usn/USN-2935-3", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2583", + "https://git.fedorahosted.org/cgit/linux-pam.git/commit/?id=Linux-PAM-1_1_8-32-g9dcead8", + "https://security.gentoo.org/glsa/201605-05", + "https://usn.ubuntu.com/usn/usn-2935-1" + ], + "PublishedDate": "2014-04-10T20:29:00Z", + "LastModifiedDate": "2019-01-03T15:01:00Z" + }, + { + "VulnerabilityID": "CVE-2013-7041", + "PkgName": "pam", + "InstalledVersion": "1.1.1-24.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-7041", + "Title": "pam: pam_userdb case insensitive password hash comparison", + "Description": "The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2013/12/09/16", + "http://www.openwall.com/lists/oss-security/2013/12/09/5", + "http://www.securityfocus.com/bid/64180", + "http://www.ubuntu.com/usn/USN-2935-1", + "http://www.ubuntu.com/usn/USN-2935-2", + "http://www.ubuntu.com/usn/USN-2935-3", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731368", + "https://bugzilla.redhat.com/show_bug.cgi?id=1038555", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7041", + "https://security.gentoo.org/glsa/201605-05", + "https://usn.ubuntu.com/usn/usn-2935-1" + ], + "PublishedDate": "2014-05-08T14:29:00Z", + "LastModifiedDate": "2016-12-03T03:00:00Z" + }, + { + "VulnerabilityID": "CVE-2015-3217", + "PkgName": "pcre", + "InstalledVersion": "7.8-7.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-3217", + "Title": "pcre: stack overflow caused by mishandled group empty match (8.38/11)", + "Description": "PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\\\.|([^\\\\\\\\W_])?)+)+$/.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2015-3217.html", + "http://linux.oracle.com/errata/ELSA-2016-1025.html", + "http://rhn.redhat.com/errata/RHSA-2016-1025.html", + "http://rhn.redhat.com/errata/RHSA-2016-2750.html", + "http://vcs.pcre.org/pcre?view=revision\u0026revision=1566", + "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", + "http://www.openwall.com/lists/oss-security/2015/06/03/7", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "http://www.securityfocus.com/bid/75018", + "https://access.redhat.com/errata/RHSA-2016:1132", + "https://bugs.exim.org/show_bug.cgi?id=1638", + "https://bugzilla.redhat.com/show_bug.cgi?id=1228283", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3217" + ], + "PublishedDate": "2016-12-13T16:59:00Z", + "LastModifiedDate": "2018-05-18T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8387", + "PkgName": "pcre", + "InstalledVersion": "7.8-7.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8387", + "Title": "pcre: Integer overflow in subroutine calls (8.38/8)", + "Description": "PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-189" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", + "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", + "http://www.openwall.com/lists/oss-security/2015/11/29/1", + "http://www.securityfocus.com/bid/82990", + "https://bto.bluecoat.com/security-advisory/sa128", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8387", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", + "https://security.gentoo.org/glsa/201607-02", + "https://usn.ubuntu.com/usn/usn-2943-1" + ], + "PublishedDate": "2015-12-02T01:59:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8390", + "PkgName": "pcre", + "InstalledVersion": "7.8-7.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8390", + "Title": "pcre: uninitialized memory read triggered by malformed posix character class (8.38/22)", + "Description": "PCRE before 8.38 mishandles the [: and \\\\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", + "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", + "http://www.openwall.com/lists/oss-security/2015/11/29/1", + "http://www.securityfocus.com/bid/82990", + "https://bto.bluecoat.com/security-advisory/sa128", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8390", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", + "https://security.gentoo.org/glsa/201607-02", + "https://usn.ubuntu.com/usn/usn-2943-1" + ], + "PublishedDate": "2015-12-02T01:59:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8394", + "PkgName": "pcre", + "InstalledVersion": "7.8-7.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8394", + "Title": "pcre: Integer overflow caused by missing check for certain conditions (8.38/31)", + "Description": "PCRE before 8.38 mishandles the (?(\u003cdigits\u003e) and (?(R\u003cdigits\u003e) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-189" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", + "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", + "http://www.openwall.com/lists/oss-security/2015/11/29/1", + "http://www.securityfocus.com/bid/82990", + "https://bto.bluecoat.com/security-advisory/sa128", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8394", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", + "https://security.gentoo.org/glsa/201607-02", + "https://usn.ubuntu.com/usn/usn-2943-1" + ], + "PublishedDate": "2015-12-02T01:59:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8382", + "PkgName": "pcre", + "InstalledVersion": "7.8-7.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8382", + "Title": "php: Regular Expression Uninitialized Pointer Information Disclosure Vulnerability (ZDI-CAN-2547)", + "Description": "The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V2Score": 6.4 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 1.9 + } + }, + "References": [ + "http://git.php.net/?p=php-src.git;a=commit;h=c351b47ce85a3a147cfa801fa9f0149ab4160834", + "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", + "http://vcs.pcre.org/pcre/code/trunk/pcre_exec.c?r1=1502\u0026r2=1510", + "http://www.openwall.com/lists/oss-security/2015/08/04/2", + "http://www.openwall.com/lists/oss-security/2015/08/04/3", + "http://www.openwall.com/lists/oss-security/2015/11/29/1", + "http://www.securityfocus.com/bid/76157", + "https://bto.bluecoat.com/security-advisory/sa128", + "https://bugs.exim.org/show_bug.cgi?id=1537", + "https://bugzilla.redhat.com/show_bug.cgi?id=1187225", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8382", + "https://usn.ubuntu.com/usn/usn-2943-1" + ], + "PublishedDate": "2015-12-02T01:59:00Z", + "LastModifiedDate": "2016-12-28T02:59:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8386", + "PkgName": "pcre", + "InstalledVersion": "7.8-7.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8386", + "Title": "pcre: Buffer overflow caused by lookbehind assertion (8.38/6)", + "Description": "PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V2Score": 2.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2015-8386.html", + "http://linux.oracle.com/errata/ELSA-2016-1025.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", + "http://rhn.redhat.com/errata/RHSA-2016-1025.html", + "http://rhn.redhat.com/errata/RHSA-2016-2750.html", + "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", + "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", + "http://www.openwall.com/lists/oss-security/2015/11/29/1", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "http://www.securityfocus.com/bid/82990", + "https://access.redhat.com/errata/RHSA-2016:1132", + "https://bto.bluecoat.com/security-advisory/sa128", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8386", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", + "https://security.gentoo.org/glsa/201607-02", + "https://usn.ubuntu.com/usn/usn-2943-1" + ], + "PublishedDate": "2015-12-02T01:59:00Z", + "LastModifiedDate": "2019-12-27T16:08:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11164", + "PkgName": "pcre", + "InstalledVersion": "7.8-7.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11164", + "Title": "pcre: OP_KETRMAX feature in the match function in pcre_exec.c", + "Description": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 7.8, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2017/07/11/3", + "http://www.securityfocus.com/bid/99575", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164" + ], + "PublishedDate": "2017-07-11T03:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7244", + "PkgName": "pcre", + "InstalledVersion": "7.8-7.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7244", + "Title": "pcre: invalid memory read in _pcre32_xclass (pcre_xclass.c)", + "Description": "The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97067", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7244", + "https://security.gentoo.org/glsa/201710-25" + ], + "PublishedDate": "2017-03-23T21:59:00Z", + "LastModifiedDate": "2018-08-17T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7245", + "PkgName": "pcre", + "InstalledVersion": "7.8-7.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7245", + "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", + "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97067", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7245", + "https://security.gentoo.org/glsa/201710-25" + ], + "PublishedDate": "2017-03-23T21:59:00Z", + "LastModifiedDate": "2018-08-17T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7246", + "PkgName": "pcre", + "InstalledVersion": "7.8-7.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7246", + "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", + "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97067", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7246", + "https://security.gentoo.org/glsa/201710-25" + ], + "PublishedDate": "2017-03-23T21:59:00Z", + "LastModifiedDate": "2018-08-17T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1122", + "PkgName": "procps", + "InstalledVersion": "3.2.8-45.el6_9.3", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1122", + "Title": "procps-ng, procps: Local privilege escalation in top", + "Description": "procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.4, + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 6.7 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-1122.html", + "http://linux.oracle.com/errata/ELSA-2019-2189.html", + "http://seclists.org/oss-sec/2018/q2/122", + "http://www.securityfocus.com/bid/104214", + "https://access.redhat.com/errata/RHSA-2019:2189", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1122", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1122", + "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html", + "https://security.gentoo.org/glsa/201805-14", + "https://usn.ubuntu.com/3658-1/", + "https://usn.ubuntu.com/3658-3/", + "https://usn.ubuntu.com/usn/usn-3658-1", + "https://usn.ubuntu.com/usn/usn-3658-3", + "https://www.debian.org/security/2018/dsa-4208", + "https://www.exploit-db.com/exploits/44806/", + "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" + ], + "PublishedDate": "2018-05-23T14:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1121", + "PkgName": "procps", + "InstalledVersion": "3.2.8-45.el6_9.3", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1121", + "Title": "procps-ng, procps: process hiding through race condition enumerating /proc", + "Description": "procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.", + "Severity": "LOW", + "CweIDs": [ + "CWE-362" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "V3Score": 3.9 + } + }, + "References": [ + "http://seclists.org/oss-sec/2018/q2/122", + "http://www.securityfocus.com/bid/104214", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1121", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1121", + "https://security.gentoo.org/glsa/201805-14", + "https://www.exploit-db.com/exploits/44806/", + "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" + ], + "PublishedDate": "2018-06-13T20:29:00Z", + "LastModifiedDate": "2019-10-09T23:38:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1123", + "PkgName": "procps", + "InstalledVersion": "3.2.8-45.el6_9.3", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1123", + "Title": "procps-ng, procps: denial of service in ps via mmap buffer overflow", + "Description": "procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "V3Score": 3.9 + } + }, + "References": [ + "http://seclists.org/oss-sec/2018/q2/122", + "http://www.securityfocus.com/bid/104214", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1123", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1123", + "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html", + "https://security.gentoo.org/glsa/201805-14", + "https://usn.ubuntu.com/3658-1/", + "https://usn.ubuntu.com/3658-3/", + "https://usn.ubuntu.com/usn/usn-3658-1", + "https://usn.ubuntu.com/usn/usn-3658-3", + "https://www.debian.org/security/2018/dsa-4208", + "https://www.exploit-db.com/exploits/44806/", + "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" + ], + "PublishedDate": "2018-05-23T14:29:00Z", + "LastModifiedDate": "2019-10-09T23:38:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1125", + "PkgName": "procps", + "InstalledVersion": "3.2.8-45.el6_9.3", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1125", + "Title": "procps-ng, procps: stack buffer overflow in pgrep", + "Description": "procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "V3Score": 4.4 + } + }, + "References": [ + "http://seclists.org/oss-sec/2018/q2/122", + "http://www.securityfocus.com/bid/104214", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1125", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1125", + "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html", + "https://usn.ubuntu.com/3658-1/", + "https://usn.ubuntu.com/3658-3/", + "https://usn.ubuntu.com/usn/usn-3658-1", + "https://usn.ubuntu.com/usn/usn-3658-3", + "https://www.debian.org/security/2018/dsa-4208", + "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" + ], + "PublishedDate": "2018-05-23T14:29:00Z", + "LastModifiedDate": "2019-10-09T23:38:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9636", + "PkgName": "python", + "InstalledVersion": "2.6.6-66.el6_8", + "FixedVersion": "2.6.6-68.el6_10", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9636", + "Title": "python: Information Disclosure due to urlsplit improper NFKC normalization", + "Description": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-255" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9636.html", + "http://linux.oracle.com/errata/ELSA-2019-1467.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", + "http://www.securityfocus.com/bid/107400", + "https://access.redhat.com/errata/RHBA-2019:0959", + "https://access.redhat.com/errata/RHSA-2019:0710", + "https://access.redhat.com/errata/RHSA-2019:0765", + "https://access.redhat.com/errata/RHSA-2019:0806", + "https://access.redhat.com/errata/RHSA-2019:0902", + "https://access.redhat.com/errata/RHSA-2019:0981", + "https://access.redhat.com/errata/RHSA-2019:0997", + "https://access.redhat.com/errata/RHSA-2019:1467", + "https://bugs.python.org/issue36216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636", + "https://github.com/python/cpython/pull/12201", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/", + "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html", + "https://security.netapp.com/advisory/ntap-20190517-0001/", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-03-08T21:29:00Z", + "LastModifiedDate": "2019-06-13T16:29:00Z" + }, + { + "VulnerabilityID": "CVE-2013-1664", + "PkgName": "python", + "InstalledVersion": "2.6.6-66.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-1664", + "Title": "Python xml bindings: Internal entity expansion in Python XML libraries inflicts DoS vulnerabilities", + "Description": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html", + "http://bugs.python.org/issue17239", + "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html", + "http://rhn.redhat.com/errata/RHSA-2013-0657.html", + "http://rhn.redhat.com/errata/RHSA-2013-0658.html", + "http://rhn.redhat.com/errata/RHSA-2013-0670.html", + "http://ubuntu.com/usn/usn-1757-1", + "http://www.openwall.com/lists/oss-security/2013/02/19/2", + "http://www.openwall.com/lists/oss-security/2013/02/19/4", + "https://bugs.launchpad.net/nova/+bug/1100282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1664", + "https://usn.ubuntu.com/usn/usn-1730-1", + "https://usn.ubuntu.com/usn/usn-1731-1", + "https://usn.ubuntu.com/usn/usn-1734-1", + "https://usn.ubuntu.com/usn/usn-1757-1", + "https://www.djangoproject.com/weblog/2013/feb/19/security/" + ], + "PublishedDate": "2013-04-03T00:55:00Z", + "LastModifiedDate": "2013-05-15T03:35:00Z" + }, + { + "VulnerabilityID": "CVE-2013-1665", + "PkgName": "python", + "InstalledVersion": "2.6.6-66.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-1665", + "Title": "Python xml bindings: External entity expansion in Python XML libraries inflicts potential security flaws and DoS vulnerabilities", + "Description": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V2Score": 5.8 + } + }, + "References": [ + "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html", + "http://bugs.python.org/issue17239", + "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html", + "http://rhn.redhat.com/errata/RHSA-2013-0657.html", + "http://rhn.redhat.com/errata/RHSA-2013-0658.html", + "http://rhn.redhat.com/errata/RHSA-2013-0670.html", + "http://ubuntu.com/usn/usn-1757-1", + "http://www.debian.org/security/2013/dsa-2634", + "http://www.openwall.com/lists/oss-security/2013/02/19/2", + "http://www.openwall.com/lists/oss-security/2013/02/19/4", + "https://bugs.launchpad.net/keystone/+bug/1100279", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1665", + "https://usn.ubuntu.com/usn/usn-1730-1", + "https://usn.ubuntu.com/usn/usn-1757-1", + "https://www.djangoproject.com/weblog/2013/feb/19/security/" + ], + "PublishedDate": "2013-04-03T00:55:00Z", + "LastModifiedDate": "2013-05-15T03:35:00Z" + }, + { + "VulnerabilityID": "CVE-2013-7040", + "PkgName": "python", + "InstalledVersion": "2.6.6-66.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-7040", + "Title": "python: hash secret can be recovered remotely", + "Description": "Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + } + }, + "References": [ + "http://bugs.python.org/issue14621", + "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", + "http://www.openwall.com/lists/oss-security/2013/12/09/13", + "http://www.openwall.com/lists/oss-security/2013/12/09/3", + "http://www.securityfocus.com/bid/64194", + "https://support.apple.com/kb/HT205031" + ], + "PublishedDate": "2014-05-19T14:55:00Z", + "LastModifiedDate": "2019-10-25T11:53:00Z" + }, + { + "VulnerabilityID": "CVE-2014-9365", + "PkgName": "python", + "InstalledVersion": "2.6.6-66.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9365", + "Title": "python: failure to validate certificates in the HTTP client with TLS (PEP 476)", + "Description": "The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", + "V2Score": 5.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V2Score": 5.8, + "V3Score": 4.7 + } + }, + "References": [ + "http://bugs.python.org/issue22417", + "http://linux.oracle.com/cve/CVE-2014-9365.html", + "http://linux.oracle.com/errata/ELSA-2017-1868.html", + "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", + "http://seclists.org/oss-sec/2014/q4/1022", + "http://www.openwall.com/lists/oss-security/2014/12/11/1", + "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", + "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "http://www.securityfocus.com/bid/71639", + "https://access.redhat.com/errata/RHSA-2016:1166", + "https://access.redhat.com/errata/RHSA-2017:1162", + "https://access.redhat.com/errata/RHSA-2017:1868", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9365", + "https://security.gentoo.org/glsa/201503-10", + "https://support.apple.com/kb/HT205031", + "https://www.python.org/dev/peps/pep-0476/", + "https://www.python.org/downloads/release/python-279/" + ], + "PublishedDate": "2014-12-12T11:59:00Z", + "LastModifiedDate": "2019-10-25T11:53:00Z" + }, + { + "VulnerabilityID": "CVE-2017-1000158", + "PkgName": "python", + "InstalledVersion": "2.6.6-66.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000158", + "Title": "python: Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow", + "Description": "CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://python-security.readthedocs.io/vuln/cve-2017-1000158_pystring_decodeescape_integer_overflow.html", + "http://www.securitytracker.com/id/1039890", + "https://bugs.python.org/issue30657", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000158", + "https://github.com/python/cpython/commit/c3c9db89273fabc62ea1b48389d9a3000c1c03ae", + "https://lists.debian.org/debian-lts-announce/2017/11/msg00035.html", + "https://lists.debian.org/debian-lts-announce/2017/11/msg00036.html", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html", + "https://security.gentoo.org/glsa/201805-02", + "https://usn.ubuntu.com/usn/usn-3496-1", + "https://usn.ubuntu.com/usn/usn-3496-2", + "https://usn.ubuntu.com/usn/usn-3496-3", + "https://www.debian.org/security/2018/dsa-4307" + ], + "PublishedDate": "2017-11-17T05:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1061", + "PkgName": "python", + "InstalledVersion": "2.6.6-66.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1061", + "Title": "python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib", + "Description": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-1061.html", + "http://linux.oracle.com/errata/ELSA-2018-3041.html", + "http://www.securitytracker.com/id/1042001", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3041", + "https://access.redhat.com/errata/RHSA-2018:3505", + "https://access.redhat.com/errata/RHSA-2019:1260", + "https://bugs.python.org/issue32981", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1061", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1061", + "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1", + "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-final", + "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", + "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03951en_us", + "https://usn.ubuntu.com/3817-1/", + "https://usn.ubuntu.com/3817-2/", + "https://usn.ubuntu.com/usn/usn-3817-1", + "https://usn.ubuntu.com/usn/usn-3817-2", + "https://www.debian.org/security/2018/dsa-4306", + "https://www.debian.org/security/2018/dsa-4307" + ], + "PublishedDate": "2018-06-19T12:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-14647", + "PkgName": "python", + "InstalledVersion": "2.6.6-66.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14647", + "Title": "python: Missing salt initialization in _elementtree.c module", + "Description": "Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. Python 3.8, 3.7, 3.6, 3.5, 3.4, 2.7 are believed to be vulnerable.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-909" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-14647.html", + "http://linux.oracle.com/errata/ELSA-2019-2030.html", + "http://www.securityfocus.com/bid/105396", + "http://www.securitytracker.com/id/1041740", + "https://access.redhat.com/errata/RHSA-2019:1260", + "https://access.redhat.com/errata/RHSA-2019:2030", + "https://bugs.python.org/issue34623", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14647", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14647", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBJCB2HWOJLP3L7CUQHJHNBHLSVOXJE5/", + "https://usn.ubuntu.com/3817-1/", + "https://usn.ubuntu.com/3817-2/", + "https://usn.ubuntu.com/usn/usn-3817-1", + "https://usn.ubuntu.com/usn/usn-3817-2", + "https://www.debian.org/security/2018/dsa-4306", + "https://www.debian.org/security/2018/dsa-4307" + ], + "PublishedDate": "2018-09-25T00:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9740", + "PkgName": "python", + "InstalledVersion": "2.6.6-66.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9740", + "Title": "python: CRLF injection via the query part of the url passed to urlopen()", + "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-93" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V2Score": 4.3, + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9740.html", + "http://linux.oracle.com/errata/ELSA-2019-3520.html", + "http://www.securityfocus.com/bid/107466", + "https://access.redhat.com/errata/RHSA-2019:1260", + "https://bugs.python.org/issue36276", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", + "https://python-security.readthedocs.io/vuln/http-header-injection2.html", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-03-13T03:29:00Z", + "LastModifiedDate": "2019-05-28T18:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9947", + "PkgName": "python", + "InstalledVersion": "2.6.6-66.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9947", + "Title": "python: CRLF injection via the path part of the url passed to urlopen()", + "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-93" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V2Score": 4.3, + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9947.html", + "http://linux.oracle.com/errata/ELSA-2019-3520.html", + "https://access.redhat.com/errata/RHSA-2019:1260", + "https://bugs.python.org/issue35906", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9947", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", + "https://python-security.readthedocs.io/vuln/http-header-injection2.html", + "https://security.netapp.com/advisory/ntap-20190404-0004/", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-03-23T18:29:00Z", + "LastModifiedDate": "2019-05-28T19:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9948", + "PkgName": "python", + "InstalledVersion": "2.6.6-66.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9948", + "Title": "python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms", + "Description": "urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-254" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9948.html", + "http://linux.oracle.com/errata/ELSA-2019-3520.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", + "http://www.securityfocus.com/bid/107549", + "https://bugs.python.org/issue35907", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948", + "https://github.com/python/cpython/pull/11842", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", + "https://security.netapp.com/advisory/ntap-20190404-0004/", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-03-23T18:29:00Z", + "LastModifiedDate": "2019-06-19T02:15:00Z" + }, + { + "VulnerabilityID": "CVE-2010-3492", + "PkgName": "python", + "InstalledVersion": "2.6.6-66.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-3492", + "Title": "python accept() implementation in async core is broken", + "Description": "The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections.", + "Severity": "LOW", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + } + }, + "References": [ + "http://bugs.python.org/issue6706", + "http://www.mandriva.com/security/advisories?name=MDVSA-2010:215", + "http://www.mandriva.com/security/advisories?name=MDVSA-2010:216", + "http://www.openwall.com/lists/oss-security/2010/09/09/6", + "http://www.openwall.com/lists/oss-security/2010/09/11/2", + "http://www.openwall.com/lists/oss-security/2010/09/22/3", + "http://www.openwall.com/lists/oss-security/2010/09/24/3", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3492", + "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12111" + ], + "PublishedDate": "2010-10-19T20:00:00Z", + "LastModifiedDate": "2019-10-29T00:56:00Z" + }, + { + "VulnerabilityID": "CVE-2016-5636", + "PkgName": "python", + "InstalledVersion": "2.6.6-66.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5636", + "Title": "python: Heap overflow in zipimporter module", + "Description": "Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 10, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 4.4, + "V3Score": 4.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-5636.html", + "http://linux.oracle.com/errata/ELSA-2016-2586.html", + "http://rhn.redhat.com/errata/RHSA-2016-2586.html", + "http://www.openwall.com/lists/oss-security/2016/06/15/15", + "http://www.openwall.com/lists/oss-security/2016/06/16/1", + "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", + "http://www.securityfocus.com/bid/91247", + "http://www.securitytracker.com/id/1038138", + "http://www.splunk.com/view/SP-CAAAPSV", + "http://www.splunk.com/view/SP-CAAAPUE", + "https://bugs.python.org/issue26171", + "https://bugs.python.org/msg278228", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5636", + "https://docs.python.org/3.4/whatsnew/changelog.html#python-3-4-5", + "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-2", + "https://hg.python.org/cpython/raw-file/v2.7.12/Misc/NEWS", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html", + "https://security.gentoo.org/glsa/201701-18", + "https://usn.ubuntu.com/usn/usn-3134-1" + ], + "PublishedDate": "2016-09-02T14:59:00Z", + "LastModifiedDate": "2019-02-09T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1000030", + "PkgName": "python", + "InstalledVersion": "2.6.6-66.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000030", + "Title": "python: Heap-Buffer-Overflow and Heap-Use-After-Free in Objects/fileobject.c", + "Description": "Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3-\u003eMalloc-\u003eThread1-\u003eFree's-\u003eThread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119", + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 3.6 + } + }, + "References": [ + "https://bugs.python.org/issue31530", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000030", + "https://drive.google.com/file/d/1oyR9DAZjZK_SCn3mor6NRAYLJS6ueXaY/view", + "https://security.gentoo.org/glsa/201811-02", + "https://usn.ubuntu.com/3817-1/", + "https://usn.ubuntu.com/3817-2/", + "https://usn.ubuntu.com/usn/usn-3817-1", + "https://usn.ubuntu.com/usn/usn-3817-2", + "https://www.dropbox.com/sh/sj3ee7xv55j36k7/AADwP-YfOYikBMuy32e0uvPFa?dl=0" + ], + "PublishedDate": "2018-02-08T17:29:00Z", + "LastModifiedDate": "2019-10-09T23:32:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1060", + "PkgName": "python", + "InstalledVersion": "2.6.6-66.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1060", + "Title": "python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib", + "Description": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.", + "Severity": "LOW", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-1060.html", + "http://linux.oracle.com/errata/ELSA-2018-3041.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html", + "http://www.securitytracker.com/id/1042001", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3041", + "https://access.redhat.com/errata/RHSA-2018:3505", + "https://access.redhat.com/errata/RHSA-2019:1260", + "https://access.redhat.com/errata/RHSA-2019:3725", + "https://bugs.python.org/issue32981", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1060", + "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1", + "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-final", + "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", + "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03951en_us", + "https://usn.ubuntu.com/3817-1/", + "https://usn.ubuntu.com/3817-2/", + "https://usn.ubuntu.com/usn/usn-3817-1", + "https://usn.ubuntu.com/usn/usn-3817-2", + "https://www.debian.org/security/2018/dsa-4306", + "https://www.debian.org/security/2018/dsa-4307", + "https://www.oracle.com/security-alerts/cpujan2020.html" + ], + "PublishedDate": "2018-06-18T14:29:00Z", + "LastModifiedDate": "2020-01-15T20:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9674", + "PkgName": "python", + "InstalledVersion": "2.6.6-66.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9674", + "Title": "python: Nested zip file (Zip bomb) vulnerability in Lib/zipfile.py", + "Description": "Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.", + "Severity": "LOW", + "CweIDs": [ + "CWE-400" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://bugs.python.org/issue36260", + "https://bugs.python.org/issue36462", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9674", + "https://github.com/python/cpython/blob/master/Lib/zipfile.py", + "https://github.com/python/cpython/commit/3ba51d587f6897a45301ce9126300c14fcd4eba2", + "https://python-security.readthedocs.io/security.html#archives-and-zip-bomb", + "https://security.netapp.com/advisory/ntap-20200221-0003/", + "https://www.python.org/news/security/" + ], + "PublishedDate": "2020-02-04T15:15:00Z", + "LastModifiedDate": "2020-02-24T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9636", + "PkgName": "python-libs", + "InstalledVersion": "2.6.6-66.el6_8", + "FixedVersion": "2.6.6-68.el6_10", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9636", + "Title": "python: Information Disclosure due to urlsplit improper NFKC normalization", + "Description": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-255" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9636.html", + "http://linux.oracle.com/errata/ELSA-2019-1467.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", + "http://www.securityfocus.com/bid/107400", + "https://access.redhat.com/errata/RHBA-2019:0959", + "https://access.redhat.com/errata/RHSA-2019:0710", + "https://access.redhat.com/errata/RHSA-2019:0765", + "https://access.redhat.com/errata/RHSA-2019:0806", + "https://access.redhat.com/errata/RHSA-2019:0902", + "https://access.redhat.com/errata/RHSA-2019:0981", + "https://access.redhat.com/errata/RHSA-2019:0997", + "https://access.redhat.com/errata/RHSA-2019:1467", + "https://bugs.python.org/issue36216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636", + "https://github.com/python/cpython/pull/12201", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/", + "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html", + "https://security.netapp.com/advisory/ntap-20190517-0001/", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-03-08T21:29:00Z", + "LastModifiedDate": "2019-06-13T16:29:00Z" + }, + { + "VulnerabilityID": "CVE-2013-1664", + "PkgName": "python-libs", + "InstalledVersion": "2.6.6-66.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-1664", + "Title": "Python xml bindings: Internal entity expansion in Python XML libraries inflicts DoS vulnerabilities", + "Description": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html", + "http://bugs.python.org/issue17239", + "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html", + "http://rhn.redhat.com/errata/RHSA-2013-0657.html", + "http://rhn.redhat.com/errata/RHSA-2013-0658.html", + "http://rhn.redhat.com/errata/RHSA-2013-0670.html", + "http://ubuntu.com/usn/usn-1757-1", + "http://www.openwall.com/lists/oss-security/2013/02/19/2", + "http://www.openwall.com/lists/oss-security/2013/02/19/4", + "https://bugs.launchpad.net/nova/+bug/1100282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1664", + "https://usn.ubuntu.com/usn/usn-1730-1", + "https://usn.ubuntu.com/usn/usn-1731-1", + "https://usn.ubuntu.com/usn/usn-1734-1", + "https://usn.ubuntu.com/usn/usn-1757-1", + "https://www.djangoproject.com/weblog/2013/feb/19/security/" + ], + "PublishedDate": "2013-04-03T00:55:00Z", + "LastModifiedDate": "2013-05-15T03:35:00Z" + }, + { + "VulnerabilityID": "CVE-2013-1665", + "PkgName": "python-libs", + "InstalledVersion": "2.6.6-66.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-1665", + "Title": "Python xml bindings: External entity expansion in Python XML libraries inflicts potential security flaws and DoS vulnerabilities", + "Description": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V2Score": 5.8 + } + }, + "References": [ + "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html", + "http://bugs.python.org/issue17239", + "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html", + "http://rhn.redhat.com/errata/RHSA-2013-0657.html", + "http://rhn.redhat.com/errata/RHSA-2013-0658.html", + "http://rhn.redhat.com/errata/RHSA-2013-0670.html", + "http://ubuntu.com/usn/usn-1757-1", + "http://www.debian.org/security/2013/dsa-2634", + "http://www.openwall.com/lists/oss-security/2013/02/19/2", + "http://www.openwall.com/lists/oss-security/2013/02/19/4", + "https://bugs.launchpad.net/keystone/+bug/1100279", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1665", + "https://usn.ubuntu.com/usn/usn-1730-1", + "https://usn.ubuntu.com/usn/usn-1757-1", + "https://www.djangoproject.com/weblog/2013/feb/19/security/" + ], + "PublishedDate": "2013-04-03T00:55:00Z", + "LastModifiedDate": "2013-05-15T03:35:00Z" + }, + { + "VulnerabilityID": "CVE-2013-7040", + "PkgName": "python-libs", + "InstalledVersion": "2.6.6-66.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-7040", + "Title": "python: hash secret can be recovered remotely", + "Description": "Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + } + }, + "References": [ + "http://bugs.python.org/issue14621", + "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", + "http://www.openwall.com/lists/oss-security/2013/12/09/13", + "http://www.openwall.com/lists/oss-security/2013/12/09/3", + "http://www.securityfocus.com/bid/64194", + "https://support.apple.com/kb/HT205031" + ], + "PublishedDate": "2014-05-19T14:55:00Z", + "LastModifiedDate": "2019-10-25T11:53:00Z" + }, + { + "VulnerabilityID": "CVE-2014-9365", + "PkgName": "python-libs", + "InstalledVersion": "2.6.6-66.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9365", + "Title": "python: failure to validate certificates in the HTTP client with TLS (PEP 476)", + "Description": "The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", + "V2Score": 5.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V2Score": 5.8, + "V3Score": 4.7 + } + }, + "References": [ + "http://bugs.python.org/issue22417", + "http://linux.oracle.com/cve/CVE-2014-9365.html", + "http://linux.oracle.com/errata/ELSA-2017-1868.html", + "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", + "http://seclists.org/oss-sec/2014/q4/1022", + "http://www.openwall.com/lists/oss-security/2014/12/11/1", + "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", + "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "http://www.securityfocus.com/bid/71639", + "https://access.redhat.com/errata/RHSA-2016:1166", + "https://access.redhat.com/errata/RHSA-2017:1162", + "https://access.redhat.com/errata/RHSA-2017:1868", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9365", + "https://security.gentoo.org/glsa/201503-10", + "https://support.apple.com/kb/HT205031", + "https://www.python.org/dev/peps/pep-0476/", + "https://www.python.org/downloads/release/python-279/" + ], + "PublishedDate": "2014-12-12T11:59:00Z", + "LastModifiedDate": "2019-10-25T11:53:00Z" + }, + { + "VulnerabilityID": "CVE-2017-1000158", + "PkgName": "python-libs", + "InstalledVersion": "2.6.6-66.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000158", + "Title": "python: Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow", + "Description": "CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://python-security.readthedocs.io/vuln/cve-2017-1000158_pystring_decodeescape_integer_overflow.html", + "http://www.securitytracker.com/id/1039890", + "https://bugs.python.org/issue30657", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000158", + "https://github.com/python/cpython/commit/c3c9db89273fabc62ea1b48389d9a3000c1c03ae", + "https://lists.debian.org/debian-lts-announce/2017/11/msg00035.html", + "https://lists.debian.org/debian-lts-announce/2017/11/msg00036.html", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html", + "https://security.gentoo.org/glsa/201805-02", + "https://usn.ubuntu.com/usn/usn-3496-1", + "https://usn.ubuntu.com/usn/usn-3496-2", + "https://usn.ubuntu.com/usn/usn-3496-3", + "https://www.debian.org/security/2018/dsa-4307" + ], + "PublishedDate": "2017-11-17T05:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1061", + "PkgName": "python-libs", + "InstalledVersion": "2.6.6-66.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1061", + "Title": "python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib", + "Description": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-1061.html", + "http://linux.oracle.com/errata/ELSA-2018-3041.html", + "http://www.securitytracker.com/id/1042001", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3041", + "https://access.redhat.com/errata/RHSA-2018:3505", + "https://access.redhat.com/errata/RHSA-2019:1260", + "https://bugs.python.org/issue32981", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1061", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1061", + "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1", + "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-final", + "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", + "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03951en_us", + "https://usn.ubuntu.com/3817-1/", + "https://usn.ubuntu.com/3817-2/", + "https://usn.ubuntu.com/usn/usn-3817-1", + "https://usn.ubuntu.com/usn/usn-3817-2", + "https://www.debian.org/security/2018/dsa-4306", + "https://www.debian.org/security/2018/dsa-4307" + ], + "PublishedDate": "2018-06-19T12:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-14647", + "PkgName": "python-libs", + "InstalledVersion": "2.6.6-66.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14647", + "Title": "python: Missing salt initialization in _elementtree.c module", + "Description": "Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. Python 3.8, 3.7, 3.6, 3.5, 3.4, 2.7 are believed to be vulnerable.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-909" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-14647.html", + "http://linux.oracle.com/errata/ELSA-2019-2030.html", + "http://www.securityfocus.com/bid/105396", + "http://www.securitytracker.com/id/1041740", + "https://access.redhat.com/errata/RHSA-2019:1260", + "https://access.redhat.com/errata/RHSA-2019:2030", + "https://bugs.python.org/issue34623", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14647", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14647", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBJCB2HWOJLP3L7CUQHJHNBHLSVOXJE5/", + "https://usn.ubuntu.com/3817-1/", + "https://usn.ubuntu.com/3817-2/", + "https://usn.ubuntu.com/usn/usn-3817-1", + "https://usn.ubuntu.com/usn/usn-3817-2", + "https://www.debian.org/security/2018/dsa-4306", + "https://www.debian.org/security/2018/dsa-4307" + ], + "PublishedDate": "2018-09-25T00:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9740", + "PkgName": "python-libs", + "InstalledVersion": "2.6.6-66.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9740", + "Title": "python: CRLF injection via the query part of the url passed to urlopen()", + "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-93" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V2Score": 4.3, + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9740.html", + "http://linux.oracle.com/errata/ELSA-2019-3520.html", + "http://www.securityfocus.com/bid/107466", + "https://access.redhat.com/errata/RHSA-2019:1260", + "https://bugs.python.org/issue36276", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", + "https://python-security.readthedocs.io/vuln/http-header-injection2.html", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-03-13T03:29:00Z", + "LastModifiedDate": "2019-05-28T18:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9947", + "PkgName": "python-libs", + "InstalledVersion": "2.6.6-66.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9947", + "Title": "python: CRLF injection via the path part of the url passed to urlopen()", + "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-93" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V2Score": 4.3, + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9947.html", + "http://linux.oracle.com/errata/ELSA-2019-3520.html", + "https://access.redhat.com/errata/RHSA-2019:1260", + "https://bugs.python.org/issue35906", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9947", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", + "https://python-security.readthedocs.io/vuln/http-header-injection2.html", + "https://security.netapp.com/advisory/ntap-20190404-0004/", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-03-23T18:29:00Z", + "LastModifiedDate": "2019-05-28T19:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9948", + "PkgName": "python-libs", + "InstalledVersion": "2.6.6-66.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9948", + "Title": "python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms", + "Description": "urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-254" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9948.html", + "http://linux.oracle.com/errata/ELSA-2019-3520.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", + "http://www.securityfocus.com/bid/107549", + "https://bugs.python.org/issue35907", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948", + "https://github.com/python/cpython/pull/11842", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", + "https://security.netapp.com/advisory/ntap-20190404-0004/", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-03-23T18:29:00Z", + "LastModifiedDate": "2019-06-19T02:15:00Z" + }, + { + "VulnerabilityID": "CVE-2010-3492", + "PkgName": "python-libs", + "InstalledVersion": "2.6.6-66.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-3492", + "Title": "python accept() implementation in async core is broken", + "Description": "The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections.", + "Severity": "LOW", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + } + }, + "References": [ + "http://bugs.python.org/issue6706", + "http://www.mandriva.com/security/advisories?name=MDVSA-2010:215", + "http://www.mandriva.com/security/advisories?name=MDVSA-2010:216", + "http://www.openwall.com/lists/oss-security/2010/09/09/6", + "http://www.openwall.com/lists/oss-security/2010/09/11/2", + "http://www.openwall.com/lists/oss-security/2010/09/22/3", + "http://www.openwall.com/lists/oss-security/2010/09/24/3", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3492", + "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12111" + ], + "PublishedDate": "2010-10-19T20:00:00Z", + "LastModifiedDate": "2019-10-29T00:56:00Z" + }, + { + "VulnerabilityID": "CVE-2016-5636", + "PkgName": "python-libs", + "InstalledVersion": "2.6.6-66.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5636", + "Title": "python: Heap overflow in zipimporter module", + "Description": "Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 10, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 4.4, + "V3Score": 4.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-5636.html", + "http://linux.oracle.com/errata/ELSA-2016-2586.html", + "http://rhn.redhat.com/errata/RHSA-2016-2586.html", + "http://www.openwall.com/lists/oss-security/2016/06/15/15", + "http://www.openwall.com/lists/oss-security/2016/06/16/1", + "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", + "http://www.securityfocus.com/bid/91247", + "http://www.securitytracker.com/id/1038138", + "http://www.splunk.com/view/SP-CAAAPSV", + "http://www.splunk.com/view/SP-CAAAPUE", + "https://bugs.python.org/issue26171", + "https://bugs.python.org/msg278228", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5636", + "https://docs.python.org/3.4/whatsnew/changelog.html#python-3-4-5", + "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-2", + "https://hg.python.org/cpython/raw-file/v2.7.12/Misc/NEWS", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html", + "https://security.gentoo.org/glsa/201701-18", + "https://usn.ubuntu.com/usn/usn-3134-1" + ], + "PublishedDate": "2016-09-02T14:59:00Z", + "LastModifiedDate": "2019-02-09T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1000030", + "PkgName": "python-libs", + "InstalledVersion": "2.6.6-66.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000030", + "Title": "python: Heap-Buffer-Overflow and Heap-Use-After-Free in Objects/fileobject.c", + "Description": "Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3-\u003eMalloc-\u003eThread1-\u003eFree's-\u003eThread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119", + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 3.6 + } + }, + "References": [ + "https://bugs.python.org/issue31530", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000030", + "https://drive.google.com/file/d/1oyR9DAZjZK_SCn3mor6NRAYLJS6ueXaY/view", + "https://security.gentoo.org/glsa/201811-02", + "https://usn.ubuntu.com/3817-1/", + "https://usn.ubuntu.com/3817-2/", + "https://usn.ubuntu.com/usn/usn-3817-1", + "https://usn.ubuntu.com/usn/usn-3817-2", + "https://www.dropbox.com/sh/sj3ee7xv55j36k7/AADwP-YfOYikBMuy32e0uvPFa?dl=0" + ], + "PublishedDate": "2018-02-08T17:29:00Z", + "LastModifiedDate": "2019-10-09T23:32:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1060", + "PkgName": "python-libs", + "InstalledVersion": "2.6.6-66.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1060", + "Title": "python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib", + "Description": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.", + "Severity": "LOW", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-1060.html", + "http://linux.oracle.com/errata/ELSA-2018-3041.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html", + "http://www.securitytracker.com/id/1042001", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3041", + "https://access.redhat.com/errata/RHSA-2018:3505", + "https://access.redhat.com/errata/RHSA-2019:1260", + "https://access.redhat.com/errata/RHSA-2019:3725", + "https://bugs.python.org/issue32981", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1060", + "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1", + "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-final", + "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", + "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03951en_us", + "https://usn.ubuntu.com/3817-1/", + "https://usn.ubuntu.com/3817-2/", + "https://usn.ubuntu.com/usn/usn-3817-1", + "https://usn.ubuntu.com/usn/usn-3817-2", + "https://www.debian.org/security/2018/dsa-4306", + "https://www.debian.org/security/2018/dsa-4307", + "https://www.oracle.com/security-alerts/cpujan2020.html" + ], + "PublishedDate": "2018-06-18T14:29:00Z", + "LastModifiedDate": "2020-01-15T20:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9674", + "PkgName": "python-libs", + "InstalledVersion": "2.6.6-66.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9674", + "Title": "python: Nested zip file (Zip bomb) vulnerability in Lib/zipfile.py", + "Description": "Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.", + "Severity": "LOW", + "CweIDs": [ + "CWE-400" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://bugs.python.org/issue36260", + "https://bugs.python.org/issue36462", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9674", + "https://github.com/python/cpython/blob/master/Lib/zipfile.py", + "https://github.com/python/cpython/commit/3ba51d587f6897a45301ce9126300c14fcd4eba2", + "https://python-security.readthedocs.io/security.html#archives-and-zip-bomb", + "https://security.netapp.com/advisory/ntap-20200221-0003/", + "https://www.python.org/news/security/" + ], + "PublishedDate": "2020-02-04T15:15:00Z", + "LastModifiedDate": "2020-02-24T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2014-2524", + "PkgName": "readline", + "InstalledVersion": "6.0-4.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-2524", + "Title": "readline: insecure temporary file use in _rl_tropen()", + "Description": "The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-59" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", + "V2Score": 3.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", + "V2Score": 2.1 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2014-0319.html", + "http://lists.gnu.org/archive/html/bug-readline/2014-03/msg00057.html", + "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.html", + "http://seclists.org/oss-sec/2014/q1/579", + "http://seclists.org/oss-sec/2014/q1/587", + "http://www.mandriva.com/security/advisories?name=MDVSA-2014:154", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:132", + "https://bugzilla.redhat.com/show_bug.cgi?id=1077023", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2524", + "https://lists.fedoraproject.org/pipermail/package-announce/2014-July/135686.html" + ], + "PublishedDate": "2014-08-20T14:55:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2016-7091", + "PkgName": "readline", + "InstalledVersion": "6.0-4.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-7091", + "Title": "sudo: Possible info leak via INPUTRC", + "Description": "sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.9, + "V3Score": 4.4 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N", + "V2Score": 3.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-7091.html", + "http://linux.oracle.com/errata/ELSA-2016-2593.html", + "http://www.securityfocus.com/bid/92615", + "https://lists.gnu.org/archive/html/bug-readline/2016-05/msg00009.html", + "https://rhn.redhat.com/errata/RHSA-2016-2593.html" + ], + "PublishedDate": "2016-12-22T21:59:00Z", + "LastModifiedDate": "2016-12-23T18:17:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7500", + "PkgName": "rpm", + "InstalledVersion": "4.8.0-59.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7500", + "Title": "rpm: Following symlinks to directories when installing packages allows privilege escalation", + "Description": "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1450369", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7500", + "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9", + "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79" + ], + "PublishedDate": "2018-08-13T17:29:00Z", + "LastModifiedDate": "2019-10-09T23:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7501", + "PkgName": "rpm", + "InstalledVersion": "4.8.0-59.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7501", + "Title": "rpm: Following symlinks to files when installing packages allows privilege escalation", + "Description": "It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1452133", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7501", + "https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc", + "https://security.gentoo.org/glsa/201811-22" + ], + "PublishedDate": "2017-11-22T22:29:00Z", + "LastModifiedDate": "2018-11-29T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7500", + "PkgName": "rpm-libs", + "InstalledVersion": "4.8.0-59.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7500", + "Title": "rpm: Following symlinks to directories when installing packages allows privilege escalation", + "Description": "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1450369", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7500", + "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9", + "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79" + ], + "PublishedDate": "2018-08-13T17:29:00Z", + "LastModifiedDate": "2019-10-09T23:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7501", + "PkgName": "rpm-libs", + "InstalledVersion": "4.8.0-59.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7501", + "Title": "rpm: Following symlinks to files when installing packages allows privilege escalation", + "Description": "It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1452133", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7501", + "https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc", + "https://security.gentoo.org/glsa/201811-22" + ], + "PublishedDate": "2017-11-22T22:29:00Z", + "LastModifiedDate": "2018-11-29T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7500", + "PkgName": "rpm-python", + "InstalledVersion": "4.8.0-59.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7500", + "Title": "rpm: Following symlinks to directories when installing packages allows privilege escalation", + "Description": "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1450369", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7500", + "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9", + "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79" + ], + "PublishedDate": "2018-08-13T17:29:00Z", + "LastModifiedDate": "2019-10-09T23:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7501", + "PkgName": "rpm-python", + "InstalledVersion": "4.8.0-59.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7501", + "Title": "rpm: Following symlinks to files when installing packages allows privilege escalation", + "Description": "It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1452133", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7501", + "https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc", + "https://security.gentoo.org/glsa/201811-22" + ], + "PublishedDate": "2017-11-22T22:29:00Z", + "LastModifiedDate": "2018-11-29T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1113", + "PkgName": "setup", + "InstalledVersion": "2.8.14-23.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1113", + "Title": "setup: nologin listed in /etc/shells violates security expectations", + "Description": "setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system.", + "Severity": "LOW", + "CweIDs": [ + "CWE-732" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 4.6, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 4.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-1113.html", + "http://linux.oracle.com/errata/ELSA-2018-3249.html", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3249", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1113" + ], + "PublishedDate": "2018-07-03T01:29:00Z", + "LastModifiedDate": "2019-10-09T23:38:00Z" + }, + { + "VulnerabilityID": "CVE-2013-4235", + "PkgName": "shadow-utils", + "InstalledVersion": "2:4.1.5.1-5.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4235", + "Title": "shadow-utils: TOCTOU race conditions by copying and removing directory trees", + "Description": "shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees", + "Severity": "LOW", + "CweIDs": [ + "CWE-367" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", + "V2Score": 3.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 3.7, + "V3Score": 6.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/cve-2013-4235", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4235", + "https://security-tracker.debian.org/tracker/CVE-2013-4235" + ], + "PublishedDate": "2019-12-03T15:15:00Z", + "LastModifiedDate": "2019-12-13T15:30:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7000", + "PkgName": "sqlite", + "InstalledVersion": "3.6.20-1.el6_7.2", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7000", + "Title": "chromium-browser: pointer disclosure in sqlite", + "Description": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the \"SQLite\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/98767", + "http://www.securityfocus.com/bid/99950", + "https://access.redhat.com/errata/RHSA-2017:1833", + "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7000", + "https://security.gentoo.org/glsa/201709-15", + "https://support.apple.com/HT207797", + "https://support.apple.com/HT207798", + "https://www.debian.org/security/2017/dsa-3926", + "https://www.sqlite.org/bindptr.html" + ], + "PublishedDate": "2018-04-03T06:29:00Z", + "LastModifiedDate": "2018-04-27T18:00:00Z" + }, + { + "VulnerabilityID": "CVE-2016-6153", + "PkgName": "sqlite", + "InstalledVersion": "3.6.20-1.el6_7.2", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6153", + "Title": "sqlite: Tempdir selection vulnerability", + "Description": "os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 4.6, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", + "V2Score": 1.2, + "V3Score": 2.2 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-updates/2016-08/msg00053.html", + "http://www.openwall.com/lists/oss-security/2016/07/01/1", + "http://www.openwall.com/lists/oss-security/2016/07/01/2", + "http://www.securityfocus.com/bid/91546", + "http://www.sqlite.org/cgi/src/info/67985761aa93fb61", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6153", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IGQTH7V45QVHFDXJAEECHEO3HHD644WZ/", + "https://usn.ubuntu.com/usn/usn-4019-1", + "https://usn.ubuntu.com/usn/usn-4019-2", + "https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt", + "https://www.sqlite.org/releaselog/3_13_0.html", + "https://www.tenable.com/security/tns-2016-20" + ], + "PublishedDate": "2016-09-26T16:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2017-10989", + "PkgName": "sqlite", + "InstalledVersion": "3.6.20-1.el6_7.2", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10989", + "Title": "sqlite: Heap-buffer overflow in the getNodeSize function", + "Description": "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 3.6 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html", + "http://marc.info/?l=sqlite-users\u0026m=149933696214713\u0026w=2", + "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "http://www.securityfocus.com/bid/99502", + "http://www.securitytracker.com/id/1039427", + "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405", + "https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10989", + "https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html", + "https://sqlite.org/src/info/66de6f4a", + "https://sqlite.org/src/vpatch?from=0db20efe201736b3\u0026to=66de6f4a9504ec26", + "https://support.apple.com/HT208112", + "https://support.apple.com/HT208113", + "https://support.apple.com/HT208115", + "https://support.apple.com/HT208144", + "https://usn.ubuntu.com/4019-1/", + "https://usn.ubuntu.com/4019-2/", + "https://usn.ubuntu.com/usn/usn-4019-1", + "https://usn.ubuntu.com/usn/usn-4019-2" + ], + "PublishedDate": "2017-07-07T12:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13685", + "PkgName": "sqlite", + "InstalledVersion": "3.6.20-1.el6_7.2", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13685", + "Title": "sqlite: Local DoS via dump_callback function", + "Description": "The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html", + "http://www.securityfocus.com/bid/100521", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13685", + "https://usn.ubuntu.com/usn/usn-4019-1", + "https://usn.ubuntu.com/usn/usn-4019-2" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2017-08-31T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-15286", + "PkgName": "sqlite", + "InstalledVersion": "3.6.20-1.el6_7.2", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15286", + "Title": "sqlite: NULL pointer dereference in tableColumnList", + "Description": "SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never initialized.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/101285", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15286", + "https://github.com/Ha0Team/crash-of-sqlite3/blob/master/poc.md" + ], + "PublishedDate": "2017-10-12T08:29:00Z", + "LastModifiedDate": "2017-10-27T14:18:00Z" + }, + { + "VulnerabilityID": "CVE-2016-6321", + "PkgName": "tar", + "InstalledVersion": "2:1.23-15.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6321", + "Title": "tar: Bypassing the extract path name", + "Description": "Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-22" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", + "V2Score": 5.1 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d", + "http://lists.gnu.org/archive/html/bug-tar/2016-10/msg00016.html", + "http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html", + "http://seclists.org/fulldisclosure/2016/Oct/102", + "http://seclists.org/fulldisclosure/2016/Oct/96", + "http://www.debian.org/security/2016/dsa-3702", + "http://www.securityfocus.com/bid/93937", + "http://www.ubuntu.com/usn/USN-3132-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6321", + "https://security.gentoo.org/glsa/201611-19", + "https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt", + "https://sintonen.fi/advisories/tar-extract-pathname-bypass.txt", + "https://usn.ubuntu.com/usn/usn-3132-1" + ], + "PublishedDate": "2016-12-09T22:59:00Z", + "LastModifiedDate": "2017-07-01T01:30:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20482", + "PkgName": "tar", + "InstalledVersion": "2:1.23-15.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20482", + "Title": "tar: Infinite read loop in sparse_dump_region function in sparse.c", + "Description": "GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).", + "Severity": "LOW", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42ccd1e2377945fd0414eca1a49294bff454", + "http://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html", + "http://www.securityfocus.com/bid/106354", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20482", + "https://lists.debian.org/debian-lts-announce/2018/12/msg00023.html", + "https://news.ycombinator.com/item?id=18745431", + "https://security.gentoo.org/glsa/201903-05", + "https://twitter.com/thatcks/status/1076166645708668928", + "https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug" + ], + "PublishedDate": "2018-12-26T18:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9923", + "PkgName": "tar", + "InstalledVersion": "2:1.23-15.el6_8", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9923", + "Title": "tar: null-pointer dereference in pax_decode_header in sparse.c", + "Description": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html", + "http://savannah.gnu.org/bugs/?55369", + "https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241" + ], + "PublishedDate": "2019-03-22T08:29:00Z", + "LastModifiedDate": "2019-04-24T19:02:00Z" + }, + { + "VulnerabilityID": "CVE-2019-12735", + "PkgName": "vim-minimal", + "InstalledVersion": "2:7.4.629-5.el6_8.1", + "FixedVersion": "2:7.4.629-5.el6_10.2", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12735", + "Title": "vim/neovim: ':source!' command allows arbitrary command execution via modelines", + "Description": "getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-78" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "V2Score": 9.3, + "V3Score": 8.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 6.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-12735.html", + "http://linux.oracle.com/errata/ELSA-2019-1774.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00031.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00036.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00037.html", + "http://www.securityfocus.com/bid/108724", + "https://bugs.debian.org/930020", + "https://bugs.debian.org/930024", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12735", + "https://github.com/neovim/neovim/pull/10082", + "https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md", + "https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2BMDSHTF754TITC6AQJPCS5IRIDMMIM7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRIRBC2YRGKPAWVRMZS4SZTGGCVRVZPR/", + "https://usn.ubuntu.com/4016-1/", + "https://usn.ubuntu.com/4016-2/", + "https://usn.ubuntu.com/usn/usn-4016-1", + "https://usn.ubuntu.com/usn/usn-4016-2", + "https://www.debian.org/security/2019/dsa-4467" + ], + "PublishedDate": "2019-06-05T14:29:00Z", + "LastModifiedDate": "2019-06-13T21:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-1000382", + "PkgName": "vim-minimal", + "InstalledVersion": "2:7.4.629-5.el6_8.1", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000382", + "Title": "vim: Ignores umask when creating a swap file", + "Description": "VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file (\"[ORIGINAL_FILENAME].swp\") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 2.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "http://security.cucumberlinux.com/security/details.php?id=120", + "http://www.openwall.com/lists/oss-security/2017/10/31/1" + ], + "PublishedDate": "2017-10-31T20:29:00Z", + "LastModifiedDate": "2017-11-27T16:24:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11109", + "PkgName": "vim-minimal", + "InstalledVersion": "2:7.4.629-5.el6_8.1", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11109", + "Title": "vim: Use-after-free via crafted file", + "Description": "Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. NOTE: there might be a limited number of scenarios in which this has security relevance.", + "Severity": "LOW", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1468492", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11109", + "https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html", + "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11109.html", + "https://www.mail-archive.com/vim_dev@googlegroups.com/msg45274.html" + ], + "PublishedDate": "2017-07-08T17:29:00Z", + "LastModifiedDate": "2019-08-03T13:15:00Z" + }, + { + "VulnerabilityID": "CVE-2017-17087", + "PkgName": "vim-minimal", + "InstalledVersion": "2:7.4.629-5.el6_8.1", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17087", + "Title": "vim: Sets the group ownership of a .swp file to the editor's primary group", + "Description": "fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 2.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2017/11/27/2", + "http://security.cucumberlinux.com/security/details.php?id=166", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17087", + "https://github.com/vim/vim/commit/5a73e0ca54c77e067c3b12ea6f35e3e8681e8cf8", + "https://groups.google.com/d/msg/vim_dev/sRT9BtjLWMk/BRtSXNU4BwAJ", + "https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html" + ], + "PublishedDate": "2017-12-01T08:29:00Z", + "LastModifiedDate": "2019-08-03T13:15:00Z" + }, + { + "VulnerabilityID": "CVE-2017-5953", + "PkgName": "vim-minimal", + "InstalledVersion": "2:7.4.629-5.el6_8.1", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-5953", + "Title": "vim: Tree length values not validated properly when handling a spell file", + "Description": "vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 2.5 + } + }, + "References": [ + "http://www.debian.org/security/2017/dsa-3786", + "http://www.securityfocus.com/bid/96217", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5953", + "https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d", + "https://groups.google.com/forum/#!topic/vim_dev/t-3RSdEnrHY", + "https://security.gentoo.org/glsa/201706-26", + "https://usn.ubuntu.com/4016-1/", + "https://usn.ubuntu.com/usn/usn-4016-1" + ], + "PublishedDate": "2017-02-10T07:59:00Z", + "LastModifiedDate": "2019-06-11T20:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-6350", + "PkgName": "vim-minimal", + "InstalledVersion": "2:7.4.629-5.el6_8.1", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6350", + "Title": "vim: Integer overflow at an unserialize_uep memory allocation site", + "Description": "An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 2.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/96448", + "http://www.securitytracker.com/id/1037949", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6350", + "https://github.com/vim/vim/commit/0c8485f0e4931463c0f7986e1ea84a7d79f10c75", + "https://groups.google.com/forum/#!topic/vim_dev/L_dOHOOiQ5Q", + "https://groups.google.com/forum/#!topic/vim_dev/QPZc0CY9j3Y", + "https://security.gentoo.org/glsa/201706-26" + ], + "PublishedDate": "2017-02-27T07:59:00Z", + "LastModifiedDate": "2018-08-13T21:47:00Z" + }, + { + "VulnerabilityID": "CVE-2015-4035", + "PkgName": "xz-libs", + "InstalledVersion": "4.999.9-0.5.beta.20091007git.el6", + "Layer": { + "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-4035", + "Title": "xzgrep: incorrect parsing of filenames containing a semicolon", + "Description": "scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run xzgrep on a crafted file name.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 4.4 + } + }, + "References": [ + "http://seclists.org/oss-sec/2015/q2/484", + "http://www.openwall.com/lists/oss-security/2015/05/19/13", + "https://bugzilla.redhat.com/show_bug.cgi?id=1223341", + "https://git.tukaani.org/?p=xz.git;a=commitdiff;h=f4b2b52624b802c786e4e2a8eb6895794dd93b24" + ], + "PublishedDate": "2017-07-25T18:29:00Z", + "LastModifiedDate": "2019-04-22T17:48:00Z" + } + ] + } + ] +} \ No newline at end of file diff --git a/integration/testdata/centos-7-ignore-unfixed.json.golden b/integration/testdata/centos-7-ignore-unfixed.json.golden index eb0917d52a..cbba834e6c 100644 --- a/integration/testdata/centos-7-ignore-unfixed.json.golden +++ b/integration/testdata/centos-7-ignore-unfixed.json.golden @@ -1,4669 +1,4730 @@ -[ - { - "Target": "testdata/fixtures/images/centos-7.tar.gz (centos 7.6.1810)", - "Class": "os-pkgs", - "Type": "centos", - "Vulnerabilities": [ - { - "VulnerabilityID": "CVE-2018-5743", - "PkgName": "bind-license", - "InstalledVersion": "32:9.9.4-73.el7_6", - "FixedVersion": "32:9.9.4-74.el7_6.1", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5743", - "Title": "bind: Limiting simultaneous TCP clients is ineffective", - "Description": "By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.6, 9.12.0 -\u003e 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -\u003e 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -\u003e 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", - "V3Score": 8.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-5743.html", - "http://linux.oracle.com/errata/ELSA-2019-1492.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743", - "https://kb.isc.org/docs/cve-2018-5743", - "https://support.f5.com/csp/article/K74009656?utm_source=f5support\u0026amp;utm_medium=RSS", - "https://usn.ubuntu.com/usn/usn-3956-1", - "https://usn.ubuntu.com/usn/usn-3956-2", - "https://www.synology.com/security/advisory/Synology_SA_19_20" - ], - "PublishedDate": "2019-10-09T16:15:00Z", - "LastModifiedDate": "2019-12-18T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-5741", - "PkgName": "bind-license", - "InstalledVersion": "32:9.9.4-73.el7_6", - "FixedVersion": "32:9.11.4-9.P2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5741", - "Title": "bind: Incorrect documentation of krb5-subdomain and ms-subdomain update policies", - "Description": "To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-5741.html", - "http://linux.oracle.com/errata/ELSA-2019-2057.html", - "http://www.securityfocus.com/bid/105379", - "http://www.securitytracker.com/id/1041674", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5741", - "https://kb.isc.org/docs/cve-2018-5741", - "https://security.gentoo.org/glsa/201903-13", - "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03927en_us" - ], - "PublishedDate": "2019-01-16T20:29:00Z", - "LastModifiedDate": "2019-07-26T22:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1000876", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "FixedVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000876", - "Title": "binutils: integer overflow leads to heap-based buffer overflow in objdump", - "Description": "binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-1000876.html", - "http://linux.oracle.com/errata/ELSA-2019-2075.html", - "http://www.securityfocus.com/bid/106304", - "https://access.redhat.com/errata/RHSA-2019:2075", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000876", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23994", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3a551c7a1b80fca579461774860574eabfd7f18f" - ], - "PublishedDate": "2018-12-20T17:29:00Z", - "LastModifiedDate": "2019-08-06T15:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12641", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "FixedVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12641", - "Title": "binutils: Stack Exhaustion in the demangling functions provided by libiberty", - "Description": "An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new.", - "Severity": "LOW", - "CweIDs": [ - "CWE-400" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-12641.html", - "http://linux.oracle.com/errata/ELSA-2019-2075.html", - "https://access.redhat.com/errata/RHSA-2019:2075", - "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763099", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12641", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85452", - "https://security.gentoo.org/glsa/201908-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23058" - ], - "PublishedDate": "2018-06-22T12:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12697", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "FixedVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12697", - "Title": "binutils: NULL pointer dereference in work_stuff_copy_to_from in cplus-dem.c.", - "Description": "A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-12697.html", - "http://linux.oracle.com/errata/ELSA-2019-2075.html", - "http://www.securityfocus.com/bid/104538", - "https://access.redhat.com/errata/RHSA-2019:2075", - "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12697", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454", - "https://security.gentoo.org/glsa/201908-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23057" - ], - "PublishedDate": "2018-06-23T23:29:00Z", - "LastModifiedDate": "2019-08-03T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-14618", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "FixedVersion": "7.29.0-51.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14618", - "Title": "curl: NTLM password overflow via integer overflow", - "Description": "curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 10, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-14618.html", - "http://linux.oracle.com/errata/ELSA-2019-1880.html", - "http://www.securitytracker.com/id/1041605", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618", - "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf", - "https://curl.haxx.se/docs/CVE-2018-14618.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14618", - "https://github.com/curl/curl/issues/2756", - "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0014", - "https://security.gentoo.org/glsa/201903-03", - "https://usn.ubuntu.com/3765-1/", - "https://usn.ubuntu.com/3765-2/", - "https://usn.ubuntu.com/usn/usn-3765-1", - "https://usn.ubuntu.com/usn/usn-3765-2", - "https://www.debian.org/security/2018/dsa-4286" - ], - "PublishedDate": "2018-09-05T19:29:00Z", - "LastModifiedDate": "2019-04-22T17:48:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16842", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "FixedVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16842", - "Title": "curl: Heap-based buffer over-read in the curl tool warning formatting", - "Description": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16842.html", - "http://linux.oracle.com/errata/ELSA-2019-2181.html", - "http://www.securitytracker.com/id/1042014", - "https://access.redhat.com/errata/RHSA-2019:2181", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842", - "https://curl.haxx.se/docs/CVE-2018-16842.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16842", - "https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", - "https://security.gentoo.org/glsa/201903-03", - "https://usn.ubuntu.com/3805-1/", - "https://usn.ubuntu.com/3805-2/", - "https://usn.ubuntu.com/usn/usn-3805-1", - "https://usn.ubuntu.com/usn/usn-3805-2", - "https://www.debian.org/security/2018/dsa-4331" - ], - "PublishedDate": "2018-10-31T19:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16062", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16062", - "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file", - "Description": "dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16062.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23541", - "https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-08-29T03:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16402", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16402", - "Title": "elfutils: Double-free due to double decompression of sections in crafted ELF causes crash", - "Description": "libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.", - "Severity": "LOW", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16402.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16402", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23528", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-09-03T19:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16403", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16403", - "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash", - "Description": "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16403.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16403", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23529", - "https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-09-03T19:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18310", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18310", - "Title": "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl", - "Description": "An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18310.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23752", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-15T02:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18520", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18520", - "Title": "elfutils: eu-size cannot handle recursive ar files", - "Description": "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18520.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23787", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-19T17:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18521", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18521", - "Title": "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c", - "Description": "Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.", - "Severity": "LOW", - "CweIDs": [ - "CWE-369" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18521.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23786", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-19T17:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7149", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7149", - "Title": "elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw", - "Description": "A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7149.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7149", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24102", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-01-29T00:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7150", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7150", - "Title": "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c", - "Description": "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7150.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24103", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-01-29T00:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7664", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7664", - "Title": "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h", - "Description": "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7664.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24084" - ], - "PublishedDate": "2019-02-09T16:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7665", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7665", - "Title": "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c", - "Description": "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7665.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24089", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-02-09T16:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16062", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16062", - "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file", - "Description": "dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16062.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23541", - "https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-08-29T03:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16402", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16402", - "Title": "elfutils: Double-free due to double decompression of sections in crafted ELF causes crash", - "Description": "libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.", - "Severity": "LOW", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16402.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16402", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23528", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-09-03T19:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16403", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16403", - "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash", - "Description": "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16403.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16403", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23529", - "https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-09-03T19:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18310", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18310", - "Title": "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl", - "Description": "An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18310.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23752", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-15T02:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18520", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18520", - "Title": "elfutils: eu-size cannot handle recursive ar files", - "Description": "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18520.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23787", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-19T17:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18521", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18521", - "Title": "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c", - "Description": "Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.", - "Severity": "LOW", - "CweIDs": [ - "CWE-369" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18521.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23786", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-19T17:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7149", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7149", - "Title": "elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw", - "Description": "A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7149.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7149", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24102", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-01-29T00:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7150", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7150", - "Title": "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c", - "Description": "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7150.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24103", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-01-29T00:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7664", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7664", - "Title": "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h", - "Description": "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7664.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24084" - ], - "PublishedDate": "2019-02-09T16:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7665", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7665", - "Title": "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c", - "Description": "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7665.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24089", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-02-09T16:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16062", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16062", - "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file", - "Description": "dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16062.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23541", - "https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-08-29T03:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16402", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16402", - "Title": "elfutils: Double-free due to double decompression of sections in crafted ELF causes crash", - "Description": "libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.", - "Severity": "LOW", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16402.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16402", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23528", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-09-03T19:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16403", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16403", - "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash", - "Description": "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16403.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16403", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23529", - "https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-09-03T19:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18310", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18310", - "Title": "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl", - "Description": "An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18310.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23752", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-15T02:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18520", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18520", - "Title": "elfutils: eu-size cannot handle recursive ar files", - "Description": "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18520.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23787", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-19T17:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18521", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18521", - "Title": "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c", - "Description": "Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.", - "Severity": "LOW", - "CweIDs": [ - "CWE-369" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18521.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23786", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-19T17:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7149", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7149", - "Title": "elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw", - "Description": "A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7149.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7149", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24102", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-01-29T00:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7150", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7150", - "Title": "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c", - "Description": "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7150.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24103", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-01-29T00:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7664", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7664", - "Title": "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h", - "Description": "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7664.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24084" - ], - "PublishedDate": "2019-02-09T16:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7665", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7665", - "Title": "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c", - "Description": "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7665.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24089", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-02-09T16:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10739", - "PkgName": "glibc", - "InstalledVersion": "2.17-260.el7_6.3", - "FixedVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10739", - "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4.6, - "V3Score": 5.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-10739.html", - "http://linux.oracle.com/errata/ELSA-2019-3513.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html", - "http://www.securityfocus.com/bid/106672", - "https://access.redhat.com/errata/RHSA-2019:2118", - "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20018" - ], - "PublishedDate": "2019-01-21T19:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10739", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-260.el7_6.3", - "FixedVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10739", - "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4.6, - "V3Score": 5.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-10739.html", - "http://linux.oracle.com/errata/ELSA-2019-3513.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html", - "http://www.securityfocus.com/bid/106672", - "https://access.redhat.com/errata/RHSA-2019:2118", - "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20018" - ], - "PublishedDate": "2019-01-21T19:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-14618", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "FixedVersion": "7.29.0-51.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14618", - "Title": "curl: NTLM password overflow via integer overflow", - "Description": "curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 10, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-14618.html", - "http://linux.oracle.com/errata/ELSA-2019-1880.html", - "http://www.securitytracker.com/id/1041605", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618", - "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf", - "https://curl.haxx.se/docs/CVE-2018-14618.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14618", - "https://github.com/curl/curl/issues/2756", - "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0014", - "https://security.gentoo.org/glsa/201903-03", - "https://usn.ubuntu.com/3765-1/", - "https://usn.ubuntu.com/3765-2/", - "https://usn.ubuntu.com/usn/usn-3765-1", - "https://usn.ubuntu.com/usn/usn-3765-2", - "https://www.debian.org/security/2018/dsa-4286" - ], - "PublishedDate": "2018-09-05T19:29:00Z", - "LastModifiedDate": "2019-04-22T17:48:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16842", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "FixedVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16842", - "Title": "curl: Heap-based buffer over-read in the curl tool warning formatting", - "Description": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16842.html", - "http://linux.oracle.com/errata/ELSA-2019-2181.html", - "http://www.securitytracker.com/id/1042014", - "https://access.redhat.com/errata/RHSA-2019:2181", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842", - "https://curl.haxx.se/docs/CVE-2018-16842.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16842", - "https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", - "https://security.gentoo.org/glsa/201903-03", - "https://usn.ubuntu.com/3805-1/", - "https://usn.ubuntu.com/3805-2/", - "https://usn.ubuntu.com/usn/usn-3805-1", - "https://usn.ubuntu.com/usn/usn-3805-2", - "https://www.debian.org/security/2018/dsa-4331" - ], - "PublishedDate": "2018-10-31T19:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3855", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.el7", - "FixedVersion": "1.4.3-12.el7_6.2", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3855", - "Title": "libssh2: Integer overflow in transport read resulting in out of bounds write", - "Description": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 9.3, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3855.html", - "http://linux.oracle.com/errata/ELSA-2019-1652.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", - "http://www.openwall.com/lists/oss-security/2019/03/18/3", - "http://www.securityfocus.com/bid/107485", - "https://access.redhat.com/errata/RHSA-2019:0679", - "https://access.redhat.com/errata/RHSA-2019:1175", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3855", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3855", - "https://github.com/libssh2/libssh2/pull/315", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://seclists.org/bugtraq/2019/Mar/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3855.html" - ], - "PublishedDate": "2019-03-21T21:29:00Z", - "LastModifiedDate": "2019-05-14T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3856", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.el7", - "FixedVersion": "1.4.3-12.el7_6.2", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3856", - "Title": "libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write", - "Description": "An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3856.html", - "http://linux.oracle.com/errata/ELSA-2019-1652.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "https://access.redhat.com/errata/RHSA-2019:0679", - "https://access.redhat.com/errata/RHSA-2019:1175", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3856", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3856", - "https://github.com/libssh2/libssh2/pull/315", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3856.html" - ], - "PublishedDate": "2019-03-25T19:29:00Z", - "LastModifiedDate": "2019-05-14T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3857", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.el7", - "FixedVersion": "1.4.3-12.el7_6.2", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3857", - "Title": "libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write", - "Description": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3857.html", - "http://linux.oracle.com/errata/ELSA-2019-1652.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "https://access.redhat.com/errata/RHSA-2019:0679", - "https://access.redhat.com/errata/RHSA-2019:1175", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3857", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3857", - "https://github.com/libssh2/libssh2/pull/315", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3857.html" - ], - "PublishedDate": "2019-03-25T19:29:00Z", - "LastModifiedDate": "2019-05-14T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3863", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.el7", - "FixedVersion": "1.4.3-12.el7_6.2", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3863", - "Title": "libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes", - "Description": "A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3863.html", - "http://linux.oracle.com/errata/ELSA-2019-1652.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "https://access.redhat.com/errata/RHSA-2019:0679", - "https://access.redhat.com/errata/RHSA-2019:1175", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3863", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3863", - "https://github.com/libssh2/libssh2/pull/315", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3863.html" - ], - "PublishedDate": "2019-03-25T18:29:00Z", - "LastModifiedDate": "2019-05-14T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3858", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.el7", - "FixedVersion": "1.8.0-3.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3858", - "Title": "libssh2: Zero-byte allocation with a specially crafted SFTP packed leading to an out-of-bounds read", - "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3858.html", - "http://linux.oracle.com/errata/ELSA-2019-2136.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", - "http://www.openwall.com/lists/oss-security/2019/03/18/3", - "http://www.securityfocus.com/bid/107485", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3858", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3858", - "https://github.com/libssh2/libssh2/pull/316", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://seclists.org/bugtraq/2019/Mar/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3858.html" - ], - "PublishedDate": "2019-03-21T21:29:00Z", - "LastModifiedDate": "2019-04-15T12:31:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3861", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.el7", - "FixedVersion": "1.8.0-3.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3861", - "Title": "libssh2: Out-of-bounds reads with specially crafted SSH packets", - "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3861.html", - "http://linux.oracle.com/errata/ELSA-2019-2136.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3861", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3861", - "https://github.com/libssh2/libssh2/pull/316", - "https://libssh2.org/CVE-2019-3861.html", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3861.html" - ], - "PublishedDate": "2019-03-25T19:29:00Z", - "LastModifiedDate": "2019-04-15T12:31:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3862", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.el7", - "FixedVersion": "1.4.3-12.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3862", - "Title": "libssh2: Out-of-bounds memory comparison with specially crafted message channel request", - "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 7.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3862.html", - "http://linux.oracle.com/errata/ELSA-2019-4693.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", - "http://www.openwall.com/lists/oss-security/2019/03/18/3", - "http://www.securityfocus.com/bid/107485", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3862", - "https://github.com/libssh2/libssh2/pull/316", - "https://libssh2.org/CVE-2019-3862.html", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://seclists.org/bugtraq/2019/Mar/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3862.html" - ], - "PublishedDate": "2019-03-21T16:01:00Z", - "LastModifiedDate": "2019-04-15T12:31:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0495", - "PkgName": "nspr", - "InstalledVersion": "4.19.0-1.el7_5", - "FixedVersion": "4.21.0-1.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", - "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", - "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0495.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://www.securitytracker.com/id/1041144", - "http://www.securitytracker.com/id/1041147", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1296", - "https://access.redhat.com/errata/RHSA-2019:1297", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", - "https://dev.gnupg.org/T4011", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", - "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", - "https://usn.ubuntu.com/3689-1/", - "https://usn.ubuntu.com/3689-2/", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/3850-1/", - "https://usn.ubuntu.com/3850-2/", - "https://usn.ubuntu.com/usn/usn-3689-1", - "https://usn.ubuntu.com/usn/usn-3689-2", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.debian.org/security/2018/dsa-4231", - "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-06-13T23:29:00Z", - "LastModifiedDate": "2019-05-30T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12404", - "PkgName": "nspr", - "InstalledVersion": "4.19.0-1.el7_5", - "FixedVersion": "4.21.0-1.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", - "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", - "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://cat.eyalro.net/", - "http://linux.oracle.com/cve/CVE-2018-12404.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", - "http://www.securityfocus.com/bid/107260", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2" - ], - "PublishedDate": "2019-05-02T17:29:00Z", - "LastModifiedDate": "2019-07-20T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-7.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0495", - "PkgName": "nss", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", - "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", - "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0495.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://www.securitytracker.com/id/1041144", - "http://www.securitytracker.com/id/1041147", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1296", - "https://access.redhat.com/errata/RHSA-2019:1297", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", - "https://dev.gnupg.org/T4011", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", - "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", - "https://usn.ubuntu.com/3689-1/", - "https://usn.ubuntu.com/3689-2/", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/3850-1/", - "https://usn.ubuntu.com/3850-2/", - "https://usn.ubuntu.com/usn/usn-3689-1", - "https://usn.ubuntu.com/usn/usn-3689-2", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.debian.org/security/2018/dsa-4231", - "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-06-13T23:29:00Z", - "LastModifiedDate": "2019-05-30T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12404", - "PkgName": "nss", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", - "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", - "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://cat.eyalro.net/", - "http://linux.oracle.com/cve/CVE-2018-12404.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", - "http://www.securityfocus.com/bid/107260", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2" - ], - "PublishedDate": "2019-05-02T17:29:00Z", - "LastModifiedDate": "2019-07-20T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11729", - "PkgName": "nss", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-7.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", - "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", - "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11729.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-softokn", - "InstalledVersion": "3.36.0-5.el7_5", - "FixedVersion": "3.44.0-8.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0495", - "PkgName": "nss-softokn", - "InstalledVersion": "3.36.0-5.el7_5", - "FixedVersion": "3.44.0-5.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", - "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", - "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0495.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://www.securitytracker.com/id/1041144", - "http://www.securitytracker.com/id/1041147", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1296", - "https://access.redhat.com/errata/RHSA-2019:1297", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", - "https://dev.gnupg.org/T4011", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", - "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", - "https://usn.ubuntu.com/3689-1/", - "https://usn.ubuntu.com/3689-2/", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/3850-1/", - "https://usn.ubuntu.com/3850-2/", - "https://usn.ubuntu.com/usn/usn-3689-1", - "https://usn.ubuntu.com/usn/usn-3689-2", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.debian.org/security/2018/dsa-4231", - "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-06-13T23:29:00Z", - "LastModifiedDate": "2019-05-30T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12404", - "PkgName": "nss-softokn", - "InstalledVersion": "3.36.0-5.el7_5", - "FixedVersion": "3.44.0-5.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", - "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", - "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://cat.eyalro.net/", - "http://linux.oracle.com/cve/CVE-2018-12404.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", - "http://www.securityfocus.com/bid/107260", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2" - ], - "PublishedDate": "2019-05-02T17:29:00Z", - "LastModifiedDate": "2019-07-20T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11729", - "PkgName": "nss-softokn", - "InstalledVersion": "3.36.0-5.el7_5", - "FixedVersion": "3.44.0-8.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", - "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", - "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11729.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.36.0-5.el7_5", - "FixedVersion": "3.44.0-8.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0495", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.36.0-5.el7_5", - "FixedVersion": "3.44.0-5.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", - "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", - "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0495.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://www.securitytracker.com/id/1041144", - "http://www.securitytracker.com/id/1041147", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1296", - "https://access.redhat.com/errata/RHSA-2019:1297", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", - "https://dev.gnupg.org/T4011", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", - "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", - "https://usn.ubuntu.com/3689-1/", - "https://usn.ubuntu.com/3689-2/", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/3850-1/", - "https://usn.ubuntu.com/3850-2/", - "https://usn.ubuntu.com/usn/usn-3689-1", - "https://usn.ubuntu.com/usn/usn-3689-2", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.debian.org/security/2018/dsa-4231", - "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-06-13T23:29:00Z", - "LastModifiedDate": "2019-05-30T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12404", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.36.0-5.el7_5", - "FixedVersion": "3.44.0-5.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", - "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", - "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://cat.eyalro.net/", - "http://linux.oracle.com/cve/CVE-2018-12404.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", - "http://www.securityfocus.com/bid/107260", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2" - ], - "PublishedDate": "2019-05-02T17:29:00Z", - "LastModifiedDate": "2019-07-20T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11729", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.36.0-5.el7_5", - "FixedVersion": "3.44.0-8.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", - "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", - "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11729.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-7.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0495", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", - "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", - "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0495.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://www.securitytracker.com/id/1041144", - "http://www.securitytracker.com/id/1041147", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1296", - "https://access.redhat.com/errata/RHSA-2019:1297", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", - "https://dev.gnupg.org/T4011", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", - "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", - "https://usn.ubuntu.com/3689-1/", - "https://usn.ubuntu.com/3689-2/", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/3850-1/", - "https://usn.ubuntu.com/3850-2/", - "https://usn.ubuntu.com/usn/usn-3689-1", - "https://usn.ubuntu.com/usn/usn-3689-2", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.debian.org/security/2018/dsa-4231", - "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-06-13T23:29:00Z", - "LastModifiedDate": "2019-05-30T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12404", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", - "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", - "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://cat.eyalro.net/", - "http://linux.oracle.com/cve/CVE-2018-12404.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", - "http://www.securityfocus.com/bid/107260", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2" - ], - "PublishedDate": "2019-05-02T17:29:00Z", - "LastModifiedDate": "2019-07-20T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11729", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-7.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", - "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", - "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11729.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-7.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0495", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", - "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", - "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0495.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://www.securitytracker.com/id/1041144", - "http://www.securitytracker.com/id/1041147", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1296", - "https://access.redhat.com/errata/RHSA-2019:1297", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", - "https://dev.gnupg.org/T4011", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", - "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", - "https://usn.ubuntu.com/3689-1/", - "https://usn.ubuntu.com/3689-2/", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/3850-1/", - "https://usn.ubuntu.com/3850-2/", - "https://usn.ubuntu.com/usn/usn-3689-1", - "https://usn.ubuntu.com/usn/usn-3689-2", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.debian.org/security/2018/dsa-4231", - "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-06-13T23:29:00Z", - "LastModifiedDate": "2019-05-30T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12404", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", - "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", - "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://cat.eyalro.net/", - "http://linux.oracle.com/cve/CVE-2018-12404.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", - "http://www.securityfocus.com/bid/107260", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2" - ], - "PublishedDate": "2019-05-02T17:29:00Z", - "LastModifiedDate": "2019-07-20T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11729", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-7.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", - "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", - "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11729.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-util", - "InstalledVersion": "3.36.0-1.1.el7_6", - "FixedVersion": "3.44.0-4.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0495", - "PkgName": "nss-util", - "InstalledVersion": "3.36.0-1.1.el7_6", - "FixedVersion": "3.44.0-3.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", - "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", - "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0495.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://www.securitytracker.com/id/1041144", - "http://www.securitytracker.com/id/1041147", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1296", - "https://access.redhat.com/errata/RHSA-2019:1297", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", - "https://dev.gnupg.org/T4011", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", - "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", - "https://usn.ubuntu.com/3689-1/", - "https://usn.ubuntu.com/3689-2/", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/3850-1/", - "https://usn.ubuntu.com/3850-2/", - "https://usn.ubuntu.com/usn/usn-3689-1", - "https://usn.ubuntu.com/usn/usn-3689-2", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.debian.org/security/2018/dsa-4231", - "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-06-13T23:29:00Z", - "LastModifiedDate": "2019-05-30T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12404", - "PkgName": "nss-util", - "InstalledVersion": "3.36.0-1.1.el7_6", - "FixedVersion": "3.44.0-3.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", - "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", - "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://cat.eyalro.net/", - "http://linux.oracle.com/cve/CVE-2018-12404.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", - "http://www.securityfocus.com/bid/107260", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2" - ], - "PublishedDate": "2019-05-02T17:29:00Z", - "LastModifiedDate": "2019-07-20T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11729", - "PkgName": "nss-util", - "InstalledVersion": "3.36.0-1.1.el7_6", - "FixedVersion": "3.44.0-4.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", - "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", - "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11729.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-5407", - "PkgName": "openssl-libs", - "InstalledVersion": "1:1.0.2k-16.el7", - "FixedVersion": "1:1.0.2k-16.el7_6.1", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5407", - "Title": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)", - "Description": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", - "V3Score": 4.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-5407.html", - "http://linux.oracle.com/errata/ELSA-2019-2125.html", - "http://www.securityfocus.com/bid/105897", - "https://access.redhat.com/errata/RHSA-2019:0483", - "https://access.redhat.com/errata/RHSA-2019:0651", - "https://access.redhat.com/errata/RHSA-2019:0652", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407", - "https://eprint.iacr.org/2018/1060.pdf", - "https://github.com/bbbrumley/portsmash", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html", - "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", - "https://security.gentoo.org/glsa/201903-10", - "https://security.netapp.com/advisory/ntap-20181126-0001/", - "https://usn.ubuntu.com/3840-1/", - "https://usn.ubuntu.com/usn/usn-3840-1", - "https://www.debian.org/security/2018/dsa-4348", - "https://www.debian.org/security/2018/dsa-4355", - "https://www.exploit-db.com/exploits/45785/", - "https://www.openssl.org/news/secadv/20181112.txt", - "https://www.openwall.com/lists/oss-security/2018/11/01/4", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "https://www.tenable.com/security/tns-2018-16", - "https://www.tenable.com/security/tns-2018-17" - ], - "PublishedDate": "2018-11-15T21:29:00Z", - "LastModifiedDate": "2019-07-23T23:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1559", - "PkgName": "openssl-libs", - "InstalledVersion": "1:1.0.2k-16.el7", - "FixedVersion": "1:1.0.2k-19.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1559", - "Title": "openssl: 0-byte record padding oracle", - "Description": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", - "V3Score": 6.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-1559.html", - "http://linux.oracle.com/errata/ELSA-2019-2471.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html", - "http://www.securityfocus.com/bid/107174", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e", - "https://github.com/RUB-NDS/TLS-Padding-Oracles", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html", - "https://security.gentoo.org/glsa/201903-10", - "https://security.netapp.com/advisory/ntap-20190301-0001/", - "https://security.netapp.com/advisory/ntap-20190301-0002/", - "https://security.netapp.com/advisory/ntap-20190423-0002/", - "https://support.f5.com/csp/article/K18549143", - "https://usn.ubuntu.com/3899-1/", - "https://usn.ubuntu.com/usn/usn-3899-1", - "https://www.debian.org/security/2019/dsa-4400", - "https://www.openssl.org/news/secadv/20190226.txt", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "https://www.tenable.com/security/tns-2019-02", - "https://www.tenable.com/security/tns-2019-03" - ], - "PublishedDate": "2019-02-27T23:29:00Z", - "LastModifiedDate": "2019-05-22T00:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0734", - "PkgName": "openssl-libs", - "InstalledVersion": "1:1.0.2k-16.el7", - "FixedVersion": "1:1.0.2k-19.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0734", - "Title": "openssl: timing side channel attack in the DSA signature algorithm", - "Description": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).", - "Severity": "LOW", - "CweIDs": [ - "CWE-320" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0734.html", - "http://linux.oracle.com/errata/ELSA-2019-3700.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html", - "http://www.securityfocus.com/bid/105758", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7", - "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", - "https://security.netapp.com/advisory/ntap-20181105-0002/", - "https://security.netapp.com/advisory/ntap-20190118-0002/", - "https://security.netapp.com/advisory/ntap-20190423-0002/", - "https://usn.ubuntu.com/3840-1/", - "https://usn.ubuntu.com/usn/usn-3840-1", - "https://www.debian.org/security/2018/dsa-4348", - "https://www.debian.org/security/2018/dsa-4355", - "https://www.openssl.org/news/secadv/20181030.txt", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "https://www.tenable.com/security/tns-2018-16", - "https://www.tenable.com/security/tns-2018-17" - ], - "PublishedDate": "2018-10-30T12:29:00Z", - "LastModifiedDate": "2019-06-11T22:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1122", - "PkgName": "procps-ng", - "InstalledVersion": "3.3.10-23.el7", - "FixedVersion": "3.3.10-26.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1122", - "Title": "procps-ng, procps: Local privilege escalation in top", - "Description": "procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.4, - "V3Score": 7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 6.7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-1122.html", - "http://linux.oracle.com/errata/ELSA-2019-2189.html", - "http://seclists.org/oss-sec/2018/q2/122", - "http://www.securityfocus.com/bid/104214", - "https://access.redhat.com/errata/RHSA-2019:2189", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1122", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1122", - "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html", - "https://security.gentoo.org/glsa/201805-14", - "https://usn.ubuntu.com/3658-1/", - "https://usn.ubuntu.com/3658-3/", - "https://usn.ubuntu.com/usn/usn-3658-1", - "https://usn.ubuntu.com/usn/usn-3658-3", - "https://www.debian.org/security/2018/dsa-4208", - "https://www.exploit-db.com/exploits/44806/", - "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" - ], - "PublishedDate": "2018-05-23T14:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-10160", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-80.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-10160", - "Title": "python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc", - "Description": "A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 9.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-10160.html", - "http://linux.oracle.com/errata/ELSA-2019-1587.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html", - "https://access.redhat.com/errata/RHSA-2019:1587", - "https://access.redhat.com/errata/RHSA-2019:1700", - "https://access.redhat.com/errata/RHSA-2019:2437", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10160", - "https://github.com/python/cpython/commit/250b62acc59921d399f0db47db3b462cd6037e09", - "https://github.com/python/cpython/commit/8d0ef0b5edeae52960c7ed05ae8a12388324f87e", - "https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de", - "https://github.com/python/cpython/commit/fd1771dbdd28709716bd531580c40ae5ed814468", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/", - "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html", - "https://security.netapp.com/advisory/ntap-20190617-0003/", - "https://usn.ubuntu.com/4127-1/", - "https://usn.ubuntu.com/4127-2/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-06-07T18:29:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9636", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-77.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9636", - "Title": "python: Information Disclosure due to urlsplit improper NFKC normalization", - "Description": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 9.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9636.html", - "http://linux.oracle.com/errata/ELSA-2019-1467.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", - "http://www.securityfocus.com/bid/107400", - "https://access.redhat.com/errata/RHBA-2019:0959", - "https://access.redhat.com/errata/RHSA-2019:0710", - "https://access.redhat.com/errata/RHSA-2019:0765", - "https://access.redhat.com/errata/RHSA-2019:0806", - "https://access.redhat.com/errata/RHSA-2019:0902", - "https://access.redhat.com/errata/RHSA-2019:0981", - "https://access.redhat.com/errata/RHSA-2019:0997", - "https://access.redhat.com/errata/RHSA-2019:1467", - "https://bugs.python.org/issue36216", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636", - "https://github.com/python/cpython/pull/12201", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/", - "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html", - "https://security.netapp.com/advisory/ntap-20190517-0001/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-08T21:29:00Z", - "LastModifiedDate": "2019-06-13T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-14647", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14647", - "Title": "python: Missing salt initialization in _elementtree.c module", - "Description": "Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. Python 3.8, 3.7, 3.6, 3.5, 3.4, 2.7 are believed to be vulnerable.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-909" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-14647.html", - "http://linux.oracle.com/errata/ELSA-2019-2030.html", - "http://www.securityfocus.com/bid/105396", - "http://www.securitytracker.com/id/1041740", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://access.redhat.com/errata/RHSA-2019:2030", - "https://bugs.python.org/issue34623", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14647", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14647", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBJCB2HWOJLP3L7CUQHJHNBHLSVOXJE5/", - "https://usn.ubuntu.com/3817-1/", - "https://usn.ubuntu.com/3817-2/", - "https://usn.ubuntu.com/usn/usn-3817-1", - "https://usn.ubuntu.com/usn/usn-3817-2", - "https://www.debian.org/security/2018/dsa-4306", - "https://www.debian.org/security/2018/dsa-4307" - ], - "PublishedDate": "2018-09-25T00:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5010", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5010", - "Title": "python: NULL pointer dereference using a specially crafted X509 certificate", - "Description": "An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-5010.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "https://access.redhat.com/errata/RHSA-2019:3520", - "https://access.redhat.com/errata/RHSA-2019:3725", - "https://blog.talosintelligence.com/2019/01/vulnerability-spotlight-pythonorg.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010", - "https://github.com/python/cpython/pull/11569", - "https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0758", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-10-31T21:15:00Z", - "LastModifiedDate": "2019-11-06T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9740", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9740", - "Title": "python: CRLF injection via the query part of the url passed to urlopen()", - "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-93" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V2Score": 4.3, - "V3Score": 6.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9740.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "http://www.securityfocus.com/bid/107466", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://bugs.python.org/issue36276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://python-security.readthedocs.io/vuln/http-header-injection2.html", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-13T03:29:00Z", - "LastModifiedDate": "2019-05-28T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9947", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9947", - "Title": "python: CRLF injection via the path part of the url passed to urlopen()", - "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-93" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V2Score": 4.3, - "V3Score": 6.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9947.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://bugs.python.org/issue35906", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9947", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://python-security.readthedocs.io/vuln/http-header-injection2.html", - "https://security.netapp.com/advisory/ntap-20190404-0004/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-23T18:29:00Z", - "LastModifiedDate": "2019-05-28T19:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9948", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9948", - "Title": "python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms", - "Description": "urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", - "V3Score": 7.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9948.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", - "http://www.securityfocus.com/bid/107549", - "https://bugs.python.org/issue35907", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948", - "https://github.com/python/cpython/pull/11842", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", - "https://security.netapp.com/advisory/ntap-20190404-0004/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-23T18:29:00Z", - "LastModifiedDate": "2019-06-19T02:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-10160", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-80.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-10160", - "Title": "python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc", - "Description": "A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 9.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-10160.html", - "http://linux.oracle.com/errata/ELSA-2019-1587.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html", - "https://access.redhat.com/errata/RHSA-2019:1587", - "https://access.redhat.com/errata/RHSA-2019:1700", - "https://access.redhat.com/errata/RHSA-2019:2437", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10160", - "https://github.com/python/cpython/commit/250b62acc59921d399f0db47db3b462cd6037e09", - "https://github.com/python/cpython/commit/8d0ef0b5edeae52960c7ed05ae8a12388324f87e", - "https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de", - "https://github.com/python/cpython/commit/fd1771dbdd28709716bd531580c40ae5ed814468", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/", - "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html", - "https://security.netapp.com/advisory/ntap-20190617-0003/", - "https://usn.ubuntu.com/4127-1/", - "https://usn.ubuntu.com/4127-2/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-06-07T18:29:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9636", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-77.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9636", - "Title": "python: Information Disclosure due to urlsplit improper NFKC normalization", - "Description": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 9.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9636.html", - "http://linux.oracle.com/errata/ELSA-2019-1467.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", - "http://www.securityfocus.com/bid/107400", - "https://access.redhat.com/errata/RHBA-2019:0959", - "https://access.redhat.com/errata/RHSA-2019:0710", - "https://access.redhat.com/errata/RHSA-2019:0765", - "https://access.redhat.com/errata/RHSA-2019:0806", - "https://access.redhat.com/errata/RHSA-2019:0902", - "https://access.redhat.com/errata/RHSA-2019:0981", - "https://access.redhat.com/errata/RHSA-2019:0997", - "https://access.redhat.com/errata/RHSA-2019:1467", - "https://bugs.python.org/issue36216", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636", - "https://github.com/python/cpython/pull/12201", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/", - "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html", - "https://security.netapp.com/advisory/ntap-20190517-0001/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-08T21:29:00Z", - "LastModifiedDate": "2019-06-13T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-14647", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14647", - "Title": "python: Missing salt initialization in _elementtree.c module", - "Description": "Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. Python 3.8, 3.7, 3.6, 3.5, 3.4, 2.7 are believed to be vulnerable.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-909" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-14647.html", - "http://linux.oracle.com/errata/ELSA-2019-2030.html", - "http://www.securityfocus.com/bid/105396", - "http://www.securitytracker.com/id/1041740", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://access.redhat.com/errata/RHSA-2019:2030", - "https://bugs.python.org/issue34623", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14647", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14647", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBJCB2HWOJLP3L7CUQHJHNBHLSVOXJE5/", - "https://usn.ubuntu.com/3817-1/", - "https://usn.ubuntu.com/3817-2/", - "https://usn.ubuntu.com/usn/usn-3817-1", - "https://usn.ubuntu.com/usn/usn-3817-2", - "https://www.debian.org/security/2018/dsa-4306", - "https://www.debian.org/security/2018/dsa-4307" - ], - "PublishedDate": "2018-09-25T00:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5010", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5010", - "Title": "python: NULL pointer dereference using a specially crafted X509 certificate", - "Description": "An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-5010.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "https://access.redhat.com/errata/RHSA-2019:3520", - "https://access.redhat.com/errata/RHSA-2019:3725", - "https://blog.talosintelligence.com/2019/01/vulnerability-spotlight-pythonorg.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010", - "https://github.com/python/cpython/pull/11569", - "https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0758", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-10-31T21:15:00Z", - "LastModifiedDate": "2019-11-06T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9740", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9740", - "Title": "python: CRLF injection via the query part of the url passed to urlopen()", - "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-93" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V2Score": 4.3, - "V3Score": 6.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9740.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "http://www.securityfocus.com/bid/107466", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://bugs.python.org/issue36276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://python-security.readthedocs.io/vuln/http-header-injection2.html", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-13T03:29:00Z", - "LastModifiedDate": "2019-05-28T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9947", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9947", - "Title": "python: CRLF injection via the path part of the url passed to urlopen()", - "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-93" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V2Score": 4.3, - "V3Score": 6.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9947.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://bugs.python.org/issue35906", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9947", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://python-security.readthedocs.io/vuln/http-header-injection2.html", - "https://security.netapp.com/advisory/ntap-20190404-0004/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-23T18:29:00Z", - "LastModifiedDate": "2019-05-28T19:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9948", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9948", - "Title": "python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms", - "Description": "urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", - "V3Score": 7.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9948.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", - "http://www.securityfocus.com/bid/107549", - "https://bugs.python.org/issue35907", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948", - "https://github.com/python/cpython/pull/11842", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", - "https://security.netapp.com/advisory/ntap-20190404-0004/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-23T18:29:00Z", - "LastModifiedDate": "2019-06-19T02:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13734", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "FixedVersion": "3.7.17-8.el7_7.1", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13734", - "Title": "sqlite: fts3: improve shadow table corruption detection", - "Description": "Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 8.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-13734.html", - "http://linux.oracle.com/errata/ELSA-2020-0273.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html", - "https://access.redhat.com/errata/RHSA-2019:4238", - "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", - "https://crbug.com/1025466", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13734", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/" - ], - "PublishedDate": "2019-12-10T22:15:00Z", - "LastModifiedDate": "2019-12-16T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-15686", - "PkgName": "systemd", - "InstalledVersion": "219-62.el7_6.5", - "FixedVersion": "219-67.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-15686", - "Title": "systemd: line splitting via fgets() allows for state injection during daemon-reexec", - "Description": "A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-502" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 10, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-15686.html", - "http://linux.oracle.com/errata/ELSA-2019-2091.html", - "http://www.securityfocus.com/bid/105747", - "https://access.redhat.com/errata/RHSA-2019:2091", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15686", - "https://github.com/systemd/systemd/pull/10519", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html", - "https://security.gentoo.org/glsa/201810-10", - "https://usn.ubuntu.com/3816-1/", - "https://usn.ubuntu.com/usn/usn-3816-1", - "https://www.exploit-db.com/exploits/45714/" - ], - "PublishedDate": "2018-10-26T14:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16866", - "PkgName": "systemd", - "InstalledVersion": "219-62.el7_6.5", - "FixedVersion": "219-67.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16866", - "Title": "systemd: out-of-bounds read when parsing a crafted syslog message", - "Description": "An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 2.1, - "V3Score": 3.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16866.html", - "http://linux.oracle.com/errata/ELSA-2019-2091.html", - "http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html", - "http://seclists.org/fulldisclosure/2019/May/21", - "http://www.openwall.com/lists/oss-security/2019/05/10/4", - "http://www.securityfocus.com/bid/106527", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16866", - "https://seclists.org/bugtraq/2019/May/25", - "https://security.gentoo.org/glsa/201903-07", - "https://security.netapp.com/advisory/ntap-20190117-0001/", - "https://usn.ubuntu.com/3855-1/", - "https://usn.ubuntu.com/usn/usn-3855-1", - "https://www.debian.org/security/2019/dsa-4367", - "https://www.qualys.com/2019/01/09/system-down/system-down.txt" - ], - "PublishedDate": "2019-01-11T19:29:00Z", - "LastModifiedDate": "2019-05-13T20:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16888", - "PkgName": "systemd", - "InstalledVersion": "219-62.el7_6.5", - "FixedVersion": "219-67.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16888", - "Title": "systemd: kills privileged process if unprivileged PIDFile was tampered", - "Description": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20", - "CWE-732" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16888.html", - "http://linux.oracle.com/errata/ELSA-2019-2091.html", - "https://access.redhat.com/errata/RHSA-2019:2091", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16888", - "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74@%3Cuser.cassandra.apache.org%3E", - "https://security.netapp.com/advisory/ntap-20190307-0007/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2019-01-14T22:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-15686", - "PkgName": "systemd-libs", - "InstalledVersion": "219-62.el7_6.5", - "FixedVersion": "219-67.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-15686", - "Title": "systemd: line splitting via fgets() allows for state injection during daemon-reexec", - "Description": "A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-502" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 10, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-15686.html", - "http://linux.oracle.com/errata/ELSA-2019-2091.html", - "http://www.securityfocus.com/bid/105747", - "https://access.redhat.com/errata/RHSA-2019:2091", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15686", - "https://github.com/systemd/systemd/pull/10519", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html", - "https://security.gentoo.org/glsa/201810-10", - "https://usn.ubuntu.com/3816-1/", - "https://usn.ubuntu.com/usn/usn-3816-1", - "https://www.exploit-db.com/exploits/45714/" - ], - "PublishedDate": "2018-10-26T14:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16866", - "PkgName": "systemd-libs", - "InstalledVersion": "219-62.el7_6.5", - "FixedVersion": "219-67.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16866", - "Title": "systemd: out-of-bounds read when parsing a crafted syslog message", - "Description": "An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 2.1, - "V3Score": 3.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16866.html", - "http://linux.oracle.com/errata/ELSA-2019-2091.html", - "http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html", - "http://seclists.org/fulldisclosure/2019/May/21", - "http://www.openwall.com/lists/oss-security/2019/05/10/4", - "http://www.securityfocus.com/bid/106527", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16866", - "https://seclists.org/bugtraq/2019/May/25", - "https://security.gentoo.org/glsa/201903-07", - "https://security.netapp.com/advisory/ntap-20190117-0001/", - "https://usn.ubuntu.com/3855-1/", - "https://usn.ubuntu.com/usn/usn-3855-1", - "https://www.debian.org/security/2019/dsa-4367", - "https://www.qualys.com/2019/01/09/system-down/system-down.txt" - ], - "PublishedDate": "2019-01-11T19:29:00Z", - "LastModifiedDate": "2019-05-13T20:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16888", - "PkgName": "systemd-libs", - "InstalledVersion": "219-62.el7_6.5", - "FixedVersion": "219-67.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16888", - "Title": "systemd: kills privileged process if unprivileged PIDFile was tampered", - "Description": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20", - "CWE-732" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16888.html", - "http://linux.oracle.com/errata/ELSA-2019-2091.html", - "https://access.redhat.com/errata/RHSA-2019:2091", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16888", - "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74@%3Cuser.cassandra.apache.org%3E", - "https://security.netapp.com/advisory/ntap-20190307-0007/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2019-01-14T22:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-12735", - "PkgName": "vim-minimal", - "InstalledVersion": "2:7.4.160-5.el7", - "FixedVersion": "2:7.4.160-6.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12735", - "Title": "vim/neovim: ':source!' command allows arbitrary command execution via modelines", - "Description": "getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-78" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 9.3, - "V3Score": 8.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 6.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-12735.html", - "http://linux.oracle.com/errata/ELSA-2019-1774.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00031.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00036.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00037.html", - "http://www.securityfocus.com/bid/108724", - "https://bugs.debian.org/930020", - "https://bugs.debian.org/930024", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12735", - "https://github.com/neovim/neovim/pull/10082", - "https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md", - "https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2BMDSHTF754TITC6AQJPCS5IRIDMMIM7/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRIRBC2YRGKPAWVRMZS4SZTGGCVRVZPR/", - "https://usn.ubuntu.com/4016-1/", - "https://usn.ubuntu.com/4016-2/", - "https://usn.ubuntu.com/usn/usn-4016-1", - "https://usn.ubuntu.com/usn/usn-4016-2", - "https://www.debian.org/security/2019/dsa-4467" - ], - "PublishedDate": "2019-06-05T14:29:00Z", - "LastModifiedDate": "2019-06-13T21:29:00Z" +{ + "SchemaVersion": 2, + "ArtifactName": "testdata/fixtures/images/centos-7.tar.gz", + "ArtifactType": "container_image", + "Metadata": { + "OS": { + "Family": "centos", + "Name": "7.6.1810" + }, + "ImageID": "sha256:9f38484d220fa527b1fb19747638497179500a1bed8bf0498eb788229229e6e1", + "DiffIDs": [ + "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + ], + "ImageConfig": { + "architecture": "amd64", + "container": "958baf5225f586da9c70a21e911a0a875402dd22d83133d78b3b3aa6130e7892", + "created": "2019-03-14T21:19:53.361167852Z", + "docker_version": "18.06.1-ce", + "history": [ + { + "created": "2019-03-14T21:19:52.66982152Z", + "created_by": "/bin/sh -c #(nop) ADD file:074f2c974463ab38cf3532134e8ba2c91c9e346457713f2e8b8e2ac0ee9fd83d in / " + }, + { + "created": "2019-03-14T21:19:53.099141434Z", + "created_by": "/bin/sh -c #(nop) LABEL org.label-schema.schema-version=1.0 org.label-schema.name=CentOS Base Image org.label-schema.vendor=CentOS org.label-schema.license=GPLv2 org.label-schema.build-date=20190305", + "empty_layer": true + }, + { + "created": "2019-03-14T21:19:53.361167852Z", + "created_by": "/bin/sh -c #(nop) CMD [\"/bin/bash\"]", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + ] + }, + "config": { + "Cmd": [ + "/bin/bash" + ], + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + ], + "Image": "sha256:294e8d8145287e70f07328cc09d840fad8980b801223321b983442f097aff0d8", + "Labels": { + "org.label-schema.build-date": "20190305", + "org.label-schema.license": "GPLv2", + "org.label-schema.name": "CentOS Base Image", + "org.label-schema.schema-version": "1.0", + "org.label-schema.vendor": "CentOS" + }, + "ArgsEscaped": true } - ] - } -] \ No newline at end of file + } + }, + "Results": [ + { + "Target": "testdata/fixtures/images/centos-7.tar.gz (centos 7.6.1810)", + "Class": "os-pkgs", + "Type": "centos", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2018-5743", + "PkgName": "bind-license", + "InstalledVersion": "32:9.9.4-73.el7_6", + "FixedVersion": "32:9.9.4-74.el7_6.1", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5743", + "Title": "bind: Limiting simultaneous TCP clients is ineffective", + "Description": "By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.6, 9.12.0 -\u003e 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -\u003e 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -\u003e 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", + "V3Score": 8.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-5743.html", + "http://linux.oracle.com/errata/ELSA-2019-1492.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743", + "https://kb.isc.org/docs/cve-2018-5743", + "https://support.f5.com/csp/article/K74009656?utm_source=f5support\u0026amp;utm_medium=RSS", + "https://usn.ubuntu.com/usn/usn-3956-1", + "https://usn.ubuntu.com/usn/usn-3956-2", + "https://www.synology.com/security/advisory/Synology_SA_19_20" + ], + "PublishedDate": "2019-10-09T16:15:00Z", + "LastModifiedDate": "2019-12-18T18:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-5741", + "PkgName": "bind-license", + "InstalledVersion": "32:9.9.4-73.el7_6", + "FixedVersion": "32:9.11.4-9.P2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5741", + "Title": "bind: Incorrect documentation of krb5-subdomain and ms-subdomain update policies", + "Description": "To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-254" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 4, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-5741.html", + "http://linux.oracle.com/errata/ELSA-2019-2057.html", + "http://www.securityfocus.com/bid/105379", + "http://www.securitytracker.com/id/1041674", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5741", + "https://kb.isc.org/docs/cve-2018-5741", + "https://security.gentoo.org/glsa/201903-13", + "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03927en_us" + ], + "PublishedDate": "2019-01-16T20:29:00Z", + "LastModifiedDate": "2019-07-26T22:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1000876", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "FixedVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000876", + "Title": "binutils: integer overflow leads to heap-based buffer overflow in objdump", + "Description": "binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-1000876.html", + "http://linux.oracle.com/errata/ELSA-2019-2075.html", + "http://www.securityfocus.com/bid/106304", + "https://access.redhat.com/errata/RHSA-2019:2075", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000876", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23994", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3a551c7a1b80fca579461774860574eabfd7f18f" + ], + "PublishedDate": "2018-12-20T17:29:00Z", + "LastModifiedDate": "2019-08-06T15:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12641", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "FixedVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12641", + "Title": "binutils: Stack Exhaustion in the demangling functions provided by libiberty", + "Description": "An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new.", + "Severity": "LOW", + "CweIDs": [ + "CWE-400" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-12641.html", + "http://linux.oracle.com/errata/ELSA-2019-2075.html", + "https://access.redhat.com/errata/RHSA-2019:2075", + "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763099", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12641", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85452", + "https://security.gentoo.org/glsa/201908-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23058" + ], + "PublishedDate": "2018-06-22T12:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12697", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "FixedVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12697", + "Title": "binutils: NULL pointer dereference in work_stuff_copy_to_from in cplus-dem.c.", + "Description": "A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-12697.html", + "http://linux.oracle.com/errata/ELSA-2019-2075.html", + "http://www.securityfocus.com/bid/104538", + "https://access.redhat.com/errata/RHSA-2019:2075", + "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12697", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454", + "https://security.gentoo.org/glsa/201908-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23057" + ], + "PublishedDate": "2018-06-23T23:29:00Z", + "LastModifiedDate": "2019-08-03T13:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-14618", + "PkgName": "curl", + "InstalledVersion": "7.29.0-51.el7", + "FixedVersion": "7.29.0-51.el7_6.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14618", + "Title": "curl: NTLM password overflow via integer overflow", + "Description": "curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 10, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-14618.html", + "http://linux.oracle.com/errata/ELSA-2019-1880.html", + "http://www.securitytracker.com/id/1041605", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618", + "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf", + "https://curl.haxx.se/docs/CVE-2018-14618.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14618", + "https://github.com/curl/curl/issues/2756", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0014", + "https://security.gentoo.org/glsa/201903-03", + "https://usn.ubuntu.com/3765-1/", + "https://usn.ubuntu.com/3765-2/", + "https://usn.ubuntu.com/usn/usn-3765-1", + "https://usn.ubuntu.com/usn/usn-3765-2", + "https://www.debian.org/security/2018/dsa-4286" + ], + "PublishedDate": "2018-09-05T19:29:00Z", + "LastModifiedDate": "2019-04-22T17:48:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16842", + "PkgName": "curl", + "InstalledVersion": "7.29.0-51.el7", + "FixedVersion": "7.29.0-54.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16842", + "Title": "curl: Heap-based buffer over-read in the curl tool warning formatting", + "Description": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", + "V3Score": 3.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16842.html", + "http://linux.oracle.com/errata/ELSA-2019-2181.html", + "http://www.securitytracker.com/id/1042014", + "https://access.redhat.com/errata/RHSA-2019:2181", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842", + "https://curl.haxx.se/docs/CVE-2018-16842.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16842", + "https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211", + "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", + "https://security.gentoo.org/glsa/201903-03", + "https://usn.ubuntu.com/3805-1/", + "https://usn.ubuntu.com/3805-2/", + "https://usn.ubuntu.com/usn/usn-3805-1", + "https://usn.ubuntu.com/usn/usn-3805-2", + "https://www.debian.org/security/2018/dsa-4331" + ], + "PublishedDate": "2018-10-31T19:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16062", + "PkgName": "elfutils-default-yama-scope", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16062", + "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file", + "Description": "dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16062.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://access.redhat.com/errata/RHSA-2019:2197", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23541", + "https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-08-29T03:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16402", + "PkgName": "elfutils-default-yama-scope", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16402", + "Title": "elfutils: Double-free due to double decompression of sections in crafted ELF causes crash", + "Description": "libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.", + "Severity": "LOW", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16402.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16402", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23528", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-09-03T19:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16403", + "PkgName": "elfutils-default-yama-scope", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16403", + "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash", + "Description": "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16403.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://access.redhat.com/errata/RHSA-2019:2197", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16403", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23529", + "https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-09-03T19:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18310", + "PkgName": "elfutils-default-yama-scope", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18310", + "Title": "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl", + "Description": "An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-18310.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23752", + "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-10-15T02:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18520", + "PkgName": "elfutils-default-yama-scope", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18520", + "Title": "elfutils: eu-size cannot handle recursive ar files", + "Description": "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-18520.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23787", + "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-10-19T17:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18521", + "PkgName": "elfutils-default-yama-scope", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18521", + "Title": "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c", + "Description": "Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.", + "Severity": "LOW", + "CweIDs": [ + "CWE-369" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-18521.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23786", + "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-10-19T17:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7149", + "PkgName": "elfutils-default-yama-scope", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7149", + "Title": "elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw", + "Description": "A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7149.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7149", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24102", + "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2019-01-29T00:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7150", + "PkgName": "elfutils-default-yama-scope", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7150", + "Title": "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c", + "Description": "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7150.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24103", + "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2019-01-29T00:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7664", + "PkgName": "elfutils-default-yama-scope", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7664", + "Title": "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h", + "Description": "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7664.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://access.redhat.com/errata/RHSA-2019:2197", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24084" + ], + "PublishedDate": "2019-02-09T16:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7665", + "PkgName": "elfutils-default-yama-scope", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7665", + "Title": "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c", + "Description": "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7665.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24089", + "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2019-02-09T16:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16062", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16062", + "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file", + "Description": "dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16062.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://access.redhat.com/errata/RHSA-2019:2197", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23541", + "https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-08-29T03:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16402", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16402", + "Title": "elfutils: Double-free due to double decompression of sections in crafted ELF causes crash", + "Description": "libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.", + "Severity": "LOW", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16402.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16402", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23528", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-09-03T19:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16403", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16403", + "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash", + "Description": "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16403.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://access.redhat.com/errata/RHSA-2019:2197", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16403", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23529", + "https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-09-03T19:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18310", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18310", + "Title": "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl", + "Description": "An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-18310.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23752", + "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-10-15T02:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18520", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18520", + "Title": "elfutils: eu-size cannot handle recursive ar files", + "Description": "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-18520.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23787", + "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-10-19T17:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18521", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18521", + "Title": "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c", + "Description": "Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.", + "Severity": "LOW", + "CweIDs": [ + "CWE-369" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-18521.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23786", + "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-10-19T17:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7149", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7149", + "Title": "elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw", + "Description": "A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7149.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7149", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24102", + "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2019-01-29T00:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7150", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7150", + "Title": "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c", + "Description": "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7150.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24103", + "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2019-01-29T00:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7664", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7664", + "Title": "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h", + "Description": "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7664.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://access.redhat.com/errata/RHSA-2019:2197", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24084" + ], + "PublishedDate": "2019-02-09T16:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7665", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7665", + "Title": "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c", + "Description": "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7665.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24089", + "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2019-02-09T16:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16062", + "PkgName": "elfutils-libs", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16062", + "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file", + "Description": "dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16062.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://access.redhat.com/errata/RHSA-2019:2197", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23541", + "https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-08-29T03:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16402", + "PkgName": "elfutils-libs", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16402", + "Title": "elfutils: Double-free due to double decompression of sections in crafted ELF causes crash", + "Description": "libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.", + "Severity": "LOW", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16402.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16402", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23528", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-09-03T19:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16403", + "PkgName": "elfutils-libs", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16403", + "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash", + "Description": "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16403.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://access.redhat.com/errata/RHSA-2019:2197", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16403", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23529", + "https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-09-03T19:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18310", + "PkgName": "elfutils-libs", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18310", + "Title": "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl", + "Description": "An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-18310.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23752", + "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-10-15T02:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18520", + "PkgName": "elfutils-libs", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18520", + "Title": "elfutils: eu-size cannot handle recursive ar files", + "Description": "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-18520.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23787", + "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-10-19T17:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18521", + "PkgName": "elfutils-libs", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18521", + "Title": "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c", + "Description": "Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.", + "Severity": "LOW", + "CweIDs": [ + "CWE-369" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-18521.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23786", + "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-10-19T17:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7149", + "PkgName": "elfutils-libs", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7149", + "Title": "elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw", + "Description": "A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7149.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7149", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24102", + "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2019-01-29T00:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7150", + "PkgName": "elfutils-libs", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7150", + "Title": "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c", + "Description": "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7150.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24103", + "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2019-01-29T00:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7664", + "PkgName": "elfutils-libs", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7664", + "Title": "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h", + "Description": "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7664.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://access.redhat.com/errata/RHSA-2019:2197", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24084" + ], + "PublishedDate": "2019-02-09T16:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7665", + "PkgName": "elfutils-libs", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7665", + "Title": "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c", + "Description": "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7665.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24089", + "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2019-02-09T16:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10739", + "PkgName": "glibc", + "InstalledVersion": "2.17-260.el7_6.3", + "FixedVersion": "2.17-292.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10739", + "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 4.6, + "V3Score": 5.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-10739.html", + "http://linux.oracle.com/errata/ELSA-2019-3513.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html", + "http://www.securityfocus.com/bid/106672", + "https://access.redhat.com/errata/RHSA-2019:2118", + "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20018" + ], + "PublishedDate": "2019-01-21T19:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10739", + "PkgName": "glibc-common", + "InstalledVersion": "2.17-260.el7_6.3", + "FixedVersion": "2.17-292.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10739", + "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 4.6, + "V3Score": 5.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-10739.html", + "http://linux.oracle.com/errata/ELSA-2019-3513.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html", + "http://www.securityfocus.com/bid/106672", + "https://access.redhat.com/errata/RHSA-2019:2118", + "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20018" + ], + "PublishedDate": "2019-01-21T19:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-14618", + "PkgName": "libcurl", + "InstalledVersion": "7.29.0-51.el7", + "FixedVersion": "7.29.0-51.el7_6.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14618", + "Title": "curl: NTLM password overflow via integer overflow", + "Description": "curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 10, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-14618.html", + "http://linux.oracle.com/errata/ELSA-2019-1880.html", + "http://www.securitytracker.com/id/1041605", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618", + "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf", + "https://curl.haxx.se/docs/CVE-2018-14618.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14618", + "https://github.com/curl/curl/issues/2756", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0014", + "https://security.gentoo.org/glsa/201903-03", + "https://usn.ubuntu.com/3765-1/", + "https://usn.ubuntu.com/3765-2/", + "https://usn.ubuntu.com/usn/usn-3765-1", + "https://usn.ubuntu.com/usn/usn-3765-2", + "https://www.debian.org/security/2018/dsa-4286" + ], + "PublishedDate": "2018-09-05T19:29:00Z", + "LastModifiedDate": "2019-04-22T17:48:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16842", + "PkgName": "libcurl", + "InstalledVersion": "7.29.0-51.el7", + "FixedVersion": "7.29.0-54.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16842", + "Title": "curl: Heap-based buffer over-read in the curl tool warning formatting", + "Description": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", + "V3Score": 3.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16842.html", + "http://linux.oracle.com/errata/ELSA-2019-2181.html", + "http://www.securitytracker.com/id/1042014", + "https://access.redhat.com/errata/RHSA-2019:2181", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842", + "https://curl.haxx.se/docs/CVE-2018-16842.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16842", + "https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211", + "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", + "https://security.gentoo.org/glsa/201903-03", + "https://usn.ubuntu.com/3805-1/", + "https://usn.ubuntu.com/3805-2/", + "https://usn.ubuntu.com/usn/usn-3805-1", + "https://usn.ubuntu.com/usn/usn-3805-2", + "https://www.debian.org/security/2018/dsa-4331" + ], + "PublishedDate": "2018-10-31T19:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3855", + "PkgName": "libssh2", + "InstalledVersion": "1.4.3-12.el7", + "FixedVersion": "1.4.3-12.el7_6.2", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3855", + "Title": "libssh2: Integer overflow in transport read resulting in out of bounds write", + "Description": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 9.3, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-3855.html", + "http://linux.oracle.com/errata/ELSA-2019-1652.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", + "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", + "http://www.openwall.com/lists/oss-security/2019/03/18/3", + "http://www.securityfocus.com/bid/107485", + "https://access.redhat.com/errata/RHSA-2019:0679", + "https://access.redhat.com/errata/RHSA-2019:1175", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3855", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3855", + "https://github.com/libssh2/libssh2/pull/315", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", + "https://seclists.org/bugtraq/2019/Apr/25", + "https://seclists.org/bugtraq/2019/Mar/25", + "https://security.netapp.com/advisory/ntap-20190327-0005/", + "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", + "https://www.debian.org/security/2019/dsa-4431", + "https://www.libssh2.org/CVE-2019-3855.html" + ], + "PublishedDate": "2019-03-21T21:29:00Z", + "LastModifiedDate": "2019-05-14T21:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3856", + "PkgName": "libssh2", + "InstalledVersion": "1.4.3-12.el7", + "FixedVersion": "1.4.3-12.el7_6.2", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3856", + "Title": "libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write", + "Description": "An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-3856.html", + "http://linux.oracle.com/errata/ELSA-2019-1652.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", + "https://access.redhat.com/errata/RHSA-2019:0679", + "https://access.redhat.com/errata/RHSA-2019:1175", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3856", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3856", + "https://github.com/libssh2/libssh2/pull/315", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", + "https://seclists.org/bugtraq/2019/Apr/25", + "https://security.netapp.com/advisory/ntap-20190327-0005/", + "https://www.debian.org/security/2019/dsa-4431", + "https://www.libssh2.org/CVE-2019-3856.html" + ], + "PublishedDate": "2019-03-25T19:29:00Z", + "LastModifiedDate": "2019-05-14T21:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3857", + "PkgName": "libssh2", + "InstalledVersion": "1.4.3-12.el7", + "FixedVersion": "1.4.3-12.el7_6.2", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3857", + "Title": "libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write", + "Description": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-3857.html", + "http://linux.oracle.com/errata/ELSA-2019-1652.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", + "https://access.redhat.com/errata/RHSA-2019:0679", + "https://access.redhat.com/errata/RHSA-2019:1175", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3857", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3857", + "https://github.com/libssh2/libssh2/pull/315", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", + "https://seclists.org/bugtraq/2019/Apr/25", + "https://security.netapp.com/advisory/ntap-20190327-0005/", + "https://www.debian.org/security/2019/dsa-4431", + "https://www.libssh2.org/CVE-2019-3857.html" + ], + "PublishedDate": "2019-03-25T19:29:00Z", + "LastModifiedDate": "2019-05-14T21:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3863", + "PkgName": "libssh2", + "InstalledVersion": "1.4.3-12.el7", + "FixedVersion": "1.4.3-12.el7_6.2", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3863", + "Title": "libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes", + "Description": "A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-3863.html", + "http://linux.oracle.com/errata/ELSA-2019-1652.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", + "https://access.redhat.com/errata/RHSA-2019:0679", + "https://access.redhat.com/errata/RHSA-2019:1175", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3863", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3863", + "https://github.com/libssh2/libssh2/pull/315", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", + "https://seclists.org/bugtraq/2019/Apr/25", + "https://security.netapp.com/advisory/ntap-20190327-0005/", + "https://www.debian.org/security/2019/dsa-4431", + "https://www.libssh2.org/CVE-2019-3863.html" + ], + "PublishedDate": "2019-03-25T18:29:00Z", + "LastModifiedDate": "2019-05-14T21:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3858", + "PkgName": "libssh2", + "InstalledVersion": "1.4.3-12.el7", + "FixedVersion": "1.8.0-3.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3858", + "Title": "libssh2: Zero-byte allocation with a specially crafted SFTP packed leading to an out-of-bounds read", + "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-3858.html", + "http://linux.oracle.com/errata/ELSA-2019-2136.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", + "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", + "http://www.openwall.com/lists/oss-security/2019/03/18/3", + "http://www.securityfocus.com/bid/107485", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3858", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3858", + "https://github.com/libssh2/libssh2/pull/316", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", + "https://seclists.org/bugtraq/2019/Apr/25", + "https://seclists.org/bugtraq/2019/Mar/25", + "https://security.netapp.com/advisory/ntap-20190327-0005/", + "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", + "https://www.debian.org/security/2019/dsa-4431", + "https://www.libssh2.org/CVE-2019-3858.html" + ], + "PublishedDate": "2019-03-21T21:29:00Z", + "LastModifiedDate": "2019-04-15T12:31:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3861", + "PkgName": "libssh2", + "InstalledVersion": "1.4.3-12.el7", + "FixedVersion": "1.8.0-3.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3861", + "Title": "libssh2: Out-of-bounds reads with specially crafted SSH packets", + "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-3861.html", + "http://linux.oracle.com/errata/ELSA-2019-2136.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3861", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3861", + "https://github.com/libssh2/libssh2/pull/316", + "https://libssh2.org/CVE-2019-3861.html", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", + "https://seclists.org/bugtraq/2019/Apr/25", + "https://security.netapp.com/advisory/ntap-20190327-0005/", + "https://www.debian.org/security/2019/dsa-4431", + "https://www.libssh2.org/CVE-2019-3861.html" + ], + "PublishedDate": "2019-03-25T19:29:00Z", + "LastModifiedDate": "2019-04-15T12:31:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3862", + "PkgName": "libssh2", + "InstalledVersion": "1.4.3-12.el7", + "FixedVersion": "1.4.3-12.el7_6.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3862", + "Title": "libssh2: Out-of-bounds memory comparison with specially crafted message channel request", + "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-3862.html", + "http://linux.oracle.com/errata/ELSA-2019-4693.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", + "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", + "http://www.openwall.com/lists/oss-security/2019/03/18/3", + "http://www.securityfocus.com/bid/107485", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3862", + "https://github.com/libssh2/libssh2/pull/316", + "https://libssh2.org/CVE-2019-3862.html", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", + "https://seclists.org/bugtraq/2019/Apr/25", + "https://seclists.org/bugtraq/2019/Mar/25", + "https://security.netapp.com/advisory/ntap-20190327-0005/", + "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", + "https://www.debian.org/security/2019/dsa-4431", + "https://www.libssh2.org/CVE-2019-3862.html" + ], + "PublishedDate": "2019-03-21T16:01:00Z", + "LastModifiedDate": "2019-04-15T12:31:00Z" + }, + { + "VulnerabilityID": "CVE-2018-0495", + "PkgName": "nspr", + "InstalledVersion": "4.19.0-1.el7_5", + "FixedVersion": "4.21.0-1.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", + "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", + "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-0495.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://www.securitytracker.com/id/1041144", + "http://www.securitytracker.com/id/1041147", + "https://access.redhat.com/errata/RHSA-2018:3221", + "https://access.redhat.com/errata/RHSA-2018:3505", + "https://access.redhat.com/errata/RHSA-2019:1296", + "https://access.redhat.com/errata/RHSA-2019:1297", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", + "https://dev.gnupg.org/T4011", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", + "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", + "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", + "https://usn.ubuntu.com/3689-1/", + "https://usn.ubuntu.com/3689-2/", + "https://usn.ubuntu.com/3692-1/", + "https://usn.ubuntu.com/3692-2/", + "https://usn.ubuntu.com/3850-1/", + "https://usn.ubuntu.com/3850-2/", + "https://usn.ubuntu.com/usn/usn-3689-1", + "https://usn.ubuntu.com/usn/usn-3689-2", + "https://usn.ubuntu.com/usn/usn-3692-1", + "https://usn.ubuntu.com/usn/usn-3692-2", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2", + "https://www.debian.org/security/2018/dsa-4231", + "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-06-13T23:29:00Z", + "LastModifiedDate": "2019-05-30T18:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12404", + "PkgName": "nspr", + "InstalledVersion": "4.19.0-1.el7_5", + "FixedVersion": "4.21.0-1.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", + "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", + "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://cat.eyalro.net/", + "http://linux.oracle.com/cve/CVE-2018-12404.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", + "http://www.securityfocus.com/bid/107260", + "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2" + ], + "PublishedDate": "2019-05-02T17:29:00Z", + "LastModifiedDate": "2019-07-20T12:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11745", + "PkgName": "nss", + "InstalledVersion": "3.36.0-7.1.el7_6", + "FixedVersion": "3.44.0-7.el7_7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", + "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", + "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11745.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", + "https://usn.ubuntu.com/4241-1/", + "https://usn.ubuntu.com/usn/usn-4203-1", + "https://usn.ubuntu.com/usn/usn-4203-2", + "https://usn.ubuntu.com/usn/usn-4216-1", + "https://usn.ubuntu.com/usn/usn-4216-2", + "https://usn.ubuntu.com/usn/usn-4241-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", + "https://www.mozilla.org/security/advisories/mfsa2019-36/", + "https://www.mozilla.org/security/advisories/mfsa2019-37/", + "https://www.mozilla.org/security/advisories/mfsa2019-38/" + ], + "PublishedDate": "2020-01-08T20:15:00Z", + "LastModifiedDate": "2020-01-16T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-0495", + "PkgName": "nss", + "InstalledVersion": "3.36.0-7.1.el7_6", + "FixedVersion": "3.44.0-4.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", + "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", + "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-0495.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://www.securitytracker.com/id/1041144", + "http://www.securitytracker.com/id/1041147", + "https://access.redhat.com/errata/RHSA-2018:3221", + "https://access.redhat.com/errata/RHSA-2018:3505", + "https://access.redhat.com/errata/RHSA-2019:1296", + "https://access.redhat.com/errata/RHSA-2019:1297", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", + "https://dev.gnupg.org/T4011", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", + "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", + "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", + "https://usn.ubuntu.com/3689-1/", + "https://usn.ubuntu.com/3689-2/", + "https://usn.ubuntu.com/3692-1/", + "https://usn.ubuntu.com/3692-2/", + "https://usn.ubuntu.com/3850-1/", + "https://usn.ubuntu.com/3850-2/", + "https://usn.ubuntu.com/usn/usn-3689-1", + "https://usn.ubuntu.com/usn/usn-3689-2", + "https://usn.ubuntu.com/usn/usn-3692-1", + "https://usn.ubuntu.com/usn/usn-3692-2", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2", + "https://www.debian.org/security/2018/dsa-4231", + "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-06-13T23:29:00Z", + "LastModifiedDate": "2019-05-30T18:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12404", + "PkgName": "nss", + "InstalledVersion": "3.36.0-7.1.el7_6", + "FixedVersion": "3.44.0-4.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", + "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", + "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://cat.eyalro.net/", + "http://linux.oracle.com/cve/CVE-2018-12404.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", + "http://www.securityfocus.com/bid/107260", + "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2" + ], + "PublishedDate": "2019-05-02T17:29:00Z", + "LastModifiedDate": "2019-07-20T12:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11729", + "PkgName": "nss", + "InstalledVersion": "3.36.0-7.1.el7_6", + "FixedVersion": "3.44.0-7.el7_7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", + "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", + "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11729.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", + "https://access.redhat.com/errata/RHSA-2019:1951", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", + "https://usn.ubuntu.com/usn/usn-4054-1", + "https://usn.ubuntu.com/usn/usn-4060-1", + "https://usn.ubuntu.com/usn/usn-4060-2", + "https://usn.ubuntu.com/usn/usn-4064-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", + "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "https://www.mozilla.org/security/advisories/mfsa2019-22/", + "https://www.mozilla.org/security/advisories/mfsa2019-23/" + ], + "PublishedDate": "2019-07-23T14:15:00Z", + "LastModifiedDate": "2019-07-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11745", + "PkgName": "nss-softokn", + "InstalledVersion": "3.36.0-5.el7_5", + "FixedVersion": "3.44.0-8.el7_7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", + "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", + "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11745.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", + "https://usn.ubuntu.com/4241-1/", + "https://usn.ubuntu.com/usn/usn-4203-1", + "https://usn.ubuntu.com/usn/usn-4203-2", + "https://usn.ubuntu.com/usn/usn-4216-1", + "https://usn.ubuntu.com/usn/usn-4216-2", + "https://usn.ubuntu.com/usn/usn-4241-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", + "https://www.mozilla.org/security/advisories/mfsa2019-36/", + "https://www.mozilla.org/security/advisories/mfsa2019-37/", + "https://www.mozilla.org/security/advisories/mfsa2019-38/" + ], + "PublishedDate": "2020-01-08T20:15:00Z", + "LastModifiedDate": "2020-01-16T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-0495", + "PkgName": "nss-softokn", + "InstalledVersion": "3.36.0-5.el7_5", + "FixedVersion": "3.44.0-5.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", + "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", + "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-0495.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://www.securitytracker.com/id/1041144", + "http://www.securitytracker.com/id/1041147", + "https://access.redhat.com/errata/RHSA-2018:3221", + "https://access.redhat.com/errata/RHSA-2018:3505", + "https://access.redhat.com/errata/RHSA-2019:1296", + "https://access.redhat.com/errata/RHSA-2019:1297", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", + "https://dev.gnupg.org/T4011", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", + "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", + "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", + "https://usn.ubuntu.com/3689-1/", + "https://usn.ubuntu.com/3689-2/", + "https://usn.ubuntu.com/3692-1/", + "https://usn.ubuntu.com/3692-2/", + "https://usn.ubuntu.com/3850-1/", + "https://usn.ubuntu.com/3850-2/", + "https://usn.ubuntu.com/usn/usn-3689-1", + "https://usn.ubuntu.com/usn/usn-3689-2", + "https://usn.ubuntu.com/usn/usn-3692-1", + "https://usn.ubuntu.com/usn/usn-3692-2", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2", + "https://www.debian.org/security/2018/dsa-4231", + "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-06-13T23:29:00Z", + "LastModifiedDate": "2019-05-30T18:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12404", + "PkgName": "nss-softokn", + "InstalledVersion": "3.36.0-5.el7_5", + "FixedVersion": "3.44.0-5.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", + "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", + "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://cat.eyalro.net/", + "http://linux.oracle.com/cve/CVE-2018-12404.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", + "http://www.securityfocus.com/bid/107260", + "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2" + ], + "PublishedDate": "2019-05-02T17:29:00Z", + "LastModifiedDate": "2019-07-20T12:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11729", + "PkgName": "nss-softokn", + "InstalledVersion": "3.36.0-5.el7_5", + "FixedVersion": "3.44.0-8.el7_7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", + "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", + "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11729.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", + "https://access.redhat.com/errata/RHSA-2019:1951", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", + "https://usn.ubuntu.com/usn/usn-4054-1", + "https://usn.ubuntu.com/usn/usn-4060-1", + "https://usn.ubuntu.com/usn/usn-4060-2", + "https://usn.ubuntu.com/usn/usn-4064-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", + "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "https://www.mozilla.org/security/advisories/mfsa2019-22/", + "https://www.mozilla.org/security/advisories/mfsa2019-23/" + ], + "PublishedDate": "2019-07-23T14:15:00Z", + "LastModifiedDate": "2019-07-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11745", + "PkgName": "nss-softokn-freebl", + "InstalledVersion": "3.36.0-5.el7_5", + "FixedVersion": "3.44.0-8.el7_7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", + "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", + "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11745.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", + "https://usn.ubuntu.com/4241-1/", + "https://usn.ubuntu.com/usn/usn-4203-1", + "https://usn.ubuntu.com/usn/usn-4203-2", + "https://usn.ubuntu.com/usn/usn-4216-1", + "https://usn.ubuntu.com/usn/usn-4216-2", + "https://usn.ubuntu.com/usn/usn-4241-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", + "https://www.mozilla.org/security/advisories/mfsa2019-36/", + "https://www.mozilla.org/security/advisories/mfsa2019-37/", + "https://www.mozilla.org/security/advisories/mfsa2019-38/" + ], + "PublishedDate": "2020-01-08T20:15:00Z", + "LastModifiedDate": "2020-01-16T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-0495", + "PkgName": "nss-softokn-freebl", + "InstalledVersion": "3.36.0-5.el7_5", + "FixedVersion": "3.44.0-5.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", + "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", + "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-0495.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://www.securitytracker.com/id/1041144", + "http://www.securitytracker.com/id/1041147", + "https://access.redhat.com/errata/RHSA-2018:3221", + "https://access.redhat.com/errata/RHSA-2018:3505", + "https://access.redhat.com/errata/RHSA-2019:1296", + "https://access.redhat.com/errata/RHSA-2019:1297", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", + "https://dev.gnupg.org/T4011", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", + "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", + "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", + "https://usn.ubuntu.com/3689-1/", + "https://usn.ubuntu.com/3689-2/", + "https://usn.ubuntu.com/3692-1/", + "https://usn.ubuntu.com/3692-2/", + "https://usn.ubuntu.com/3850-1/", + "https://usn.ubuntu.com/3850-2/", + "https://usn.ubuntu.com/usn/usn-3689-1", + "https://usn.ubuntu.com/usn/usn-3689-2", + "https://usn.ubuntu.com/usn/usn-3692-1", + "https://usn.ubuntu.com/usn/usn-3692-2", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2", + "https://www.debian.org/security/2018/dsa-4231", + "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-06-13T23:29:00Z", + "LastModifiedDate": "2019-05-30T18:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12404", + "PkgName": "nss-softokn-freebl", + "InstalledVersion": "3.36.0-5.el7_5", + "FixedVersion": "3.44.0-5.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", + "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", + "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://cat.eyalro.net/", + "http://linux.oracle.com/cve/CVE-2018-12404.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", + "http://www.securityfocus.com/bid/107260", + "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2" + ], + "PublishedDate": "2019-05-02T17:29:00Z", + "LastModifiedDate": "2019-07-20T12:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11729", + "PkgName": "nss-softokn-freebl", + "InstalledVersion": "3.36.0-5.el7_5", + "FixedVersion": "3.44.0-8.el7_7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", + "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", + "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11729.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", + "https://access.redhat.com/errata/RHSA-2019:1951", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", + "https://usn.ubuntu.com/usn/usn-4054-1", + "https://usn.ubuntu.com/usn/usn-4060-1", + "https://usn.ubuntu.com/usn/usn-4060-2", + "https://usn.ubuntu.com/usn/usn-4064-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", + "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "https://www.mozilla.org/security/advisories/mfsa2019-22/", + "https://www.mozilla.org/security/advisories/mfsa2019-23/" + ], + "PublishedDate": "2019-07-23T14:15:00Z", + "LastModifiedDate": "2019-07-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11745", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.36.0-7.1.el7_6", + "FixedVersion": "3.44.0-7.el7_7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", + "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", + "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11745.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", + "https://usn.ubuntu.com/4241-1/", + "https://usn.ubuntu.com/usn/usn-4203-1", + "https://usn.ubuntu.com/usn/usn-4203-2", + "https://usn.ubuntu.com/usn/usn-4216-1", + "https://usn.ubuntu.com/usn/usn-4216-2", + "https://usn.ubuntu.com/usn/usn-4241-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", + "https://www.mozilla.org/security/advisories/mfsa2019-36/", + "https://www.mozilla.org/security/advisories/mfsa2019-37/", + "https://www.mozilla.org/security/advisories/mfsa2019-38/" + ], + "PublishedDate": "2020-01-08T20:15:00Z", + "LastModifiedDate": "2020-01-16T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-0495", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.36.0-7.1.el7_6", + "FixedVersion": "3.44.0-4.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", + "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", + "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-0495.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://www.securitytracker.com/id/1041144", + "http://www.securitytracker.com/id/1041147", + "https://access.redhat.com/errata/RHSA-2018:3221", + "https://access.redhat.com/errata/RHSA-2018:3505", + "https://access.redhat.com/errata/RHSA-2019:1296", + "https://access.redhat.com/errata/RHSA-2019:1297", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", + "https://dev.gnupg.org/T4011", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", + "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", + "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", + "https://usn.ubuntu.com/3689-1/", + "https://usn.ubuntu.com/3689-2/", + "https://usn.ubuntu.com/3692-1/", + "https://usn.ubuntu.com/3692-2/", + "https://usn.ubuntu.com/3850-1/", + "https://usn.ubuntu.com/3850-2/", + "https://usn.ubuntu.com/usn/usn-3689-1", + "https://usn.ubuntu.com/usn/usn-3689-2", + "https://usn.ubuntu.com/usn/usn-3692-1", + "https://usn.ubuntu.com/usn/usn-3692-2", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2", + "https://www.debian.org/security/2018/dsa-4231", + "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-06-13T23:29:00Z", + "LastModifiedDate": "2019-05-30T18:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12404", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.36.0-7.1.el7_6", + "FixedVersion": "3.44.0-4.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", + "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", + "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://cat.eyalro.net/", + "http://linux.oracle.com/cve/CVE-2018-12404.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", + "http://www.securityfocus.com/bid/107260", + "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2" + ], + "PublishedDate": "2019-05-02T17:29:00Z", + "LastModifiedDate": "2019-07-20T12:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11729", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.36.0-7.1.el7_6", + "FixedVersion": "3.44.0-7.el7_7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", + "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", + "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11729.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", + "https://access.redhat.com/errata/RHSA-2019:1951", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", + "https://usn.ubuntu.com/usn/usn-4054-1", + "https://usn.ubuntu.com/usn/usn-4060-1", + "https://usn.ubuntu.com/usn/usn-4060-2", + "https://usn.ubuntu.com/usn/usn-4064-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", + "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "https://www.mozilla.org/security/advisories/mfsa2019-22/", + "https://www.mozilla.org/security/advisories/mfsa2019-23/" + ], + "PublishedDate": "2019-07-23T14:15:00Z", + "LastModifiedDate": "2019-07-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11745", + "PkgName": "nss-tools", + "InstalledVersion": "3.36.0-7.1.el7_6", + "FixedVersion": "3.44.0-7.el7_7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", + "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", + "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11745.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", + "https://usn.ubuntu.com/4241-1/", + "https://usn.ubuntu.com/usn/usn-4203-1", + "https://usn.ubuntu.com/usn/usn-4203-2", + "https://usn.ubuntu.com/usn/usn-4216-1", + "https://usn.ubuntu.com/usn/usn-4216-2", + "https://usn.ubuntu.com/usn/usn-4241-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", + "https://www.mozilla.org/security/advisories/mfsa2019-36/", + "https://www.mozilla.org/security/advisories/mfsa2019-37/", + "https://www.mozilla.org/security/advisories/mfsa2019-38/" + ], + "PublishedDate": "2020-01-08T20:15:00Z", + "LastModifiedDate": "2020-01-16T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-0495", + "PkgName": "nss-tools", + "InstalledVersion": "3.36.0-7.1.el7_6", + "FixedVersion": "3.44.0-4.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", + "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", + "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-0495.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://www.securitytracker.com/id/1041144", + "http://www.securitytracker.com/id/1041147", + "https://access.redhat.com/errata/RHSA-2018:3221", + "https://access.redhat.com/errata/RHSA-2018:3505", + "https://access.redhat.com/errata/RHSA-2019:1296", + "https://access.redhat.com/errata/RHSA-2019:1297", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", + "https://dev.gnupg.org/T4011", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", + "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", + "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", + "https://usn.ubuntu.com/3689-1/", + "https://usn.ubuntu.com/3689-2/", + "https://usn.ubuntu.com/3692-1/", + "https://usn.ubuntu.com/3692-2/", + "https://usn.ubuntu.com/3850-1/", + "https://usn.ubuntu.com/3850-2/", + "https://usn.ubuntu.com/usn/usn-3689-1", + "https://usn.ubuntu.com/usn/usn-3689-2", + "https://usn.ubuntu.com/usn/usn-3692-1", + "https://usn.ubuntu.com/usn/usn-3692-2", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2", + "https://www.debian.org/security/2018/dsa-4231", + "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-06-13T23:29:00Z", + "LastModifiedDate": "2019-05-30T18:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12404", + "PkgName": "nss-tools", + "InstalledVersion": "3.36.0-7.1.el7_6", + "FixedVersion": "3.44.0-4.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", + "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", + "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://cat.eyalro.net/", + "http://linux.oracle.com/cve/CVE-2018-12404.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", + "http://www.securityfocus.com/bid/107260", + "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2" + ], + "PublishedDate": "2019-05-02T17:29:00Z", + "LastModifiedDate": "2019-07-20T12:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11729", + "PkgName": "nss-tools", + "InstalledVersion": "3.36.0-7.1.el7_6", + "FixedVersion": "3.44.0-7.el7_7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", + "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", + "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11729.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", + "https://access.redhat.com/errata/RHSA-2019:1951", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", + "https://usn.ubuntu.com/usn/usn-4054-1", + "https://usn.ubuntu.com/usn/usn-4060-1", + "https://usn.ubuntu.com/usn/usn-4060-2", + "https://usn.ubuntu.com/usn/usn-4064-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", + "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "https://www.mozilla.org/security/advisories/mfsa2019-22/", + "https://www.mozilla.org/security/advisories/mfsa2019-23/" + ], + "PublishedDate": "2019-07-23T14:15:00Z", + "LastModifiedDate": "2019-07-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11745", + "PkgName": "nss-util", + "InstalledVersion": "3.36.0-1.1.el7_6", + "FixedVersion": "3.44.0-4.el7_7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", + "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", + "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11745.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", + "https://usn.ubuntu.com/4241-1/", + "https://usn.ubuntu.com/usn/usn-4203-1", + "https://usn.ubuntu.com/usn/usn-4203-2", + "https://usn.ubuntu.com/usn/usn-4216-1", + "https://usn.ubuntu.com/usn/usn-4216-2", + "https://usn.ubuntu.com/usn/usn-4241-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", + "https://www.mozilla.org/security/advisories/mfsa2019-36/", + "https://www.mozilla.org/security/advisories/mfsa2019-37/", + "https://www.mozilla.org/security/advisories/mfsa2019-38/" + ], + "PublishedDate": "2020-01-08T20:15:00Z", + "LastModifiedDate": "2020-01-16T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-0495", + "PkgName": "nss-util", + "InstalledVersion": "3.36.0-1.1.el7_6", + "FixedVersion": "3.44.0-3.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", + "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", + "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-0495.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://www.securitytracker.com/id/1041144", + "http://www.securitytracker.com/id/1041147", + "https://access.redhat.com/errata/RHSA-2018:3221", + "https://access.redhat.com/errata/RHSA-2018:3505", + "https://access.redhat.com/errata/RHSA-2019:1296", + "https://access.redhat.com/errata/RHSA-2019:1297", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", + "https://dev.gnupg.org/T4011", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", + "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", + "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", + "https://usn.ubuntu.com/3689-1/", + "https://usn.ubuntu.com/3689-2/", + "https://usn.ubuntu.com/3692-1/", + "https://usn.ubuntu.com/3692-2/", + "https://usn.ubuntu.com/3850-1/", + "https://usn.ubuntu.com/3850-2/", + "https://usn.ubuntu.com/usn/usn-3689-1", + "https://usn.ubuntu.com/usn/usn-3689-2", + "https://usn.ubuntu.com/usn/usn-3692-1", + "https://usn.ubuntu.com/usn/usn-3692-2", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2", + "https://www.debian.org/security/2018/dsa-4231", + "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-06-13T23:29:00Z", + "LastModifiedDate": "2019-05-30T18:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12404", + "PkgName": "nss-util", + "InstalledVersion": "3.36.0-1.1.el7_6", + "FixedVersion": "3.44.0-3.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", + "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", + "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://cat.eyalro.net/", + "http://linux.oracle.com/cve/CVE-2018-12404.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", + "http://www.securityfocus.com/bid/107260", + "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2" + ], + "PublishedDate": "2019-05-02T17:29:00Z", + "LastModifiedDate": "2019-07-20T12:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11729", + "PkgName": "nss-util", + "InstalledVersion": "3.36.0-1.1.el7_6", + "FixedVersion": "3.44.0-4.el7_7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", + "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", + "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11729.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", + "https://access.redhat.com/errata/RHSA-2019:1951", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", + "https://usn.ubuntu.com/usn/usn-4054-1", + "https://usn.ubuntu.com/usn/usn-4060-1", + "https://usn.ubuntu.com/usn/usn-4060-2", + "https://usn.ubuntu.com/usn/usn-4064-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", + "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "https://www.mozilla.org/security/advisories/mfsa2019-22/", + "https://www.mozilla.org/security/advisories/mfsa2019-23/" + ], + "PublishedDate": "2019-07-23T14:15:00Z", + "LastModifiedDate": "2019-07-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-5407", + "PkgName": "openssl-libs", + "InstalledVersion": "1:1.0.2k-16.el7", + "FixedVersion": "1:1.0.2k-16.el7_6.1", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5407", + "Title": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)", + "Description": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-5407.html", + "http://linux.oracle.com/errata/ELSA-2019-2125.html", + "http://www.securityfocus.com/bid/105897", + "https://access.redhat.com/errata/RHSA-2019:0483", + "https://access.redhat.com/errata/RHSA-2019:0651", + "https://access.redhat.com/errata/RHSA-2019:0652", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407", + "https://eprint.iacr.org/2018/1060.pdf", + "https://github.com/bbbrumley/portsmash", + "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html", + "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", + "https://security.gentoo.org/glsa/201903-10", + "https://security.netapp.com/advisory/ntap-20181126-0001/", + "https://usn.ubuntu.com/3840-1/", + "https://usn.ubuntu.com/usn/usn-3840-1", + "https://www.debian.org/security/2018/dsa-4348", + "https://www.debian.org/security/2018/dsa-4355", + "https://www.exploit-db.com/exploits/45785/", + "https://www.openssl.org/news/secadv/20181112.txt", + "https://www.openwall.com/lists/oss-security/2018/11/01/4", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "https://www.tenable.com/security/tns-2018-16", + "https://www.tenable.com/security/tns-2018-17" + ], + "PublishedDate": "2018-11-15T21:29:00Z", + "LastModifiedDate": "2019-07-23T23:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1559", + "PkgName": "openssl-libs", + "InstalledVersion": "1:1.0.2k-16.el7", + "FixedVersion": "1:1.0.2k-19.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1559", + "Title": "openssl: 0-byte record padding oracle", + "Description": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 6.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-1559.html", + "http://linux.oracle.com/errata/ELSA-2019-2471.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html", + "http://www.securityfocus.com/bid/107174", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e", + "https://github.com/RUB-NDS/TLS-Padding-Oracles", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html", + "https://security.gentoo.org/glsa/201903-10", + "https://security.netapp.com/advisory/ntap-20190301-0001/", + "https://security.netapp.com/advisory/ntap-20190301-0002/", + "https://security.netapp.com/advisory/ntap-20190423-0002/", + "https://support.f5.com/csp/article/K18549143", + "https://usn.ubuntu.com/3899-1/", + "https://usn.ubuntu.com/usn/usn-3899-1", + "https://www.debian.org/security/2019/dsa-4400", + "https://www.openssl.org/news/secadv/20190226.txt", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "https://www.tenable.com/security/tns-2019-02", + "https://www.tenable.com/security/tns-2019-03" + ], + "PublishedDate": "2019-02-27T23:29:00Z", + "LastModifiedDate": "2019-05-22T00:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-0734", + "PkgName": "openssl-libs", + "InstalledVersion": "1:1.0.2k-16.el7", + "FixedVersion": "1:1.0.2k-19.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0734", + "Title": "openssl: timing side channel attack in the DSA signature algorithm", + "Description": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).", + "Severity": "LOW", + "CweIDs": [ + "CWE-320" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-0734.html", + "http://linux.oracle.com/errata/ELSA-2019-3700.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html", + "http://www.securityfocus.com/bid/105758", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7", + "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", + "https://security.netapp.com/advisory/ntap-20181105-0002/", + "https://security.netapp.com/advisory/ntap-20190118-0002/", + "https://security.netapp.com/advisory/ntap-20190423-0002/", + "https://usn.ubuntu.com/3840-1/", + "https://usn.ubuntu.com/usn/usn-3840-1", + "https://www.debian.org/security/2018/dsa-4348", + "https://www.debian.org/security/2018/dsa-4355", + "https://www.openssl.org/news/secadv/20181030.txt", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "https://www.tenable.com/security/tns-2018-16", + "https://www.tenable.com/security/tns-2018-17" + ], + "PublishedDate": "2018-10-30T12:29:00Z", + "LastModifiedDate": "2019-06-11T22:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1122", + "PkgName": "procps-ng", + "InstalledVersion": "3.3.10-23.el7", + "FixedVersion": "3.3.10-26.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1122", + "Title": "procps-ng, procps: Local privilege escalation in top", + "Description": "procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.4, + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 6.7 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-1122.html", + "http://linux.oracle.com/errata/ELSA-2019-2189.html", + "http://seclists.org/oss-sec/2018/q2/122", + "http://www.securityfocus.com/bid/104214", + "https://access.redhat.com/errata/RHSA-2019:2189", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1122", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1122", + "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html", + "https://security.gentoo.org/glsa/201805-14", + "https://usn.ubuntu.com/3658-1/", + "https://usn.ubuntu.com/3658-3/", + "https://usn.ubuntu.com/usn/usn-3658-1", + "https://usn.ubuntu.com/usn/usn-3658-3", + "https://www.debian.org/security/2018/dsa-4208", + "https://www.exploit-db.com/exploits/44806/", + "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" + ], + "PublishedDate": "2018-05-23T14:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-10160", + "PkgName": "python", + "InstalledVersion": "2.7.5-76.el7", + "FixedVersion": "2.7.5-80.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-10160", + "Title": "python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc", + "Description": "A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-255" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-10160.html", + "http://linux.oracle.com/errata/ELSA-2019-1587.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html", + "https://access.redhat.com/errata/RHSA-2019:1587", + "https://access.redhat.com/errata/RHSA-2019:1700", + "https://access.redhat.com/errata/RHSA-2019:2437", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10160", + "https://github.com/python/cpython/commit/250b62acc59921d399f0db47db3b462cd6037e09", + "https://github.com/python/cpython/commit/8d0ef0b5edeae52960c7ed05ae8a12388324f87e", + "https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de", + "https://github.com/python/cpython/commit/fd1771dbdd28709716bd531580c40ae5ed814468", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/", + "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html", + "https://security.netapp.com/advisory/ntap-20190617-0003/", + "https://usn.ubuntu.com/4127-1/", + "https://usn.ubuntu.com/4127-2/", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-06-07T18:29:00Z", + "LastModifiedDate": "2019-10-25T11:53:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9636", + "PkgName": "python", + "InstalledVersion": "2.7.5-76.el7", + "FixedVersion": "2.7.5-77.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9636", + "Title": "python: Information Disclosure due to urlsplit improper NFKC normalization", + "Description": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-255" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9636.html", + "http://linux.oracle.com/errata/ELSA-2019-1467.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", + "http://www.securityfocus.com/bid/107400", + "https://access.redhat.com/errata/RHBA-2019:0959", + "https://access.redhat.com/errata/RHSA-2019:0710", + "https://access.redhat.com/errata/RHSA-2019:0765", + "https://access.redhat.com/errata/RHSA-2019:0806", + "https://access.redhat.com/errata/RHSA-2019:0902", + "https://access.redhat.com/errata/RHSA-2019:0981", + "https://access.redhat.com/errata/RHSA-2019:0997", + "https://access.redhat.com/errata/RHSA-2019:1467", + "https://bugs.python.org/issue36216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636", + "https://github.com/python/cpython/pull/12201", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/", + "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html", + "https://security.netapp.com/advisory/ntap-20190517-0001/", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-03-08T21:29:00Z", + "LastModifiedDate": "2019-06-13T16:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-14647", + "PkgName": "python", + "InstalledVersion": "2.7.5-76.el7", + "FixedVersion": "2.7.5-86.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14647", + "Title": "python: Missing salt initialization in _elementtree.c module", + "Description": "Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. Python 3.8, 3.7, 3.6, 3.5, 3.4, 2.7 are believed to be vulnerable.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-909" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-14647.html", + "http://linux.oracle.com/errata/ELSA-2019-2030.html", + "http://www.securityfocus.com/bid/105396", + "http://www.securitytracker.com/id/1041740", + "https://access.redhat.com/errata/RHSA-2019:1260", + "https://access.redhat.com/errata/RHSA-2019:2030", + "https://bugs.python.org/issue34623", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14647", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14647", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBJCB2HWOJLP3L7CUQHJHNBHLSVOXJE5/", + "https://usn.ubuntu.com/3817-1/", + "https://usn.ubuntu.com/3817-2/", + "https://usn.ubuntu.com/usn/usn-3817-1", + "https://usn.ubuntu.com/usn/usn-3817-2", + "https://www.debian.org/security/2018/dsa-4306", + "https://www.debian.org/security/2018/dsa-4307" + ], + "PublishedDate": "2018-09-25T00:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5010", + "PkgName": "python", + "InstalledVersion": "2.7.5-76.el7", + "FixedVersion": "2.7.5-86.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5010", + "Title": "python: NULL pointer dereference using a specially crafted X509 certificate", + "Description": "An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-5010.html", + "http://linux.oracle.com/errata/ELSA-2019-3520.html", + "https://access.redhat.com/errata/RHSA-2019:3520", + "https://access.redhat.com/errata/RHSA-2019:3725", + "https://blog.talosintelligence.com/2019/01/vulnerability-spotlight-pythonorg.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010", + "https://github.com/python/cpython/pull/11569", + "https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0758", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-10-31T21:15:00Z", + "LastModifiedDate": "2019-11-06T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9740", + "PkgName": "python", + "InstalledVersion": "2.7.5-76.el7", + "FixedVersion": "2.7.5-86.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9740", + "Title": "python: CRLF injection via the query part of the url passed to urlopen()", + "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-93" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V2Score": 4.3, + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9740.html", + "http://linux.oracle.com/errata/ELSA-2019-3520.html", + "http://www.securityfocus.com/bid/107466", + "https://access.redhat.com/errata/RHSA-2019:1260", + "https://bugs.python.org/issue36276", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", + "https://python-security.readthedocs.io/vuln/http-header-injection2.html", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-03-13T03:29:00Z", + "LastModifiedDate": "2019-05-28T18:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9947", + "PkgName": "python", + "InstalledVersion": "2.7.5-76.el7", + "FixedVersion": "2.7.5-86.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9947", + "Title": "python: CRLF injection via the path part of the url passed to urlopen()", + "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-93" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V2Score": 4.3, + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9947.html", + "http://linux.oracle.com/errata/ELSA-2019-3520.html", + "https://access.redhat.com/errata/RHSA-2019:1260", + "https://bugs.python.org/issue35906", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9947", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", + "https://python-security.readthedocs.io/vuln/http-header-injection2.html", + "https://security.netapp.com/advisory/ntap-20190404-0004/", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-03-23T18:29:00Z", + "LastModifiedDate": "2019-05-28T19:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9948", + "PkgName": "python", + "InstalledVersion": "2.7.5-76.el7", + "FixedVersion": "2.7.5-86.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9948", + "Title": "python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms", + "Description": "urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-254" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9948.html", + "http://linux.oracle.com/errata/ELSA-2019-3520.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", + "http://www.securityfocus.com/bid/107549", + "https://bugs.python.org/issue35907", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948", + "https://github.com/python/cpython/pull/11842", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", + "https://security.netapp.com/advisory/ntap-20190404-0004/", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-03-23T18:29:00Z", + "LastModifiedDate": "2019-06-19T02:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-10160", + "PkgName": "python-libs", + "InstalledVersion": "2.7.5-76.el7", + "FixedVersion": "2.7.5-80.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-10160", + "Title": "python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc", + "Description": "A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-255" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-10160.html", + "http://linux.oracle.com/errata/ELSA-2019-1587.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html", + "https://access.redhat.com/errata/RHSA-2019:1587", + "https://access.redhat.com/errata/RHSA-2019:1700", + "https://access.redhat.com/errata/RHSA-2019:2437", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10160", + "https://github.com/python/cpython/commit/250b62acc59921d399f0db47db3b462cd6037e09", + "https://github.com/python/cpython/commit/8d0ef0b5edeae52960c7ed05ae8a12388324f87e", + "https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de", + "https://github.com/python/cpython/commit/fd1771dbdd28709716bd531580c40ae5ed814468", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/", + "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html", + "https://security.netapp.com/advisory/ntap-20190617-0003/", + "https://usn.ubuntu.com/4127-1/", + "https://usn.ubuntu.com/4127-2/", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-06-07T18:29:00Z", + "LastModifiedDate": "2019-10-25T11:53:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9636", + "PkgName": "python-libs", + "InstalledVersion": "2.7.5-76.el7", + "FixedVersion": "2.7.5-77.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9636", + "Title": "python: Information Disclosure due to urlsplit improper NFKC normalization", + "Description": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-255" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9636.html", + "http://linux.oracle.com/errata/ELSA-2019-1467.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", + "http://www.securityfocus.com/bid/107400", + "https://access.redhat.com/errata/RHBA-2019:0959", + "https://access.redhat.com/errata/RHSA-2019:0710", + "https://access.redhat.com/errata/RHSA-2019:0765", + "https://access.redhat.com/errata/RHSA-2019:0806", + "https://access.redhat.com/errata/RHSA-2019:0902", + "https://access.redhat.com/errata/RHSA-2019:0981", + "https://access.redhat.com/errata/RHSA-2019:0997", + "https://access.redhat.com/errata/RHSA-2019:1467", + "https://bugs.python.org/issue36216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636", + "https://github.com/python/cpython/pull/12201", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/", + "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html", + "https://security.netapp.com/advisory/ntap-20190517-0001/", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-03-08T21:29:00Z", + "LastModifiedDate": "2019-06-13T16:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-14647", + "PkgName": "python-libs", + "InstalledVersion": "2.7.5-76.el7", + "FixedVersion": "2.7.5-86.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14647", + "Title": "python: Missing salt initialization in _elementtree.c module", + "Description": "Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. Python 3.8, 3.7, 3.6, 3.5, 3.4, 2.7 are believed to be vulnerable.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-909" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-14647.html", + "http://linux.oracle.com/errata/ELSA-2019-2030.html", + "http://www.securityfocus.com/bid/105396", + "http://www.securitytracker.com/id/1041740", + "https://access.redhat.com/errata/RHSA-2019:1260", + "https://access.redhat.com/errata/RHSA-2019:2030", + "https://bugs.python.org/issue34623", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14647", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14647", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBJCB2HWOJLP3L7CUQHJHNBHLSVOXJE5/", + "https://usn.ubuntu.com/3817-1/", + "https://usn.ubuntu.com/3817-2/", + "https://usn.ubuntu.com/usn/usn-3817-1", + "https://usn.ubuntu.com/usn/usn-3817-2", + "https://www.debian.org/security/2018/dsa-4306", + "https://www.debian.org/security/2018/dsa-4307" + ], + "PublishedDate": "2018-09-25T00:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5010", + "PkgName": "python-libs", + "InstalledVersion": "2.7.5-76.el7", + "FixedVersion": "2.7.5-86.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5010", + "Title": "python: NULL pointer dereference using a specially crafted X509 certificate", + "Description": "An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-5010.html", + "http://linux.oracle.com/errata/ELSA-2019-3520.html", + "https://access.redhat.com/errata/RHSA-2019:3520", + "https://access.redhat.com/errata/RHSA-2019:3725", + "https://blog.talosintelligence.com/2019/01/vulnerability-spotlight-pythonorg.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010", + "https://github.com/python/cpython/pull/11569", + "https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0758", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-10-31T21:15:00Z", + "LastModifiedDate": "2019-11-06T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9740", + "PkgName": "python-libs", + "InstalledVersion": "2.7.5-76.el7", + "FixedVersion": "2.7.5-86.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9740", + "Title": "python: CRLF injection via the query part of the url passed to urlopen()", + "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-93" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V2Score": 4.3, + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9740.html", + "http://linux.oracle.com/errata/ELSA-2019-3520.html", + "http://www.securityfocus.com/bid/107466", + "https://access.redhat.com/errata/RHSA-2019:1260", + "https://bugs.python.org/issue36276", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", + "https://python-security.readthedocs.io/vuln/http-header-injection2.html", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-03-13T03:29:00Z", + "LastModifiedDate": "2019-05-28T18:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9947", + "PkgName": "python-libs", + "InstalledVersion": "2.7.5-76.el7", + "FixedVersion": "2.7.5-86.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9947", + "Title": "python: CRLF injection via the path part of the url passed to urlopen()", + "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-93" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V2Score": 4.3, + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9947.html", + "http://linux.oracle.com/errata/ELSA-2019-3520.html", + "https://access.redhat.com/errata/RHSA-2019:1260", + "https://bugs.python.org/issue35906", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9947", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", + "https://python-security.readthedocs.io/vuln/http-header-injection2.html", + "https://security.netapp.com/advisory/ntap-20190404-0004/", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-03-23T18:29:00Z", + "LastModifiedDate": "2019-05-28T19:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9948", + "PkgName": "python-libs", + "InstalledVersion": "2.7.5-76.el7", + "FixedVersion": "2.7.5-86.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9948", + "Title": "python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms", + "Description": "urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-254" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9948.html", + "http://linux.oracle.com/errata/ELSA-2019-3520.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", + "http://www.securityfocus.com/bid/107549", + "https://bugs.python.org/issue35907", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948", + "https://github.com/python/cpython/pull/11842", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", + "https://security.netapp.com/advisory/ntap-20190404-0004/", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-03-23T18:29:00Z", + "LastModifiedDate": "2019-06-19T02:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-13734", + "PkgName": "sqlite", + "InstalledVersion": "3.7.17-8.el7", + "FixedVersion": "3.7.17-8.el7_7.1", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13734", + "Title": "sqlite: fts3: improve shadow table corruption detection", + "Description": "Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-13734.html", + "http://linux.oracle.com/errata/ELSA-2020-0273.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html", + "https://access.redhat.com/errata/RHSA-2019:4238", + "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", + "https://crbug.com/1025466", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13734", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/" + ], + "PublishedDate": "2019-12-10T22:15:00Z", + "LastModifiedDate": "2019-12-16T12:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-15686", + "PkgName": "systemd", + "InstalledVersion": "219-62.el7_6.5", + "FixedVersion": "219-67.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-15686", + "Title": "systemd: line splitting via fgets() allows for state injection during daemon-reexec", + "Description": "A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-502" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 10, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", + "V3Score": 3.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-15686.html", + "http://linux.oracle.com/errata/ELSA-2019-2091.html", + "http://www.securityfocus.com/bid/105747", + "https://access.redhat.com/errata/RHSA-2019:2091", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15686", + "https://github.com/systemd/systemd/pull/10519", + "https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html", + "https://security.gentoo.org/glsa/201810-10", + "https://usn.ubuntu.com/3816-1/", + "https://usn.ubuntu.com/usn/usn-3816-1", + "https://www.exploit-db.com/exploits/45714/" + ], + "PublishedDate": "2018-10-26T14:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16866", + "PkgName": "systemd", + "InstalledVersion": "219-62.el7_6.5", + "FixedVersion": "219-67.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16866", + "Title": "systemd: out-of-bounds read when parsing a crafted syslog message", + "Description": "An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 2.1, + "V3Score": 3.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 4.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16866.html", + "http://linux.oracle.com/errata/ELSA-2019-2091.html", + "http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html", + "http://seclists.org/fulldisclosure/2019/May/21", + "http://www.openwall.com/lists/oss-security/2019/05/10/4", + "http://www.securityfocus.com/bid/106527", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16866", + "https://seclists.org/bugtraq/2019/May/25", + "https://security.gentoo.org/glsa/201903-07", + "https://security.netapp.com/advisory/ntap-20190117-0001/", + "https://usn.ubuntu.com/3855-1/", + "https://usn.ubuntu.com/usn/usn-3855-1", + "https://www.debian.org/security/2019/dsa-4367", + "https://www.qualys.com/2019/01/09/system-down/system-down.txt" + ], + "PublishedDate": "2019-01-11T19:29:00Z", + "LastModifiedDate": "2019-05-13T20:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16888", + "PkgName": "systemd", + "InstalledVersion": "219-62.el7_6.5", + "FixedVersion": "219-67.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16888", + "Title": "systemd: kills privileged process if unprivileged PIDFile was tampered", + "Description": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20", + "CWE-732" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.4 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16888.html", + "http://linux.oracle.com/errata/ELSA-2019-2091.html", + "https://access.redhat.com/errata/RHSA-2019:2091", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16888", + "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74@%3Cuser.cassandra.apache.org%3E", + "https://security.netapp.com/advisory/ntap-20190307-0007/", + "https://usn.ubuntu.com/usn/usn-4269-1" + ], + "PublishedDate": "2019-01-14T22:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-15686", + "PkgName": "systemd-libs", + "InstalledVersion": "219-62.el7_6.5", + "FixedVersion": "219-67.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-15686", + "Title": "systemd: line splitting via fgets() allows for state injection during daemon-reexec", + "Description": "A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-502" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 10, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", + "V3Score": 3.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-15686.html", + "http://linux.oracle.com/errata/ELSA-2019-2091.html", + "http://www.securityfocus.com/bid/105747", + "https://access.redhat.com/errata/RHSA-2019:2091", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15686", + "https://github.com/systemd/systemd/pull/10519", + "https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html", + "https://security.gentoo.org/glsa/201810-10", + "https://usn.ubuntu.com/3816-1/", + "https://usn.ubuntu.com/usn/usn-3816-1", + "https://www.exploit-db.com/exploits/45714/" + ], + "PublishedDate": "2018-10-26T14:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16866", + "PkgName": "systemd-libs", + "InstalledVersion": "219-62.el7_6.5", + "FixedVersion": "219-67.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16866", + "Title": "systemd: out-of-bounds read when parsing a crafted syslog message", + "Description": "An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 2.1, + "V3Score": 3.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 4.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16866.html", + "http://linux.oracle.com/errata/ELSA-2019-2091.html", + "http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html", + "http://seclists.org/fulldisclosure/2019/May/21", + "http://www.openwall.com/lists/oss-security/2019/05/10/4", + "http://www.securityfocus.com/bid/106527", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16866", + "https://seclists.org/bugtraq/2019/May/25", + "https://security.gentoo.org/glsa/201903-07", + "https://security.netapp.com/advisory/ntap-20190117-0001/", + "https://usn.ubuntu.com/3855-1/", + "https://usn.ubuntu.com/usn/usn-3855-1", + "https://www.debian.org/security/2019/dsa-4367", + "https://www.qualys.com/2019/01/09/system-down/system-down.txt" + ], + "PublishedDate": "2019-01-11T19:29:00Z", + "LastModifiedDate": "2019-05-13T20:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16888", + "PkgName": "systemd-libs", + "InstalledVersion": "219-62.el7_6.5", + "FixedVersion": "219-67.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16888", + "Title": "systemd: kills privileged process if unprivileged PIDFile was tampered", + "Description": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20", + "CWE-732" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.4 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16888.html", + "http://linux.oracle.com/errata/ELSA-2019-2091.html", + "https://access.redhat.com/errata/RHSA-2019:2091", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16888", + "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74@%3Cuser.cassandra.apache.org%3E", + "https://security.netapp.com/advisory/ntap-20190307-0007/", + "https://usn.ubuntu.com/usn/usn-4269-1" + ], + "PublishedDate": "2019-01-14T22:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-12735", + "PkgName": "vim-minimal", + "InstalledVersion": "2:7.4.160-5.el7", + "FixedVersion": "2:7.4.160-6.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12735", + "Title": "vim/neovim: ':source!' command allows arbitrary command execution via modelines", + "Description": "getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-78" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "V2Score": 9.3, + "V3Score": 8.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 6.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-12735.html", + "http://linux.oracle.com/errata/ELSA-2019-1774.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00031.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00036.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00037.html", + "http://www.securityfocus.com/bid/108724", + "https://bugs.debian.org/930020", + "https://bugs.debian.org/930024", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12735", + "https://github.com/neovim/neovim/pull/10082", + "https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md", + "https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2BMDSHTF754TITC6AQJPCS5IRIDMMIM7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRIRBC2YRGKPAWVRMZS4SZTGGCVRVZPR/", + "https://usn.ubuntu.com/4016-1/", + "https://usn.ubuntu.com/4016-2/", + "https://usn.ubuntu.com/usn/usn-4016-1", + "https://usn.ubuntu.com/usn/usn-4016-2", + "https://www.debian.org/security/2019/dsa-4467" + ], + "PublishedDate": "2019-06-05T14:29:00Z", + "LastModifiedDate": "2019-06-13T21:29:00Z" + } + ] + } + ] +} \ No newline at end of file diff --git a/integration/testdata/centos-7-low-high.json.golden b/integration/testdata/centos-7-low-high.json.golden index c587950f3e..a25c66cfd9 100644 --- a/integration/testdata/centos-7-low-high.json.golden +++ b/integration/testdata/centos-7-low-high.json.golden @@ -1,2527 +1,2588 @@ -[ - { - "Target": "testdata/fixtures/images/centos-7.tar.gz (centos 7.6.1810)", - "Class": "os-pkgs", - "Type": "centos", - "Vulnerabilities": [ - { - "VulnerabilityID": "CVE-2018-5743", - "PkgName": "bind-license", - "InstalledVersion": "32:9.9.4-73.el7_6", - "FixedVersion": "32:9.9.4-74.el7_6.1", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" +{ + "SchemaVersion": 2, + "ArtifactName": "testdata/fixtures/images/centos-7.tar.gz", + "ArtifactType": "container_image", + "Metadata": { + "OS": { + "Family": "centos", + "Name": "7.6.1810" + }, + "ImageID": "sha256:9f38484d220fa527b1fb19747638497179500a1bed8bf0498eb788229229e6e1", + "DiffIDs": [ + "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + ], + "ImageConfig": { + "architecture": "amd64", + "container": "958baf5225f586da9c70a21e911a0a875402dd22d83133d78b3b3aa6130e7892", + "created": "2019-03-14T21:19:53.361167852Z", + "docker_version": "18.06.1-ce", + "history": [ + { + "created": "2019-03-14T21:19:52.66982152Z", + "created_by": "/bin/sh -c #(nop) ADD file:074f2c974463ab38cf3532134e8ba2c91c9e346457713f2e8b8e2ac0ee9fd83d in / " }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5743", - "Title": "bind: Limiting simultaneous TCP clients is ineffective", - "Description": "By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.6, 9.12.0 -\u003e 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -\u003e 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -\u003e 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", - "V3Score": 8.6 - } + { + "created": "2019-03-14T21:19:53.099141434Z", + "created_by": "/bin/sh -c #(nop) LABEL org.label-schema.schema-version=1.0 org.label-schema.name=CentOS Base Image org.label-schema.vendor=CentOS org.label-schema.license=GPLv2 org.label-schema.build-date=20190305", + "empty_layer": true }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-5743.html", - "http://linux.oracle.com/errata/ELSA-2019-1492.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743", - "https://kb.isc.org/docs/cve-2018-5743", - "https://support.f5.com/csp/article/K74009656?utm_source=f5support\u0026amp;utm_medium=RSS", - "https://usn.ubuntu.com/usn/usn-3956-1", - "https://usn.ubuntu.com/usn/usn-3956-2", - "https://www.synology.com/security/advisory/Synology_SA_19_20" - ], - "PublishedDate": "2019-10-09T16:15:00Z", - "LastModifiedDate": "2019-12-18T18:15:00Z" + { + "created": "2019-03-14T21:19:53.361167852Z", + "created_by": "/bin/sh -c #(nop) CMD [\"/bin/bash\"]", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + ] }, - { - "VulnerabilityID": "CVE-2018-12641", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "FixedVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12641", - "Title": "binutils: Stack Exhaustion in the demangling functions provided by libiberty", - "Description": "An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new.", - "Severity": "LOW", - "CweIDs": [ - "CWE-400" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-12641.html", - "http://linux.oracle.com/errata/ELSA-2019-2075.html", - "https://access.redhat.com/errata/RHSA-2019:2075", - "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763099", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12641", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85452", - "https://security.gentoo.org/glsa/201908-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23058" - ], - "PublishedDate": "2018-06-22T12:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12697", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "FixedVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12697", - "Title": "binutils: NULL pointer dereference in work_stuff_copy_to_from in cplus-dem.c.", - "Description": "A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-12697.html", - "http://linux.oracle.com/errata/ELSA-2019-2075.html", - "http://www.securityfocus.com/bid/104538", - "https://access.redhat.com/errata/RHSA-2019:2075", - "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12697", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454", - "https://security.gentoo.org/glsa/201908-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23057" - ], - "PublishedDate": "2018-06-23T23:29:00Z", - "LastModifiedDate": "2019-08-03T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-14618", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "FixedVersion": "7.29.0-51.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14618", - "Title": "curl: NTLM password overflow via integer overflow", - "Description": "curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 10, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-14618.html", - "http://linux.oracle.com/errata/ELSA-2019-1880.html", - "http://www.securitytracker.com/id/1041605", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618", - "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf", - "https://curl.haxx.se/docs/CVE-2018-14618.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14618", - "https://github.com/curl/curl/issues/2756", - "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0014", - "https://security.gentoo.org/glsa/201903-03", - "https://usn.ubuntu.com/3765-1/", - "https://usn.ubuntu.com/3765-2/", - "https://usn.ubuntu.com/usn/usn-3765-1", - "https://usn.ubuntu.com/usn/usn-3765-2", - "https://www.debian.org/security/2018/dsa-4286" - ], - "PublishedDate": "2018-09-05T19:29:00Z", - "LastModifiedDate": "2019-04-22T17:48:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16842", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "FixedVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16842", - "Title": "curl: Heap-based buffer over-read in the curl tool warning formatting", - "Description": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16842.html", - "http://linux.oracle.com/errata/ELSA-2019-2181.html", - "http://www.securitytracker.com/id/1042014", - "https://access.redhat.com/errata/RHSA-2019:2181", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842", - "https://curl.haxx.se/docs/CVE-2018-16842.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16842", - "https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", - "https://security.gentoo.org/glsa/201903-03", - "https://usn.ubuntu.com/3805-1/", - "https://usn.ubuntu.com/3805-2/", - "https://usn.ubuntu.com/usn/usn-3805-1", - "https://usn.ubuntu.com/usn/usn-3805-2", - "https://www.debian.org/security/2018/dsa-4331" - ], - "PublishedDate": "2018-10-31T19:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16062", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16062", - "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file", - "Description": "dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16062.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23541", - "https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-08-29T03:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16402", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16402", - "Title": "elfutils: Double-free due to double decompression of sections in crafted ELF causes crash", - "Description": "libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.", - "Severity": "LOW", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16402.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16402", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23528", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-09-03T19:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16403", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16403", - "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash", - "Description": "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16403.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16403", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23529", - "https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-09-03T19:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18310", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18310", - "Title": "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl", - "Description": "An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18310.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23752", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-15T02:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18520", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18520", - "Title": "elfutils: eu-size cannot handle recursive ar files", - "Description": "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18520.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23787", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-19T17:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18521", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18521", - "Title": "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c", - "Description": "Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.", - "Severity": "LOW", - "CweIDs": [ - "CWE-369" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18521.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23786", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-19T17:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7149", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7149", - "Title": "elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw", - "Description": "A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7149.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7149", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24102", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-01-29T00:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7150", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7150", - "Title": "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c", - "Description": "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7150.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24103", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-01-29T00:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7664", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7664", - "Title": "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h", - "Description": "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7664.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24084" - ], - "PublishedDate": "2019-02-09T16:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7665", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7665", - "Title": "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c", - "Description": "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7665.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24089", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-02-09T16:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16062", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16062", - "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file", - "Description": "dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16062.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23541", - "https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-08-29T03:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16402", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16402", - "Title": "elfutils: Double-free due to double decompression of sections in crafted ELF causes crash", - "Description": "libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.", - "Severity": "LOW", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16402.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16402", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23528", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-09-03T19:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16403", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16403", - "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash", - "Description": "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16403.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16403", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23529", - "https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-09-03T19:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18310", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18310", - "Title": "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl", - "Description": "An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18310.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23752", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-15T02:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18520", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18520", - "Title": "elfutils: eu-size cannot handle recursive ar files", - "Description": "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18520.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23787", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-19T17:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18521", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18521", - "Title": "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c", - "Description": "Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.", - "Severity": "LOW", - "CweIDs": [ - "CWE-369" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18521.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23786", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-19T17:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7149", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7149", - "Title": "elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw", - "Description": "A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7149.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7149", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24102", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-01-29T00:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7150", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7150", - "Title": "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c", - "Description": "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7150.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24103", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-01-29T00:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7664", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7664", - "Title": "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h", - "Description": "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7664.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24084" - ], - "PublishedDate": "2019-02-09T16:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7665", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7665", - "Title": "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c", - "Description": "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7665.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24089", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-02-09T16:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16062", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16062", - "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file", - "Description": "dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16062.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23541", - "https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-08-29T03:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16402", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16402", - "Title": "elfutils: Double-free due to double decompression of sections in crafted ELF causes crash", - "Description": "libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.", - "Severity": "LOW", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16402.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16402", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23528", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-09-03T19:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16403", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16403", - "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash", - "Description": "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16403.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16403", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23529", - "https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-09-03T19:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18310", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18310", - "Title": "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl", - "Description": "An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18310.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23752", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-15T02:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18520", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18520", - "Title": "elfutils: eu-size cannot handle recursive ar files", - "Description": "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18520.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23787", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-19T17:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18521", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18521", - "Title": "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c", - "Description": "Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.", - "Severity": "LOW", - "CweIDs": [ - "CWE-369" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18521.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23786", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-19T17:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7149", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7149", - "Title": "elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw", - "Description": "A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7149.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7149", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24102", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-01-29T00:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7150", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7150", - "Title": "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c", - "Description": "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7150.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24103", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-01-29T00:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7664", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7664", - "Title": "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h", - "Description": "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7664.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24084" - ], - "PublishedDate": "2019-02-09T16:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7665", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7665", - "Title": "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c", - "Description": "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7665.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24089", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-02-09T16:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-14618", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "FixedVersion": "7.29.0-51.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14618", - "Title": "curl: NTLM password overflow via integer overflow", - "Description": "curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 10, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-14618.html", - "http://linux.oracle.com/errata/ELSA-2019-1880.html", - "http://www.securitytracker.com/id/1041605", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618", - "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf", - "https://curl.haxx.se/docs/CVE-2018-14618.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14618", - "https://github.com/curl/curl/issues/2756", - "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0014", - "https://security.gentoo.org/glsa/201903-03", - "https://usn.ubuntu.com/3765-1/", - "https://usn.ubuntu.com/3765-2/", - "https://usn.ubuntu.com/usn/usn-3765-1", - "https://usn.ubuntu.com/usn/usn-3765-2", - "https://www.debian.org/security/2018/dsa-4286" - ], - "PublishedDate": "2018-09-05T19:29:00Z", - "LastModifiedDate": "2019-04-22T17:48:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16842", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "FixedVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16842", - "Title": "curl: Heap-based buffer over-read in the curl tool warning formatting", - "Description": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16842.html", - "http://linux.oracle.com/errata/ELSA-2019-2181.html", - "http://www.securitytracker.com/id/1042014", - "https://access.redhat.com/errata/RHSA-2019:2181", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842", - "https://curl.haxx.se/docs/CVE-2018-16842.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16842", - "https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", - "https://security.gentoo.org/glsa/201903-03", - "https://usn.ubuntu.com/3805-1/", - "https://usn.ubuntu.com/3805-2/", - "https://usn.ubuntu.com/usn/usn-3805-1", - "https://usn.ubuntu.com/usn/usn-3805-2", - "https://www.debian.org/security/2018/dsa-4331" - ], - "PublishedDate": "2018-10-31T19:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3855", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.el7", - "FixedVersion": "1.4.3-12.el7_6.2", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3855", - "Title": "libssh2: Integer overflow in transport read resulting in out of bounds write", - "Description": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 9.3, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3855.html", - "http://linux.oracle.com/errata/ELSA-2019-1652.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", - "http://www.openwall.com/lists/oss-security/2019/03/18/3", - "http://www.securityfocus.com/bid/107485", - "https://access.redhat.com/errata/RHSA-2019:0679", - "https://access.redhat.com/errata/RHSA-2019:1175", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3855", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3855", - "https://github.com/libssh2/libssh2/pull/315", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://seclists.org/bugtraq/2019/Mar/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3855.html" - ], - "PublishedDate": "2019-03-21T21:29:00Z", - "LastModifiedDate": "2019-05-14T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3856", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.el7", - "FixedVersion": "1.4.3-12.el7_6.2", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3856", - "Title": "libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write", - "Description": "An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3856.html", - "http://linux.oracle.com/errata/ELSA-2019-1652.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "https://access.redhat.com/errata/RHSA-2019:0679", - "https://access.redhat.com/errata/RHSA-2019:1175", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3856", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3856", - "https://github.com/libssh2/libssh2/pull/315", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3856.html" - ], - "PublishedDate": "2019-03-25T19:29:00Z", - "LastModifiedDate": "2019-05-14T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3857", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.el7", - "FixedVersion": "1.4.3-12.el7_6.2", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3857", - "Title": "libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write", - "Description": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3857.html", - "http://linux.oracle.com/errata/ELSA-2019-1652.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "https://access.redhat.com/errata/RHSA-2019:0679", - "https://access.redhat.com/errata/RHSA-2019:1175", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3857", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3857", - "https://github.com/libssh2/libssh2/pull/315", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3857.html" - ], - "PublishedDate": "2019-03-25T19:29:00Z", - "LastModifiedDate": "2019-05-14T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3863", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.el7", - "FixedVersion": "1.4.3-12.el7_6.2", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3863", - "Title": "libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes", - "Description": "A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3863.html", - "http://linux.oracle.com/errata/ELSA-2019-1652.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "https://access.redhat.com/errata/RHSA-2019:0679", - "https://access.redhat.com/errata/RHSA-2019:1175", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3863", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3863", - "https://github.com/libssh2/libssh2/pull/315", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3863.html" - ], - "PublishedDate": "2019-03-25T18:29:00Z", - "LastModifiedDate": "2019-05-14T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-7.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-softokn", - "InstalledVersion": "3.36.0-5.el7_5", - "FixedVersion": "3.44.0-8.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.36.0-5.el7_5", - "FixedVersion": "3.44.0-8.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-7.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-7.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-util", - "InstalledVersion": "3.36.0-1.1.el7_6", - "FixedVersion": "3.44.0-4.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0734", - "PkgName": "openssl-libs", - "InstalledVersion": "1:1.0.2k-16.el7", - "FixedVersion": "1:1.0.2k-19.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0734", - "Title": "openssl: timing side channel attack in the DSA signature algorithm", - "Description": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).", - "Severity": "LOW", - "CweIDs": [ - "CWE-320" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0734.html", - "http://linux.oracle.com/errata/ELSA-2019-3700.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html", - "http://www.securityfocus.com/bid/105758", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7", - "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", - "https://security.netapp.com/advisory/ntap-20181105-0002/", - "https://security.netapp.com/advisory/ntap-20190118-0002/", - "https://security.netapp.com/advisory/ntap-20190423-0002/", - "https://usn.ubuntu.com/3840-1/", - "https://usn.ubuntu.com/usn/usn-3840-1", - "https://www.debian.org/security/2018/dsa-4348", - "https://www.debian.org/security/2018/dsa-4355", - "https://www.openssl.org/news/secadv/20181030.txt", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "https://www.tenable.com/security/tns-2018-16", - "https://www.tenable.com/security/tns-2018-17" - ], - "PublishedDate": "2018-10-30T12:29:00Z", - "LastModifiedDate": "2019-06-11T22:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-10160", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-80.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-10160", - "Title": "python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc", - "Description": "A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 9.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-10160.html", - "http://linux.oracle.com/errata/ELSA-2019-1587.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html", - "https://access.redhat.com/errata/RHSA-2019:1587", - "https://access.redhat.com/errata/RHSA-2019:1700", - "https://access.redhat.com/errata/RHSA-2019:2437", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10160", - "https://github.com/python/cpython/commit/250b62acc59921d399f0db47db3b462cd6037e09", - "https://github.com/python/cpython/commit/8d0ef0b5edeae52960c7ed05ae8a12388324f87e", - "https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de", - "https://github.com/python/cpython/commit/fd1771dbdd28709716bd531580c40ae5ed814468", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/", - "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html", - "https://security.netapp.com/advisory/ntap-20190617-0003/", - "https://usn.ubuntu.com/4127-1/", - "https://usn.ubuntu.com/4127-2/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-06-07T18:29:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9636", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-77.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9636", - "Title": "python: Information Disclosure due to urlsplit improper NFKC normalization", - "Description": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 9.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9636.html", - "http://linux.oracle.com/errata/ELSA-2019-1467.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", - "http://www.securityfocus.com/bid/107400", - "https://access.redhat.com/errata/RHBA-2019:0959", - "https://access.redhat.com/errata/RHSA-2019:0710", - "https://access.redhat.com/errata/RHSA-2019:0765", - "https://access.redhat.com/errata/RHSA-2019:0806", - "https://access.redhat.com/errata/RHSA-2019:0902", - "https://access.redhat.com/errata/RHSA-2019:0981", - "https://access.redhat.com/errata/RHSA-2019:0997", - "https://access.redhat.com/errata/RHSA-2019:1467", - "https://bugs.python.org/issue36216", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636", - "https://github.com/python/cpython/pull/12201", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/", - "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html", - "https://security.netapp.com/advisory/ntap-20190517-0001/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-08T21:29:00Z", - "LastModifiedDate": "2019-06-13T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-10160", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-80.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-10160", - "Title": "python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc", - "Description": "A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 9.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-10160.html", - "http://linux.oracle.com/errata/ELSA-2019-1587.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html", - "https://access.redhat.com/errata/RHSA-2019:1587", - "https://access.redhat.com/errata/RHSA-2019:1700", - "https://access.redhat.com/errata/RHSA-2019:2437", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10160", - "https://github.com/python/cpython/commit/250b62acc59921d399f0db47db3b462cd6037e09", - "https://github.com/python/cpython/commit/8d0ef0b5edeae52960c7ed05ae8a12388324f87e", - "https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de", - "https://github.com/python/cpython/commit/fd1771dbdd28709716bd531580c40ae5ed814468", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/", - "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html", - "https://security.netapp.com/advisory/ntap-20190617-0003/", - "https://usn.ubuntu.com/4127-1/", - "https://usn.ubuntu.com/4127-2/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-06-07T18:29:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9636", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-77.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9636", - "Title": "python: Information Disclosure due to urlsplit improper NFKC normalization", - "Description": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 9.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9636.html", - "http://linux.oracle.com/errata/ELSA-2019-1467.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", - "http://www.securityfocus.com/bid/107400", - "https://access.redhat.com/errata/RHBA-2019:0959", - "https://access.redhat.com/errata/RHSA-2019:0710", - "https://access.redhat.com/errata/RHSA-2019:0765", - "https://access.redhat.com/errata/RHSA-2019:0806", - "https://access.redhat.com/errata/RHSA-2019:0902", - "https://access.redhat.com/errata/RHSA-2019:0981", - "https://access.redhat.com/errata/RHSA-2019:0997", - "https://access.redhat.com/errata/RHSA-2019:1467", - "https://bugs.python.org/issue36216", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636", - "https://github.com/python/cpython/pull/12201", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/", - "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html", - "https://security.netapp.com/advisory/ntap-20190517-0001/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-08T21:29:00Z", - "LastModifiedDate": "2019-06-13T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13734", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "FixedVersion": "3.7.17-8.el7_7.1", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13734", - "Title": "sqlite: fts3: improve shadow table corruption detection", - "Description": "Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 8.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-13734.html", - "http://linux.oracle.com/errata/ELSA-2020-0273.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html", - "https://access.redhat.com/errata/RHSA-2019:4238", - "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", - "https://crbug.com/1025466", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13734", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/" - ], - "PublishedDate": "2019-12-10T22:15:00Z", - "LastModifiedDate": "2019-12-16T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16888", - "PkgName": "systemd", - "InstalledVersion": "219-62.el7_6.5", - "FixedVersion": "219-67.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16888", - "Title": "systemd: kills privileged process if unprivileged PIDFile was tampered", - "Description": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20", - "CWE-732" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16888.html", - "http://linux.oracle.com/errata/ELSA-2019-2091.html", - "https://access.redhat.com/errata/RHSA-2019:2091", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16888", - "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74@%3Cuser.cassandra.apache.org%3E", - "https://security.netapp.com/advisory/ntap-20190307-0007/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2019-01-14T22:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16888", - "PkgName": "systemd-libs", - "InstalledVersion": "219-62.el7_6.5", - "FixedVersion": "219-67.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16888", - "Title": "systemd: kills privileged process if unprivileged PIDFile was tampered", - "Description": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20", - "CWE-732" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16888.html", - "http://linux.oracle.com/errata/ELSA-2019-2091.html", - "https://access.redhat.com/errata/RHSA-2019:2091", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16888", - "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74@%3Cuser.cassandra.apache.org%3E", - "https://security.netapp.com/advisory/ntap-20190307-0007/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2019-01-14T22:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-12735", - "PkgName": "vim-minimal", - "InstalledVersion": "2:7.4.160-5.el7", - "FixedVersion": "2:7.4.160-6.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12735", - "Title": "vim/neovim: ':source!' command allows arbitrary command execution via modelines", - "Description": "getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-78" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 9.3, - "V3Score": 8.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 6.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-12735.html", - "http://linux.oracle.com/errata/ELSA-2019-1774.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00031.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00036.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00037.html", - "http://www.securityfocus.com/bid/108724", - "https://bugs.debian.org/930020", - "https://bugs.debian.org/930024", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12735", - "https://github.com/neovim/neovim/pull/10082", - "https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md", - "https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2BMDSHTF754TITC6AQJPCS5IRIDMMIM7/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRIRBC2YRGKPAWVRMZS4SZTGGCVRVZPR/", - "https://usn.ubuntu.com/4016-1/", - "https://usn.ubuntu.com/4016-2/", - "https://usn.ubuntu.com/usn/usn-4016-1", - "https://usn.ubuntu.com/usn/usn-4016-2", - "https://www.debian.org/security/2019/dsa-4467" - ], - "PublishedDate": "2019-06-05T14:29:00Z", - "LastModifiedDate": "2019-06-13T21:29:00Z" + "config": { + "Cmd": [ + "/bin/bash" + ], + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + ], + "Image": "sha256:294e8d8145287e70f07328cc09d840fad8980b801223321b983442f097aff0d8", + "Labels": { + "org.label-schema.build-date": "20190305", + "org.label-schema.license": "GPLv2", + "org.label-schema.name": "CentOS Base Image", + "org.label-schema.schema-version": "1.0", + "org.label-schema.vendor": "CentOS" + }, + "ArgsEscaped": true } - ] - } -] \ No newline at end of file + } + }, + "Results": [ + { + "Target": "testdata/fixtures/images/centos-7.tar.gz (centos 7.6.1810)", + "Class": "os-pkgs", + "Type": "centos", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2018-5743", + "PkgName": "bind-license", + "InstalledVersion": "32:9.9.4-73.el7_6", + "FixedVersion": "32:9.9.4-74.el7_6.1", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5743", + "Title": "bind: Limiting simultaneous TCP clients is ineffective", + "Description": "By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.6, 9.12.0 -\u003e 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -\u003e 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -\u003e 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", + "V3Score": 8.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-5743.html", + "http://linux.oracle.com/errata/ELSA-2019-1492.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743", + "https://kb.isc.org/docs/cve-2018-5743", + "https://support.f5.com/csp/article/K74009656?utm_source=f5support\u0026amp;utm_medium=RSS", + "https://usn.ubuntu.com/usn/usn-3956-1", + "https://usn.ubuntu.com/usn/usn-3956-2", + "https://www.synology.com/security/advisory/Synology_SA_19_20" + ], + "PublishedDate": "2019-10-09T16:15:00Z", + "LastModifiedDate": "2019-12-18T18:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12641", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "FixedVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12641", + "Title": "binutils: Stack Exhaustion in the demangling functions provided by libiberty", + "Description": "An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new.", + "Severity": "LOW", + "CweIDs": [ + "CWE-400" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-12641.html", + "http://linux.oracle.com/errata/ELSA-2019-2075.html", + "https://access.redhat.com/errata/RHSA-2019:2075", + "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763099", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12641", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85452", + "https://security.gentoo.org/glsa/201908-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23058" + ], + "PublishedDate": "2018-06-22T12:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12697", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "FixedVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12697", + "Title": "binutils: NULL pointer dereference in work_stuff_copy_to_from in cplus-dem.c.", + "Description": "A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-12697.html", + "http://linux.oracle.com/errata/ELSA-2019-2075.html", + "http://www.securityfocus.com/bid/104538", + "https://access.redhat.com/errata/RHSA-2019:2075", + "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12697", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454", + "https://security.gentoo.org/glsa/201908-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23057" + ], + "PublishedDate": "2018-06-23T23:29:00Z", + "LastModifiedDate": "2019-08-03T13:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-14618", + "PkgName": "curl", + "InstalledVersion": "7.29.0-51.el7", + "FixedVersion": "7.29.0-51.el7_6.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14618", + "Title": "curl: NTLM password overflow via integer overflow", + "Description": "curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 10, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-14618.html", + "http://linux.oracle.com/errata/ELSA-2019-1880.html", + "http://www.securitytracker.com/id/1041605", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618", + "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf", + "https://curl.haxx.se/docs/CVE-2018-14618.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14618", + "https://github.com/curl/curl/issues/2756", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0014", + "https://security.gentoo.org/glsa/201903-03", + "https://usn.ubuntu.com/3765-1/", + "https://usn.ubuntu.com/3765-2/", + "https://usn.ubuntu.com/usn/usn-3765-1", + "https://usn.ubuntu.com/usn/usn-3765-2", + "https://www.debian.org/security/2018/dsa-4286" + ], + "PublishedDate": "2018-09-05T19:29:00Z", + "LastModifiedDate": "2019-04-22T17:48:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16842", + "PkgName": "curl", + "InstalledVersion": "7.29.0-51.el7", + "FixedVersion": "7.29.0-54.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16842", + "Title": "curl: Heap-based buffer over-read in the curl tool warning formatting", + "Description": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", + "V3Score": 3.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16842.html", + "http://linux.oracle.com/errata/ELSA-2019-2181.html", + "http://www.securitytracker.com/id/1042014", + "https://access.redhat.com/errata/RHSA-2019:2181", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842", + "https://curl.haxx.se/docs/CVE-2018-16842.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16842", + "https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211", + "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", + "https://security.gentoo.org/glsa/201903-03", + "https://usn.ubuntu.com/3805-1/", + "https://usn.ubuntu.com/3805-2/", + "https://usn.ubuntu.com/usn/usn-3805-1", + "https://usn.ubuntu.com/usn/usn-3805-2", + "https://www.debian.org/security/2018/dsa-4331" + ], + "PublishedDate": "2018-10-31T19:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16062", + "PkgName": "elfutils-default-yama-scope", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16062", + "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file", + "Description": "dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16062.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://access.redhat.com/errata/RHSA-2019:2197", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23541", + "https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-08-29T03:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16402", + "PkgName": "elfutils-default-yama-scope", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16402", + "Title": "elfutils: Double-free due to double decompression of sections in crafted ELF causes crash", + "Description": "libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.", + "Severity": "LOW", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16402.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16402", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23528", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-09-03T19:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16403", + "PkgName": "elfutils-default-yama-scope", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16403", + "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash", + "Description": "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16403.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://access.redhat.com/errata/RHSA-2019:2197", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16403", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23529", + "https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-09-03T19:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18310", + "PkgName": "elfutils-default-yama-scope", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18310", + "Title": "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl", + "Description": "An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-18310.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23752", + "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-10-15T02:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18520", + "PkgName": "elfutils-default-yama-scope", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18520", + "Title": "elfutils: eu-size cannot handle recursive ar files", + "Description": "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-18520.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23787", + "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-10-19T17:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18521", + "PkgName": "elfutils-default-yama-scope", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18521", + "Title": "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c", + "Description": "Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.", + "Severity": "LOW", + "CweIDs": [ + "CWE-369" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-18521.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23786", + "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-10-19T17:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7149", + "PkgName": "elfutils-default-yama-scope", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7149", + "Title": "elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw", + "Description": "A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7149.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7149", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24102", + "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2019-01-29T00:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7150", + "PkgName": "elfutils-default-yama-scope", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7150", + "Title": "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c", + "Description": "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7150.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24103", + "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2019-01-29T00:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7664", + "PkgName": "elfutils-default-yama-scope", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7664", + "Title": "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h", + "Description": "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7664.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://access.redhat.com/errata/RHSA-2019:2197", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24084" + ], + "PublishedDate": "2019-02-09T16:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7665", + "PkgName": "elfutils-default-yama-scope", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7665", + "Title": "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c", + "Description": "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7665.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24089", + "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2019-02-09T16:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16062", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16062", + "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file", + "Description": "dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16062.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://access.redhat.com/errata/RHSA-2019:2197", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23541", + "https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-08-29T03:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16402", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16402", + "Title": "elfutils: Double-free due to double decompression of sections in crafted ELF causes crash", + "Description": "libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.", + "Severity": "LOW", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16402.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16402", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23528", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-09-03T19:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16403", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16403", + "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash", + "Description": "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16403.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://access.redhat.com/errata/RHSA-2019:2197", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16403", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23529", + "https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-09-03T19:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18310", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18310", + "Title": "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl", + "Description": "An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-18310.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23752", + "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-10-15T02:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18520", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18520", + "Title": "elfutils: eu-size cannot handle recursive ar files", + "Description": "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-18520.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23787", + "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-10-19T17:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18521", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18521", + "Title": "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c", + "Description": "Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.", + "Severity": "LOW", + "CweIDs": [ + "CWE-369" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-18521.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23786", + "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-10-19T17:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7149", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7149", + "Title": "elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw", + "Description": "A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7149.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7149", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24102", + "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2019-01-29T00:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7150", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7150", + "Title": "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c", + "Description": "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7150.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24103", + "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2019-01-29T00:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7664", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7664", + "Title": "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h", + "Description": "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7664.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://access.redhat.com/errata/RHSA-2019:2197", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24084" + ], + "PublishedDate": "2019-02-09T16:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7665", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7665", + "Title": "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c", + "Description": "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7665.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24089", + "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2019-02-09T16:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16062", + "PkgName": "elfutils-libs", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16062", + "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file", + "Description": "dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16062.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://access.redhat.com/errata/RHSA-2019:2197", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23541", + "https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-08-29T03:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16402", + "PkgName": "elfutils-libs", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16402", + "Title": "elfutils: Double-free due to double decompression of sections in crafted ELF causes crash", + "Description": "libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.", + "Severity": "LOW", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16402.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16402", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23528", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-09-03T19:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16403", + "PkgName": "elfutils-libs", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16403", + "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash", + "Description": "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16403.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://access.redhat.com/errata/RHSA-2019:2197", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16403", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23529", + "https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-09-03T19:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18310", + "PkgName": "elfutils-libs", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18310", + "Title": "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl", + "Description": "An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-18310.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23752", + "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-10-15T02:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18520", + "PkgName": "elfutils-libs", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18520", + "Title": "elfutils: eu-size cannot handle recursive ar files", + "Description": "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-18520.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23787", + "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-10-19T17:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18521", + "PkgName": "elfutils-libs", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18521", + "Title": "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c", + "Description": "Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.", + "Severity": "LOW", + "CweIDs": [ + "CWE-369" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-18521.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23786", + "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-10-19T17:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7149", + "PkgName": "elfutils-libs", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7149", + "Title": "elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw", + "Description": "A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7149.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7149", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24102", + "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2019-01-29T00:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7150", + "PkgName": "elfutils-libs", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7150", + "Title": "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c", + "Description": "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7150.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24103", + "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2019-01-29T00:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7664", + "PkgName": "elfutils-libs", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7664", + "Title": "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h", + "Description": "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7664.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://access.redhat.com/errata/RHSA-2019:2197", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24084" + ], + "PublishedDate": "2019-02-09T16:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7665", + "PkgName": "elfutils-libs", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7665", + "Title": "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c", + "Description": "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7665.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24089", + "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2019-02-09T16:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-14618", + "PkgName": "libcurl", + "InstalledVersion": "7.29.0-51.el7", + "FixedVersion": "7.29.0-51.el7_6.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14618", + "Title": "curl: NTLM password overflow via integer overflow", + "Description": "curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 10, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-14618.html", + "http://linux.oracle.com/errata/ELSA-2019-1880.html", + "http://www.securitytracker.com/id/1041605", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618", + "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf", + "https://curl.haxx.se/docs/CVE-2018-14618.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14618", + "https://github.com/curl/curl/issues/2756", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0014", + "https://security.gentoo.org/glsa/201903-03", + "https://usn.ubuntu.com/3765-1/", + "https://usn.ubuntu.com/3765-2/", + "https://usn.ubuntu.com/usn/usn-3765-1", + "https://usn.ubuntu.com/usn/usn-3765-2", + "https://www.debian.org/security/2018/dsa-4286" + ], + "PublishedDate": "2018-09-05T19:29:00Z", + "LastModifiedDate": "2019-04-22T17:48:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16842", + "PkgName": "libcurl", + "InstalledVersion": "7.29.0-51.el7", + "FixedVersion": "7.29.0-54.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16842", + "Title": "curl: Heap-based buffer over-read in the curl tool warning formatting", + "Description": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", + "V3Score": 3.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16842.html", + "http://linux.oracle.com/errata/ELSA-2019-2181.html", + "http://www.securitytracker.com/id/1042014", + "https://access.redhat.com/errata/RHSA-2019:2181", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842", + "https://curl.haxx.se/docs/CVE-2018-16842.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16842", + "https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211", + "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", + "https://security.gentoo.org/glsa/201903-03", + "https://usn.ubuntu.com/3805-1/", + "https://usn.ubuntu.com/3805-2/", + "https://usn.ubuntu.com/usn/usn-3805-1", + "https://usn.ubuntu.com/usn/usn-3805-2", + "https://www.debian.org/security/2018/dsa-4331" + ], + "PublishedDate": "2018-10-31T19:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3855", + "PkgName": "libssh2", + "InstalledVersion": "1.4.3-12.el7", + "FixedVersion": "1.4.3-12.el7_6.2", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3855", + "Title": "libssh2: Integer overflow in transport read resulting in out of bounds write", + "Description": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 9.3, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-3855.html", + "http://linux.oracle.com/errata/ELSA-2019-1652.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", + "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", + "http://www.openwall.com/lists/oss-security/2019/03/18/3", + "http://www.securityfocus.com/bid/107485", + "https://access.redhat.com/errata/RHSA-2019:0679", + "https://access.redhat.com/errata/RHSA-2019:1175", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3855", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3855", + "https://github.com/libssh2/libssh2/pull/315", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", + "https://seclists.org/bugtraq/2019/Apr/25", + "https://seclists.org/bugtraq/2019/Mar/25", + "https://security.netapp.com/advisory/ntap-20190327-0005/", + "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", + "https://www.debian.org/security/2019/dsa-4431", + "https://www.libssh2.org/CVE-2019-3855.html" + ], + "PublishedDate": "2019-03-21T21:29:00Z", + "LastModifiedDate": "2019-05-14T21:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3856", + "PkgName": "libssh2", + "InstalledVersion": "1.4.3-12.el7", + "FixedVersion": "1.4.3-12.el7_6.2", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3856", + "Title": "libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write", + "Description": "An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-3856.html", + "http://linux.oracle.com/errata/ELSA-2019-1652.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", + "https://access.redhat.com/errata/RHSA-2019:0679", + "https://access.redhat.com/errata/RHSA-2019:1175", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3856", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3856", + "https://github.com/libssh2/libssh2/pull/315", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", + "https://seclists.org/bugtraq/2019/Apr/25", + "https://security.netapp.com/advisory/ntap-20190327-0005/", + "https://www.debian.org/security/2019/dsa-4431", + "https://www.libssh2.org/CVE-2019-3856.html" + ], + "PublishedDate": "2019-03-25T19:29:00Z", + "LastModifiedDate": "2019-05-14T21:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3857", + "PkgName": "libssh2", + "InstalledVersion": "1.4.3-12.el7", + "FixedVersion": "1.4.3-12.el7_6.2", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3857", + "Title": "libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write", + "Description": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-3857.html", + "http://linux.oracle.com/errata/ELSA-2019-1652.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", + "https://access.redhat.com/errata/RHSA-2019:0679", + "https://access.redhat.com/errata/RHSA-2019:1175", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3857", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3857", + "https://github.com/libssh2/libssh2/pull/315", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", + "https://seclists.org/bugtraq/2019/Apr/25", + "https://security.netapp.com/advisory/ntap-20190327-0005/", + "https://www.debian.org/security/2019/dsa-4431", + "https://www.libssh2.org/CVE-2019-3857.html" + ], + "PublishedDate": "2019-03-25T19:29:00Z", + "LastModifiedDate": "2019-05-14T21:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3863", + "PkgName": "libssh2", + "InstalledVersion": "1.4.3-12.el7", + "FixedVersion": "1.4.3-12.el7_6.2", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3863", + "Title": "libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes", + "Description": "A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-3863.html", + "http://linux.oracle.com/errata/ELSA-2019-1652.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", + "https://access.redhat.com/errata/RHSA-2019:0679", + "https://access.redhat.com/errata/RHSA-2019:1175", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3863", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3863", + "https://github.com/libssh2/libssh2/pull/315", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", + "https://seclists.org/bugtraq/2019/Apr/25", + "https://security.netapp.com/advisory/ntap-20190327-0005/", + "https://www.debian.org/security/2019/dsa-4431", + "https://www.libssh2.org/CVE-2019-3863.html" + ], + "PublishedDate": "2019-03-25T18:29:00Z", + "LastModifiedDate": "2019-05-14T21:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11745", + "PkgName": "nss", + "InstalledVersion": "3.36.0-7.1.el7_6", + "FixedVersion": "3.44.0-7.el7_7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", + "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", + "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11745.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", + "https://usn.ubuntu.com/4241-1/", + "https://usn.ubuntu.com/usn/usn-4203-1", + "https://usn.ubuntu.com/usn/usn-4203-2", + "https://usn.ubuntu.com/usn/usn-4216-1", + "https://usn.ubuntu.com/usn/usn-4216-2", + "https://usn.ubuntu.com/usn/usn-4241-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", + "https://www.mozilla.org/security/advisories/mfsa2019-36/", + "https://www.mozilla.org/security/advisories/mfsa2019-37/", + "https://www.mozilla.org/security/advisories/mfsa2019-38/" + ], + "PublishedDate": "2020-01-08T20:15:00Z", + "LastModifiedDate": "2020-01-16T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11745", + "PkgName": "nss-softokn", + "InstalledVersion": "3.36.0-5.el7_5", + "FixedVersion": "3.44.0-8.el7_7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", + "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", + "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11745.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", + "https://usn.ubuntu.com/4241-1/", + "https://usn.ubuntu.com/usn/usn-4203-1", + "https://usn.ubuntu.com/usn/usn-4203-2", + "https://usn.ubuntu.com/usn/usn-4216-1", + "https://usn.ubuntu.com/usn/usn-4216-2", + "https://usn.ubuntu.com/usn/usn-4241-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", + "https://www.mozilla.org/security/advisories/mfsa2019-36/", + "https://www.mozilla.org/security/advisories/mfsa2019-37/", + "https://www.mozilla.org/security/advisories/mfsa2019-38/" + ], + "PublishedDate": "2020-01-08T20:15:00Z", + "LastModifiedDate": "2020-01-16T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11745", + "PkgName": "nss-softokn-freebl", + "InstalledVersion": "3.36.0-5.el7_5", + "FixedVersion": "3.44.0-8.el7_7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", + "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", + "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11745.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", + "https://usn.ubuntu.com/4241-1/", + "https://usn.ubuntu.com/usn/usn-4203-1", + "https://usn.ubuntu.com/usn/usn-4203-2", + "https://usn.ubuntu.com/usn/usn-4216-1", + "https://usn.ubuntu.com/usn/usn-4216-2", + "https://usn.ubuntu.com/usn/usn-4241-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", + "https://www.mozilla.org/security/advisories/mfsa2019-36/", + "https://www.mozilla.org/security/advisories/mfsa2019-37/", + "https://www.mozilla.org/security/advisories/mfsa2019-38/" + ], + "PublishedDate": "2020-01-08T20:15:00Z", + "LastModifiedDate": "2020-01-16T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11745", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.36.0-7.1.el7_6", + "FixedVersion": "3.44.0-7.el7_7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", + "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", + "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11745.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", + "https://usn.ubuntu.com/4241-1/", + "https://usn.ubuntu.com/usn/usn-4203-1", + "https://usn.ubuntu.com/usn/usn-4203-2", + "https://usn.ubuntu.com/usn/usn-4216-1", + "https://usn.ubuntu.com/usn/usn-4216-2", + "https://usn.ubuntu.com/usn/usn-4241-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", + "https://www.mozilla.org/security/advisories/mfsa2019-36/", + "https://www.mozilla.org/security/advisories/mfsa2019-37/", + "https://www.mozilla.org/security/advisories/mfsa2019-38/" + ], + "PublishedDate": "2020-01-08T20:15:00Z", + "LastModifiedDate": "2020-01-16T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11745", + "PkgName": "nss-tools", + "InstalledVersion": "3.36.0-7.1.el7_6", + "FixedVersion": "3.44.0-7.el7_7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", + "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", + "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11745.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", + "https://usn.ubuntu.com/4241-1/", + "https://usn.ubuntu.com/usn/usn-4203-1", + "https://usn.ubuntu.com/usn/usn-4203-2", + "https://usn.ubuntu.com/usn/usn-4216-1", + "https://usn.ubuntu.com/usn/usn-4216-2", + "https://usn.ubuntu.com/usn/usn-4241-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", + "https://www.mozilla.org/security/advisories/mfsa2019-36/", + "https://www.mozilla.org/security/advisories/mfsa2019-37/", + "https://www.mozilla.org/security/advisories/mfsa2019-38/" + ], + "PublishedDate": "2020-01-08T20:15:00Z", + "LastModifiedDate": "2020-01-16T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11745", + "PkgName": "nss-util", + "InstalledVersion": "3.36.0-1.1.el7_6", + "FixedVersion": "3.44.0-4.el7_7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", + "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", + "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11745.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", + "https://usn.ubuntu.com/4241-1/", + "https://usn.ubuntu.com/usn/usn-4203-1", + "https://usn.ubuntu.com/usn/usn-4203-2", + "https://usn.ubuntu.com/usn/usn-4216-1", + "https://usn.ubuntu.com/usn/usn-4216-2", + "https://usn.ubuntu.com/usn/usn-4241-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", + "https://www.mozilla.org/security/advisories/mfsa2019-36/", + "https://www.mozilla.org/security/advisories/mfsa2019-37/", + "https://www.mozilla.org/security/advisories/mfsa2019-38/" + ], + "PublishedDate": "2020-01-08T20:15:00Z", + "LastModifiedDate": "2020-01-16T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-0734", + "PkgName": "openssl-libs", + "InstalledVersion": "1:1.0.2k-16.el7", + "FixedVersion": "1:1.0.2k-19.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0734", + "Title": "openssl: timing side channel attack in the DSA signature algorithm", + "Description": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).", + "Severity": "LOW", + "CweIDs": [ + "CWE-320" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-0734.html", + "http://linux.oracle.com/errata/ELSA-2019-3700.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html", + "http://www.securityfocus.com/bid/105758", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7", + "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", + "https://security.netapp.com/advisory/ntap-20181105-0002/", + "https://security.netapp.com/advisory/ntap-20190118-0002/", + "https://security.netapp.com/advisory/ntap-20190423-0002/", + "https://usn.ubuntu.com/3840-1/", + "https://usn.ubuntu.com/usn/usn-3840-1", + "https://www.debian.org/security/2018/dsa-4348", + "https://www.debian.org/security/2018/dsa-4355", + "https://www.openssl.org/news/secadv/20181030.txt", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "https://www.tenable.com/security/tns-2018-16", + "https://www.tenable.com/security/tns-2018-17" + ], + "PublishedDate": "2018-10-30T12:29:00Z", + "LastModifiedDate": "2019-06-11T22:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-10160", + "PkgName": "python", + "InstalledVersion": "2.7.5-76.el7", + "FixedVersion": "2.7.5-80.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-10160", + "Title": "python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc", + "Description": "A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-255" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-10160.html", + "http://linux.oracle.com/errata/ELSA-2019-1587.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html", + "https://access.redhat.com/errata/RHSA-2019:1587", + "https://access.redhat.com/errata/RHSA-2019:1700", + "https://access.redhat.com/errata/RHSA-2019:2437", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10160", + "https://github.com/python/cpython/commit/250b62acc59921d399f0db47db3b462cd6037e09", + "https://github.com/python/cpython/commit/8d0ef0b5edeae52960c7ed05ae8a12388324f87e", + "https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de", + "https://github.com/python/cpython/commit/fd1771dbdd28709716bd531580c40ae5ed814468", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/", + "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html", + "https://security.netapp.com/advisory/ntap-20190617-0003/", + "https://usn.ubuntu.com/4127-1/", + "https://usn.ubuntu.com/4127-2/", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-06-07T18:29:00Z", + "LastModifiedDate": "2019-10-25T11:53:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9636", + "PkgName": "python", + "InstalledVersion": "2.7.5-76.el7", + "FixedVersion": "2.7.5-77.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9636", + "Title": "python: Information Disclosure due to urlsplit improper NFKC normalization", + "Description": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-255" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9636.html", + "http://linux.oracle.com/errata/ELSA-2019-1467.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", + "http://www.securityfocus.com/bid/107400", + "https://access.redhat.com/errata/RHBA-2019:0959", + "https://access.redhat.com/errata/RHSA-2019:0710", + "https://access.redhat.com/errata/RHSA-2019:0765", + "https://access.redhat.com/errata/RHSA-2019:0806", + "https://access.redhat.com/errata/RHSA-2019:0902", + "https://access.redhat.com/errata/RHSA-2019:0981", + "https://access.redhat.com/errata/RHSA-2019:0997", + "https://access.redhat.com/errata/RHSA-2019:1467", + "https://bugs.python.org/issue36216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636", + "https://github.com/python/cpython/pull/12201", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/", + "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html", + "https://security.netapp.com/advisory/ntap-20190517-0001/", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-03-08T21:29:00Z", + "LastModifiedDate": "2019-06-13T16:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-10160", + "PkgName": "python-libs", + "InstalledVersion": "2.7.5-76.el7", + "FixedVersion": "2.7.5-80.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-10160", + "Title": "python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc", + "Description": "A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-255" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-10160.html", + "http://linux.oracle.com/errata/ELSA-2019-1587.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html", + "https://access.redhat.com/errata/RHSA-2019:1587", + "https://access.redhat.com/errata/RHSA-2019:1700", + "https://access.redhat.com/errata/RHSA-2019:2437", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10160", + "https://github.com/python/cpython/commit/250b62acc59921d399f0db47db3b462cd6037e09", + "https://github.com/python/cpython/commit/8d0ef0b5edeae52960c7ed05ae8a12388324f87e", + "https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de", + "https://github.com/python/cpython/commit/fd1771dbdd28709716bd531580c40ae5ed814468", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/", + "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html", + "https://security.netapp.com/advisory/ntap-20190617-0003/", + "https://usn.ubuntu.com/4127-1/", + "https://usn.ubuntu.com/4127-2/", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-06-07T18:29:00Z", + "LastModifiedDate": "2019-10-25T11:53:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9636", + "PkgName": "python-libs", + "InstalledVersion": "2.7.5-76.el7", + "FixedVersion": "2.7.5-77.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9636", + "Title": "python: Information Disclosure due to urlsplit improper NFKC normalization", + "Description": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-255" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9636.html", + "http://linux.oracle.com/errata/ELSA-2019-1467.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", + "http://www.securityfocus.com/bid/107400", + "https://access.redhat.com/errata/RHBA-2019:0959", + "https://access.redhat.com/errata/RHSA-2019:0710", + "https://access.redhat.com/errata/RHSA-2019:0765", + "https://access.redhat.com/errata/RHSA-2019:0806", + "https://access.redhat.com/errata/RHSA-2019:0902", + "https://access.redhat.com/errata/RHSA-2019:0981", + "https://access.redhat.com/errata/RHSA-2019:0997", + "https://access.redhat.com/errata/RHSA-2019:1467", + "https://bugs.python.org/issue36216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636", + "https://github.com/python/cpython/pull/12201", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/", + "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html", + "https://security.netapp.com/advisory/ntap-20190517-0001/", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-03-08T21:29:00Z", + "LastModifiedDate": "2019-06-13T16:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-13734", + "PkgName": "sqlite", + "InstalledVersion": "3.7.17-8.el7", + "FixedVersion": "3.7.17-8.el7_7.1", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13734", + "Title": "sqlite: fts3: improve shadow table corruption detection", + "Description": "Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-13734.html", + "http://linux.oracle.com/errata/ELSA-2020-0273.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html", + "https://access.redhat.com/errata/RHSA-2019:4238", + "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", + "https://crbug.com/1025466", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13734", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/" + ], + "PublishedDate": "2019-12-10T22:15:00Z", + "LastModifiedDate": "2019-12-16T12:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16888", + "PkgName": "systemd", + "InstalledVersion": "219-62.el7_6.5", + "FixedVersion": "219-67.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16888", + "Title": "systemd: kills privileged process if unprivileged PIDFile was tampered", + "Description": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20", + "CWE-732" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.4 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16888.html", + "http://linux.oracle.com/errata/ELSA-2019-2091.html", + "https://access.redhat.com/errata/RHSA-2019:2091", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16888", + "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74@%3Cuser.cassandra.apache.org%3E", + "https://security.netapp.com/advisory/ntap-20190307-0007/", + "https://usn.ubuntu.com/usn/usn-4269-1" + ], + "PublishedDate": "2019-01-14T22:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16888", + "PkgName": "systemd-libs", + "InstalledVersion": "219-62.el7_6.5", + "FixedVersion": "219-67.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16888", + "Title": "systemd: kills privileged process if unprivileged PIDFile was tampered", + "Description": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20", + "CWE-732" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.4 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16888.html", + "http://linux.oracle.com/errata/ELSA-2019-2091.html", + "https://access.redhat.com/errata/RHSA-2019:2091", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16888", + "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74@%3Cuser.cassandra.apache.org%3E", + "https://security.netapp.com/advisory/ntap-20190307-0007/", + "https://usn.ubuntu.com/usn/usn-4269-1" + ], + "PublishedDate": "2019-01-14T22:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-12735", + "PkgName": "vim-minimal", + "InstalledVersion": "2:7.4.160-5.el7", + "FixedVersion": "2:7.4.160-6.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12735", + "Title": "vim/neovim: ':source!' command allows arbitrary command execution via modelines", + "Description": "getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-78" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "V2Score": 9.3, + "V3Score": 8.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 6.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-12735.html", + "http://linux.oracle.com/errata/ELSA-2019-1774.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00031.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00036.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00037.html", + "http://www.securityfocus.com/bid/108724", + "https://bugs.debian.org/930020", + "https://bugs.debian.org/930024", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12735", + "https://github.com/neovim/neovim/pull/10082", + "https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md", + "https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2BMDSHTF754TITC6AQJPCS5IRIDMMIM7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRIRBC2YRGKPAWVRMZS4SZTGGCVRVZPR/", + "https://usn.ubuntu.com/4016-1/", + "https://usn.ubuntu.com/4016-2/", + "https://usn.ubuntu.com/usn/usn-4016-1", + "https://usn.ubuntu.com/usn/usn-4016-2", + "https://www.debian.org/security/2019/dsa-4467" + ], + "PublishedDate": "2019-06-05T14:29:00Z", + "LastModifiedDate": "2019-06-13T21:29:00Z" + } + ] + } + ] +} \ No newline at end of file diff --git a/integration/testdata/centos-7.json.golden b/integration/testdata/centos-7.json.golden index f36680a4a5..d1fd1c5738 100644 --- a/integration/testdata/centos-7.json.golden +++ b/integration/testdata/centos-7.json.golden @@ -1,29337 +1,29398 @@ -[ - { - "Target": "testdata/fixtures/images/centos-7.tar.gz (centos 7.6.1810)", - "Class": "os-pkgs", - "Type": "centos", - "Vulnerabilities": [ - { - "VulnerabilityID": "CVE-2015-5186", - "PkgName": "audit-libs", - "InstalledVersion": "2.8.4-4.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5186", - "Title": "Audit: log terminal emulator escape sequences handling", - "Description": "Audit before 2.4.4 in Linux does not sanitize escape characters in filenames.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2015/08/13/9", - "http://www.securityfocus.com/bid/76840", - "https://bugzilla.redhat.com/show_bug.cgi?id=1251621", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5186", - "https://people.redhat.com/sgrubb/audit/ChangeLog" - ], - "PublishedDate": "2017-09-06T21:29:00Z", - "LastModifiedDate": "2017-09-13T11:17:00Z" - }, - { - "VulnerabilityID": "CVE-2012-6711", - "PkgName": "bash", - "InstalledVersion": "4.2.46-31.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2012-6711", - "Title": "bash: heap-based buffer overflow during echo of unsupported characters", - "Description": "A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to print through the \"echo -e\" built-in function, may use this flaw to crash a script or execute code with the privileges of the bash process. This occurs because ansicstr() in lib/sh/strtrans.c mishandles u32cconv().", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/bash.git/commit/?h=devel\u0026id=863d31ae775d56b785dc5b0105b6d251515d81d5", - "http://www.securityfocus.com/bid/108824", - "https://bugzilla.redhat.com/show_bug.cgi?id=1721071", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6711" - ], - "PublishedDate": "2019-06-18T18:15:00Z", - "LastModifiedDate": "2019-06-20T09:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9924", - "PkgName": "bash", - "InstalledVersion": "4.2.46-31.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9924", - "Title": "bash: BASH_CMD is writable in restricted bash shells", - "Description": "rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/bash.git/tree/CHANGES?h=bash-4.4-testing#n65", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00049.html", - "https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1803441", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9924", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00028.html", - "https://lists.gnu.org/archive/html/bug-bash/2017-03/msg00077.html", - "https://security.netapp.com/advisory/ntap-20190411-0001/", - "https://usn.ubuntu.com/usn/usn-4058-1", - "https://usn.ubuntu.com/usn/usn-4058-2" - ], - "PublishedDate": "2019-03-22T08:29:00Z", - "LastModifiedDate": "2019-04-11T22:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-18276", - "PkgName": "bash", - "InstalledVersion": "4.2.46-31.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18276", - "Title": "bash: when effective UID is not equal to its real UID the saved UID is not dropped", - "Description": "An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support \"saved UID\" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use \"enable -f\" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.", - "Severity": "LOW", - "CweIDs": [ - "CWE-273" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V2Score": 7.2 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276", - "https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff", - "https://www.youtube.com/watch?v=-wGtxJ8opa8" - ], - "PublishedDate": "2019-11-28T01:15:00Z", - "LastModifiedDate": "2020-01-22T14:27:00Z" - }, - { - "VulnerabilityID": "CVE-2018-5743", - "PkgName": "bind-license", - "InstalledVersion": "32:9.9.4-73.el7_6", - "FixedVersion": "32:9.9.4-74.el7_6.1", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5743", - "Title": "bind: Limiting simultaneous TCP clients is ineffective", - "Description": "By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.6, 9.12.0 -\u003e 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -\u003e 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -\u003e 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", - "V3Score": 8.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-5743.html", - "http://linux.oracle.com/errata/ELSA-2019-1492.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743", - "https://kb.isc.org/docs/cve-2018-5743", - "https://support.f5.com/csp/article/K74009656?utm_source=f5support\u0026amp;utm_medium=RSS", - "https://usn.ubuntu.com/usn/usn-3956-1", - "https://usn.ubuntu.com/usn/usn-3956-2", - "https://www.synology.com/security/advisory/Synology_SA_19_20" - ], - "PublishedDate": "2019-10-09T16:15:00Z", - "LastModifiedDate": "2019-12-18T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-5741", - "PkgName": "bind-license", - "InstalledVersion": "32:9.9.4-73.el7_6", - "FixedVersion": "32:9.11.4-9.P2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5741", - "Title": "bind: Incorrect documentation of krb5-subdomain and ms-subdomain update policies", - "Description": "To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-5741.html", - "http://linux.oracle.com/errata/ELSA-2019-2057.html", - "http://www.securityfocus.com/bid/105379", - "http://www.securitytracker.com/id/1041674", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5741", - "https://kb.isc.org/docs/cve-2018-5741", - "https://security.gentoo.org/glsa/201903-13", - "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03927en_us" - ], - "PublishedDate": "2019-01-16T20:29:00Z", - "LastModifiedDate": "2019-07-26T22:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-6477", - "PkgName": "bind-license", - "InstalledVersion": "32:9.9.4-73.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-6477", - "Title": "bind: TCP Pipelining doesn't limit TCP clients on a single connection", - "Description": "With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the server has been provisioned to handle. When a TCP connection with a large number of pipelined queries is closed, the load on the server releasing these multiple resources can cause it to become unresponsive, even for queries that can be answered authoritatively or from cache. (This is most likely to be perceived as an intermittent server problem).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-400" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6477", - "https://kb.isc.org/docs/cve-2019-6477", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3DEMNZMKR57VQJCG5ZN55ZGTQRL2TFQ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XGURMGQHX45KR4QDRCSUQHODUFOGNGAN/", - "https://support.f5.com/csp/article/K15840535?utm_source=f5support\u0026amp;utm_medium=RSS", - "https://usn.ubuntu.com/usn/usn-4197-1", - "https://www.synology.com/security/advisory/Synology_SA_19_39" - ], - "PublishedDate": "2019-11-26T16:15:00Z", - "LastModifiedDate": "2019-12-18T18:30:00Z" - }, - { - "VulnerabilityID": "CVE-2013-5661", - "PkgName": "bind-license", - "InstalledVersion": "32:9.9.4-73.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-5661", - "Title": "DNS response rate limiting can simplify cache poisoning attacks", - "Description": "Cache Poisoning issue exists in DNS Response Rate Limiting.", - "Severity": "LOW", - "CweIDs": [ - "CWE-290" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V2Score": 2.6 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V2Score": 2.6 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5661", - "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5661", - "https://security-tracker.debian.org/tracker/CVE-2013-5661" - ], - "PublishedDate": "2019-11-05T19:15:00Z", - "LastModifiedDate": "2019-11-08T19:04:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6170", - "PkgName": "bind-license", - "InstalledVersion": "32:9.9.4-73.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6170", - "Title": "bind: Improper restriction of zone size limit", - "Description": "ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4, - "V3Score": 6.5 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/07/06/3", - "http://www.securityfocus.com/bid/91611", - "http://www.securitytracker.com/id/1036241", - "https://bugzilla.redhat.com/show_bug.cgi?id=1353563", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6170", - "https://github.com/sischkg/xfer-limit/blob/master/README.md", - "https://kb.isc.org/article/AA-01390", - "https://kb.isc.org/article/AA-01390/0/Operational-Notification%3A-A-party-that-is-allowed-control-over-zone-data-can-overwhelm-a-server-by-transferring-huge-quantities-of-data.html", - "https://kb.isc.org/article/AA-01390/169/CVE-2016-6170", - "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html", - "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015073.html", - "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015075.html", - "https://security.gentoo.org/glsa/201610-07" - ], - "PublishedDate": "2016-07-06T14:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-5745", - "PkgName": "bind-license", - "InstalledVersion": "32:9.9.4-73.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5745", - "Title": "bind: An assertion failure if a trust anchor rolls over to an unsupported key algorithm when using managed-keys", - "Description": "\"managed-keys\" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. Versions affected: BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.5-P1, 9.12.0 -\u003e 9.12.3-P1, and versions 9.9.3-S1 -\u003e 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -\u003e 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745.", - "Severity": "LOW", - "CweIDs": [ - "CWE-327" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", - "V2Score": 3.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 4.9 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-5745.html", - "http://linux.oracle.com/errata/ELSA-2019-3552.html", - "https://access.redhat.com/errata/RHSA-2019:3552", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5745", - "https://kb.isc.org/docs/cve-2018-5745", - "https://usn.ubuntu.com/usn/usn-3893-1", - "https://usn.ubuntu.com/usn/usn-3893-2" - ], - "PublishedDate": "2019-10-09T16:15:00Z", - "LastModifiedDate": "2019-11-06T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-6465", - "PkgName": "bind-license", - "InstalledVersion": "32:9.9.4-73.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-6465", - "Title": "bind: Controls for zone transfers may not be properly applied to DLZs if the zones are writable", - "Description": "Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.5-P2, 9.12.0 -\u003e 9.12.3-P2, and versions 9.9.3-S1 -\u003e 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -\u003e 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465.", - "Severity": "LOW", - "CweIDs": [ - "CWE-732" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 3.7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-6465.html", - "http://linux.oracle.com/errata/ELSA-2019-3552.html", - "https://access.redhat.com/errata/RHSA-2019:3552", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6465", - "https://kb.isc.org/docs/cve-2019-6465", - "https://usn.ubuntu.com/usn/usn-3893-1", - "https://usn.ubuntu.com/usn/usn-3893-2" - ], - "PublishedDate": "2019-10-09T16:15:00Z", - "LastModifiedDate": "2019-12-16T16:57:00Z" - }, - { - "VulnerabilityID": "CVE-2017-6965", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6965", - "Title": "binutils: Heap-based buffer overflow in target_specific_reloc_handling in readelf", - "Description": "readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6965", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21137" - ], - "PublishedDate": "2017-03-17T09:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-6966", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6966", - "Title": "binutils: Use-after-free in target_specific_reloc_handling in readelf", - "Description": "readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6966", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21139" - ], - "PublishedDate": "2017-03-17T09:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1000876", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "FixedVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000876", - "Title": "binutils: integer overflow leads to heap-based buffer overflow in objdump", - "Description": "binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-1000876.html", - "http://linux.oracle.com/errata/ELSA-2019-2075.html", - "http://www.securityfocus.com/bid/106304", - "https://access.redhat.com/errata/RHSA-2019:2075", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000876", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23994", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3a551c7a1b80fca579461774860574eabfd7f18f" - ], - "PublishedDate": "2018-12-20T17:29:00Z", - "LastModifiedDate": "2019-08-06T15:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20673", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20673", - "Title": "libiberty: Integer overflow in demangle_template() function", - "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106454", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24039" - ], - "PublishedDate": "2019-01-04T18:29:00Z", - "LastModifiedDate": "2019-01-15T14:36:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9074", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9074", - "Title": "binutils: out-of-bound read in function bfd_getl32 in libbfd.c", - "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "https://security.netapp.com/advisory/ntap-20190314-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24235", - "https://support.f5.com/csp/article/K09092524" - ], - "PublishedDate": "2019-02-24T00:29:00Z", - "LastModifiedDate": "2019-05-23T23:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9075", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9075", - "Title": "binutils: heap-based buffer overflow in function _bfd_archive_64_bit_slurp_armap in archive64.c", - "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "https://security.netapp.com/advisory/ntap-20190314-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24236", - "https://support.f5.com/csp/article/K42059040" - ], - "PublishedDate": "2019-02-24T00:29:00Z", - "LastModifiedDate": "2019-05-23T23:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9077", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9077", - "Title": "binutils: heap-based buffer overflow in function process_mips_specific in readelf.c", - "Description": "An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107139", - "https://security.netapp.com/advisory/ntap-20190314-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24243", - "https://support.f5.com/csp/article/K00056379" - ], - "PublishedDate": "2019-02-24T00:29:00Z", - "LastModifiedDate": "2019-05-24T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9939", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9939", - "Title": "binutils: buffer overflow in ihex.c", - "Description": "ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 1.2 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2015/07/31/6", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9939", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18750", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e27a9d5f22f9f7ead11738b1546d0b5c737266b", - "https://usn.ubuntu.com/usn/usn-3367-1" - ], - "PublishedDate": "2017-03-21T06:59:00Z", - "LastModifiedDate": "2017-03-22T19:12:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8538", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8538", - "Title": "libdwarf: Out-of-bounds read in dwarf_leb.c", - "Description": "dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV).", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", - "V2Score": 1.7 - } - }, - "References": [ - "http://sourceforge.net/p/libdwarf/code/ci/da724a0bc5eec8e9ec0b0cb0c238a80e34466459/", - "http://www.openwall.com/lists/oss-security/2015/12/09/2", - "http://www.openwall.com/lists/oss-security/2015/12/10/3", - "https://bugzilla.redhat.com/show_bug.cgi?id=1289385", - "https://bugzilla.redhat.com/show_bug.cgi?id=1291299", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8538" - ], - "PublishedDate": "2017-06-07T20:29:00Z", - "LastModifiedDate": "2017-06-14T18:17:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2226", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2226", - "Title": "gcc: Exploitable buffer overflow", - "Description": "Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190", - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V2Score": 6.8, - "V3Score": 3.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90103", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1", - "https://www.exploit-db.com/exploits/42386/" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-08-12T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4487", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4487", - "Title": "gcc: Invalid write due to a use-after-free to array btypevec", - "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"btypevec.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90025", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", - "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4488", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4488", - "Title": "gcc: Invalid write due to a use-after-free to array ktypevec", - "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"ktypevec.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 5.1, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90025", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", - "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4489", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4489", - "Title": "gcc: Invalid write due to integer overflow", - "Description": "Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the \"demangling of virtual tables.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90017", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4490", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4490", - "Title": "gcc: Write access violation", - "Description": "Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90019", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4491", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4491", - "Title": "gcc: Stack overflow due to infinite recursion in d_print_comp", - "Description": "The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90016", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4492", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4492", - "Title": "gcc: Read access violations", - "Description": "Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 4.4 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90014", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4493", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4493", - "Title": "gcc: Read access violations", - "Description": "The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90014", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12449", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12449", - "Title": "binutils: out of bounds heap read in _bfd_vms_save_sized_string function", - "Description": "The _bfd_vms_save_sized_string function in vms-misc.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12449", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21840" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2017-08-07T18:39:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12451", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12451", - "Title": "binutils: out of bounds stack read in _bfd_xcoff_read_ar_hdr function", - "Description": "The _bfd_xcoff_read_ar_hdr function in bfd/coff-rs6000.c and bfd/coff64-rs6000.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds stack read via a crafted COFF image file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12451", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21786" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2017-08-07T18:37:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12452", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12452", - "Title": "binutils: out of bounds heap read in bfd_mach_o_i386_canonicalize_one_reloc function", - "Description": "The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted mach-o file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12452", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21813" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2017-08-07T18:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12453", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12453", - "Title": "binutils: out of bounds heap read in __bfd_vms_slurp_eeom function", - "Description": "The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12453", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21813" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2017-08-07T18:35:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12454", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12454", - "Title": "binutils: Arbitrary memory read in _bfd_vms_slurp_egs function", - "Description": "The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an arbitrary memory read via a crafted vms alpha file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12454", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21813" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2017-08-07T13:05:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12455", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12455", - "Title": "binutils: out of bounds heap read in evax_bfd_print_emh function", - "Description": "The evax_bfd_print_emh function in vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12455", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21840" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2017-08-07T13:05:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12456", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12456", - "Title": "binutils: out of bounds heap read in read_symbol_stabs_debugging_inf function", - "Description": "The read_symbol_stabs_debugging_info function in rddbg.c in GNU Binutils 2.29 and earlier allows remote attackers to cause an out of bounds heap read via a crafted binary file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12456", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21813" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12457", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12457", - "Title": "binutils: NULL pointer dereference in bfd_make_section_with_flags function", - "Description": "The bfd_make_section_with_flags function in section.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a NULL dereference via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12457", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21840" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2017-08-07T13:20:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12458", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12458", - "Title": "binutils: out of bounds heap read in nlm_swap_auxiliary_headers_in function", - "Description": "The nlm_swap_auxiliary_headers_in function in bfd/nlmcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted nlm file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12458", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21840" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2017-08-07T14:23:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12799", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12799", - "Title": "binutils: Heap-based 1 byte buffer over-write in elf_read_notes function in bfd/elf.c", - "Description": "The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100292", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12799", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21933" - ], - "PublishedDate": "2017-08-10T18:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12967", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12967", - "Title": "binutils: Stack-based buffer over-read in getsym function in tekhex.c", - "Description": "The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100462", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12967", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21962" - ], - "PublishedDate": "2017-08-19T16:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13710", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13710", - "Title": "binutils: NULL pointer dereference in the setup_group function", - "Description": "The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a group section that is too small.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100499", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13710", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0c54f69295208331faab9bc5e995111a35672f9b", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d6f8dea6798528de0fc762409595251eeeb1f547" - ], - "PublishedDate": "2017-08-27T16:29:00Z", - "LastModifiedDate": "2017-08-30T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13716", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13716", - "Title": "binutils: Memory leak with the C++ symbol demangler routine in libiberty", - "Description": "The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).", - "Severity": "LOW", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 7.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13716", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22009" - ], - "PublishedDate": "2017-08-28T21:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13757", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13757", - "Title": "binutils: heap-based buffer over-read in elf_i386_get_synthetic_symtab in elf32-i386.c and elf_x86_64_get_synthetic_symtab in elf64-x86-64.c", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the PLT section size, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to elf_i386_get_synthetic_symtab in elf32-i386.c and elf_x86_64_get_synthetic_symtab in elf64-x86-64.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100532", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13757", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22018", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=90efb6422939ca031804266fba669f77c22a274a" - ], - "PublishedDate": "2017-08-29T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14128", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14128", - "Title": "binutils: Heap-based buffer over-read in the decode_line_info function", - "Description": "The decode_line_info function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (read_1_byte heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100623", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14128", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22059", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e8b60085eb3e6f2c41bc0c00c0d759fa7f72780" - ], - "PublishedDate": "2017-09-04T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14129", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14129", - "Title": "binutils: Heap-based buffer over-read in the read_section function", - "Description": "The read_section function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (parse_comp_unit heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100624", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14129", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22047", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e4f2723003859dc6b33ca0dadbc4a7659ebf1643" - ], - "PublishedDate": "2017-09-04T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14130", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14130", - "Title": "binutils: Heap-based buffer over-read in the _bfd_elf_parse_attributes function", - "Description": "The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (_bfd_elf_attr_strdup heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100625", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14130", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22058", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=2a143b99fc4a5094a9cf128f3184d8e6818c8229" - ], - "PublishedDate": "2017-09-04T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14529", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14529", - "Title": "binutils: heap-based buffer over-read in bfd_getl16 function in peXXigen.c", - "Description": "The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PE file, related to the bfd_getl16 function.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14529", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22113", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4d465c689a8fb27212ef358d0aee89d60dee69a6", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dcaaca89e8618eba35193c27afcb1cfa54f74582" - ], - "PublishedDate": "2017-09-18T00:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14729", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14729", - "Title": "binutils: Heap buffer overflow in the *_get_synthetic_symtab functions", - "Description": "The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/09/25/binutils-heap-based-buffer-overflow-in-_bfd_x86_elf_get_synthetic_symtab-elfxx-x86-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14729", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22170", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=56933f9e3e90eebf1018ed7417d6c1184b91db6b", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=61e3bf5f83f7e505b6bc51ef65426e5b31e6e360" - ], - "PublishedDate": "2017-09-25T16:29:00Z", - "LastModifiedDate": "2017-09-28T16:51:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14745", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14745", - "Title": "binutils: Integer overflow in the *_get_synthetic_symtab functions", - "Description": "The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, interpret a -1 value as a sorting count instead of an error flag, which allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14745", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22148" - ], - "PublishedDate": "2017-09-26T16:29:00Z", - "LastModifiedDate": "2017-09-29T18:37:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14930", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14930", - "Title": "binutils: Memory leak in decode_line_info", - "Description": "Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 7.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14930", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22191" - ], - "PublishedDate": "2017-09-30T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14932", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14932", - "Title": "binutils: Infinite loop in the decode_line_info", - "Description": "decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14932", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22204", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e338894dc2e603683bed2172e8e9f25b29051005" - ], - "PublishedDate": "2017-09-30T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14933", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14933", - "Title": "binutils: Infinite loop in read_formatted_entries", - "Description": "read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101203", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14933", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22210", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=30d0157a2ad64e64e5ff9fcc0dbe78a3e682f573", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=33e0a9a056bd23e923b929a4f2ab049ade0b1c32" - ], - "PublishedDate": "2017-09-30T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14934", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14934", - "Title": "binutils: Infinite loop in process_debug_info", - "Description": "process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-131", - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101204", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14934", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22219", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=19485196044b2521af979f1e5c4a89bfb90fba0b" - ], - "PublishedDate": "2017-09-30T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14938", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14938", - "Title": "binutils: Excessive memory allocation in _bfd_elf_slurp_version_tables", - "Description": "_bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101212", - "https://blogs.gentoo.org/ago/2017/09/26/binutils-memory-allocation-failure-in-_bfd_elf_slurp_version_tables-elf-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14938", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22166", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bd61e135492ecf624880e6b78e5fcde3c9716df6" - ], - "PublishedDate": "2017-09-30T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14939", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14939", - "Title": "binutils: Heap-based buffer over-read in the decode_line_info", - "Description": "decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to read_1_byte.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101216", - "https://blogs.gentoo.org/ago/2017/09/26/binutils-heap-based-buffer-overflow-in-read_1_byte-dwarf2-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14939", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22169", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=515f23e63c0074ab531bc954f84ca40c6281a724", - "https://www.exploit-db.com/exploits/42970/" - ], - "PublishedDate": "2017-09-30T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14940", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14940", - "Title": "binutils: NULL pointer dereference in the scan_unit_for_symbols", - "Description": "scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/09/26/binutils-null-pointer-dereference-in-scan_unit_for_symbols-dwarf2-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14940", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22166", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0d76029f92182c3682d8be2c833d45bc9a2068fe" - ], - "PublishedDate": "2017-09-30T01:29:00Z", - "LastModifiedDate": "2017-10-03T17:37:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14974", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14974", - "Title": "binutils: NULL pointer dereference in the *_get_synthetic_symtab functions", - "Description": "The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14974", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22163", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e70c19e3a4c26e9c1ebf0c9170d105039b56d7cf" - ], - "PublishedDate": "2017-10-02T01:29:00Z", - "LastModifiedDate": "2017-10-05T16:23:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15020", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15020", - "Title": "binutils: Heap-based buffer overflow in parse_die", - "Description": "dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles pointers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file, related to parse_die and parse_line_table, as demonstrated by a parse_die heap-based buffer over-read.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-parse_die-dwarf1-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15020", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22202", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1da5c9a485f3dcac4c45e96ef4b7dae5948314b5" - ], - "PublishedDate": "2017-10-05T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15021", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15021", - "Title": "binutils: Heap-based buffer over-read in bfd_get_debug_link_info_1", - "Description": "bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to bfd_getl32.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-bfd_getl32-opncls-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15021", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22197", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=52b36c51e5bf6d7600fdc6ba115b170b0e78e31d" - ], - "PublishedDate": "2017-10-05T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15022", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15022", - "Title": "binutils: NULL pointer dereference in dwarf2.c", - "Description": "dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of service (bfd_hash_hash NULL pointer dereference, or out-of-bounds access, and application crash) via a crafted ELF file, related to scan_unit_for_symbols and parse_comp_unit.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-bfd_hash_hash-hash-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15022", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22201", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=11855d8a1f11b102a702ab76e95b22082cccf2f8" - ], - "PublishedDate": "2017-10-05T01:29:00Z", - "LastModifiedDate": "2017-10-11T17:37:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15023", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15023", - "Title": "binutils: NULL pointer dereference in read_formatted_entries", - "Description": "read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101611", - "https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15023", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22200", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c361faae8d964db951b7100cada4dcdc983df1bf" - ], - "PublishedDate": "2017-10-05T01:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15024", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15024", - "Title": "binutils: Infinite recursion in find_abstract_instance_name", - "Description": "find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/10/03/binutils-infinite-loop-in-find_abstract_instance_name-dwarf2-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15024", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22187", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=52a93b95ec0771c97e26f0bb28630a271a667bd2" - ], - "PublishedDate": "2017-10-05T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15025", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15025", - "Title": "binutils: Divide-by-zero in decode_line_info", - "Description": "decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-369" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/10/03/binutils-divide-by-zero-in-decode_line_info-dwarf2-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15025", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22186", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d8010d3e75ec7194a4703774090b27486b742d48" - ], - "PublishedDate": "2017-10-05T01:29:00Z", - "LastModifiedDate": "2017-10-11T17:38:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15225", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15225", - "Title": "binutils: Memory leak in _bfd_dwarf2_cleanup_debug_info", - "Description": "_bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15225", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22212", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b55ec8b676ed05d93ee49d6c79ae0403616c4fb0" - ], - "PublishedDate": "2017-10-10T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15938", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15938", - "Title": "binutils: Invalid memory read in find_abstract_instance_name", - "Description": "dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash).", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101610", - "https://blogs.gentoo.org/ago/2017/10/24/binutils-invalid-memory-read-in-find_abstract_instance_name-dwarf2-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15938", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22209", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1b86808a86077722ee4f42ff97f836b12420bb2a" - ], - "PublishedDate": "2017-10-27T21:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15939", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15939", - "Title": "binutils: NULL pointer dereference in the concat_filename", - "Description": "dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. NOTE: this issue is caused by an incomplete fix for CVE-2017-15023.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101613", - "https://blogs.gentoo.org/ago/2017/10/24/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c-incomplete-fix-for-cve-2017-15023/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15939", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22205", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a54018b72d75abf2e74bf36016702da06399c1d9" - ], - "PublishedDate": "2017-10-27T21:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15996", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15996", - "Title": "binutils: Excessive memory allocation in elfcomm.c", - "Description": "elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a \"buffer overflow on fuzzed archive header,\" related to an uninitialized variable, an improper conditional jump, and the get_archive_member_name, process_archive_index_and_symbols, and setup_archive functions.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101608", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15996", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22361", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d91f0b20e561e326ee91a09a76206257bde8438b" - ], - "PublishedDate": "2017-10-29T17:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16826", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16826", - "Title": "binutils: Invalid memory access in the coff_slurp_line_table function", - "Description": "The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16826", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22376", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a67d66eb97e7613a38ffe6622d837303b3ecd31d" - ], - "PublishedDate": "2017-11-15T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16827", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16827", - "Title": "binutils: Invalid free in the aout_get_external_symbols function", - "Description": "The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16827", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22306", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0301ce1486b1450f219202677f30d0fa97335419" - ], - "PublishedDate": "2017-11-15T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16828", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16828", - "Title": "binutils: Integer overflow in the display_debug_frames function", - "Description": "The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file, related to print_debug_frame.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16828", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22386", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bf59c5d5f4f5b8b4da1f5f605cfa546f8029b43d" - ], - "PublishedDate": "2017-11-15T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16829", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16829", - "Title": "binutils: Out-of-bounds read in the _bfd_elf_parse_gnu_properties function", - "Description": "The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16829", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22307", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cf54ebff3b7361989712fd9c0128a9b255578163" - ], - "PublishedDate": "2017-11-15T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16830", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16830", - "Title": "binutils: Segmentation fault in the print_gnu_property_note function", - "Description": "The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101941", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16830", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22384", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6ab2c4ed51f9c4243691755e1b1d2149c6a426f4" - ], - "PublishedDate": "2017-11-15T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16831", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16831", - "Title": "binutils: Integer overflow in coffgen.c", - "Description": "coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16831", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22385", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6cee897971d4d7cd37d2a686bb6d2aa3e759c8ca" - ], - "PublishedDate": "2017-11-15T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16832", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16832", - "Title": "binutils: Segmentation fault in the pe_bfd_read_buildid function", - "Description": "The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16832", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22373", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0bb6961f18b8e832d88b490d421ca56cea16c45b" - ], - "PublishedDate": "2017-11-15T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17080", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17080", - "Title": "binutils: Heap-based buffer over-read in bfd_getl32", - "Description": "elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate sizes of core notes, which allows remote attackers to cause a denial of service (bfd_getl32 heap-based buffer over-read and application crash) via a crafted object file, related to elfcore_grok_netbsd_procinfo, elfcore_grok_openbsd_procinfo, and elfcore_grok_nto_status.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17080", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22421" - ], - "PublishedDate": "2017-11-30T21:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17121", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17121", - "Title": "binutils: Memory access violation via a crafted COFF binary", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location after the end of the to-be-relocated section.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17121", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22506", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b23dc97fe237a1d9e850d7cbeee066183a00630b" - ], - "PublishedDate": "2017-12-04T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17122", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17122", - "Title": "binutils: Excessive memory allocation in the dump_relocs_in_section function", - "Description": "The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to cause a denial of service (excessive memory allocation, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PE file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17122", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22508", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d785b7d4b877ed465d04072e17ca19d0f47d840f" - ], - "PublishedDate": "2017-12-04T08:29:00Z", - "LastModifiedDate": "2019-03-14T02:32:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17123", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17123", - "Title": "binutils: NULL pointer dereference in the coff_slurp_reloc_table function", - "Description": "The coff_slurp_reloc_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted COFF based file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17123", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22509", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4581a1c7d304ce14e714b27522ebf3d0188d6543" - ], - "PublishedDate": "2017-12-04T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17124", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17124", - "Title": "binutils: Heap buffer overflow in the _bfd_coff_read_string_table function", - "Description": "The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not properly validate the size of the external string table, which allows remote attackers to cause a denial of service (excessive memory consumption, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted COFF binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17124", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22507", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b0029dce6867de1a2828293177b0e030d2f0f03c" - ], - "PublishedDate": "2017-12-04T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17125", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17125", - "Title": "binutils: Buffer over-read in the _bfd_elf_get_symbol_version_string function", - "Description": "nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global symbols, which allows remote attackers to cause a denial of service (_bfd_elf_get_symbol_version_string buffer over-read and application crash) or possibly have unspecified other impact via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17125", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22443", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=160b1a618ad94988410dc81fce9189fcda5b7ff4" - ], - "PublishedDate": "2017-12-04T08:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17126", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17126", - "Title": "binutils: Invalid memory access in the load_debug_section function", - "Description": "The load_debug_section function in readelf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via an ELF file that lacks section headers.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17126", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22510", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f425ec6600b69e39eb605f3128806ff688137ea8" - ], - "PublishedDate": "2017-12-04T08:29:00Z", - "LastModifiedDate": "2019-03-13T19:31:00Z" - }, - { - "VulnerabilityID": "CVE-2017-6969", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6969", - "Title": "binutils: Heap-based buffer over-read in readelf when processing corrupt RL78 binaries", - "Description": "readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "V3Score": 4.4 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/03/16/8", - "http://www.securityfocus.com/bid/97065", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6969", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21156" - ], - "PublishedDate": "2017-03-17T09:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7209", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7209", - "Title": "binutils: Null pointer dereference in dump_section_as_bytes function in readelf", - "Description": "The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/96994", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7209", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21135" - ], - "PublishedDate": "2017-03-21T06:59:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7210", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7210", - "Title": "binutils: Heap-based buffer over-reads in objdump", - "Description": "objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/96992", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7210", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21157" - ], - "PublishedDate": "2017-03-21T06:59:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7223", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7223", - "Title": "binutils: Global buffer overflow when attempting to unget EOF character", - "Description": "GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7223", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20898" - ], - "PublishedDate": "2017-03-22T16:59:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7224", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7224", - "Title": "binutils: Invalid write in find_nearest_line function", - "Description": "The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97277", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7224", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20892" - ], - "PublishedDate": "2017-03-22T16:59:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7225", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7225", - "Title": "binutils: Null pointer dereference and invalid write in find_nearest_line function in addr2line", - "Description": "The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97275", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7225", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20891" - ], - "PublishedDate": "2017-03-22T16:59:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7226", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7226", - "Title": "binutils: Heap-based buffer over-read in pe_ILF_object_p function in libbfd", - "Description": "The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "V3Score": 4.4 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7226", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20905" - ], - "PublishedDate": "2017-03-22T16:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7227", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7227", - "Title": "binutils: Heap-based buffer overflow in ld due to missing null termination", - "Description": "GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of '\\0' termination of a name field in ldlex.l.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97209", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7227", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20906" - ], - "PublishedDate": "2017-03-22T16:59:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7299", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7299", - "Title": "binutils: Out-of-bounds read in bfd_elf_final_link function", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) does not check the format of the input file before trying to read the ELF reloc section header. The vulnerability leads to a GNU linker (ld) program crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97217", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7299", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20908" - ], - "PublishedDate": "2017-03-29T15:59:00Z", - "LastModifiedDate": "2017-03-31T16:28:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7300", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7300", - "Title": "binutils: Heap-buffer overflow in aout_link_add_symbols function", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97219", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7300", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20909" - ], - "PublishedDate": "2017-03-29T15:59:00Z", - "LastModifiedDate": "2017-03-31T17:00:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7301", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7301", - "Title": "binutils: Off-by-one error in aout_link_add_symbols function", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully check the string offset. The vulnerability could lead to a GNU linker (ld) program crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97218", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7301", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20924" - ], - "PublishedDate": "2017-03-29T15:59:00Z", - "LastModifiedDate": "2017-03-31T17:02:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7302", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7302", - "Title": "binutils: Out-of-bounds read in wap_std_reloc_out function", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability causes Binutils utilities like strip to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97216", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7302", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20921" - ], - "PublishedDate": "2017-03-29T15:59:00Z", - "LastModifiedDate": "2017-03-31T16:28:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7303", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7303", - "Title": "binutils: Out-of-bounds read in find_link function", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers before attempting to match them. This vulnerability causes Binutils utilities like strip to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97213", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7303", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20922" - ], - "PublishedDate": "2017-03-29T15:59:00Z", - "LastModifiedDate": "2017-03-31T17:00:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7304", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7304", - "Title": "binutils: Out-of-bounds read in copy_special_section_fields function", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field before attempting to follow it. This vulnerability causes Binutils utilities like strip to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97215", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7304", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20931" - ], - "PublishedDate": "2017-03-29T15:59:00Z", - "LastModifiedDate": "2017-03-31T17:06:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7614", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7614", - "Title": "binutils: NULL pointer dereference in bfd_elf_final_link function", - "Description": "elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a \"member access within null pointer\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an \"int main() {return 0;}\" program.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/04/05/binutils-two-null-pointer-dereference-in-elflink-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7614", - "https://security.gentoo.org/glsa/201709-02" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8392", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8392", - "Title": "binutils: NULL pointer dereference in the _bfd_dwarf2_find_nearest_line function", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21409" - ], - "PublishedDate": "2017-05-01T18:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8393", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8393", - "Title": "binutils: Out-of-bounds read due to wrong assumption for objcopy and strip", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy and strip, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8393", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21412" - ], - "PublishedDate": "2017-05-01T18:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8394", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8394", - "Title": "binutils: NULL pointer dereference in the _bfd_elf_large_com_section", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8394", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21414" - ], - "PublishedDate": "2017-05-01T18:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8395", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8395", - "Title": "binutils: Out-of-bounds write in the _bfd_generic_get_section_contents function", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid write of size 8 because of missing a malloc() return-value check to see if memory had actually been allocated in the _bfd_generic_get_section_contents function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8395", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21431" - ], - "PublishedDate": "2017-05-01T18:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8396", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8396", - "Title": "binutils: Out-of-bounds read in the existing reloc offset range tests", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8396", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21432" - ], - "PublishedDate": "2017-05-01T18:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8397", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8397", - "Title": "binutils: Out-of-bounds read and write while processing binary containing reloc(s) with negative addresses", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 and an invalid write of size 1 during processing of a corrupt binary containing reloc(s) with negative addresses. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8397", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21434" - ], - "PublishedDate": "2017-05-01T18:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8398", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8398", - "Title": "binutils: Out-of-bounds read while dumping the debug information from a corrupt binary", - "Description": "dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8398", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21438" - ], - "PublishedDate": "2017-05-01T18:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8421", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8421", - "Title": "binutils: Memory exhaustion in objdump via a crafted PE file", - "Description": "The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file. Additional validation in dump_relocs_in_section in objdump.c can resolve this.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 7.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8421", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21440" - ], - "PublishedDate": "2017-05-02T17:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9038", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9038", - "Title": "binutils: Heap-buffer overflow in the byte_get_little_endian", - "Description": "GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to the byte_get_little_endian function in elfcomm.c, the get_unwind_section_word function in readelf.c, and ARM unwind information that contains invalid word offsets.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98589", - "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9038", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f32ba72991d2406b21ab17edc234a2f3fa7fb23d" - ], - "PublishedDate": "2017-05-18T01:29:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9039", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9039", - "Title": "binutils: Memory consumption via many program headers", - "Description": "GNU Binutils 2.28 allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file with many program headers, related to the get_program_headers function in readelf.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98580", - "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9039", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=82156ab704b08b124d319c0decdbd48b3ca2dac5" - ], - "PublishedDate": "2017-05-18T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9040", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9040", - "Title": "binutils: NULL pointer dereference in the process_mips_specific_function", - "Description": "GNU Binutils 2017-04-03 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash), related to the process_mips_specific function in readelf.c, via a crafted ELF file that triggers a large memory-allocation attempt.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98579", - "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9040", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf" - ], - "PublishedDate": "2017-05-18T01:29:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9041", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9041", - "Title": "binutils: Heap buffer overflow in the process_mips_specific function", - "Description": "GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to MIPS GOT mishandling in the process_mips_specific function in readelf.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98598", - "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9041", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75ec1fdbb797a389e4fe4aaf2e15358a070dcc19", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c4ab9505b53cdc899506ed421fddb7e1f8faf7a3" - ], - "PublishedDate": "2017-05-18T01:29:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9042", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9042", - "Title": "binutils: Invalid variable type in readelf.c", - "Description": "readelf.c in GNU Binutils 2017-04-12 has a \"cannot be represented in type long\" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-704" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9042", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf" - ], - "PublishedDate": "2017-05-18T01:29:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9043", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9043", - "Title": "binutils: Shift exponent too large for type unsigned long in readelf.c", - "Description": "readelf.c in GNU Binutils 2017-04-12 has a \"shift exponent too large for type unsigned long\" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98591", - "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9043", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ddef72cdc10d82ba011a7ff81cafbbd3466acf54" - ], - "PublishedDate": "2017-05-18T01:29:00Z", - "LastModifiedDate": "2017-05-25T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9044", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9044", - "Title": "binutils: Out-of-bounds read in the print_symbol_for_build_attribute function", - "Description": "The print_symbol_for_build_attribute function in readelf.c in GNU Binutils 2017-04-12 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98587", - "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9044" - ], - "PublishedDate": "2017-05-18T01:29:00Z", - "LastModifiedDate": "2017-05-25T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9742", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9742", - "Title": "binutils: Global buffer over-read in print_insn_score16 function while disassembling corrupt score binary", - "Description": "The score_opcodes function in opcodes/score7-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99105", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9742", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21576", - "https://www.exploit-db.com/exploits/42203/" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9743", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9743", - "Title": "binutils: Global buffer over-read in print_insn_score32 function while disassembling corrupt score binary", - "Description": "The print_insn_score32 function in opcodes/score7-dis.c:552 in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99106", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9743", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21577" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9744", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9744", - "Title": "binutils: Address violation in sh_elf_set_mach_from_flags function when disassembling a corrupt SH binary", - "Description": "The sh_elf_set_mach_from_flags function in bfd/elf32-sh.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99108", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9744", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21578" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2017-06-26T16:10:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9745", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9745", - "Title": "binutils: Heap buffer over-read in _bfd_vms_slurp_etir function when handling VMS alpha binaries", - "Description": "The _bfd_vms_slurp_etir function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99109", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9745", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21579" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2017-06-26T16:13:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9746", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9746", - "Title": "binutils: Heap buffer over-read in disassemble_bytes function when disassembling a corrupt binary", - "Description": "The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing for this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99117", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9746", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21580", - "https://www.exploit-db.com/exploits/42199/" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9747", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9747", - "Title": "binutils: Stack-based buffer over-read in ieee_archive_p function while disassembling corrupt IEEE binary", - "Description": "The ieee_archive_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution. NOTE: this may be related to a compiler bug.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99114", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9747", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21581", - "https://www.exploit-db.com/exploits/42200/" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2017-08-13T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9748", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9748", - "Title": "binutils: Stack-based buffer over-read in ieee_object_p function", - "Description": "The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution. NOTE: this may be related to a compiler bug.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99110", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9748", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21582", - "https://www.exploit-db.com/exploits/42202/" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2017-08-12T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9749", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9749", - "Title": "binutils: Global buffer over-read in *regs* macros when disassembling corrupt bfin binary", - "Description": "The *regs* macros in opcodes/bfin-dis.c in GNU Binutils 2.28 allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99113", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9749", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21586", - "https://www.exploit-db.com/exploits/42201/" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9750", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9750", - "Title": "binutils: Global buffer over-read in opcodes/rx-decode.opc when disassembling a corrupt RX binary", - "Description": "opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain scale arrays, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99118", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9750", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21587", - "https://www.exploit-db.com/exploits/42198/" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9751", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9751", - "Title": "binutils: Stack-based buffer over-read in opcodes/rl78-decode.opc when disassembling a corrupt RL78 binary", - "Description": "opcodes/rl78-decode.opc in GNU Binutils 2.28 has an unbounded GETBYTE macro, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99111", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9751", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21588" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9752", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9752", - "Title": "binutils: Heap buffer over-read in f_bfd_vms_get_value function when processing a corrupt Alpha VMA binary", - "Description": "bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file in the _bfd_vms_get_value and _bfd_vms_slurp_etir functions during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99122", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9752", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21589" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2017-06-26T16:20:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9753", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9753", - "Title": "binutils: Address violation in versados_mkobject function when disassembling a corrupt versados binary", - "Description": "The versados_mkobject function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not initialize a certain data structure, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99116", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9753", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21591" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2017-06-26T16:20:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9754", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9754", - "Title": "binutils: Stack-based buffer over-read in process_otr function", - "Description": "The process_otr function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not validate a certain offset, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99125", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9754", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21591" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2017-06-26T16:21:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9755", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9755", - "Title": "binutils: Global buffer over-read in opcodes/i386-dis.c while checking invalid registers", - "Description": "opcodes/i386-dis.c in GNU Binutils 2.28 does not consider the number of registers for bnd mode, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99124", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9755", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21594" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9756", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9756", - "Title": "binutils: Address violation in aarch64_ext_ldst_reglist function when disassembling corrupt aarch64 binary", - "Description": "The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99103", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9756", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21595", - "https://www.exploit-db.com/exploits/42204/" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9954", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9954", - "Title": "binutils: stack-based buffer over-read in getvalue function", - "Description": "The getvalue function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted tekhex file, as demonstrated by mishandling within the nm program.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99307", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9954", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21670" - ], - "PublishedDate": "2017-06-26T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9955", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9955", - "Title": "binutils: heap buffer over-read in get_build_id function", - "Description": "The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file in which a certain size field is larger than a corresponding data field, as demonstrated by mishandling within the objdump program.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99573", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9955", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21665" - ], - "PublishedDate": "2017-06-26T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12641", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "FixedVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12641", - "Title": "binutils: Stack Exhaustion in the demangling functions provided by libiberty", - "Description": "An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new.", - "Severity": "LOW", - "CweIDs": [ - "CWE-400" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-12641.html", - "http://linux.oracle.com/errata/ELSA-2019-2075.html", - "https://access.redhat.com/errata/RHSA-2019:2075", - "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763099", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12641", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85452", - "https://security.gentoo.org/glsa/201908-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23058" - ], - "PublishedDate": "2018-06-22T12:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12697", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "FixedVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12697", - "Title": "binutils: NULL pointer dereference in work_stuff_copy_to_from in cplus-dem.c.", - "Description": "A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-12697.html", - "http://linux.oracle.com/errata/ELSA-2019-2075.html", - "http://www.securityfocus.com/bid/104538", - "https://access.redhat.com/errata/RHSA-2019:2075", - "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12697", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454", - "https://security.gentoo.org/glsa/201908-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23057" - ], - "PublishedDate": "2018-06-23T23:29:00Z", - "LastModifiedDate": "2019-08-03T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12698", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12698", - "Title": "binutils: excessive memory consumption in demangle_template in cplus-dem.c", - "Description": "demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the \"Create an array for saving the template argument values\" XNEWVEC call. This can occur during execution of objdump.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/104539", - "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12698", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454", - "https://security.gentoo.org/glsa/201908-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23057" - ], - "PublishedDate": "2018-06-23T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12699", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12699", - "Title": "binutils: heap-based buffer overflow in finish_stab in stabs.c", - "Description": "finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump.", - "Severity": "LOW", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/104540", - "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12699", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454", - "https://security.gentoo.org/glsa/201908-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23057" - ], - "PublishedDate": "2018-06-23T23:29:00Z", - "LastModifiedDate": "2019-08-03T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12700", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12700", - "Title": "binutils: Stack Exhaustion in debug_write_type in debug.c", - "Description": "A Stack Exhaustion issue was discovered in debug_write_type in debug.c in GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/104541", - "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12700", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454", - "https://security.gentoo.org/glsa/201908-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23057" - ], - "PublishedDate": "2018-06-23T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12934", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12934", - "Title": "binutils: Uncontrolled Resource Consumption in remember_Ktype in cplus-dem.c", - "Description": "remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.", - "Severity": "LOW", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763101", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85453", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23059" - ], - "PublishedDate": "2018-06-28T14:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-17794", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17794", - "Title": "binutils: NULL pointer dereference in libiberty/cplus-dem.c:work_stuff_copy_to_from() via crafted input", - "Description": "An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in work_stuff_copy_to_from when called from iterate_demangle_function.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17794", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87350" - ], - "PublishedDate": "2018-09-30T20:29:00Z", - "LastModifiedDate": "2018-11-28T15:06:00Z" - }, - { - "VulnerabilityID": "CVE-2018-17985", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17985", - "Title": "binutils: Stack consumption problem caused by the cplus_demangle_type", - "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls to itself in certain scenarios involving many 'P' characters.", - "Severity": "LOW", - "CweIDs": [ - "CWE-400" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17985", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87335" - ], - "PublishedDate": "2018-10-04T23:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18483", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18483", - "Title": "binutils: Integer overflow in cplus-dem.c:get_count() allows for denial of service", - "Description": "The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/105689", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87602", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23767" - ], - "PublishedDate": "2018-10-18T21:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18484", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18484", - "Title": "binutils: Stack exhaustion in cp-demangle.c allows for denial of service", - "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplus_demangle_type, d_bare_function_type, d_function_type.", - "Severity": "LOW", - "CweIDs": [ - "CWE-400" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/105693", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18484", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87636" - ], - "PublishedDate": "2018-10-18T21:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18605", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18605", - "Title": "binutils: heap-based buffer over-read in sec_merge_hash_lookup in merge.c", - "Description": "A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/105754", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18605", - "https://deb.freexian.com/extended-lts/tracker/CVE-2018-18605", - "https://security.netapp.com/advisory/ntap-20190307-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23804", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ab419ddbb2cdd17ca83618990f2cacf904ce1d61" - ], - "PublishedDate": "2018-10-23T17:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18606", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18606", - "Title": "binutils: NULL pointer dereference in _bfd_add_merge_section in merge_strings function in merge.c", - "Description": "An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/105754", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18606", - "https://deb.freexian.com/extended-lts/tracker/CVE-2018-18606", - "https://security.netapp.com/advisory/ntap-20190307-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23806", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=45a0eaf77022963d639d6d19871dbab7b79703fc" - ], - "PublishedDate": "2018-10-23T17:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18607", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18607", - "Title": "binutils: NULL pointer dereference in elf_link_input_bfd in elflink.c", - "Description": "An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/105754", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18607", - "https://deb.freexian.com/extended-lts/tracker/CVE-2018-18607", - "https://security.netapp.com/advisory/ntap-20190307-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23805", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=102def4da826b3d9e169741421e5e67e8731909a" - ], - "PublishedDate": "2018-10-23T17:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18700", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18700", - "Title": "binutils: Recursive Stack Overflow within function d_name, d_encoding, and d_local_name in cp-demangle.c", - "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions d_name(), d_encoding(), and d_local_name() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18700", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87681" - ], - "PublishedDate": "2018-10-29T12:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18701", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18701", - "Title": "binutils: infinite recursion in next_is_type_qual and cplus_demangle_type functions in cp-demangle.c", - "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18701", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87675" - ], - "PublishedDate": "2018-10-29T12:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19932", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19932", - "Title": "binutils: Integer overflow due to the IS_CONTAINED_BY_LMA macro resulting in a denial of service", - "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106144", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19932", - "https://security.gentoo.org/glsa/201908-01", - "https://security.netapp.com/advisory/ntap-20190221-0004/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23932", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=beab453223769279cc1cef68a1622ab8978641f7" - ], - "PublishedDate": "2018-12-07T07:29:00Z", - "LastModifiedDate": "2019-08-03T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20002", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20002", - "Title": "binutils: memory leak in _bfd_generic_read_minisymbols function in syms.c", - "Description": "The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106142", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20002", - "https://security.gentoo.org/glsa/201908-01", - "https://security.netapp.com/advisory/ntap-20190221-0004/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23952", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c2f5dc30afa34696f2da0081c4ac50b958ecb0e9", - "https://support.f5.com/csp/article/K62602089" - ], - "PublishedDate": "2018-12-10T02:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20657", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20657", - "Title": "libiberty: Memory leak in demangle_template function resulting in a denial of service", - "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-20657.html", - "http://linux.oracle.com/errata/ELSA-2019-3352.html", - "http://www.securityfocus.com/bid/106444", - "https://access.redhat.com/errata/RHSA-2019:3352", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539", - "https://support.f5.com/csp/article/K62602089" - ], - "PublishedDate": "2019-01-02T14:29:00Z", - "LastModifiedDate": "2019-11-06T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6323", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6323", - "Title": "binutils: Integer overflow in elf_object_p function in elfcode.h", - "Description": "The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/102821", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6323", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22746", - "https://www.exploit-db.com/exploits/44035/" - ], - "PublishedDate": "2018-01-26T08:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6759", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6759", - "Title": "binutils: Unchecked strnlen in opncls.c:bfd_get_debug_link_info_1() can allow lead to denial of service", - "Description": "The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/103030", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6759", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22794" - ], - "PublishedDate": "2018-02-06T21:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6872", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6872", - "Title": "binutils: out of bounds read in elf_parse_notes function in elf.c file in libbfd library", - "Description": "The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/103103", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6872", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22788", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=ef135d4314fd4c2d7da66b9d7b59af4a85b0f7e6" - ], - "PublishedDate": "2018-02-09T06:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010204", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010204", - "Title": "binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service", - "Description": "GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125", - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "https://security.netapp.com/advisory/ntap-20190822-0001/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23765" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-08-22T07:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-14250", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14250", - "Title": "binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow", - "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/109354", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90924", - "https://gcc.gnu.org/ml/gcc-patches/2019-07/msg01003.html", - "https://security.netapp.com/advisory/ntap-20190822-0002/" - ], - "PublishedDate": "2019-07-24T04:15:00Z", - "LastModifiedDate": "2019-08-22T07:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17450", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17450", - "Title": "binutils: denial of service via crafted ELF file", - "Description": "find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-674" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "https://security.netapp.com/advisory/ntap-20191024-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=25078" - ], - "PublishedDate": "2019-10-10T17:15:00Z", - "LastModifiedDate": "2019-10-24T06:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17451", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17451", - "Title": "binutils: integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c", - "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", - "V3Score": 4.4 - } - }, - "References": [ - "https://security.netapp.com/advisory/ntap-20191024-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=25070", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=336bfbeb1848f4b9558456fdcf283ee8a32d7fd1" - ], - "PublishedDate": "2019-10-10T17:15:00Z", - "LastModifiedDate": "2019-10-24T06:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-3189", - "PkgName": "bzip2-libs", - "InstalledVersion": "1.0.6-13.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-3189", - "Title": "bzip2: heap use after free in bzip2recover", - "Description": "Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/06/20/1", - "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", - "http://www.securityfocus.com/bid/91297", - "http://www.securitytracker.com/id/1036132", - "https://bugzilla.redhat.com/show_bug.cgi?id=1319648", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3189", - "https://marc.info/?l=oss-security\u0026m=146642106322396\u0026w=2", - "https://security.gentoo.org/glsa/201708-08", - "https://usn.ubuntu.com/usn/usn-4038-1", - "https://usn.ubuntu.com/usn/usn-4038-2" - ], - "PublishedDate": "2016-06-30T17:59:00Z", - "LastModifiedDate": "2017-08-22T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-12900", - "PkgName": "bzip2-libs", - "InstalledVersion": "1.0.6-13.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12900", - "Title": "bzip2: out-of-bounds write in function BZ2_decompress", - "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", - "Severity": "LOW", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 4 - } - }, - "References": [ - "https://bugs.launchpad.net/ubuntu/+source/bzip2/+bug/1834494", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12900", - "https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html", - "https://usn.ubuntu.com/4038-1/", - "https://usn.ubuntu.com/4038-2/", - "https://usn.ubuntu.com/usn/usn-4038-1", - "https://usn.ubuntu.com/usn/usn-4038-2", - "https://usn.ubuntu.com/usn/usn-4038-3", - "https://usn.ubuntu.com/usn/usn-4038-4", - "https://usn.ubuntu.com/usn/usn-4146-1", - "https://usn.ubuntu.com/usn/usn-4146-2" - ], - "PublishedDate": "2019-06-19T23:15:00Z", - "LastModifiedDate": "2019-06-24T23:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2781", - "PkgName": "coreutils", - "InstalledVersion": "8.22-23.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2781", - "Title": "coreutils: Non-privileged session can escape to the parent session in chroot", - "Description": "chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", - "V2Score": 2.1, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 6.2, - "V3Score": 8.6 - } - }, - "References": [ - "http://seclists.org/oss-sec/2016/q1/452", - "http://www.openwall.com/lists/oss-security/2016/02/28/2", - "http://www.openwall.com/lists/oss-security/2016/02/28/3", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2781" - ], - "PublishedDate": "2017-02-07T15:59:00Z", - "LastModifiedDate": "2017-02-27T19:32:00Z" - }, - { - "VulnerabilityID": "CVE-2017-18018", - "PkgName": "coreutils", - "InstalledVersion": "8.22-23.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18018", - "Title": "coreutils: race condition vulnerability in chown and chgrp", - "Description": "In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX \"-R -L\" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-362" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 4.2 - } - }, - "References": [ - "http://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html" - ], - "PublishedDate": "2018-01-04T04:29:00Z", - "LastModifiedDate": "2018-01-19T15:46:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9471", - "PkgName": "coreutils", - "InstalledVersion": "8.22-23.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9471", - "Title": "coreutils: memory corruption flaw in parse_datetime()", - "Description": "The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the \"--date=TZ=\"123\"345\" @1\" string to the touch or date command.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2015-0029.html", - "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16872", - "http://debbugs.gnu.org/cgi/bugreport.cgi?msg=11;filename=date-tz-crash.patch;att=1;bug=16872", - "http://debbugs.gnu.org/cgi/bugreport.cgi?msg=19;filename=coreutils-date-crash.patch;att=1;bug=16872", - "http://secunia.com/advisories/62226", - "http://ubuntu.com/usn/usn-2473-1", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:179", - "http://www.openwall.com/lists/oss-security/2014/11/25/1", - "http://www.openwall.com/lists/oss-security/2014/11/25/4", - "http://www.openwall.com/lists/oss-security/2015/01/03/11", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766147", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9471", - "https://security.gentoo.org/glsa/201612-22", - "https://usn.ubuntu.com/usn/usn-2473-1" - ], - "PublishedDate": "2015-01-16T16:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-4041", - "PkgName": "coreutils", - "InstalledVersion": "8.22-23.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-4041", - "Title": "coreutils: heap buffer overflow in sort(1) keycompare_mb()", - "Description": "The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings.", - "Severity": "LOW", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2015/05/15/1", - "https://bugzilla.suse.com/show_bug.cgi?id=928749", - "https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940" - ], - "PublishedDate": "2020-01-24T17:15:00Z", - "LastModifiedDate": "2020-02-01T17:33:00Z" - }, - { - "VulnerabilityID": "CVE-2015-4042", - "PkgName": "coreutils", - "InstalledVersion": "8.22-23.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-4042", - "Title": "coreutils: possible buffer overflow in keycompare_mb()", - "Description": "Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2015/05/15/1", - "https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940" - ], - "PublishedDate": "2020-01-24T17:15:00Z", - "LastModifiedDate": "2020-02-01T17:33:00Z" - }, - { - "VulnerabilityID": "CVE-2019-14866", - "PkgName": "cpio", - "InstalledVersion": "2.11-27.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14866", - "Title": "cpio: improper input validation when writing tar header fields leads to unexpect tar generation", - "Description": "In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have access to. Extracting those archives from a high-privilege user without carefully reviewing them may lead to the compromise of the system.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", - "V2Score": 6.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 6.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14866", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14866", - "https://lists.gnu.org/archive/html/bug-cpio/2019-08/msg00003.html", - "https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00000.html", - "https://usn.ubuntu.com/usn/usn-4176-1" - ], - "PublishedDate": "2020-01-07T17:15:00Z", - "LastModifiedDate": "2020-01-10T14:27:00Z" - }, - { - "VulnerabilityID": "CVE-2015-1197", - "PkgName": "cpio", - "InstalledVersion": "2.11-27.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1197", - "Title": "cpio: directory traversal through symlinks", - "Description": "cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 1.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2015-0080.html", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:066", - "http://www.openwall.com/lists/oss-security/2015/01/07/5", - "http://www.openwall.com/lists/oss-security/2015/01/18/7", - "http://www.securityfocus.com/bid/71914", - "http://www.ubuntu.com/usn/USN-2906-1", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774669", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1197", - "https://lists.gnu.org/archive/html/bug-cpio/2015-01/msg00000.html", - "https://usn.ubuntu.com/usn/usn-2906-1" - ], - "PublishedDate": "2015-02-19T15:59:00Z", - "LastModifiedDate": "2016-12-06T02:59:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2037", - "PkgName": "cpio", - "InstalledVersion": "2.11-27.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2037", - "Title": "cpio: out of bounds write", - "Description": "The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V2Score": 4.3, - "V3Score": 4.3 - } - }, - "References": [ - "http://www.debian.org/security/2016/dsa-3483", - "http://www.openwall.com/lists/oss-security/2016/01/19/4", - "http://www.openwall.com/lists/oss-security/2016/01/22/4", - "http://www.securityfocus.com/bid/82293", - "http://www.securitytracker.com/id/1035067", - "http://www.ubuntu.com/usn/USN-2906-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2037", - "https://usn.ubuntu.com/usn/usn-2906-1" - ], - "PublishedDate": "2016-02-22T15:59:00Z", - "LastModifiedDate": "2016-12-06T03:07:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6318", - "PkgName": "cracklib", - "InstalledVersion": "2.9.0-11.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6318", - "Title": "cracklib: Stack-based buffer overflow when parsing large GECOS field", - "Description": "Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V2Score": 1.9, - "V3Score": 4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00122.html", - "http://seclists.org/oss-sec/2016/q3/290", - "http://www.openwall.com/lists/oss-security/2016/08/16/2", - "http://www.securityfocus.com/bid/92478", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6318", - "https://security.gentoo.org/glsa/201612-25" - ], - "PublishedDate": "2016-09-07T19:28:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6318", - "PkgName": "cracklib-dicts", - "InstalledVersion": "2.9.0-11.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6318", - "Title": "cracklib: Stack-based buffer overflow when parsing large GECOS field", - "Description": "Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V2Score": 1.9, - "V3Score": 4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00122.html", - "http://seclists.org/oss-sec/2016/q3/290", - "http://www.openwall.com/lists/oss-security/2016/08/16/2", - "http://www.securityfocus.com/bid/92478", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6318", - "https://security.gentoo.org/glsa/201612-25" - ], - "PublishedDate": "2016-09-07T19:28:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2015-3153", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-3153", - "Title": "curl: sensitive HTTP server headers also sent to proxies", - "Description": "The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://curl.haxx.se/docs/adv_20150429.html", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743", - "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", - "http://lists.opensuse.org/opensuse-updates/2015-05/msg00017.html", - "http://www.debian.org/security/2015/dsa-3240", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", - "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", - "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "http://www.securityfocus.com/bid/74408", - "http://www.securitytracker.com/id/1032233", - "http://www.ubuntu.com/usn/USN-2591-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3153", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10131", - "https://support.apple.com/kb/HT205031", - "https://usn.ubuntu.com/usn/usn-2591-1" - ], - "PublishedDate": "2015-05-01T15:59:00Z", - "LastModifiedDate": "2018-10-17T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8615", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8615", - "Title": "curl: Cookie injection for other servers", - "Description": "A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8615.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94096", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8615", - "https://curl.haxx.se/CVE-2016-8615.patch", - "https://curl.haxx.se/docs/adv_20161102A.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8617", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8617", - "Title": "curl: Out-of-bounds write via unchecked multiplication", - "Description": "The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.4, - "V3Score": 7 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8617.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94097", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8617", - "https://curl.haxx.se/CVE-2016-8617.patch", - "https://curl.haxx.se/docs/adv_20161102C.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T22:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8618", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8618", - "Title": "curl: Double-free in curl_maprintf", - "Description": "The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8618.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94098", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8618", - "https://curl.haxx.se/docs/adv_20161102D.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T21:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8619", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8619", - "Title": "curl: Double-free in krb5 code", - "Description": "The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8619.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94100", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8619", - "https://curl.haxx.se/CVE-2016-8619.patch", - "https://curl.haxx.se/docs/adv_20161102E.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8624", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8624", - "Title": "curl: Invalid URL parsing with '#'", - "Description": "curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8624.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94103", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8624", - "https://curl.haxx.se/docs/adv_20161102J.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T21:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8625", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8625", - "Title": "curl: IDNA 2003 makes curl use wrong host", - "Description": "curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8625.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.securityfocus.com/bid/94107", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8625", - "https://curl.haxx.se/CVE-2016-8625.patch", - "https://curl.haxx.se/docs/adv_20161102K.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8625", - "https://security.gentoo.org/glsa/201701-47", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2017-1000254", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000254", - "Title": "curl: FTP PWD response parser out of bounds read", - "Description": "libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3992", - "http://www.securityfocus.com/bid/101115", - "http://www.securitytracker.com/id/1039509", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/673d0cd8.patch", - "https://curl.haxx.se/docs/adv_20171004.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000254", - "https://security.gentoo.org/glsa/201712-04", - "https://support.apple.com/HT208331", - "https://usn.ubuntu.com/usn/usn-3441-1", - "https://usn.ubuntu.com/usn/usn-3441-2" - ], - "PublishedDate": "2017-10-06T13:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8817", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8817", - "Title": "curl: FTP wildcard out of bounds read", - "Description": "The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", - "V3Score": 3.1 - } - }, - "References": [ - "http://security.cucumberlinux.com/security/details.php?id=162", - "http://www.securityfocus.com/bid/102057", - "http://www.securitytracker.com/id/1039897", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/docs/adv_2017-ae72.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8817", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00040.html", - "https://security.gentoo.org/glsa/201712-04", - "https://usn.ubuntu.com/usn/usn-3498-1", - "https://usn.ubuntu.com/usn/usn-3498-2", - "https://www.debian.org/security/2017/dsa-4051" - ], - "PublishedDate": "2017-11-29T18:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20483", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20483", - "Title": "wget: Information exposure in set_file_metadata function in xattr.c", - "Description": "set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 2.1, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V3Score": 5.5 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/wget.git/tree/NEWS", - "http://linux.oracle.com/cve/CVE-2018-20483.html", - "http://linux.oracle.com/errata/ELSA-2019-3701.html", - "http://www.securityfocus.com/bid/106358", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20483", - "https://security.gentoo.org/glsa/201903-08", - "https://security.netapp.com/advisory/ntap-20190321-0002/", - "https://twitter.com/marcan42/status/1077676739877232640", - "https://usn.ubuntu.com/3943-1/", - "https://usn.ubuntu.com/usn/usn-3943-1" - ], - "PublishedDate": "2018-12-26T18:29:00Z", - "LastModifiedDate": "2019-04-09T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5482", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5482", - "Title": "curl: heap buffer overflow in function tftp_receive_packet()", - "Description": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-120" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 6.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", - "https://curl.haxx.se/docs/CVE-2019-5482.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", - "https://usn.ubuntu.com/usn/usn-4129-1", - "https://usn.ubuntu.com/usn/usn-4129-2" - ], - "PublishedDate": "2019-09-16T19:15:00Z", - "LastModifiedDate": "2019-09-18T00:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-0755", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-0755", - "Title": "curl: NTLM credentials not-checked for proxy connection re-use", - "Description": "The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.", - "Severity": "LOW", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 5, - "V3Score": 7.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", - "V2Score": 4 - } - }, - "References": [ - "http://curl.haxx.se/docs/adv_20160127A.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176546.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177342.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177383.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176413.html", - "http://lists.opensuse.org/opensuse-updates/2016-02/msg00031.html", - "http://lists.opensuse.org/opensuse-updates/2016-02/msg00044.html", - "http://lists.opensuse.org/opensuse-updates/2016-02/msg00047.html", - "http://packetstormsecurity.com/files/135695/Slackware-Security-Advisory-curl-Updates.html", - "http://www.debian.org/security/2016/dsa-3455", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/82307", - "http://www.securitytracker.com/id/1034882", - "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.519965", - "http://www.ubuntu.com/usn/USN-2882-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0755", - "https://security.gentoo.org/glsa/201701-47", - "https://support.apple.com/HT207170", - "https://usn.ubuntu.com/usn/usn-2882-1" - ], - "PublishedDate": "2016-01-29T20:59:00Z", - "LastModifiedDate": "2018-10-17T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8616", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8616", - "Title": "curl: Case insensitive password comparison", - "Description": "A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.", - "Severity": "LOW", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 2.6, - "V3Score": 3.7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8616.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94094", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8616", - "https://curl.haxx.se/CVE-2016-8616.patch", - "https://curl.haxx.se/docs/adv_20161102B.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8621", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8621", - "Title": "curl: curl_getdate out-of-bounds read", - "Description": "The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8621.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94101", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8621", - "https://curl.haxx.se/CVE-2016-8621.patch", - "https://curl.haxx.se/docs/adv_20161102G.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T22:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8622", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8622", - "Title": "curl: URL unescape heap overflow via integer truncation", - "Description": "The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer.", - "Severity": "LOW", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 2.6, - "V3Score": 3.7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8622.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94105", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8622", - "https://curl.haxx.se/docs/adv_20161102H.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T21:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8623", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8623", - "Title": "curl: Use-after-free via shared cookies", - "Description": "A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8623.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94106", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8623", - "https://curl.haxx.se/CVE-2016-8623.patch", - "https://curl.haxx.se/docs/adv_20161102I.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9586", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9586", - "Title": "curl: printf floating point buffer overflow", - "Description": "curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 2.6, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/95019", - "http://www.securitytracker.com/id/1037515", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9586", - "https://curl.haxx.se/docs/adv_20161221A.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9586", - "https://github.com/curl/curl/commit/curl-7_51_0-162-g3ab3c16", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3441-1", - "https://usn.ubuntu.com/usn/usn-3441-2" - ], - "PublishedDate": "2018-04-23T18:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-1000100", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000100", - "Title": "curl: TFTP sends more than buffer size", - "Description": "When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 4.8 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3992", - "http://www.securityfocus.com/bid/100286", - "http://www.securitytracker.com/id/1039118", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/docs/adv_20170809B.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000100", - "https://security.gentoo.org/glsa/201709-14", - "https://support.apple.com/HT208221", - "https://usn.ubuntu.com/usn/usn-3441-1", - "https://usn.ubuntu.com/usn/usn-3441-2" - ], - "PublishedDate": "2017-10-05T01:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7407", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7407", - "Title": "curl: --write-out out of bounds read", - "Description": "The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 2.1, - "V3Score": 2.4 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", - "V3Score": 1.8 - } - }, - "References": [ - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/docs/adv_20170403.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7407", - "https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13", - "https://security.gentoo.org/glsa/201709-14", - "https://usn.ubuntu.com/usn/usn-3441-1", - "https://usn.ubuntu.com/usn/usn-3441-2" - ], - "PublishedDate": "2017-04-03T20:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-14618", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "FixedVersion": "7.29.0-51.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14618", - "Title": "curl: NTLM password overflow via integer overflow", - "Description": "curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 10, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-14618.html", - "http://linux.oracle.com/errata/ELSA-2019-1880.html", - "http://www.securitytracker.com/id/1041605", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618", - "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf", - "https://curl.haxx.se/docs/CVE-2018-14618.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14618", - "https://github.com/curl/curl/issues/2756", - "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0014", - "https://security.gentoo.org/glsa/201903-03", - "https://usn.ubuntu.com/3765-1/", - "https://usn.ubuntu.com/3765-2/", - "https://usn.ubuntu.com/usn/usn-3765-1", - "https://usn.ubuntu.com/usn/usn-3765-2", - "https://www.debian.org/security/2018/dsa-4286" - ], - "PublishedDate": "2018-09-05T19:29:00Z", - "LastModifiedDate": "2019-04-22T17:48:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16842", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "FixedVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16842", - "Title": "curl: Heap-based buffer over-read in the curl tool warning formatting", - "Description": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16842.html", - "http://linux.oracle.com/errata/ELSA-2019-2181.html", - "http://www.securitytracker.com/id/1042014", - "https://access.redhat.com/errata/RHSA-2019:2181", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842", - "https://curl.haxx.se/docs/CVE-2018-16842.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16842", - "https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", - "https://security.gentoo.org/glsa/201903-03", - "https://usn.ubuntu.com/3805-1/", - "https://usn.ubuntu.com/3805-2/", - "https://usn.ubuntu.com/usn/usn-3805-1", - "https://usn.ubuntu.com/usn/usn-3805-2", - "https://www.debian.org/security/2018/dsa-4331" - ], - "PublishedDate": "2018-10-31T19:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5436", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5436", - "Title": "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function", - "Description": "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html", - "https://curl.haxx.se/docs/CVE-2019-5436.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/", - "https://security.netapp.com/advisory/ntap-20190606-0004/", - "https://usn.ubuntu.com/usn/usn-3993-1", - "https://usn.ubuntu.com/usn/usn-3993-2" - ], - "PublishedDate": "2019-05-28T19:29:00Z", - "LastModifiedDate": "2019-06-09T05:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19906", - "PkgName": "cyrus-sasl-lib", - "InstalledVersion": "2.1.26-23.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19906", - "Title": "cyrus-sasl: denial of service in _sasl_add_string function", - "Description": "cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19906", - "https://github.com/cyrusimap/cyrus-sasl/issues/587", - "https://lists.debian.org/debian-lts-announce/2019/12/msg00027.html", - "https://seclists.org/bugtraq/2019/Dec/42", - "https://usn.ubuntu.com/4256-1/", - "https://usn.ubuntu.com/usn/usn-4256-1", - "https://www.debian.org/security/2019/dsa-4591", - "https://www.openldap.org/its/index.cgi/Incoming?id=9123" - ], - "PublishedDate": "2019-12-19T18:15:00Z", - "LastModifiedDate": "2020-01-30T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-12749", - "PkgName": "dbus", - "InstalledVersion": "1:1.10.24-12.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12749", - "Title": "dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass", - "Description": "dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", - "V2Score": 3.6, - "V3Score": 7.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-12749.html", - "http://linux.oracle.com/errata/ELSA-2019-3707.html", - "http://www.openwall.com/lists/oss-security/2019/06/11/2", - "http://www.securityfocus.com/bid/108751", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12749", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00005.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2CQF37O73VH2JDVX2ILX2KD2KLXLQOU/", - "https://seclists.org/bugtraq/2019/Jun/16", - "https://usn.ubuntu.com/4015-1/", - "https://usn.ubuntu.com/4015-2/", - "https://usn.ubuntu.com/usn/usn-4015-1", - "https://usn.ubuntu.com/usn/usn-4015-2", - "https://www.debian.org/security/2019/dsa-4462", - "https://www.openwall.com/lists/oss-security/2019/06/11/2" - ], - "PublishedDate": "2019-06-11T17:29:00Z", - "LastModifiedDate": "2019-06-14T14:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3477", - "PkgName": "dbus", - "InstalledVersion": "1:1.10.24-12.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3477", - "Title": "dbus: denial of service flaw in dbus-daemon", - "Description": "The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P", - "V2Score": 3.6 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0266.html", - "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8\u0026id=24c590703ca47eb71ddef453de43126b90954567", - "http://lists.opensuse.org/opensuse-updates/2014-06/msg00042.html", - "http://lists.opensuse.org/opensuse-updates/2014-07/msg00012.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://seclists.org/oss-sec/2014/q2/509", - "http://secunia.com/advisories/59428", - "http://secunia.com/advisories/59611", - "http://secunia.com/advisories/59798", - "http://www.debian.org/security/2014/dsa-2971", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.securityfocus.com/bid/67986", - "https://bugs.freedesktop.org/show_bug.cgi?id=78979", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3477", - "https://usn.ubuntu.com/usn/usn-2275-1" - ], - "PublishedDate": "2014-07-01T17:55:00Z", - "LastModifiedDate": "2015-04-15T02:00:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3532", - "PkgName": "dbus", - "InstalledVersion": "1:1.10.24-12.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3532", - "Title": "dbus: denial of service in file descriptor passing feature", - "Description": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0294.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://openwall.com/lists/oss-security/2014/07/02/4", - "http://secunia.com/advisories/59611", - "http://secunia.com/advisories/59798", - "http://secunia.com/advisories/60236", - "http://www.debian.org/security/2014/dsa-2971", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", - "https://bugs.freedesktop.org/show_bug.cgi?id=80163", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3532", - "https://usn.ubuntu.com/usn/usn-2275-1" - ], - "PublishedDate": "2014-07-19T19:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3533", - "PkgName": "dbus", - "InstalledVersion": "1:1.10.24-12.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3533", - "Title": "dbus: denial of service when forwarding invalid file descriptors", - "Description": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0294.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://openwall.com/lists/oss-security/2014/07/02/4", - "http://secunia.com/advisories/59611", - "http://secunia.com/advisories/59798", - "http://secunia.com/advisories/60236", - "http://www.debian.org/security/2014/dsa-2971", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", - "https://bugs.freedesktop.org/show_bug.cgi?id=79694", - "https://bugs.freedesktop.org/show_bug.cgi?id=80469", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3533", - "https://usn.ubuntu.com/usn/usn-2275-1" - ], - "PublishedDate": "2014-07-19T19:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3635", - "PkgName": "dbus", - "InstalledVersion": "1:1.10.24-12.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3635", - "Title": "dbus: heap-based buffer overflow flaw in file descriptor passing", - "Description": "Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 4.4 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0395.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://secunia.com/advisories/61378", - "http://www.debian.org/security/2014/dsa-3026", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2014/09/16/9", - "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "http://www.securitytracker.com/id/1030864", - "http://www.ubuntu.com/usn/USN-2352-1", - "https://bugs.freedesktop.org/show_bug.cgi?id=83622", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3635", - "https://usn.ubuntu.com/usn/usn-2352-1" - ], - "PublishedDate": "2014-09-22T15:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3636", - "PkgName": "dbus", - "InstalledVersion": "1:1.10.24-12.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3636", - "Title": "dbus: denial of service by queuing or splitting file descriptors", - "Description": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0395.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://secunia.com/advisories/61378", - "http://www.debian.org/security/2014/dsa-3026", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2014/09/16/9", - "http://www.securitytracker.com/id/1030864", - "http://www.ubuntu.com/usn/USN-2352-1", - "https://bugs.freedesktop.org/show_bug.cgi?id=82820", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3636", - "https://usn.ubuntu.com/usn/usn-2352-1" - ], - "PublishedDate": "2014-10-25T20:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3637", - "PkgName": "dbus", - "InstalledVersion": "1:1.10.24-12.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3637", - "Title": "dbus: denial of service by creating unkillable D-Bus connections", - "Description": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.", - "Severity": "LOW", - "CweIDs": [ - "CWE-17" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0395.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://secunia.com/advisories/61378", - "http://www.debian.org/security/2014/dsa-3026", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2014/09/16/9", - "http://www.openwall.com/lists/oss-security/2019/06/24/13", - "http://www.openwall.com/lists/oss-security/2019/06/24/14", - "http://www.securitytracker.com/id/1030864", - "http://www.ubuntu.com/usn/USN-2352-1", - "https://bugs.freedesktop.org/show_bug.cgi?id=80559", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3637", - "https://usn.ubuntu.com/usn/usn-2352-1" - ], - "PublishedDate": "2014-09-22T15:55:00Z", - "LastModifiedDate": "2019-06-24T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3638", - "PkgName": "dbus", - "InstalledVersion": "1:1.10.24-12.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3638", - "Title": "dbus: denial of service in method call handling", - "Description": "The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0395.html", - "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://secunia.com/advisories/61378", - "http://secunia.com/advisories/61431", - "http://www.debian.org/security/2014/dsa-3026", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2014/09/16/9", - "http://www.securitytracker.com/id/1030864", - "http://www.ubuntu.com/usn/USN-2352-1", - "https://bugs.freedesktop.org/show_bug.cgi?id=81053", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3638", - "https://usn.ubuntu.com/usn/usn-2352-1" - ], - "PublishedDate": "2014-09-22T15:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3639", - "PkgName": "dbus", - "InstalledVersion": "1:1.10.24-12.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3639", - "Title": "dbus: denial of service flaw in incomplete connection handling", - "Description": "The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0395.html", - "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://secunia.com/advisories/61378", - "http://secunia.com/advisories/61431", - "http://www.debian.org/security/2014/dsa-3026", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2014/09/16/9", - "http://www.securitytracker.com/id/1030864", - "http://www.ubuntu.com/usn/USN-2352-1", - "https://bugs.freedesktop.org/show_bug.cgi?id=80919", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3639", - "https://usn.ubuntu.com/usn/usn-2352-1" - ], - "PublishedDate": "2014-09-22T15:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2015-0245", - "PkgName": "dbus", - "InstalledVersion": "1:1.10.24-12.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-0245", - "Title": "dbus: denial of service in dbus systemd activation", - "Description": "D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds.", - "Severity": "LOW", - "CweIDs": [ - "CWE-362" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2015-0071.html", - "http://lists.opensuse.org/opensuse-updates/2015-02/msg00066.html", - "http://www.debian.org/security/2015/dsa-3161", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2015/02/09/6", - "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0245", - "https://usn.ubuntu.com/usn/usn-3116-1" - ], - "PublishedDate": "2015-02-13T15:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2019-12749", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.10.24-12.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12749", - "Title": "dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass", - "Description": "dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", - "V2Score": 3.6, - "V3Score": 7.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-12749.html", - "http://linux.oracle.com/errata/ELSA-2019-3707.html", - "http://www.openwall.com/lists/oss-security/2019/06/11/2", - "http://www.securityfocus.com/bid/108751", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12749", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00005.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2CQF37O73VH2JDVX2ILX2KD2KLXLQOU/", - "https://seclists.org/bugtraq/2019/Jun/16", - "https://usn.ubuntu.com/4015-1/", - "https://usn.ubuntu.com/4015-2/", - "https://usn.ubuntu.com/usn/usn-4015-1", - "https://usn.ubuntu.com/usn/usn-4015-2", - "https://www.debian.org/security/2019/dsa-4462", - "https://www.openwall.com/lists/oss-security/2019/06/11/2" - ], - "PublishedDate": "2019-06-11T17:29:00Z", - "LastModifiedDate": "2019-06-14T14:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3477", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.10.24-12.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3477", - "Title": "dbus: denial of service flaw in dbus-daemon", - "Description": "The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P", - "V2Score": 3.6 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0266.html", - "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8\u0026id=24c590703ca47eb71ddef453de43126b90954567", - "http://lists.opensuse.org/opensuse-updates/2014-06/msg00042.html", - "http://lists.opensuse.org/opensuse-updates/2014-07/msg00012.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://seclists.org/oss-sec/2014/q2/509", - "http://secunia.com/advisories/59428", - "http://secunia.com/advisories/59611", - "http://secunia.com/advisories/59798", - "http://www.debian.org/security/2014/dsa-2971", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.securityfocus.com/bid/67986", - "https://bugs.freedesktop.org/show_bug.cgi?id=78979", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3477", - "https://usn.ubuntu.com/usn/usn-2275-1" - ], - "PublishedDate": "2014-07-01T17:55:00Z", - "LastModifiedDate": "2015-04-15T02:00:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3532", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.10.24-12.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3532", - "Title": "dbus: denial of service in file descriptor passing feature", - "Description": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0294.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://openwall.com/lists/oss-security/2014/07/02/4", - "http://secunia.com/advisories/59611", - "http://secunia.com/advisories/59798", - "http://secunia.com/advisories/60236", - "http://www.debian.org/security/2014/dsa-2971", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", - "https://bugs.freedesktop.org/show_bug.cgi?id=80163", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3532", - "https://usn.ubuntu.com/usn/usn-2275-1" - ], - "PublishedDate": "2014-07-19T19:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3533", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.10.24-12.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3533", - "Title": "dbus: denial of service when forwarding invalid file descriptors", - "Description": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0294.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://openwall.com/lists/oss-security/2014/07/02/4", - "http://secunia.com/advisories/59611", - "http://secunia.com/advisories/59798", - "http://secunia.com/advisories/60236", - "http://www.debian.org/security/2014/dsa-2971", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", - "https://bugs.freedesktop.org/show_bug.cgi?id=79694", - "https://bugs.freedesktop.org/show_bug.cgi?id=80469", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3533", - "https://usn.ubuntu.com/usn/usn-2275-1" - ], - "PublishedDate": "2014-07-19T19:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3635", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.10.24-12.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3635", - "Title": "dbus: heap-based buffer overflow flaw in file descriptor passing", - "Description": "Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 4.4 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0395.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://secunia.com/advisories/61378", - "http://www.debian.org/security/2014/dsa-3026", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2014/09/16/9", - "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "http://www.securitytracker.com/id/1030864", - "http://www.ubuntu.com/usn/USN-2352-1", - "https://bugs.freedesktop.org/show_bug.cgi?id=83622", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3635", - "https://usn.ubuntu.com/usn/usn-2352-1" - ], - "PublishedDate": "2014-09-22T15:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3636", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.10.24-12.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3636", - "Title": "dbus: denial of service by queuing or splitting file descriptors", - "Description": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0395.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://secunia.com/advisories/61378", - "http://www.debian.org/security/2014/dsa-3026", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2014/09/16/9", - "http://www.securitytracker.com/id/1030864", - "http://www.ubuntu.com/usn/USN-2352-1", - "https://bugs.freedesktop.org/show_bug.cgi?id=82820", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3636", - "https://usn.ubuntu.com/usn/usn-2352-1" - ], - "PublishedDate": "2014-10-25T20:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3637", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.10.24-12.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3637", - "Title": "dbus: denial of service by creating unkillable D-Bus connections", - "Description": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.", - "Severity": "LOW", - "CweIDs": [ - "CWE-17" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0395.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://secunia.com/advisories/61378", - "http://www.debian.org/security/2014/dsa-3026", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2014/09/16/9", - "http://www.openwall.com/lists/oss-security/2019/06/24/13", - "http://www.openwall.com/lists/oss-security/2019/06/24/14", - "http://www.securitytracker.com/id/1030864", - "http://www.ubuntu.com/usn/USN-2352-1", - "https://bugs.freedesktop.org/show_bug.cgi?id=80559", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3637", - "https://usn.ubuntu.com/usn/usn-2352-1" - ], - "PublishedDate": "2014-09-22T15:55:00Z", - "LastModifiedDate": "2019-06-24T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3638", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.10.24-12.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3638", - "Title": "dbus: denial of service in method call handling", - "Description": "The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0395.html", - "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://secunia.com/advisories/61378", - "http://secunia.com/advisories/61431", - "http://www.debian.org/security/2014/dsa-3026", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2014/09/16/9", - "http://www.securitytracker.com/id/1030864", - "http://www.ubuntu.com/usn/USN-2352-1", - "https://bugs.freedesktop.org/show_bug.cgi?id=81053", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3638", - "https://usn.ubuntu.com/usn/usn-2352-1" - ], - "PublishedDate": "2014-09-22T15:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3639", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.10.24-12.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3639", - "Title": "dbus: denial of service flaw in incomplete connection handling", - "Description": "The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0395.html", - "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://secunia.com/advisories/61378", - "http://secunia.com/advisories/61431", - "http://www.debian.org/security/2014/dsa-3026", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2014/09/16/9", - "http://www.securitytracker.com/id/1030864", - "http://www.ubuntu.com/usn/USN-2352-1", - "https://bugs.freedesktop.org/show_bug.cgi?id=80919", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3639", - "https://usn.ubuntu.com/usn/usn-2352-1" - ], - "PublishedDate": "2014-09-22T15:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2015-0245", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.10.24-12.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-0245", - "Title": "dbus: denial of service in dbus systemd activation", - "Description": "D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds.", - "Severity": "LOW", - "CweIDs": [ - "CWE-362" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2015-0071.html", - "http://lists.opensuse.org/opensuse-updates/2015-02/msg00066.html", - "http://www.debian.org/security/2015/dsa-3161", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2015/02/09/6", - "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0245", - "https://usn.ubuntu.com/usn/usn-3116-1" - ], - "PublishedDate": "2015-02-13T15:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4484", - "PkgName": "dracut", - "InstalledVersion": "033-554.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4484", - "Title": "dracut: Brute force attack on LUKS password decryption via initramfs", - "Description": "The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 6.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 6.8 - } - }, - "References": [ - "http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html", - "http://www.openwall.com/lists/oss-security/2016/11/14/13", - "http://www.openwall.com/lists/oss-security/2016/11/15/1", - "http://www.openwall.com/lists/oss-security/2016/11/15/4", - "http://www.openwall.com/lists/oss-security/2016/11/16/6", - "http://www.securityfocus.com/bid/94315", - "https://access.redhat.com/articles/2786581", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4484", - "https://gitlab.com/cryptsetup/cryptsetup/commit/ef8a7d82d8d3716ae9b58179590f7908981fa0cb" - ], - "PublishedDate": "2017-01-23T21:59:00Z", - "LastModifiedDate": "2017-01-26T02:59:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10254", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10254", - "Title": "elfutils: Memory allocation failure in allocate_elf", - "Description": "The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/03/22/2", - "https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-allocate_elf-common-h/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10254", - "https://lists.fedorahosted.org/archives/list/elfutils-devel@lists.fedorahosted.org/message/EJWVY7TMRDEMWPAPNVU3V4MZYG5HANF2/", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-03-23T16:59:00Z", - "LastModifiedDate": "2018-06-07T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10255", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10255", - "Title": "elfutils: Memory allocation failure in __libelf_set_rawdata_wrlock (elf_getdata.c)", - "Description": "The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/03/22/1", - "https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-__libelf_set_rawdata_wrlock-elf_getdata-c/", - "https://bugzilla.redhat.com/show_bug.cgi?id=1387584", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10255", - "https://lists.fedorahosted.org/archives/list/elfutils-devel@lists.fedorahosted.org/thread/Q4LE47FPEVRZANMV6JE2NMHYO4H5MHGJ/", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-03-23T16:59:00Z", - "LastModifiedDate": "2018-06-07T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7607", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7607", - "Title": "elfutils: Heap-buffer overflow in the handle_gnu_hash function", - "Description": "The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "http://www.securityfocus.com/bid/98608", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7607", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7608", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7608", - "Title": "elfutils: Heap-buffer overflow in the ebl_object_note_type_name function", - "Description": "The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "http://www.securityfocus.com/bid/98609", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7608", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7609", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7609", - "Title": "elfutils: Memory allocation failure in elf_compress.c", - "Description": "elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7609", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2018-06-07T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7610", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7610", - "Title": "elfutils: Heap-buffer overflow in the check_group function", - "Description": "The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7610", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7611", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7611", - "Title": "elfutils: Heap-buffer overflow in the check_symtab_shndx function", - "Description": "The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7611", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7612", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7612", - "Title": "elfutils: Heap-buffer overflow in the check_sysv_hash function", - "Description": "The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7612", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7613", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7613", - "Title": "elfutils: elflint.c does not validate the number of sections and segments", - "Description": "elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7613", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-06-20T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16062", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16062", - "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file", - "Description": "dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16062.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23541", - "https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-08-29T03:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16402", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16402", - "Title": "elfutils: Double-free due to double decompression of sections in crafted ELF causes crash", - "Description": "libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.", - "Severity": "LOW", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16402.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16402", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23528", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-09-03T19:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16403", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16403", - "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash", - "Description": "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16403.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16403", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23529", - "https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-09-03T19:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18310", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18310", - "Title": "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl", - "Description": "An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18310.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23752", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-15T02:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18520", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18520", - "Title": "elfutils: eu-size cannot handle recursive ar files", - "Description": "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18520.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23787", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-19T17:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18521", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18521", - "Title": "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c", - "Description": "Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.", - "Severity": "LOW", - "CweIDs": [ - "CWE-369" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18521.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23786", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-19T17:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7149", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7149", - "Title": "elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw", - "Description": "A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7149.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7149", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24102", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-01-29T00:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7150", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7150", - "Title": "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c", - "Description": "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7150.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24103", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-01-29T00:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7664", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7664", - "Title": "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h", - "Description": "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7664.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24084" - ], - "PublishedDate": "2019-02-09T16:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7665", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7665", - "Title": "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c", - "Description": "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7665.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24089", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-02-09T16:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10254", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10254", - "Title": "elfutils: Memory allocation failure in allocate_elf", - "Description": "The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/03/22/2", - "https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-allocate_elf-common-h/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10254", - "https://lists.fedorahosted.org/archives/list/elfutils-devel@lists.fedorahosted.org/message/EJWVY7TMRDEMWPAPNVU3V4MZYG5HANF2/", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-03-23T16:59:00Z", - "LastModifiedDate": "2018-06-07T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10255", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10255", - "Title": "elfutils: Memory allocation failure in __libelf_set_rawdata_wrlock (elf_getdata.c)", - "Description": "The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/03/22/1", - "https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-__libelf_set_rawdata_wrlock-elf_getdata-c/", - "https://bugzilla.redhat.com/show_bug.cgi?id=1387584", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10255", - "https://lists.fedorahosted.org/archives/list/elfutils-devel@lists.fedorahosted.org/thread/Q4LE47FPEVRZANMV6JE2NMHYO4H5MHGJ/", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-03-23T16:59:00Z", - "LastModifiedDate": "2018-06-07T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7607", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7607", - "Title": "elfutils: Heap-buffer overflow in the handle_gnu_hash function", - "Description": "The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "http://www.securityfocus.com/bid/98608", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7607", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7608", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7608", - "Title": "elfutils: Heap-buffer overflow in the ebl_object_note_type_name function", - "Description": "The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "http://www.securityfocus.com/bid/98609", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7608", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7609", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7609", - "Title": "elfutils: Memory allocation failure in elf_compress.c", - "Description": "elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7609", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2018-06-07T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7610", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7610", - "Title": "elfutils: Heap-buffer overflow in the check_group function", - "Description": "The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7610", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7611", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7611", - "Title": "elfutils: Heap-buffer overflow in the check_symtab_shndx function", - "Description": "The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7611", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7612", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7612", - "Title": "elfutils: Heap-buffer overflow in the check_sysv_hash function", - "Description": "The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7612", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7613", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7613", - "Title": "elfutils: elflint.c does not validate the number of sections and segments", - "Description": "elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7613", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-06-20T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16062", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16062", - "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file", - "Description": "dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16062.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23541", - "https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-08-29T03:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16402", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16402", - "Title": "elfutils: Double-free due to double decompression of sections in crafted ELF causes crash", - "Description": "libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.", - "Severity": "LOW", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16402.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16402", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23528", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-09-03T19:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16403", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16403", - "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash", - "Description": "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16403.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16403", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23529", - "https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-09-03T19:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18310", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18310", - "Title": "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl", - "Description": "An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18310.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23752", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-15T02:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18520", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18520", - "Title": "elfutils: eu-size cannot handle recursive ar files", - "Description": "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18520.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23787", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-19T17:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18521", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18521", - "Title": "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c", - "Description": "Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.", - "Severity": "LOW", - "CweIDs": [ - "CWE-369" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18521.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23786", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-19T17:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7149", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7149", - "Title": "elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw", - "Description": "A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7149.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7149", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24102", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-01-29T00:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7150", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7150", - "Title": "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c", - "Description": "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7150.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24103", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-01-29T00:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7664", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7664", - "Title": "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h", - "Description": "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7664.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24084" - ], - "PublishedDate": "2019-02-09T16:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7665", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7665", - "Title": "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c", - "Description": "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7665.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24089", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-02-09T16:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10254", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10254", - "Title": "elfutils: Memory allocation failure in allocate_elf", - "Description": "The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/03/22/2", - "https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-allocate_elf-common-h/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10254", - "https://lists.fedorahosted.org/archives/list/elfutils-devel@lists.fedorahosted.org/message/EJWVY7TMRDEMWPAPNVU3V4MZYG5HANF2/", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-03-23T16:59:00Z", - "LastModifiedDate": "2018-06-07T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10255", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10255", - "Title": "elfutils: Memory allocation failure in __libelf_set_rawdata_wrlock (elf_getdata.c)", - "Description": "The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/03/22/1", - "https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-__libelf_set_rawdata_wrlock-elf_getdata-c/", - "https://bugzilla.redhat.com/show_bug.cgi?id=1387584", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10255", - "https://lists.fedorahosted.org/archives/list/elfutils-devel@lists.fedorahosted.org/thread/Q4LE47FPEVRZANMV6JE2NMHYO4H5MHGJ/", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-03-23T16:59:00Z", - "LastModifiedDate": "2018-06-07T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7607", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7607", - "Title": "elfutils: Heap-buffer overflow in the handle_gnu_hash function", - "Description": "The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "http://www.securityfocus.com/bid/98608", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7607", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7608", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7608", - "Title": "elfutils: Heap-buffer overflow in the ebl_object_note_type_name function", - "Description": "The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "http://www.securityfocus.com/bid/98609", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7608", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7609", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7609", - "Title": "elfutils: Memory allocation failure in elf_compress.c", - "Description": "elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7609", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2018-06-07T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7610", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7610", - "Title": "elfutils: Heap-buffer overflow in the check_group function", - "Description": "The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7610", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7611", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7611", - "Title": "elfutils: Heap-buffer overflow in the check_symtab_shndx function", - "Description": "The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7611", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7612", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7612", - "Title": "elfutils: Heap-buffer overflow in the check_sysv_hash function", - "Description": "The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7612", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7613", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7613", - "Title": "elfutils: elflint.c does not validate the number of sections and segments", - "Description": "elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7613", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-06-20T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16062", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16062", - "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file", - "Description": "dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16062.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23541", - "https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-08-29T03:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16402", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16402", - "Title": "elfutils: Double-free due to double decompression of sections in crafted ELF causes crash", - "Description": "libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.", - "Severity": "LOW", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16402.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16402", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23528", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-09-03T19:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16403", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16403", - "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash", - "Description": "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16403.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16403", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23529", - "https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-09-03T19:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18310", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18310", - "Title": "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl", - "Description": "An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18310.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23752", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-15T02:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18520", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18520", - "Title": "elfutils: eu-size cannot handle recursive ar files", - "Description": "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18520.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23787", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-19T17:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18521", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18521", - "Title": "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c", - "Description": "Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.", - "Severity": "LOW", - "CweIDs": [ - "CWE-369" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18521.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23786", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-19T17:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7149", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7149", - "Title": "elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw", - "Description": "A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7149.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7149", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24102", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-01-29T00:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7150", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7150", - "Title": "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c", - "Description": "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7150.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24103", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-01-29T00:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7664", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7664", - "Title": "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h", - "Description": "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7664.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24084" - ], - "PublishedDate": "2019-02-09T16:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7665", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7665", - "Title": "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c", - "Description": "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7665.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24089", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-02-09T16:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2012-6702", - "PkgName": "expat", - "InstalledVersion": "2.1.0-10.el7_3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2012-6702", - "Title": "expat: Using XML_Parse before rand() results into non-random output", - "Description": "Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://seclists.org/oss-sec/2016/q2/468", - "http://www.debian.org/security/2016/dsa-3597", - "http://www.openwall.com/lists/oss-security/2016/06/03/8", - "http://www.openwall.com/lists/oss-security/2016/06/04/1", - "http://www.securityfocus.com/bid/91483", - "http://www.ubuntu.com/usn/USN-3010-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6702", - "https://security.gentoo.org/glsa/201701-21", - "https://source.android.com/security/bulletin/2016-11-01.html", - "https://usn.ubuntu.com/usn/usn-3010-1", - "https://usn.ubuntu.com/usn/usn-3013-1", - "https://www.tenable.com/security/tns-2016-20" - ], - "PublishedDate": "2016-06-16T18:59:00Z", - "LastModifiedDate": "2019-01-18T17:55:00Z" - }, - { - "VulnerabilityID": "CVE-2013-0340", - "PkgName": "expat", - "InstalledVersion": "2.1.0-10.el7_3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-0340", - "Title": "expat: internal entity expansion", - "Description": "expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2013/02/22/3", - "http://securitytracker.com/id?1028213", - "http://www.openwall.com/lists/oss-security/2013/04/12/6", - "http://www.osvdb.org/90634", - "http://www.securityfocus.com/bid/58233", - "https://security.gentoo.org/glsa/201701-21" - ], - "PublishedDate": "2014-01-21T18:55:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2716", - "PkgName": "expat", - "InstalledVersion": "2.1.0-10.el7_3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2716", - "Title": "Mozilla: Buffer overflow when parsing compressed XML (MFSA 2015-54)", - "Description": "Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-2716.html", - "http://linux.oracle.com/errata/ELSA-2015-1012.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html", - "http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html", - "http://rhn.redhat.com/errata/RHSA-2015-0988.html", - "http://rhn.redhat.com/errata/RHSA-2015-1012.html", - "http://www.debian.org/security/2015/dsa-3260", - "http://www.debian.org/security/2015/dsa-3264", - "http://www.mozilla.org/security/announce/2015/mfsa2015-54.html", - "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "http://www.securityfocus.com/bid/74611", - "http://www.ubuntu.com/usn/USN-2602-1", - "http://www.ubuntu.com/usn/USN-2603-1", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1140537", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2716", - "https://hg.mozilla.org/releases/mozilla-esr31/rev/2f3e78643f5c", - "https://security.gentoo.org/glsa/201605-06", - "https://usn.ubuntu.com/usn/usn-2602-1", - "https://usn.ubuntu.com/usn/usn-2603-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2015-54/", - "https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7", - "https://www.tenable.com/security/tns-2016-20" - ], - "PublishedDate": "2015-05-14T10:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4472", - "PkgName": "expat", - "InstalledVersion": "2.1.0-10.el7_3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4472", - "Title": "expat: Undefined behavior and pointer overflows", - "Description": "The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 5.1 - } - }, - "References": [ - "http://www.securityfocus.com/bid/91528", - "http://www.ubuntu.com/usn/USN-3013-1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1344251", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4472", - "https://security.gentoo.org/glsa/201701-21", - "https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde", - "https://usn.ubuntu.com/usn/usn-3013-1", - "https://www.tenable.com/security/tns-2016-20" - ], - "PublishedDate": "2016-06-30T17:59:00Z", - "LastModifiedDate": "2017-11-03T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-5300", - "PkgName": "expat", - "InstalledVersion": "2.1.0-10.el7_3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5300", - "Title": "expat: Little entropy used for hash initialization", - "Description": "The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 7.8, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://seclists.org/oss-sec/2016/q2/468", - "http://www.debian.org/security/2016/dsa-3597", - "http://www.openwall.com/lists/oss-security/2016/06/04/4", - "http://www.openwall.com/lists/oss-security/2016/06/04/5", - "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", - "http://www.securityfocus.com/bid/91159", - "http://www.ubuntu.com/usn/USN-3010-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5300", - "https://security.gentoo.org/glsa/201701-21", - "https://source.android.com/security/bulletin/2016-11-01.html", - "https://usn.ubuntu.com/usn/usn-3010-1", - "https://usn.ubuntu.com/usn/usn-3013-1", - "https://www.tenable.com/security/tns-2016-20" - ], - "PublishedDate": "2016-06-16T18:59:00Z", - "LastModifiedDate": "2019-01-23T12:59:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9233", - "PkgName": "expat", - "InstalledVersion": "2.1.0-10.el7_3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9233", - "Title": "expat: Inifinite loop due to invalid XML in external entity", - "Description": "XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-611", - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3898", - "http://www.openwall.com/lists/oss-security/2017/06/17/7", - "http://www.securityfocus.com/bid/99276", - "http://www.securitytracker.com/id/1039427", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9233", - "https://github.com/libexpat/libexpat/blob/master/expat/Changes", - "https://libexpat.github.io/doc/cve-2017-9233/", - "https://support.apple.com/HT208112", - "https://support.apple.com/HT208113", - "https://support.apple.com/HT208115", - "https://support.apple.com/HT208144", - "https://support.f5.com/csp/article/K03244804", - "https://usn.ubuntu.com/usn/usn-3356-1", - "https://usn.ubuntu.com/usn/usn-3356-2" - ], - "PublishedDate": "2017-07-25T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20843", - "PkgName": "expat", - "InstalledVersion": "2.1.0-10.el7_3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20843", - "Title": "expat: large number of colons in input makes parser consume high amount of resources, leading to DoS", - "Description": "In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-611" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 7.8, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931031", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20843", - "https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes", - "https://github.com/libexpat/libexpat/issues/186", - "https://github.com/libexpat/libexpat/pull/262", - "https://github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00028.html", - "https://seclists.org/bugtraq/2019/Jun/39", - "https://security.netapp.com/advisory/ntap-20190703-0001/", - "https://usn.ubuntu.com/4040-1/", - "https://usn.ubuntu.com/4040-2/", - "https://usn.ubuntu.com/usn/usn-4040-1", - "https://usn.ubuntu.com/usn/usn-4040-2", - "https://www.debian.org/security/2019/dsa-4472" - ], - "PublishedDate": "2019-06-24T17:15:00Z", - "LastModifiedDate": "2019-06-26T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9063", - "PkgName": "expat", - "InstalledVersion": "2.1.0-10.el7_3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9063", - "Title": "firefox: Possible integer overflow to fix inside XML_Parse in Expat", - "Description": "An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox \u003c 50.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V2Score": 4.3, - "V3Score": 3.1 - } - }, - "References": [ - "http://www.securityfocus.com/bid/94337", - "http://www.securitytracker.com/id/1037298", - "http://www.securitytracker.com/id/1039427", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1274777", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063", - "https://usn.ubuntu.com/usn/usn-3124-1", - "https://www.debian.org/security/2017/dsa-3898", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9063", - "https://www.mozilla.org/security/advisories/mfsa2016-89/" - ], - "PublishedDate": "2018-06-11T21:29:00Z", - "LastModifiedDate": "2018-07-30T18:31:00Z" - }, - { - "VulnerabilityID": "CVE-2019-15903", - "PkgName": "expat", - "InstalledVersion": "2.1.0-10.el7_3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-15903", - "Title": "expat: heap-based buffer over-read via crafted XML input", - "Description": "In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.", - "Severity": "LOW", - "CweIDs": [ - "CWE-611" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-15903.html", - "http://linux.oracle.com/errata/ELSA-2019-3237.html", - "http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903", - "https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43", - "https://github.com/libexpat/libexpat/issues/317", - "https://github.com/libexpat/libexpat/issues/342", - "https://github.com/libexpat/libexpat/pull/318", - "https://seclists.org/bugtraq/2019/Sep/30", - "https://usn.ubuntu.com/4132-1/", - "https://usn.ubuntu.com/4132-2/", - "https://usn.ubuntu.com/usn/usn-4132-1", - "https://usn.ubuntu.com/usn/usn-4132-2", - "https://usn.ubuntu.com/usn/usn-4165-1", - "https://usn.ubuntu.com/usn/usn-4202-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-15903" - ], - "PublishedDate": "2019-09-04T06:15:00Z", - "LastModifiedDate": "2019-09-12T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9620", - "PkgName": "file-libs", - "InstalledVersion": "5.11-35.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9620", - "Title": "file: limit the number of ELF notes processed", - "Description": "The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2015-0040.html", - "http://linux.oracle.com/cve/CVE-2014-9620.html", - "http://linux.oracle.com/errata/ELSA-2016-0760.html", - "http://mx.gw.com/pipermail/file/2014/001653.html", - "http://mx.gw.com/pipermail/file/2015/001660.html", - "http://rhn.redhat.com/errata/RHSA-2016-0760.html", - "http://www.debian.org/security/2015/dsa-3121", - "http://www.openwall.com/lists/oss-security/2015/01/17/9", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/71715", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9620", - "https://github.com/file/file/commit/ce90e05774dd77d86cfc8dfa6da57b32816841c4", - "https://security.gentoo.org/glsa/201503-08", - "https://usn.ubuntu.com/3686-1/", - "https://usn.ubuntu.com/usn/usn-3686-1" - ], - "PublishedDate": "2015-01-21T18:59:00Z", - "LastModifiedDate": "2018-06-16T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8865", - "PkgName": "file-libs", - "InstalledVersion": "5.11-35.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8865", - "Title": "file: Buffer over-write in finfo_open with malformed magic file", - "Description": "The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 7.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 5.1, - "V3Score": 5.6 - } - }, - "References": [ - "http://bugs.gw.com/view.php?id=522", - "http://git.php.net/?p=php-src.git;a=commit;h=fe13566c93f118a15a96320a546c7878fd0cfc5e", - "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://www.debian.org/security/2016/dsa-3560", - "http://www.openwall.com/lists/oss-security/2016/04/11/7", - "http://www.openwall.com/lists/oss-security/2016/04/24/1", - "http://www.php.net/ChangeLog-5.php", - "http://www.php.net/ChangeLog-7.php", - "http://www.securityfocus.com/bid/85802", - "http://www.ubuntu.com/usn/USN-2952-1", - "http://www.ubuntu.com/usn/USN-2952-2", - "https://bugs.php.net/bug.php?id=71527", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8865", - "https://github.com/file/file/commit/6713ca45e7757297381f4b4cdb9cf5e624a9ad36", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201611-22", - "https://security.gentoo.org/glsa/201701-42", - "https://support.apple.com/HT206567", - "https://usn.ubuntu.com/3686-1/", - "https://usn.ubuntu.com/3686-2/", - "https://usn.ubuntu.com/usn/usn-2952-1", - "https://usn.ubuntu.com/usn/usn-2984-1", - "https://usn.ubuntu.com/usn/usn-3686-1", - "https://usn.ubuntu.com/usn/usn-3686-2" - ], - "PublishedDate": "2016-05-20T10:59:00Z", - "LastModifiedDate": "2018-06-30T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-10360", - "PkgName": "file-libs", - "InstalledVersion": "5.11-35.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-10360", - "Title": "file: out-of-bounds read via a crafted ELF file", - "Description": "The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10360", - "https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22", - "https://security.gentoo.org/glsa/201806-08", - "https://usn.ubuntu.com/3686-1/", - "https://usn.ubuntu.com/3686-2/", - "https://usn.ubuntu.com/usn/usn-3686-1", - "https://usn.ubuntu.com/usn/usn-3686-2" - ], - "PublishedDate": "2018-06-11T10:29:00Z", - "LastModifiedDate": "2019-05-02T14:40:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8385", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8385", - "Title": "pcre: buffer overflow caused by named forward reference to duplicate group number (8.38/30)", - "Description": "PCRE before 8.38 mishandles the /(?|(\\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-8385.html", - "http://linux.oracle.com/errata/ELSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/85572", - "https://access.redhat.com/errata/RHSA-2016:1132", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8385", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2019-12-27T16:08:00Z" - }, - { - "VulnerabilityID": "CVE-2016-3191", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-3191", - "Title": "pcre: workspace overflow for (*ACCEPT) with deeply nested parentheses (8.39/13, 10.22/12)", - "Description": "The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-3191.html", - "http://linux.oracle.com/errata/ELSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-1025.html", - "http://vcs.pcre.org/pcre2?view=revision\u0026revision=489", - "http://vcs.pcre.org/pcre?view=revision\u0026revision=1631", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/84810", - "https://access.redhat.com/errata/RHSA-2016:1132", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://bugs.debian.org/815920", - "https://bugs.debian.org/815921", - "https://bugs.exim.org/show_bug.cgi?id=1791", - "https://bugzilla.redhat.com/show_bug.cgi?id=1311503", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3191", - "https://usn.ubuntu.com/usn/usn-2943-1", - "https://www.tenable.com/security/tns-2016-18" - ], - "PublishedDate": "2016-03-17T23:59:00Z", - "LastModifiedDate": "2018-01-05T02:30:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2327", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2327", - "Title": "pcre: infinite recursion compiling pattern with zero-repeated groups that include recursive back reference (8.36/19)", - "Description": "PCRE before 8.36 mishandles the /(((a\\2)|(a*)\\g\u003c-1\u003e))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.fortiguard.com/advisory/FG-VD-15-010/", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/74924", - "https://bugs.exim.org/show_bug.cgi?id=1503", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2327", - "https://jira.mongodb.org/browse/SERVER-17252", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2018-01-05T02:30:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2328", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2328", - "Title": "pcre: infinite recursion compiling pattern with recursive reference in a group with indefinite repeat (8.36/20)", - "Description": "PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-2328.html", - "http://linux.oracle.com/errata/ELSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "http://www.fortiguard.com/advisory/FG-VD-15-014/", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/74924", - "https://bugs.exim.org/show_bug.cgi?id=1515", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2328", - "https://jira.mongodb.org/browse/SERVER-17252", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2019-12-27T16:08:00Z" - }, - { - "VulnerabilityID": "CVE-2015-3217", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-3217", - "Title": "pcre: stack overflow caused by mishandled group empty match (8.38/11)", - "Description": "PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\\\.|([^\\\\\\\\W_])?)+)+$/.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-3217.html", - "http://linux.oracle.com/errata/ELSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://vcs.pcre.org/pcre?view=revision\u0026revision=1566", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "http://www.openwall.com/lists/oss-security/2015/06/03/7", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/75018", - "https://access.redhat.com/errata/RHSA-2016:1132", - "https://bugs.exim.org/show_bug.cgi?id=1638", - "https://bugzilla.redhat.com/show_bug.cgi?id=1228283", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3217" - ], - "PublishedDate": "2016-12-13T16:59:00Z", - "LastModifiedDate": "2018-05-18T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5073", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5073", - "Title": "CVE-2015-8388 pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18)", - "Description": "Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119", - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-5073.html", - "http://linux.oracle.com/errata/ELSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?revision=1609\u0026view=markup", - "http://vcs.pcre.org/pcre?view=revision\u0026revision=1571", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "http://www.openwall.com/lists/oss-security/2015/06/26/1", - "http://www.openwall.com/lists/oss-security/2015/06/26/3", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/75430", - "http://www.securitytracker.com/id/1033154", - "https://access.redhat.com/errata/RHSA-2016:1132", - "https://bugs.exim.org/show_bug.cgi?id=1651", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5073", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2694-1", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2016-12-13T16:59:00Z", - "LastModifiedDate": "2018-05-18T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8387", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8387", - "Title": "pcre: Integer overflow in subroutine calls (8.38/8)", - "Description": "PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-189" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/82990", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8387", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8388", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8388", - "Title": "CVE-2015-5073 CVE-2015-8388 pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18)", - "Description": "PCRE before 8.38 mishandles the /(?=di(?\u003c=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119", - "CWE-185" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-8388.html", - "http://linux.oracle.com/errata/ELSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/85576", - "https://access.redhat.com/errata/RHSA-2016:1132", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8388", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2019-12-27T16:08:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8390", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8390", - "Title": "pcre: uninitialized memory read triggered by malformed posix character class (8.38/22)", - "Description": "PCRE before 8.38 mishandles the [: and \\\\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/82990", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8390", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8391", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8391", - "Title": "pcre: inefficient posix character class syntax check (8.38/16)", - "Description": "The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:C", - "V2Score": 9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-8391.html", - "http://linux.oracle.com/errata/ELSA-2016-1025.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://rhn.redhat.com/errata/RHSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/82990", - "https://access.redhat.com/errata/RHSA-2016:1132", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8391", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2018-01-05T02:30:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8394", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8394", - "Title": "pcre: Integer overflow caused by missing check for certain conditions (8.38/31)", - "Description": "PCRE before 8.38 mishandles the (?(\u003cdigits\u003e) and (?(R\u003cdigits\u003e) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-189" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/82990", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8394", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-12450", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12450", - "Title": "glib2: file_copy_fallback in gio/gfile.c in GNOME GLib does not properly restrict file permissions while a copy operation is in progress", - "Description": "file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-275" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", - "V3Score": 6.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-12450.html", - "http://linux.oracle.com/errata/ELSA-2019-3530.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12450", - "https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00013.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2W4WIOAGO3M743M5KZLVQZM3NGHQDYLI/", - "https://security.netapp.com/advisory/ntap-20190606-0003/", - "https://usn.ubuntu.com/4014-1/", - "https://usn.ubuntu.com/4014-2/", - "https://usn.ubuntu.com/usn/usn-4014-1", - "https://usn.ubuntu.com/usn/usn-4014-2" - ], - "PublishedDate": "2019-05-29T17:29:00Z", - "LastModifiedDate": "2019-06-11T14:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9633", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9633", - "Title": "glib: g_socket_client_connected_callback in gio/gsocketclient.c allows to cause denial of service", - "Description": "gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mishandling and application crash) via a crafted web site, as demonstrated by GNOME Web (aka Epiphany).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", - "V3Score": 8.2 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107391", - "https://gitlab.gnome.org/GNOME/glib/issues/1649" - ], - "PublishedDate": "2019-03-08T08:29:00Z", - "LastModifiedDate": "2019-03-14T18:16:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8386", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8386", - "Title": "pcre: Buffer overflow caused by lookbehind assertion (8.38/6)", - "Description": "PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-8386.html", - "http://linux.oracle.com/errata/ELSA-2016-1025.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://rhn.redhat.com/errata/RHSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/82990", - "https://access.redhat.com/errata/RHSA-2016:1132", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8386", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2019-12-27T16:08:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11164", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11164", - "Title": "pcre: OP_KETRMAX feature in the match function in pcre_exec.c", - "Description": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.", - "Severity": "LOW", - "CweIDs": [ - "CWE-674" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 7.8, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2017/07/11/3", - "http://www.securityfocus.com/bid/99575", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164" - ], - "PublishedDate": "2017-07-11T03:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7244", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7244", - "Title": "pcre: invalid memory read in _pcre32_xclass (pcre_xclass.c)", - "Description": "The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97067", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7244", - "https://security.gentoo.org/glsa/201710-25" - ], - "PublishedDate": "2017-03-23T21:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7245", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7245", - "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", - "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97067", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7245", - "https://security.gentoo.org/glsa/201710-25" - ], - "PublishedDate": "2017-03-23T21:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7246", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7246", - "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", - "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97067", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7246", - "https://security.gentoo.org/glsa/201710-25" - ], - "PublishedDate": "2017-03-23T21:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16428", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16428", - "Title": "glib2: NULL pointer dereference in g_markup_parse_context_end_parse() function in gmarkup.c", - "Description": "In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 5.1 - } - }, - "References": [ - "http://www.securityfocus.com/bid/105210", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16428", - "https://gitlab.gnome.org/GNOME/glib/commit/fccef3cc822af74699cca84cd202719ae61ca3b9", - "https://gitlab.gnome.org/GNOME/glib/issues/1364", - "https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html", - "https://usn.ubuntu.com/3767-1/", - "https://usn.ubuntu.com/3767-2/", - "https://usn.ubuntu.com/usn/usn-3767-1", - "https://usn.ubuntu.com/usn/usn-3767-2" - ], - "PublishedDate": "2018-09-04T00:29:00Z", - "LastModifiedDate": "2019-07-31T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16429", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16429", - "Title": "glib2: Out-of-bounds read in g_markup_parse_context_parse() in gmarkup.c", - "Description": "GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str().", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16429", - "https://gitlab.gnome.org/GNOME/glib/commit/cec71705406f0b2790422f0c1aa0ff3b4b464b1b", - "https://gitlab.gnome.org/GNOME/glib/issues/1361", - "https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html", - "https://usn.ubuntu.com/3767-1/", - "https://usn.ubuntu.com/3767-2/", - "https://usn.ubuntu.com/usn/usn-3767-1", - "https://usn.ubuntu.com/usn/usn-3767-2" - ], - "PublishedDate": "2018-09-04T00:29:00Z", - "LastModifiedDate": "2019-07-31T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13012", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13012", - "Title": "glib2: insecure permissions for files and directories", - "Description": "The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb-\u003edir, NULL, NULL) and files using g_file_replace_contents (kfsb-\u003efile, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450.", - "Severity": "LOW", - "CweIDs": [ - "CWE-275" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00022.html", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931234#12", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13012", - "https://gitlab.gnome.org/GNOME/glib/commit/5e4da714f00f6bfb2ccd6d73d61329c6f3a08429", - "https://gitlab.gnome.org/GNOME/glib/issues/1658", - "https://gitlab.gnome.org/GNOME/glib/merge_requests/450", - "https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html", - "https://lists.debian.org/debian-lts-announce/2019/08/msg00004.html", - "https://security.netapp.com/advisory/ntap-20190806-0003/", - "https://usn.ubuntu.com/4049-1/", - "https://usn.ubuntu.com/4049-2/", - "https://usn.ubuntu.com/usn/usn-4049-1", - "https://usn.ubuntu.com/usn/usn-4049-2", - "https://usn.ubuntu.com/usn/usn-4049-3", - "https://usn.ubuntu.com/usn/usn-4049-4" - ], - "PublishedDate": "2019-06-28T15:15:00Z", - "LastModifiedDate": "2019-07-29T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2009-5155", - "PkgName": "glibc", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2009-5155", - "Title": "glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result", - "Description": "In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5155", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=11053", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18986", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672", - "https://support.f5.com/csp/article/K64119434" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-03-25T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8983", - "PkgName": "glibc", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8983", - "Title": "glibc: _IO_wstr_overflow integer overflow", - "Description": "Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 4.4 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2015/02/22/15", - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/72740", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8983", - "https://sourceware.org/bugzilla/show_bug.cgi?id=17269", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bdf1ff052a8e23d637f2c838fa5642d78fcedc33", - "https://usn.ubuntu.com/usn/usn-3239-1", - "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html" - ], - "PublishedDate": "2017-03-20T16:59:00Z", - "LastModifiedDate": "2017-03-22T19:12:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10739", - "PkgName": "glibc", - "InstalledVersion": "2.17-260.el7_6.3", - "FixedVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10739", - "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4.6, - "V3Score": 5.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-10739.html", - "http://linux.oracle.com/errata/ELSA-2019-3513.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html", - "http://www.securityfocus.com/bid/106672", - "https://access.redhat.com/errata/RHSA-2019:2118", - "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20018" - ], - "PublishedDate": "2019-01-21T19:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-1234", - "PkgName": "glibc", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1234", - "Title": "glibc: Stack-based buffer overflow in glob with GLOB_ALTDIRFUNC and crafted directory", - "Description": "Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 4.6, - "V3Score": 4.8 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html", - "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html", - "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html", - "http://www.openwall.com/lists/oss-security/2016/03/07/16", - "http://www.securityfocus.com/bid/84204", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1234", - "https://security.gentoo.org/glsa/201702-11", - "https://sourceware.org/bugzilla/show_bug.cgi?id=19779", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5171f3079f2cc53e0548fc4967361f4d1ce9d7ea", - "https://usn.ubuntu.com/usn/usn-3239-1" - ], - "PublishedDate": "2016-06-01T20:59:00Z", - "LastModifiedDate": "2019-05-31T18:16:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8804", - "PkgName": "glibc", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8804", - "Title": "glibc: memory leak in sunrpc when decoding malformed XDR", - "Description": "The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-502" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 7.8, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/05/05/2", - "http://www.securityfocus.com/bid/98339", - "https://bugzilla.suse.com/show_bug.cgi?id=1037559#c7", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21461", - "https://sourceware.org/ml/libc-alpha/2017-05/msg00105.html" - ], - "PublishedDate": "2017-05-07T18:29:00Z", - "LastModifiedDate": "2017-05-16T01:34:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010022", - "PkgName": "glibc", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010022", - "Title": "glibc: stack guard protection bypass", - "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850" - ], - "PublishedDate": "2019-07-15T04:15:00Z", - "LastModifiedDate": "2019-07-18T15:44:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9169", - "PkgName": "glibc", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9169", - "Title": "glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24114", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9", - "https://support.f5.com/csp/article/K54823184" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-04-16T05:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-4043", - "PkgName": "glibc", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-4043", - "Title": "glibc: posix_spawn_file_actions_addopen fails to copy the path argument", - "Description": "The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.", - "Severity": "LOW", - "CweIDs": [ - "CWE-94" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:S/C:P/I:N/A:N", - "V2Score": 1 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00012.html", - "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", - "http://seclists.org/fulldisclosure/2019/Jun/18", - "http://www.mandriva.com/security/advisories?name=MDVSA-2014:152", - "http://www.openwall.com/lists/oss-security/2014/06/13/2", - "http://www.securityfocus.com/bid/68006", - "https://bugzilla.redhat.com/show_bug.cgi?id=1109263", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/93784", - "https://seclists.org/bugtraq/2019/Jun/14", - "https://security.gentoo.org/glsa/201503-04", - "https://sourceware.org/bugzilla/show_bug.cgi?id=17048", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=ChangeLog;h=3020b9ac232315df362521aeaf85f21cb9926db8;hp=d86e73963dd9fb5e21b1a28326630337226812aa;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=posix/spawn_faction_addopen.c;h=40800b8e6e81341501c0fb8a91009529e2048dec;hp=47f62425b696a4fdd511b2a057746322eb6518db;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=89e435f3559c53084498e9baad22172b64429362", - "https://usn.ubuntu.com/usn/usn-2306-1" - ], - "PublishedDate": "2014-10-06T23:55:00Z", - "LastModifiedDate": "2019-06-13T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8982", - "PkgName": "glibc", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8982", - "Title": "glibc: multiple overflows in strxfrm()", - "Description": "Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:N", - "V2Score": 2.6 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2015/09/08/2", - "http://www.openwall.com/lists/oss-security/2015/02/13/3", - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/72602", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8982", - "https://sourceware.org/bugzilla/show_bug.cgi?id=16009", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=0f9e585480ed", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0f9e585480ed", - "https://usn.ubuntu.com/usn/usn-3239-1" - ], - "PublishedDate": "2017-03-15T19:59:00Z", - "LastModifiedDate": "2017-03-17T12:26:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8984", - "PkgName": "glibc", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8984", - "Title": "glibc: potential denial of service in internal_fnmatch()", - "Description": "The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 1.2 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2015/02/26/5", - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/72789", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8984", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18032", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a28f4d55a6cc33474c0792fe93b5942d81bf185", - "https://usn.ubuntu.com/usn/usn-3239-1", - "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html" - ], - "PublishedDate": "2017-03-20T16:59:00Z", - "LastModifiedDate": "2017-03-22T19:12:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8985", - "PkgName": "glibc", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8985", - "Title": "glibc: potential denial of service in pop_fail_stack()", - "Description": "The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.", - "Severity": "LOW", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/76916", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8985", - "https://security.gentoo.org/glsa/201908-06" - ], - "PublishedDate": "2017-03-20T16:59:00Z", - "LastModifiedDate": "2019-08-15T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10228", - "PkgName": "glibc", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228", - "Title": "glibc: iconv program can hang when invoked with the -c option", - "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2017/03/01/10", - "http://www.securityfocus.com/bid/96525", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228", - "https://sourceware.org/bugzilla/show_bug.cgi?id=19519" - ], - "PublishedDate": "2017-03-02T01:59:00Z", - "LastModifiedDate": "2017-03-04T02:59:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4429", - "PkgName": "glibc", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4429", - "Title": "glibc: libtirpc: stack (frame) overflow in Sun RPC clntudp_call()", - "Description": "Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html", - "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html", - "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "http://www.securityfocus.com/bid/102073", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4429", - "https://source.android.com/security/bulletin/2017-12-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20112", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bc779a1a5b3035133024b21e2f339fe4219fb11c", - "https://usn.ubuntu.com/3759-1/", - "https://usn.ubuntu.com/3759-2/", - "https://usn.ubuntu.com/usn/usn-3239-1", - "https://usn.ubuntu.com/usn/usn-3759-1", - "https://usn.ubuntu.com/usn/usn-3759-2" - ], - "PublishedDate": "2016-06-10T15:59:00Z", - "LastModifiedDate": "2019-03-22T17:32:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15671", - "PkgName": "glibc", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15671", - "Title": "glibc: Memory leak in glob with GLOB_TILDE", - "Description": "The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101517", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15671", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22325" - ], - "PublishedDate": "2017-10-20T17:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010023", - "PkgName": "glibc", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010023", - "Title": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", - "Description": "GNU Libc current is affected by: Re-mapping current loaded libray with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://www.securityfocus.com/bid/109167", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", - "https://support.f5.com/csp/article/K11932200?utm_source=f5support\u0026amp;utm_medium=RSS" - ], - "PublishedDate": "2019-07-15T04:15:00Z", - "LastModifiedDate": "2019-10-09T20:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19126", - "PkgName": "glibc", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19126", - "Title": "glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries", - "Description": "On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 2.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 2.9 - } - }, - "References": [ - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFJ5E7NWOL6ROE5QVICHKIOUGCPFJVUH/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=25204" - ], - "PublishedDate": "2019-11-19T22:15:00Z", - "LastModifiedDate": "2020-01-21T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2009-5155", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2009-5155", - "Title": "glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result", - "Description": "In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5155", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=11053", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18986", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672", - "https://support.f5.com/csp/article/K64119434" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-03-25T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8983", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8983", - "Title": "glibc: _IO_wstr_overflow integer overflow", - "Description": "Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 4.4 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2015/02/22/15", - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/72740", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8983", - "https://sourceware.org/bugzilla/show_bug.cgi?id=17269", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bdf1ff052a8e23d637f2c838fa5642d78fcedc33", - "https://usn.ubuntu.com/usn/usn-3239-1", - "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html" - ], - "PublishedDate": "2017-03-20T16:59:00Z", - "LastModifiedDate": "2017-03-22T19:12:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10739", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-260.el7_6.3", - "FixedVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10739", - "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4.6, - "V3Score": 5.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-10739.html", - "http://linux.oracle.com/errata/ELSA-2019-3513.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html", - "http://www.securityfocus.com/bid/106672", - "https://access.redhat.com/errata/RHSA-2019:2118", - "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20018" - ], - "PublishedDate": "2019-01-21T19:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-1234", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1234", - "Title": "glibc: Stack-based buffer overflow in glob with GLOB_ALTDIRFUNC and crafted directory", - "Description": "Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 4.6, - "V3Score": 4.8 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html", - "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html", - "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html", - "http://www.openwall.com/lists/oss-security/2016/03/07/16", - "http://www.securityfocus.com/bid/84204", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1234", - "https://security.gentoo.org/glsa/201702-11", - "https://sourceware.org/bugzilla/show_bug.cgi?id=19779", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5171f3079f2cc53e0548fc4967361f4d1ce9d7ea", - "https://usn.ubuntu.com/usn/usn-3239-1" - ], - "PublishedDate": "2016-06-01T20:59:00Z", - "LastModifiedDate": "2019-05-31T18:16:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8804", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8804", - "Title": "glibc: memory leak in sunrpc when decoding malformed XDR", - "Description": "The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-502" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 7.8, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/05/05/2", - "http://www.securityfocus.com/bid/98339", - "https://bugzilla.suse.com/show_bug.cgi?id=1037559#c7", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21461", - "https://sourceware.org/ml/libc-alpha/2017-05/msg00105.html" - ], - "PublishedDate": "2017-05-07T18:29:00Z", - "LastModifiedDate": "2017-05-16T01:34:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010022", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010022", - "Title": "glibc: stack guard protection bypass", - "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850" - ], - "PublishedDate": "2019-07-15T04:15:00Z", - "LastModifiedDate": "2019-07-18T15:44:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9169", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9169", - "Title": "glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24114", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9", - "https://support.f5.com/csp/article/K54823184" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-04-16T05:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-4043", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-4043", - "Title": "glibc: posix_spawn_file_actions_addopen fails to copy the path argument", - "Description": "The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.", - "Severity": "LOW", - "CweIDs": [ - "CWE-94" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:S/C:P/I:N/A:N", - "V2Score": 1 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00012.html", - "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", - "http://seclists.org/fulldisclosure/2019/Jun/18", - "http://www.mandriva.com/security/advisories?name=MDVSA-2014:152", - "http://www.openwall.com/lists/oss-security/2014/06/13/2", - "http://www.securityfocus.com/bid/68006", - "https://bugzilla.redhat.com/show_bug.cgi?id=1109263", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/93784", - "https://seclists.org/bugtraq/2019/Jun/14", - "https://security.gentoo.org/glsa/201503-04", - "https://sourceware.org/bugzilla/show_bug.cgi?id=17048", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=ChangeLog;h=3020b9ac232315df362521aeaf85f21cb9926db8;hp=d86e73963dd9fb5e21b1a28326630337226812aa;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=posix/spawn_faction_addopen.c;h=40800b8e6e81341501c0fb8a91009529e2048dec;hp=47f62425b696a4fdd511b2a057746322eb6518db;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=89e435f3559c53084498e9baad22172b64429362", - "https://usn.ubuntu.com/usn/usn-2306-1" - ], - "PublishedDate": "2014-10-06T23:55:00Z", - "LastModifiedDate": "2019-06-13T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8982", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8982", - "Title": "glibc: multiple overflows in strxfrm()", - "Description": "Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:N", - "V2Score": 2.6 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2015/09/08/2", - "http://www.openwall.com/lists/oss-security/2015/02/13/3", - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/72602", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8982", - "https://sourceware.org/bugzilla/show_bug.cgi?id=16009", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=0f9e585480ed", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0f9e585480ed", - "https://usn.ubuntu.com/usn/usn-3239-1" - ], - "PublishedDate": "2017-03-15T19:59:00Z", - "LastModifiedDate": "2017-03-17T12:26:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8984", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8984", - "Title": "glibc: potential denial of service in internal_fnmatch()", - "Description": "The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 1.2 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2015/02/26/5", - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/72789", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8984", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18032", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a28f4d55a6cc33474c0792fe93b5942d81bf185", - "https://usn.ubuntu.com/usn/usn-3239-1", - "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html" - ], - "PublishedDate": "2017-03-20T16:59:00Z", - "LastModifiedDate": "2017-03-22T19:12:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8985", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8985", - "Title": "glibc: potential denial of service in pop_fail_stack()", - "Description": "The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.", - "Severity": "LOW", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/76916", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8985", - "https://security.gentoo.org/glsa/201908-06" - ], - "PublishedDate": "2017-03-20T16:59:00Z", - "LastModifiedDate": "2019-08-15T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10228", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228", - "Title": "glibc: iconv program can hang when invoked with the -c option", - "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2017/03/01/10", - "http://www.securityfocus.com/bid/96525", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228", - "https://sourceware.org/bugzilla/show_bug.cgi?id=19519" - ], - "PublishedDate": "2017-03-02T01:59:00Z", - "LastModifiedDate": "2017-03-04T02:59:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4429", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4429", - "Title": "glibc: libtirpc: stack (frame) overflow in Sun RPC clntudp_call()", - "Description": "Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html", - "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html", - "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "http://www.securityfocus.com/bid/102073", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4429", - "https://source.android.com/security/bulletin/2017-12-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20112", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bc779a1a5b3035133024b21e2f339fe4219fb11c", - "https://usn.ubuntu.com/3759-1/", - "https://usn.ubuntu.com/3759-2/", - "https://usn.ubuntu.com/usn/usn-3239-1", - "https://usn.ubuntu.com/usn/usn-3759-1", - "https://usn.ubuntu.com/usn/usn-3759-2" - ], - "PublishedDate": "2016-06-10T15:59:00Z", - "LastModifiedDate": "2019-03-22T17:32:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15671", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15671", - "Title": "glibc: Memory leak in glob with GLOB_TILDE", - "Description": "The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101517", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15671", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22325" - ], - "PublishedDate": "2017-10-20T17:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010023", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010023", - "Title": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", - "Description": "GNU Libc current is affected by: Re-mapping current loaded libray with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://www.securityfocus.com/bid/109167", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", - "https://support.f5.com/csp/article/K11932200?utm_source=f5support\u0026amp;utm_medium=RSS" - ], - "PublishedDate": "2019-07-15T04:15:00Z", - "LastModifiedDate": "2019-10-09T20:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19126", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19126", - "Title": "glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries", - "Description": "On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 2.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 2.9 - } - }, - "References": [ - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFJ5E7NWOL6ROE5QVICHKIOUGCPFJVUH/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=25204" - ], - "PublishedDate": "2019-11-19T22:15:00Z", - "LastModifiedDate": "2020-01-21T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2014-4617", - "PkgName": "gnupg2", - "InstalledVersion": "2.0.22-5.el7_5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-4617", - "Title": "gnupg: infinite loop when decompressing data packets", - "Description": "The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=014b2103fcb12f261135e3954f26e9e07b39e342", - "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=11fdfcf82bd8d2b5bc38292a29876e10770f4b0a", - "http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html", - "http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html", - "http://lists.opensuse.org/opensuse-updates/2014-07/msg00010.html", - "http://secunia.com/advisories/59213", - "http://secunia.com/advisories/59351", - "http://secunia.com/advisories/59534", - "http://secunia.com/advisories/59578", - "http://www.debian.org/security/2014/dsa-2967", - "http://www.debian.org/security/2014/dsa-2968", - "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", - "http://www.ubuntu.com/usn/USN-2258-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4617", - "https://usn.ubuntu.com/usn/usn-2258-1" - ], - "PublishedDate": "2014-06-25T11:19:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13050", - "PkgName": "gnupg2", - "InstalledVersion": "2.0.22-5.el7_5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13050", - "Title": "GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack which leads to persistent DoS", - "Description": "Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-297" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "https://access.redhat.com/articles/4264021", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13050", - "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f", - "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html", - "https://twitter.com/lambdafu/status/1147162583969009664" - ], - "PublishedDate": "2019-06-29T17:15:00Z", - "LastModifiedDate": "2019-07-09T20:15:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3591", - "PkgName": "gnupg2", - "InstalledVersion": "2.0.22-5.el7_5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3591", - "Title": "libgcrypt: use ciphertext blinding for Elgamal decryption (new side-channel attack)", - "Description": "Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 1.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 1.2 - } - }, - "References": [ - "http://www.cs.tau.ac.il/~tromer/radioexp/", - "http://www.debian.org/security/2015/dsa-3184", - "http://www.debian.org/security/2015/dsa-3185", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3591", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html", - "https://usn.ubuntu.com/usn/usn-2554-1", - "https://usn.ubuntu.com/usn/usn-2555-1" - ], - "PublishedDate": "2019-11-29T22:15:00Z", - "LastModifiedDate": "2019-12-05T18:06:00Z" - }, - { - "VulnerabilityID": "CVE-2015-0837", - "PkgName": "gnupg2", - "InstalledVersion": "2.0.22-5.el7_5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-0837", - "Title": "libgcrypt: last-level cache side-channel attack", - "Description": "The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a \"Last-Level Cache Side-Channel Attack.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-203" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 1.2 - } - }, - "References": [ - "http://www.debian.org/security/2015/dsa-3184", - "http://www.debian.org/security/2015/dsa-3185", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0837", - "https://ieeexplore.ieee.org/document/7163050", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html", - "https://usn.ubuntu.com/usn/usn-2554-1", - "https://usn.ubuntu.com/usn/usn-2555-1" - ], - "PublishedDate": "2019-11-29T22:15:00Z", - "LastModifiedDate": "2019-12-14T13:59:00Z" - }, - { - "VulnerabilityID": "CVE-2015-1606", - "PkgName": "gnupg2", - "InstalledVersion": "2.0.22-5.el7_5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1606", - "Title": "gnupg2: invalid memory read using a garbled keyring", - "Description": "The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 1.2 - } - }, - "References": [ - "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=f0f71a721ccd7ab9e40b8b6b028b59632c0cc648", - "http://www.debian.org/security/2015/dsa-3184", - "http://www.openwall.com/lists/oss-security/2015/02/13/14", - "http://www.openwall.com/lists/oss-security/2015/02/14/6", - "http://www.securitytracker.com/id/1031876", - "https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1606", - "https://usn.ubuntu.com/usn/usn-2554-1" - ], - "PublishedDate": "2019-11-20T19:15:00Z", - "LastModifiedDate": "2019-11-22T16:33:00Z" - }, - { - "VulnerabilityID": "CVE-2015-1607", - "PkgName": "gnupg2", - "InstalledVersion": "2.0.22-5.el7_5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1607", - "Title": "gnupg2: memcpy with overlapping ranges (keybox_search.c)", - "Description": "kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and \"memcpy with overlapping ranges.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 1.2 - } - }, - "References": [ - "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=2183683bd633818dd031b090b5530951de76f392", - "http://www.openwall.com/lists/oss-security/2015/02/13/14", - "http://www.openwall.com/lists/oss-security/2015/02/14/6", - "http://www.securityfocus.com/bid/72610", - "http://www.ubuntu.com/usn/usn-2554-1/", - "https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1607", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000361.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000362.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", - "https://usn.ubuntu.com/usn/usn-2554-1" - ], - "PublishedDate": "2019-11-20T19:15:00Z", - "LastModifiedDate": "2019-11-22T16:19:00Z" - }, - { - "VulnerabilityID": "CVE-2018-9234", - "PkgName": "gnupg2", - "InstalledVersion": "2.0.22-5.el7_5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-9234", - "Title": "GnuPG: Unenforced configuration allows for apparently valid certifications actually signed by signing subkeys", - "Description": "GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.", - "Severity": "LOW", - "CweIDs": [ - "CWE-320" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", - "V3Score": 2.2 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9234", - "https://dev.gnupg.org/T3844", - "https://usn.ubuntu.com/3675-1/", - "https://usn.ubuntu.com/usn/usn-3675-1" - ], - "PublishedDate": "2018-04-04T00:29:00Z", - "LastModifiedDate": "2019-02-27T19:37:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3564", - "PkgName": "gpgme", - "InstalledVersion": "1.3.2-5.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3564", - "Title": "gpgme: heap-based buffer overflow in gpgsm status handler", - "Description": "Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to \"different line lengths in a specific order.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 5.1 - } - }, - "References": [ - "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f7911fc215845e89b50d6af5ff4a83dd77", - "http://seclists.org/oss-sec/2014/q3/266", - "http://www.debian.org/security/2014/dsa-3005", - "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "http://www.osvdb.org/109699", - "http://www.securityfocus.com/bid/68990", - "https://bugzilla.redhat.com/show_bug.cgi?id=1113267", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3564", - "https://usn.ubuntu.com/usn/usn-2307-1" - ], - "PublishedDate": "2014-10-20T17:55:00Z", - "LastModifiedDate": "2016-10-18T03:44:00Z" - }, - { - "VulnerabilityID": "CVE-2014-5351", - "PkgName": "krb5-libs", - "InstalledVersion": "1.15.1-37.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-5351", - "Title": "krb5: current keys returned when randomizing the keys for a service principal", - "Description": "The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:H/Au:S/C:P/I:N/A:N", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:S/C:P/I:N/A:N", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0477.html", - "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8018", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140132.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html", - "http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html", - "http://security.gentoo.org/glsa/glsa-201412-53.xml", - "http://www.mandriva.com/security/advisories?name=MDVSA-2014:224", - "http://www.securityfocus.com/bid/70380", - "http://www.securitytracker.com/id/1031003", - "http://www.ubuntu.com/usn/USN-2498-1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1145425", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5351", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/97028", - "https://github.com/krb5/krb5/commit/af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6ca", - "https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html", - "https://usn.ubuntu.com/usn/usn-2498-1" - ], - "PublishedDate": "2014-10-10T01:55:00Z", - "LastModifiedDate": "2020-01-21T15:46:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2695", - "PkgName": "krb5-libs", - "InstalledVersion": "1.15.1-37.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2695", - "Title": "krb5: SPNEGO context aliasing bugs", - "Description": "lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-18" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", - "V2Score": 7.1 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8244", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00007.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html", - "http://www.debian.org/security/2015/dsa-3395", - "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "http://www.securityfocus.com/bid/90687", - "http://www.securitytracker.com/id/1034084", - "http://www.ubuntu.com/usn/USN-2810-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2695", - "https://github.com/krb5/krb5/commit/b51b33f2bc5d1497ddf5bd107f791c101695000d", - "https://security.gentoo.org/glsa/201611-14", - "https://usn.ubuntu.com/usn/usn-2810-1" - ], - "PublishedDate": "2015-11-09T03:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2696", - "PkgName": "krb5-libs", - "InstalledVersion": "1.15.1-37.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2696", - "Title": "krb5: IAKERB context aliasing flaw", - "Description": "lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-18" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", - "V2Score": 7.1 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8244", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html", - "http://www.debian.org/security/2015/dsa-3395", - "http://www.securityfocus.com/bid/90675", - "http://www.securitytracker.com/id/1034084", - "http://www.ubuntu.com/usn/USN-2810-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2696", - "https://github.com/krb5/krb5/commit/e04f0283516e80d2f93366e0d479d13c9b5c8c2a", - "https://security.gentoo.org/glsa/201611-14", - "https://usn.ubuntu.com/usn/usn-2810-1" - ], - "PublishedDate": "2015-11-09T03:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2697", - "PkgName": "krb5-libs", - "InstalledVersion": "1.15.1-37.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2697", - "Title": "krb5: build_principal() memory flaw", - "Description": "The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\\0' character in a long realm field within a TGS request.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C", - "V2Score": 6.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "V2Score": 4 - } - }, - "References": [ - "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8252", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html", - "http://www.debian.org/security/2015/dsa-3395", - "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "http://www.securityfocus.com/bid/77581", - "http://www.securitytracker.com/id/1034084", - "http://www.ubuntu.com/usn/USN-2810-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2697", - "https://github.com/krb5/krb5/commit/f0c094a1b745d91ef2f9a4eae2149aac026a5789", - "https://security.gentoo.org/glsa/201611-14", - "https://usn.ubuntu.com/usn/usn-2810-1" - ], - "PublishedDate": "2015-11-09T03:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15088", - "PkgName": "krb5-libs", - "InstalledVersion": "1.15.1-37.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15088", - "Title": "krb5: Buffer overflow in get_matching_data()", - "Description": "plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_oneline_ex functions. NOTE: this has security relevance only in use cases outside of the MIT Kerberos distribution, e.g., the use of get_matching_data in KDC certauth plugin code that is specific to Red Hat.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.1 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101594", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871698", - "https://bugzilla.redhat.com/show_bug.cgi?id=1504045", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15088", - "https://github.com/krb5/krb5/commit/fbb687db1088ddd894d975996e5f6a4252b9a2b4", - "https://github.com/krb5/krb5/pull/707" - ], - "PublishedDate": "2017-11-23T17:29:00Z", - "LastModifiedDate": "2019-10-09T23:24:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20217", - "PkgName": "krb5-libs", - "InstalledVersion": "1.15.1-37.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20217", - "Title": "krb5: Reachable assertion in the KDC using S4U2Self requests", - "Description": "A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-617" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 3.5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 5.3 - } - }, - "References": [ - "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20217", - "https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086", - "https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2KNHELH4YHNT6H2ESJWX2UIDXLBNGB2O/", - "https://security.netapp.com/advisory/ntap-20190416-0006/" - ], - "PublishedDate": "2018-12-26T21:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11462", - "PkgName": "krb5-libs", - "InstalledVersion": "1.15.1-37.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11462", - "Title": "krb5: Automatic sec context deletion could lead to double-free", - "Description": "Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.", - "Severity": "LOW", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V3Score": 3.7 - } - }, - "References": [ - "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598", - "https://bugzilla.redhat.com/show_bug.cgi?id=1488873", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11462", - "https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2FPRUP4YVOEBGEROUYWZFEQ64HTMGNED/" - ], - "PublishedDate": "2017-09-13T16:29:00Z", - "LastModifiedDate": "2020-01-21T15:47:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9114", - "PkgName": "libblkid", - "InstalledVersion": "2.23.2-59.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9114", - "Title": "util-linux: command injection flaw in blkid", - "Description": "Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-77" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V2Score": 6.2 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146229.html", - "http://lists.opensuse.org/opensuse-updates/2015-01/msg00035.html", - "http://www.openwall.com/lists/oss-security/2014/11/26/21", - "http://www.securityfocus.com/bid/71327", - "https://bugzilla.redhat.com/show_bug.cgi?id=1168485", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9114", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/98993", - "https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc", - "https://security.gentoo.org/glsa/201612-14" - ], - "PublishedDate": "2017-03-31T16:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2779", - "PkgName": "libblkid", - "InstalledVersion": "2.23.2-59.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", - "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", - "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 6.2, - "V3Score": 8.6 - } - }, - "References": [ - "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", - "http://www.openwall.com/lists/oss-security/2016/02/27/1", - "http://www.openwall.com/lists/oss-security/2016/02/27/2", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" - ], - "PublishedDate": "2017-02-07T15:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5218", - "PkgName": "libblkid", - "InstalledVersion": "2.23.2-59.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5218", - "Title": "colcrt: global-buffer-overflow", - "Description": "Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2015-11/msg00035.html", - "http://www.spinics.net/lists/util-linux-ng/msg11873.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=1259322", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5218", - "https://github.com/kerolasa/lelux-utiliteetit/commit/70e3fcf293c1827a2655a86584ab13075124a8a8", - "https://github.com/kerolasa/lelux-utiliteetit/commit/d883d64d96ab9bef510745d064a351145b9babec", - "https://www.kernel.org/pub/linux/utils/util-linux/v2.27/v2.27-ReleaseNotes" - ], - "PublishedDate": "2015-11-09T16:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2015-0247", - "PkgName": "libcom_err", - "InstalledVersion": "1.42.9-13.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-0247", - "Title": "e2fsprogs: ext2fs_open2() missing first_meta_bg boundary check leading to heap buffer overflow (oCERT-015-002)", - "Description": "Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", - "V2Score": 6.9 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2015-0061.html", - "http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149434.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150606.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150805.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00019.html", - "http://lists.opensuse.org/opensuse-updates/2015-06/msg00010.html", - "http://packetstormsecurity.com/files/130283/e2fsprogs-Input-Sanitization.html", - "http://www.debian.org/security/2015/dsa-3166", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:045", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:067", - "http://www.ocert.org/advisories/ocert-2015-002.html", - "http://www.securityfocus.com/archive/1/534633/100/0/threaded", - "http://www.securityfocus.com/bid/72520", - "http://www.ubuntu.com/usn/USN-2507-1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1187032", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0247", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/100740", - "https://security.gentoo.org/glsa/201701-06", - "https://usn.ubuntu.com/usn/usn-2507-1" - ], - "PublishedDate": "2015-02-17T15:59:00Z", - "LastModifiedDate": "2018-10-09T19:55:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5094", - "PkgName": "libcom_err", - "InstalledVersion": "1.42.9-13.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", - "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", - "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 6.4 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", - "https://seclists.org/bugtraq/2019/Sep/58", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", - "https://usn.ubuntu.com/4142-2/", - "https://usn.ubuntu.com/usn/usn-4142-1", - "https://usn.ubuntu.com/usn/usn-4142-2", - "https://www.debian.org/security/2019/dsa-4535" - ], - "PublishedDate": "2019-09-24T22:15:00Z", - "LastModifiedDate": "2019-09-28T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5188", - "PkgName": "libcom_err", - "InstalledVersion": "1.42.9-13.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", - "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", - "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", - "https://usn.ubuntu.com/4249-1/", - "https://usn.ubuntu.com/usn/usn-4249-1" - ], - "PublishedDate": "2020-01-08T16:15:00Z", - "LastModifiedDate": "2020-01-28T06:15:00Z" - }, - { - "VulnerabilityID": "CVE-2015-1572", - "PkgName": "libcom_err", - "InstalledVersion": "1.42.9-13.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1572", - "Title": "e2fsprogs: potential buffer overflow in closefs() (incomplete CVE-2015-0247 fix)", - "Description": "Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V2Score": 6.2 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2015-0088.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150606.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150805.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00019.html", - "http://lists.opensuse.org/opensuse-updates/2015-06/msg00006.html", - "http://lists.opensuse.org/opensuse-updates/2015-06/msg00010.html", - "http://www.debian.org/security/2015/dsa-3166", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:067", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:068", - "http://www.securityfocus.com/bid/72709", - "http://www.ubuntu.com/usn/USN-2507-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1572", - "https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=49d0fe2a14f2a23da2fe299643379b8c1d37df73", - "https://security.gentoo.org/glsa/201507-22", - "https://usn.ubuntu.com/usn/usn-2507-1" - ], - "PublishedDate": "2015-02-24T15:59:00Z", - "LastModifiedDate": "2017-11-08T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-3153", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-3153", - "Title": "curl: sensitive HTTP server headers also sent to proxies", - "Description": "The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://curl.haxx.se/docs/adv_20150429.html", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743", - "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", - "http://lists.opensuse.org/opensuse-updates/2015-05/msg00017.html", - "http://www.debian.org/security/2015/dsa-3240", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", - "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", - "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "http://www.securityfocus.com/bid/74408", - "http://www.securitytracker.com/id/1032233", - "http://www.ubuntu.com/usn/USN-2591-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3153", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10131", - "https://support.apple.com/kb/HT205031", - "https://usn.ubuntu.com/usn/usn-2591-1" - ], - "PublishedDate": "2015-05-01T15:59:00Z", - "LastModifiedDate": "2018-10-17T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8615", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8615", - "Title": "curl: Cookie injection for other servers", - "Description": "A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8615.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94096", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8615", - "https://curl.haxx.se/CVE-2016-8615.patch", - "https://curl.haxx.se/docs/adv_20161102A.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8617", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8617", - "Title": "curl: Out-of-bounds write via unchecked multiplication", - "Description": "The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.4, - "V3Score": 7 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8617.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94097", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8617", - "https://curl.haxx.se/CVE-2016-8617.patch", - "https://curl.haxx.se/docs/adv_20161102C.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T22:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8618", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8618", - "Title": "curl: Double-free in curl_maprintf", - "Description": "The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8618.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94098", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8618", - "https://curl.haxx.se/docs/adv_20161102D.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T21:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8619", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8619", - "Title": "curl: Double-free in krb5 code", - "Description": "The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8619.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94100", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8619", - "https://curl.haxx.se/CVE-2016-8619.patch", - "https://curl.haxx.se/docs/adv_20161102E.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8624", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8624", - "Title": "curl: Invalid URL parsing with '#'", - "Description": "curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8624.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94103", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8624", - "https://curl.haxx.se/docs/adv_20161102J.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T21:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8625", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8625", - "Title": "curl: IDNA 2003 makes curl use wrong host", - "Description": "curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8625.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.securityfocus.com/bid/94107", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8625", - "https://curl.haxx.se/CVE-2016-8625.patch", - "https://curl.haxx.se/docs/adv_20161102K.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8625", - "https://security.gentoo.org/glsa/201701-47", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2017-1000254", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000254", - "Title": "curl: FTP PWD response parser out of bounds read", - "Description": "libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3992", - "http://www.securityfocus.com/bid/101115", - "http://www.securitytracker.com/id/1039509", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/673d0cd8.patch", - "https://curl.haxx.se/docs/adv_20171004.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000254", - "https://security.gentoo.org/glsa/201712-04", - "https://support.apple.com/HT208331", - "https://usn.ubuntu.com/usn/usn-3441-1", - "https://usn.ubuntu.com/usn/usn-3441-2" - ], - "PublishedDate": "2017-10-06T13:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8817", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8817", - "Title": "curl: FTP wildcard out of bounds read", - "Description": "The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", - "V3Score": 3.1 - } - }, - "References": [ - "http://security.cucumberlinux.com/security/details.php?id=162", - "http://www.securityfocus.com/bid/102057", - "http://www.securitytracker.com/id/1039897", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/docs/adv_2017-ae72.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8817", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00040.html", - "https://security.gentoo.org/glsa/201712-04", - "https://usn.ubuntu.com/usn/usn-3498-1", - "https://usn.ubuntu.com/usn/usn-3498-2", - "https://www.debian.org/security/2017/dsa-4051" - ], - "PublishedDate": "2017-11-29T18:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20483", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20483", - "Title": "wget: Information exposure in set_file_metadata function in xattr.c", - "Description": "set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 2.1, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V3Score": 5.5 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/wget.git/tree/NEWS", - "http://linux.oracle.com/cve/CVE-2018-20483.html", - "http://linux.oracle.com/errata/ELSA-2019-3701.html", - "http://www.securityfocus.com/bid/106358", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20483", - "https://security.gentoo.org/glsa/201903-08", - "https://security.netapp.com/advisory/ntap-20190321-0002/", - "https://twitter.com/marcan42/status/1077676739877232640", - "https://usn.ubuntu.com/3943-1/", - "https://usn.ubuntu.com/usn/usn-3943-1" - ], - "PublishedDate": "2018-12-26T18:29:00Z", - "LastModifiedDate": "2019-04-09T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5482", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5482", - "Title": "curl: heap buffer overflow in function tftp_receive_packet()", - "Description": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-120" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 6.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", - "https://curl.haxx.se/docs/CVE-2019-5482.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", - "https://usn.ubuntu.com/usn/usn-4129-1", - "https://usn.ubuntu.com/usn/usn-4129-2" - ], - "PublishedDate": "2019-09-16T19:15:00Z", - "LastModifiedDate": "2019-09-18T00:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-0755", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-0755", - "Title": "curl: NTLM credentials not-checked for proxy connection re-use", - "Description": "The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.", - "Severity": "LOW", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 5, - "V3Score": 7.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", - "V2Score": 4 - } - }, - "References": [ - "http://curl.haxx.se/docs/adv_20160127A.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176546.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177342.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177383.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176413.html", - "http://lists.opensuse.org/opensuse-updates/2016-02/msg00031.html", - "http://lists.opensuse.org/opensuse-updates/2016-02/msg00044.html", - "http://lists.opensuse.org/opensuse-updates/2016-02/msg00047.html", - "http://packetstormsecurity.com/files/135695/Slackware-Security-Advisory-curl-Updates.html", - "http://www.debian.org/security/2016/dsa-3455", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/82307", - "http://www.securitytracker.com/id/1034882", - "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.519965", - "http://www.ubuntu.com/usn/USN-2882-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0755", - "https://security.gentoo.org/glsa/201701-47", - "https://support.apple.com/HT207170", - "https://usn.ubuntu.com/usn/usn-2882-1" - ], - "PublishedDate": "2016-01-29T20:59:00Z", - "LastModifiedDate": "2018-10-17T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8616", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8616", - "Title": "curl: Case insensitive password comparison", - "Description": "A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.", - "Severity": "LOW", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 2.6, - "V3Score": 3.7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8616.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94094", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8616", - "https://curl.haxx.se/CVE-2016-8616.patch", - "https://curl.haxx.se/docs/adv_20161102B.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8621", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8621", - "Title": "curl: curl_getdate out-of-bounds read", - "Description": "The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8621.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94101", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8621", - "https://curl.haxx.se/CVE-2016-8621.patch", - "https://curl.haxx.se/docs/adv_20161102G.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T22:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8622", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8622", - "Title": "curl: URL unescape heap overflow via integer truncation", - "Description": "The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer.", - "Severity": "LOW", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 2.6, - "V3Score": 3.7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8622.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94105", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8622", - "https://curl.haxx.se/docs/adv_20161102H.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T21:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8623", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8623", - "Title": "curl: Use-after-free via shared cookies", - "Description": "A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8623.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94106", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8623", - "https://curl.haxx.se/CVE-2016-8623.patch", - "https://curl.haxx.se/docs/adv_20161102I.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9586", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9586", - "Title": "curl: printf floating point buffer overflow", - "Description": "curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 2.6, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/95019", - "http://www.securitytracker.com/id/1037515", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9586", - "https://curl.haxx.se/docs/adv_20161221A.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9586", - "https://github.com/curl/curl/commit/curl-7_51_0-162-g3ab3c16", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3441-1", - "https://usn.ubuntu.com/usn/usn-3441-2" - ], - "PublishedDate": "2018-04-23T18:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-1000100", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000100", - "Title": "curl: TFTP sends more than buffer size", - "Description": "When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 4.8 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3992", - "http://www.securityfocus.com/bid/100286", - "http://www.securitytracker.com/id/1039118", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/docs/adv_20170809B.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000100", - "https://security.gentoo.org/glsa/201709-14", - "https://support.apple.com/HT208221", - "https://usn.ubuntu.com/usn/usn-3441-1", - "https://usn.ubuntu.com/usn/usn-3441-2" - ], - "PublishedDate": "2017-10-05T01:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7407", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7407", - "Title": "curl: --write-out out of bounds read", - "Description": "The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 2.1, - "V3Score": 2.4 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", - "V3Score": 1.8 - } - }, - "References": [ - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/docs/adv_20170403.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7407", - "https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13", - "https://security.gentoo.org/glsa/201709-14", - "https://usn.ubuntu.com/usn/usn-3441-1", - "https://usn.ubuntu.com/usn/usn-3441-2" - ], - "PublishedDate": "2017-04-03T20:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-14618", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "FixedVersion": "7.29.0-51.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14618", - "Title": "curl: NTLM password overflow via integer overflow", - "Description": "curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 10, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-14618.html", - "http://linux.oracle.com/errata/ELSA-2019-1880.html", - "http://www.securitytracker.com/id/1041605", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618", - "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf", - "https://curl.haxx.se/docs/CVE-2018-14618.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14618", - "https://github.com/curl/curl/issues/2756", - "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0014", - "https://security.gentoo.org/glsa/201903-03", - "https://usn.ubuntu.com/3765-1/", - "https://usn.ubuntu.com/3765-2/", - "https://usn.ubuntu.com/usn/usn-3765-1", - "https://usn.ubuntu.com/usn/usn-3765-2", - "https://www.debian.org/security/2018/dsa-4286" - ], - "PublishedDate": "2018-09-05T19:29:00Z", - "LastModifiedDate": "2019-04-22T17:48:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16842", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "FixedVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16842", - "Title": "curl: Heap-based buffer over-read in the curl tool warning formatting", - "Description": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16842.html", - "http://linux.oracle.com/errata/ELSA-2019-2181.html", - "http://www.securitytracker.com/id/1042014", - "https://access.redhat.com/errata/RHSA-2019:2181", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842", - "https://curl.haxx.se/docs/CVE-2018-16842.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16842", - "https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", - "https://security.gentoo.org/glsa/201903-03", - "https://usn.ubuntu.com/3805-1/", - "https://usn.ubuntu.com/3805-2/", - "https://usn.ubuntu.com/usn/usn-3805-1", - "https://usn.ubuntu.com/usn/usn-3805-2", - "https://www.debian.org/security/2018/dsa-4331" - ], - "PublishedDate": "2018-10-31T19:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5436", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5436", - "Title": "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function", - "Description": "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html", - "https://curl.haxx.se/docs/CVE-2019-5436.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/", - "https://security.netapp.com/advisory/ntap-20190606-0004/", - "https://usn.ubuntu.com/usn/usn-3993-1", - "https://usn.ubuntu.com/usn/usn-3993-2" - ], - "PublishedDate": "2019-05-28T19:29:00Z", - "LastModifiedDate": "2019-06-09T05:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10140", - "PkgName": "libdb", - "InstalledVersion": "5.3.21-24.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10140", - "Title": "libdb: Reads DB_CONFIG from the current working directory", - "Description": "Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 4.5 - } - }, - "References": [ - "http://seclists.org/oss-sec/2017/q3/285", - "http://www.openwall.com/lists/oss-security/2017/08/12/1", - "http://www.postfix.org/announcements/postfix-3.2.2.html", - "https://access.redhat.com/errata/RHSA-2019:0366", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10140", - "https://usn.ubuntu.com/usn/usn-3489-1", - "https://usn.ubuntu.com/usn/usn-3489-2" - ], - "PublishedDate": "2018-04-16T17:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10140", - "PkgName": "libdb-utils", - "InstalledVersion": "5.3.21-24.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10140", - "Title": "libdb: Reads DB_CONFIG from the current working directory", - "Description": "Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 4.5 - } - }, - "References": [ - "http://seclists.org/oss-sec/2017/q3/285", - "http://www.openwall.com/lists/oss-security/2017/08/12/1", - "http://www.postfix.org/announcements/postfix-3.2.2.html", - "https://access.redhat.com/errata/RHSA-2019:0366", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10140", - "https://usn.ubuntu.com/usn/usn-3489-1", - "https://usn.ubuntu.com/usn/usn-3489-2" - ], - "PublishedDate": "2018-04-16T17:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2014-5044", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-5044", - "Title": "gcc: integer overflow flaws in libgfortran", - "Description": "Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2014/07/23/7", - "http://www.openwall.com/lists/oss-security/2014/07/24/1", - "http://www.openwall.com/lists/oss-security/2014/07/31/6", - "https://bugzilla.redhat.com/show_bug.cgi?id=1122812", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5044", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/94849", - "https://gcc.gnu.org/viewcvs/gcc/trunk/libgfortran/ChangeLog?limit_changes=0\u0026view=markup\u0026pathrev=211721", - "https://gcc.gnu.org/viewcvs/gcc?limit_changes=0\u0026view=revision\u0026revision=211721" - ], - "PublishedDate": "2018-03-07T15:29:00Z", - "LastModifiedDate": "2018-03-27T23:48:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20673", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20673", - "Title": "libiberty: Integer overflow in demangle_template() function", - "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106454", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24039" - ], - "PublishedDate": "2019-01-04T18:29:00Z", - "LastModifiedDate": "2019-01-15T14:36:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5276", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5276", - "Title": "gcc: Predictable randomness from std::random_device", - "Description": "The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2015-11/msg00054.html", - "http://lists.opensuse.org/opensuse-updates/2016-04/msg00052.html", - "http://www.securitytracker.com/id/1034375", - "https://bugzilla.redhat.com/show_bug.cgi?id=1262846", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5276", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65142", - "https://gcc.gnu.org/ml/gcc-patches/2015-09/msg01050.html" - ], - "PublishedDate": "2015-11-17T15:59:00Z", - "LastModifiedDate": "2019-02-12T19:05:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2226", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2226", - "Title": "gcc: Exploitable buffer overflow", - "Description": "Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190", - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V2Score": 6.8, - "V3Score": 3.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90103", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1", - "https://www.exploit-db.com/exploits/42386/" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-08-12T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4487", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4487", - "Title": "gcc: Invalid write due to a use-after-free to array btypevec", - "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"btypevec.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90025", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", - "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4488", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4488", - "Title": "gcc: Invalid write due to a use-after-free to array ktypevec", - "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"ktypevec.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 5.1, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90025", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", - "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4489", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4489", - "Title": "gcc: Invalid write due to integer overflow", - "Description": "Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the \"demangling of virtual tables.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90017", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4490", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4490", - "Title": "gcc: Write access violation", - "Description": "Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90019", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4491", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4491", - "Title": "gcc: Stack overflow due to infinite recursion in d_print_comp", - "Description": "The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90016", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4492", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4492", - "Title": "gcc: Read access violations", - "Description": "Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 4.4 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90014", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4493", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4493", - "Title": "gcc: Read access violations", - "Description": "The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90014", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20657", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20657", - "Title": "libiberty: Memory leak in demangle_template function resulting in a denial of service", - "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-20657.html", - "http://linux.oracle.com/errata/ELSA-2019-3352.html", - "http://www.securityfocus.com/bid/106444", - "https://access.redhat.com/errata/RHSA-2019:3352", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539", - "https://support.f5.com/csp/article/K62602089" - ], - "PublishedDate": "2019-01-02T14:29:00Z", - "LastModifiedDate": "2019-11-06T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-14250", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14250", - "Title": "binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow", - "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/109354", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90924", - "https://gcc.gnu.org/ml/gcc-patches/2019-07/msg01003.html", - "https://security.netapp.com/advisory/ntap-20190822-0002/" - ], - "PublishedDate": "2019-07-24T04:15:00Z", - "LastModifiedDate": "2019-08-22T07:15:00Z" - }, - { - "VulnerabilityID": "CVE-2014-5270", - "PkgName": "libgcrypt", - "InstalledVersion": "1.5.3-14.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-5270", - "Title": "libgcrypt: ELGAMAL side-channel attack", - "Description": "Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 1.9 - } - }, - "References": [ - "http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000352.html", - "http://openwall.com/lists/oss-security/2014/08/16/2", - "http://www.cs.tau.ac.il/~tromer/handsoff/", - "http://www.debian.org/security/2014/dsa-3024", - "http://www.debian.org/security/2014/dsa-3073", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5270", - "https://usn.ubuntu.com/usn/usn-2339-1", - "https://usn.ubuntu.com/usn/usn-2339-2" - ], - "PublishedDate": "2014-10-10T01:55:00Z", - "LastModifiedDate": "2017-11-04T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7526", - "PkgName": "libgcrypt", - "InstalledVersion": "1.5.3-14.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7526", - "Title": "libgcrypt: Use of left-to-right sliding window method allows full RSA key recovery", - "Description": "libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", - "V3Score": 6.1 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99338", - "http://www.securitytracker.com/id/1038915", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7526", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7526", - "https://eprint.iacr.org/2017/627", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=78130828e9a140a9de4dafadbc844dbb64cb709a", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=8725c99ffa41778f382ca97233183bcd687bb0ce", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=e6a3dc9900433bbc8ad362a595a3837318c28fa9", - "https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html", - "https://usn.ubuntu.com/3733-1/", - "https://usn.ubuntu.com/3733-2/", - "https://usn.ubuntu.com/usn/usn-3347-1", - "https://usn.ubuntu.com/usn/usn-3347-2", - "https://usn.ubuntu.com/usn/usn-3733-1", - "https://usn.ubuntu.com/usn/usn-3733-2", - "https://www.debian.org/security/2017/dsa-3901", - "https://www.debian.org/security/2017/dsa-3960" - ], - "PublishedDate": "2018-07-26T13:29:00Z", - "LastModifiedDate": "2019-10-09T23:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-12904", - "PkgName": "libgcrypt", - "InstalledVersion": "1.5.3-14.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12904", - "Title": "Libgcrypt: physical addresses being available to other processes leads to a flush-and-reload side-channel attack", - "Description": "In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.)", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00049.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12904", - "https://dev.gnupg.org/T4541", - "https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020", - "https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762", - "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html" - ], - "PublishedDate": "2019-06-20T00:15:00Z", - "LastModifiedDate": "2019-07-23T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3591", - "PkgName": "libgcrypt", - "InstalledVersion": "1.5.3-14.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3591", - "Title": "libgcrypt: use ciphertext blinding for Elgamal decryption (new side-channel attack)", - "Description": "Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 1.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 1.2 - } - }, - "References": [ - "http://www.cs.tau.ac.il/~tromer/radioexp/", - "http://www.debian.org/security/2015/dsa-3184", - "http://www.debian.org/security/2015/dsa-3185", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3591", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html", - "https://usn.ubuntu.com/usn/usn-2554-1", - "https://usn.ubuntu.com/usn/usn-2555-1" - ], - "PublishedDate": "2019-11-29T22:15:00Z", - "LastModifiedDate": "2019-12-05T18:06:00Z" - }, - { - "VulnerabilityID": "CVE-2015-0837", - "PkgName": "libgcrypt", - "InstalledVersion": "1.5.3-14.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-0837", - "Title": "libgcrypt: last-level cache side-channel attack", - "Description": "The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a \"Last-Level Cache Side-Channel Attack.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-203" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 1.2 - } - }, - "References": [ - "http://www.debian.org/security/2015/dsa-3184", - "http://www.debian.org/security/2015/dsa-3185", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0837", - "https://ieeexplore.ieee.org/document/7163050", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html", - "https://usn.ubuntu.com/usn/usn-2554-1", - "https://usn.ubuntu.com/usn/usn-2555-1" - ], - "PublishedDate": "2019-11-29T22:15:00Z", - "LastModifiedDate": "2019-12-14T13:59:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2059", - "PkgName": "libidn", - "InstalledVersion": "1.28-4.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2059", - "Title": "libidn: out-of-bounds read with stringprep on invalid UTF-8", - "Description": "The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 2.6 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=2e97c279", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162537.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162549.html", - "http://lists.opensuse.org/opensuse-updates/2015-07/msg00042.html", - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html", - "http://www.debian.org/security/2016/dsa-3578", - "http://www.openwall.com/lists/oss-security/2015/02/23/25", - "http://www.securityfocus.com/bid/72736", - "http://www.ubuntu.com/usn/USN-3068-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2059", - "https://github.com/jabberd2/jabberd2/issues/85", - "https://lists.gnu.org/archive/html/help-libidn/2015-07/msg00026.html (regression)", - "https://usn.ubuntu.com/usn/usn-3068-1" - ], - "PublishedDate": "2015-08-12T14:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8948", - "PkgName": "libidn", - "InstalledVersion": "1.28-4.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8948", - "Title": "libidn: Out-of-bounds read due to use of fgets with fixed-size buffer", - "Description": "idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 2.6, - "V3Score": 3.7 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=570e68886c41c2e765e6218cb317d9a9a447a041", - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html", - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html", - "http://www.debian.org/security/2016/dsa-3658", - "http://www.openwall.com/lists/oss-security/2016/07/20/6", - "http://www.openwall.com/lists/oss-security/2016/07/21/4", - "http://www.securityfocus.com/bid/92070", - "http://www.ubuntu.com/usn/USN-3068-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8948", - "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html", - "https://marc.info/?l=oss-security\u0026m=146910769415616\u0026w=2", - "https://usn.ubuntu.com/usn/usn-3068-1" - ], - "PublishedDate": "2016-09-07T20:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6261", - "PkgName": "libidn", - "InstalledVersion": "1.28-4.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6261", - "Title": "libidn: Out of bounds stack read in idna_to_ascii_4i", - "Description": "The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 2.6, - "V3Score": 3.7 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d", - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html", - "http://www.debian.org/security/2016/dsa-3658", - "http://www.openwall.com/lists/oss-security/2016/07/20/6", - "http://www.openwall.com/lists/oss-security/2016/07/21/4", - "http://www.securityfocus.com/bid/92070", - "http://www.ubuntu.com/usn/USN-3068-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6261", - "https://lists.gnu.org/archive/html/help-libidn/2015-07/msg00016.html", - "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html", - "https://usn.ubuntu.com/usn/usn-3068-1" - ], - "PublishedDate": "2016-09-07T20:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6262", - "PkgName": "libidn", - "InstalledVersion": "1.28-4.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6262", - "Title": "libidn: Out-of-bounds read when reading zero byte as input", - "Description": "idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V2Score": 2.6, - "V3Score": 3.7 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60", - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html", - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html", - "http://www.openwall.com/lists/oss-security/2016/07/20/6", - "http://www.openwall.com/lists/oss-security/2016/07/21/4", - "http://www.securityfocus.com/bid/92070", - "http://www.ubuntu.com/usn/USN-3068-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6262", - "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html", - "https://usn.ubuntu.com/usn/usn-3068-1" - ], - "PublishedDate": "2016-09-07T20:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6263", - "PkgName": "libidn", - "InstalledVersion": "1.28-4.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6263", - "Title": "libidn: Crash when given invalid UTF-8 data on input", - "Description": "The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V2Score": 2.6, - "V3Score": 3.7 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f425555", - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html", - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html", - "http://www.debian.org/security/2016/dsa-3658", - "http://www.openwall.com/lists/oss-security/2016/07/20/6", - "http://www.openwall.com/lists/oss-security/2016/07/21/4", - "http://www.securityfocus.com/bid/92070", - "http://www.ubuntu.com/usn/USN-3068-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6263", - "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html", - "https://usn.ubuntu.com/usn/usn-3068-1" - ], - "PublishedDate": "2016-09-07T20:59:00Z", - "LastModifiedDate": "2016-11-28T20:31:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14062", - "PkgName": "libidn", - "InstalledVersion": "1.28-4.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14062", - "Title": "libidn2: Integer overflow in puny_decode.c/decode_digit", - "Description": "Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3988", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14062", - "https://gitlab.com/libidn/libidn2/blob/master/NEWS", - "https://gitlab.com/libidn/libidn2/commit/3284eb342cd0ed1a18786e3fcdf0cdd7e76676bd", - "https://lists.debian.org/debian-lts-announce/2018/07/msg00040.html", - "https://usn.ubuntu.com/usn/usn-3421-1", - "https://usn.ubuntu.com/usn/usn-3434-1", - "https://usn.ubuntu.com/usn/usn-3434-2" - ], - "PublishedDate": "2017-08-31T16:29:00Z", - "LastModifiedDate": "2020-02-18T19:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9114", - "PkgName": "libmount", - "InstalledVersion": "2.23.2-59.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9114", - "Title": "util-linux: command injection flaw in blkid", - "Description": "Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-77" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V2Score": 6.2 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146229.html", - "http://lists.opensuse.org/opensuse-updates/2015-01/msg00035.html", - "http://www.openwall.com/lists/oss-security/2014/11/26/21", - "http://www.securityfocus.com/bid/71327", - "https://bugzilla.redhat.com/show_bug.cgi?id=1168485", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9114", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/98993", - "https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc", - "https://security.gentoo.org/glsa/201612-14" - ], - "PublishedDate": "2017-03-31T16:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2779", - "PkgName": "libmount", - "InstalledVersion": "2.23.2-59.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", - "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", - "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 6.2, - "V3Score": 8.6 - } - }, - "References": [ - "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", - "http://www.openwall.com/lists/oss-security/2016/02/27/1", - "http://www.openwall.com/lists/oss-security/2016/02/27/2", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" - ], - "PublishedDate": "2017-02-07T15:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5218", - "PkgName": "libmount", - "InstalledVersion": "2.23.2-59.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5218", - "Title": "colcrt: global-buffer-overflow", - "Description": "Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2015-11/msg00035.html", - "http://www.spinics.net/lists/util-linux-ng/msg11873.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=1259322", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5218", - "https://github.com/kerolasa/lelux-utiliteetit/commit/70e3fcf293c1827a2655a86584ab13075124a8a8", - "https://github.com/kerolasa/lelux-utiliteetit/commit/d883d64d96ab9bef510745d064a351145b9babec", - "https://www.kernel.org/pub/linux/utils/util-linux/v2.27/v2.27-ReleaseNotes" - ], - "PublishedDate": "2015-11-09T16:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9114", - "PkgName": "libsmartcols", - "InstalledVersion": "2.23.2-59.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9114", - "Title": "util-linux: command injection flaw in blkid", - "Description": "Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-77" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V2Score": 6.2 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146229.html", - "http://lists.opensuse.org/opensuse-updates/2015-01/msg00035.html", - "http://www.openwall.com/lists/oss-security/2014/11/26/21", - "http://www.securityfocus.com/bid/71327", - "https://bugzilla.redhat.com/show_bug.cgi?id=1168485", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9114", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/98993", - "https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc", - "https://security.gentoo.org/glsa/201612-14" - ], - "PublishedDate": "2017-03-31T16:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2779", - "PkgName": "libsmartcols", - "InstalledVersion": "2.23.2-59.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", - "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", - "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 6.2, - "V3Score": 8.6 - } - }, - "References": [ - "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", - "http://www.openwall.com/lists/oss-security/2016/02/27/1", - "http://www.openwall.com/lists/oss-security/2016/02/27/2", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" - ], - "PublishedDate": "2017-02-07T15:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5218", - "PkgName": "libsmartcols", - "InstalledVersion": "2.23.2-59.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5218", - "Title": "colcrt: global-buffer-overflow", - "Description": "Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2015-11/msg00035.html", - "http://www.spinics.net/lists/util-linux-ng/msg11873.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=1259322", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5218", - "https://github.com/kerolasa/lelux-utiliteetit/commit/70e3fcf293c1827a2655a86584ab13075124a8a8", - "https://github.com/kerolasa/lelux-utiliteetit/commit/d883d64d96ab9bef510745d064a351145b9babec", - "https://www.kernel.org/pub/linux/utils/util-linux/v2.27/v2.27-ReleaseNotes" - ], - "PublishedDate": "2015-11-09T16:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3855", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.el7", - "FixedVersion": "1.4.3-12.el7_6.2", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3855", - "Title": "libssh2: Integer overflow in transport read resulting in out of bounds write", - "Description": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 9.3, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3855.html", - "http://linux.oracle.com/errata/ELSA-2019-1652.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", - "http://www.openwall.com/lists/oss-security/2019/03/18/3", - "http://www.securityfocus.com/bid/107485", - "https://access.redhat.com/errata/RHSA-2019:0679", - "https://access.redhat.com/errata/RHSA-2019:1175", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3855", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3855", - "https://github.com/libssh2/libssh2/pull/315", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://seclists.org/bugtraq/2019/Mar/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3855.html" - ], - "PublishedDate": "2019-03-21T21:29:00Z", - "LastModifiedDate": "2019-05-14T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3856", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.el7", - "FixedVersion": "1.4.3-12.el7_6.2", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3856", - "Title": "libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write", - "Description": "An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3856.html", - "http://linux.oracle.com/errata/ELSA-2019-1652.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "https://access.redhat.com/errata/RHSA-2019:0679", - "https://access.redhat.com/errata/RHSA-2019:1175", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3856", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3856", - "https://github.com/libssh2/libssh2/pull/315", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3856.html" - ], - "PublishedDate": "2019-03-25T19:29:00Z", - "LastModifiedDate": "2019-05-14T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3857", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.el7", - "FixedVersion": "1.4.3-12.el7_6.2", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3857", - "Title": "libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write", - "Description": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3857.html", - "http://linux.oracle.com/errata/ELSA-2019-1652.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "https://access.redhat.com/errata/RHSA-2019:0679", - "https://access.redhat.com/errata/RHSA-2019:1175", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3857", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3857", - "https://github.com/libssh2/libssh2/pull/315", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3857.html" - ], - "PublishedDate": "2019-03-25T19:29:00Z", - "LastModifiedDate": "2019-05-14T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3863", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.el7", - "FixedVersion": "1.4.3-12.el7_6.2", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3863", - "Title": "libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes", - "Description": "A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3863.html", - "http://linux.oracle.com/errata/ELSA-2019-1652.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "https://access.redhat.com/errata/RHSA-2019:0679", - "https://access.redhat.com/errata/RHSA-2019:1175", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3863", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3863", - "https://github.com/libssh2/libssh2/pull/315", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3863.html" - ], - "PublishedDate": "2019-03-25T18:29:00Z", - "LastModifiedDate": "2019-05-14T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13115", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13115", - "Title": "libssh2: integer overflow in kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c leads to out-of-bounds write", - "Description": "In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in 1.8.1, such as CVE-2019-3855.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "V2Score": 5.8, - "V3Score": 8.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H", - "V3Score": 6.8 - } - }, - "References": [ - "https://blog.semmle.com/libssh2-integer-overflow/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13115", - "https://github.com/libssh2/libssh2/compare/02ecf17...42d37aa", - "https://github.com/libssh2/libssh2/pull/350", - "https://libssh2.org/changes.html", - "https://lists.debian.org/debian-lts-announce/2019/07/msg00024.html" - ], - "PublishedDate": "2019-07-16T18:15:00Z", - "LastModifiedDate": "2019-07-25T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17498", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17498", - "Title": "libssh2: integer overflow in SSH_MSG_DISCONNECT logic in packet.c", - "Description": "In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html", - "https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17498", - "https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498", - "https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480", - "https://github.com/libssh2/libssh2/pull/402/commits/1c6fa92b77e34d089493fe6d3e2c6c8775858b94", - "https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/" - ], - "PublishedDate": "2019-10-21T22:15:00Z", - "LastModifiedDate": "2019-11-07T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3858", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.el7", - "FixedVersion": "1.8.0-3.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3858", - "Title": "libssh2: Zero-byte allocation with a specially crafted SFTP packed leading to an out-of-bounds read", - "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3858.html", - "http://linux.oracle.com/errata/ELSA-2019-2136.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", - "http://www.openwall.com/lists/oss-security/2019/03/18/3", - "http://www.securityfocus.com/bid/107485", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3858", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3858", - "https://github.com/libssh2/libssh2/pull/316", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://seclists.org/bugtraq/2019/Mar/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3858.html" - ], - "PublishedDate": "2019-03-21T21:29:00Z", - "LastModifiedDate": "2019-04-15T12:31:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3859", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3859", - "Title": "libssh2: Unchecked use of _libssh2_packet_require and _libssh2_packet_requirev resulting in out-of-bounds read", - "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00102.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00103.html", - "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", - "http://www.openwall.com/lists/oss-security/2019/03/18/3", - "http://www.securityfocus.com/bid/107485", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3859", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3859", - "https://github.com/libssh2/libssh2/pull/315", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.debian.org/debian-lts-announce/2019/04/msg00006.html", - "https://lists.debian.org/debian-lts-announce/2019/07/msg00024.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", - "https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00102.html", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://seclists.org/bugtraq/2019/Mar/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3859.html" - ], - "PublishedDate": "2019-03-21T16:01:00Z", - "LastModifiedDate": "2019-07-25T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3860", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3860", - "Title": "libssh2: Out-of-bounds reads with specially crafted SFTP packets", - "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3860", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3860", - "https://github.com/libssh2/libssh2/pull/316", - "https://libssh2.org/CVE-2019-3860.html", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3860.html" - ], - "PublishedDate": "2019-03-25T19:29:00Z", - "LastModifiedDate": "2019-04-15T12:31:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3861", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.el7", - "FixedVersion": "1.8.0-3.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3861", - "Title": "libssh2: Out-of-bounds reads with specially crafted SSH packets", - "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3861.html", - "http://linux.oracle.com/errata/ELSA-2019-2136.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3861", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3861", - "https://github.com/libssh2/libssh2/pull/316", - "https://libssh2.org/CVE-2019-3861.html", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3861.html" - ], - "PublishedDate": "2019-03-25T19:29:00Z", - "LastModifiedDate": "2019-04-15T12:31:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3862", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.el7", - "FixedVersion": "1.4.3-12.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3862", - "Title": "libssh2: Out-of-bounds memory comparison with specially crafted message channel request", - "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 7.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3862.html", - "http://linux.oracle.com/errata/ELSA-2019-4693.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", - "http://www.openwall.com/lists/oss-security/2019/03/18/3", - "http://www.securityfocus.com/bid/107485", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3862", - "https://github.com/libssh2/libssh2/pull/316", - "https://libssh2.org/CVE-2019-3862.html", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://seclists.org/bugtraq/2019/Mar/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3862.html" - ], - "PublishedDate": "2019-03-21T16:01:00Z", - "LastModifiedDate": "2019-04-15T12:31:00Z" - }, - { - "VulnerabilityID": "CVE-2014-5044", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-5044", - "Title": "gcc: integer overflow flaws in libgfortran", - "Description": "Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2014/07/23/7", - "http://www.openwall.com/lists/oss-security/2014/07/24/1", - "http://www.openwall.com/lists/oss-security/2014/07/31/6", - "https://bugzilla.redhat.com/show_bug.cgi?id=1122812", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5044", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/94849", - "https://gcc.gnu.org/viewcvs/gcc/trunk/libgfortran/ChangeLog?limit_changes=0\u0026view=markup\u0026pathrev=211721", - "https://gcc.gnu.org/viewcvs/gcc?limit_changes=0\u0026view=revision\u0026revision=211721" - ], - "PublishedDate": "2018-03-07T15:29:00Z", - "LastModifiedDate": "2018-03-27T23:48:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20673", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20673", - "Title": "libiberty: Integer overflow in demangle_template() function", - "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106454", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24039" - ], - "PublishedDate": "2019-01-04T18:29:00Z", - "LastModifiedDate": "2019-01-15T14:36:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5276", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5276", - "Title": "gcc: Predictable randomness from std::random_device", - "Description": "The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2015-11/msg00054.html", - "http://lists.opensuse.org/opensuse-updates/2016-04/msg00052.html", - "http://www.securitytracker.com/id/1034375", - "https://bugzilla.redhat.com/show_bug.cgi?id=1262846", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5276", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65142", - "https://gcc.gnu.org/ml/gcc-patches/2015-09/msg01050.html" - ], - "PublishedDate": "2015-11-17T15:59:00Z", - "LastModifiedDate": "2019-02-12T19:05:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2226", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2226", - "Title": "gcc: Exploitable buffer overflow", - "Description": "Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190", - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V2Score": 6.8, - "V3Score": 3.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90103", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1", - "https://www.exploit-db.com/exploits/42386/" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-08-12T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4487", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4487", - "Title": "gcc: Invalid write due to a use-after-free to array btypevec", - "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"btypevec.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90025", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", - "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4488", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4488", - "Title": "gcc: Invalid write due to a use-after-free to array ktypevec", - "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"ktypevec.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 5.1, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90025", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", - "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4489", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4489", - "Title": "gcc: Invalid write due to integer overflow", - "Description": "Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the \"demangling of virtual tables.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90017", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4490", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4490", - "Title": "gcc: Write access violation", - "Description": "Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90019", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4491", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4491", - "Title": "gcc: Stack overflow due to infinite recursion in d_print_comp", - "Description": "The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90016", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4492", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4492", - "Title": "gcc: Read access violations", - "Description": "Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 4.4 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90014", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4493", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4493", - "Title": "gcc: Read access violations", - "Description": "The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90014", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20657", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20657", - "Title": "libiberty: Memory leak in demangle_template function resulting in a denial of service", - "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-20657.html", - "http://linux.oracle.com/errata/ELSA-2019-3352.html", - "http://www.securityfocus.com/bid/106444", - "https://access.redhat.com/errata/RHSA-2019:3352", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539", - "https://support.f5.com/csp/article/K62602089" - ], - "PublishedDate": "2019-01-02T14:29:00Z", - "LastModifiedDate": "2019-11-06T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-14250", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14250", - "Title": "binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow", - "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/109354", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90924", - "https://gcc.gnu.org/ml/gcc-patches/2019-07/msg01003.html", - "https://security.netapp.com/advisory/ntap-20190822-0002/" - ], - "PublishedDate": "2019-07-24T04:15:00Z", - "LastModifiedDate": "2019-08-22T07:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4008", - "PkgName": "libtasn1", - "InstalledVersion": "4.10-1.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4008", - "Title": "libtasn1: infinite loop while parsing DER certificates", - "Description": "The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=a6e0a0b58f5cdaf4e9beca5bce69c09808cbb625", - "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=f435825c0f527a8e52e6ffbc3ad0bc60531d537e", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182299.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182907.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183221.html", - "http://lists.opensuse.org/opensuse-updates/2016-06/msg00047.html", - "http://lists.opensuse.org/opensuse-updates/2016-06/msg00097.html", - "http://www.debian.org/security/2016/dsa-3568", - "http://www.openwall.com/lists/oss-security/2016/04/11/3", - "http://www.ubuntu.com/usn/USN-2957-1", - "http://www.ubuntu.com/usn/USN-2957-2", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4008", - "https://lists.gnu.org/archive/html/help-libtasn1/2016-04/msg00009.html", - "https://security.gentoo.org/glsa/201703-05", - "https://usn.ubuntu.com/usn/usn-2957-1", - "https://usn.ubuntu.com/usn/usn-2957-2" - ], - "PublishedDate": "2016-05-05T18:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6003", - "PkgName": "libtasn1", - "InstalledVersion": "4.10-1.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6003", - "Title": "libtasn1: Stack exhaustion due to indefinite recursion during BER decoding", - "Description": "An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-674" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=c593ae84cfcde8fea45787e53950e0ac71e9ca97", - "https://bugzilla.redhat.com/show_bug.cgi?id=1535926", - "https://bugzilla.suse.com/show_bug.cgi?id=1076832", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6003", - "https://gitlab.com/gnutls/libtasn1/commit/946565d8eb05fbf7970ea366e817581bb5a90910", - "https://usn.ubuntu.com/usn/usn-3547-1", - "https://www.debian.org/security/2018/dsa-4106" - ], - "PublishedDate": "2018-01-22T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10790", - "PkgName": "libtasn1", - "InstalledVersion": "4.10-1.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10790", - "Title": "libtasn1: NULL pointer dereference in the _asn1_check_identifier function", - "Description": "The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464141", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10790", - "https://security.gentoo.org/glsa/201710-11", - "https://usn.ubuntu.com/3547-1/", - "https://usn.ubuntu.com/usn/usn-3547-1", - "https://www.debian.org/security/2018/dsa-4106" - ], - "PublishedDate": "2017-07-02T03:29:00Z", - "LastModifiedDate": "2018-03-16T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-6891", - "PkgName": "libtasn1", - "InstalledVersion": "4.10-1.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6891", - "Title": "libtasn1: Stack-based buffer overflow in asn1_find_node()", - "Description": "Two errors in the \"asn1_find_node()\" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=5520704d075802df25ce4ffccc010ba1641bd484", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html", - "http://www.debian.org/security/2017/dsa-3861", - "http://www.securityfocus.com/bid/98641", - "http://www.securitytracker.com/id/1038619", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6891", - "https://secuniaresearch.flexerasoftware.com/advisories/76125/", - "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/", - "https://security.gentoo.org/glsa/201710-11", - "https://usn.ubuntu.com/usn/usn-3309-1", - "https://usn.ubuntu.com/usn/usn-3309-2" - ], - "PublishedDate": "2017-05-22T19:29:00Z", - "LastModifiedDate": "2019-06-05T15:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1000654", - "PkgName": "libtasn1", - "InstalledVersion": "4.10-1.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000654", - "Title": "libtasn1: Infinite loop in _asn1_expand_object_id(ptree) leads to memory exhaustion", - "Description": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 7.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html", - "http://www.securityfocus.com/bid/105151", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000654", - "https://gitlab.com/gnutls/libtasn1/issues/4" - ], - "PublishedDate": "2018-08-20T19:31:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9114", - "PkgName": "libuuid", - "InstalledVersion": "2.23.2-59.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9114", - "Title": "util-linux: command injection flaw in blkid", - "Description": "Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-77" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V2Score": 6.2 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146229.html", - "http://lists.opensuse.org/opensuse-updates/2015-01/msg00035.html", - "http://www.openwall.com/lists/oss-security/2014/11/26/21", - "http://www.securityfocus.com/bid/71327", - "https://bugzilla.redhat.com/show_bug.cgi?id=1168485", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9114", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/98993", - "https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc", - "https://security.gentoo.org/glsa/201612-14" - ], - "PublishedDate": "2017-03-31T16:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2779", - "PkgName": "libuuid", - "InstalledVersion": "2.23.2-59.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", - "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", - "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 6.2, - "V3Score": 8.6 - } - }, - "References": [ - "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", - "http://www.openwall.com/lists/oss-security/2016/02/27/1", - "http://www.openwall.com/lists/oss-security/2016/02/27/2", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" - ], - "PublishedDate": "2017-02-07T15:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5218", - "PkgName": "libuuid", - "InstalledVersion": "2.23.2-59.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5218", - "Title": "colcrt: global-buffer-overflow", - "Description": "Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2015-11/msg00035.html", - "http://www.spinics.net/lists/util-linux-ng/msg11873.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=1259322", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5218", - "https://github.com/kerolasa/lelux-utiliteetit/commit/70e3fcf293c1827a2655a86584ab13075124a8a8", - "https://github.com/kerolasa/lelux-utiliteetit/commit/d883d64d96ab9bef510745d064a351145b9babec", - "https://www.kernel.org/pub/linux/utils/util-linux/v2.27/v2.27-ReleaseNotes" - ], - "PublishedDate": "2015-11-09T16:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-5131", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5131", - "Title": "libxml2: use after free triggered by XPointer paths beginning with range-to", - "Description": "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - } - }, - "References": [ - "http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html", - "http://rhn.redhat.com/errata/RHSA-2016-1485.html", - "http://www.debian.org/security/2016/dsa-3637", - "http://www.securityfocus.com/bid/92053", - "http://www.securitytracker.com/id/1036428", - "http://www.securitytracker.com/id/1038623", - "http://www.ubuntu.com/usn/USN-3041-1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1358641", - "https://codereview.chromium.org/2127493002", - "https://crbug.com/623378", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131", - "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", - "https://security.gentoo.org/glsa/201610-09", - "https://security.gentoo.org/glsa/201701-37", - "https://source.android.com/security/bulletin/2017-05-01", - "https://support.apple.com/HT207141", - "https://support.apple.com/HT207142", - "https://support.apple.com/HT207143", - "https://support.apple.com/HT207170", - "https://usn.ubuntu.com/usn/usn-3041-1", - "https://usn.ubuntu.com/usn/usn-3235-1" - ], - "PublishedDate": "2016-07-23T19:59:00Z", - "LastModifiedDate": "2019-03-26T17:14:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15412", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15412", - "Title": "chromium-browser: use after free in libxml", - "Description": "Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 8.8 - } - }, - "References": [ - "http://www.securitytracker.com/id/1040348", - "https://access.redhat.com/errata/RHSA-2017:3401", - "https://access.redhat.com/errata/RHSA-2018:0287", - "https://bugzilla.gnome.org/show_bug.cgi?id=783160", - "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html", - "https://crbug.com/727039", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412", - "https://github.com/sparklemotion/nokogiri/issues/1714", - "https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15412.html", - "https://security.gentoo.org/glsa/201801-03", - "https://usn.ubuntu.com/usn/usn-3513-1", - "https://usn.ubuntu.com/usn/usn-3513-1/", - "https://usn.ubuntu.com/usn/usn-3513-2", - "https://www.debian.org/security/2018/dsa-4086" - ], - "PublishedDate": "2018-08-28T19:29:00Z", - "LastModifiedDate": "2018-10-25T11:35:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8035", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8035", - "Title": "libxml2: DoS when parsing specially crafted XML document if XZ support is enabled", - "Description": "The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 2.6 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html", - "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html", - "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html", - "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html", - "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html", - "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html", - "http://rhn.redhat.com/errata/RHSA-2016-1089.html", - "http://www.debian.org/security/2015/dsa-3430", - "http://www.openwall.com/lists/oss-security/2015/11/02/2", - "http://www.openwall.com/lists/oss-security/2015/11/02/4", - "http://www.openwall.com/lists/oss-security/2015/11/03/1", - "http://www.securityfocus.com/bid/77390", - "http://www.securitytracker.com/id/1034243", - "http://www.ubuntu.com/usn/USN-2812-1", - "http://xmlsoft.org/news.html", - "https://bugzilla.gnome.org/show_bug.cgi?id=757466", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", - "https://security.gentoo.org/glsa/201701-37", - "https://support.apple.com/HT206166", - "https://support.apple.com/HT206167", - "https://support.apple.com/HT206168", - "https://support.apple.com/HT206169", - "https://usn.ubuntu.com/usn/usn-2812-1" - ], - "PublishedDate": "2015-11-18T16:59:00Z", - "LastModifiedDate": "2019-03-08T16:06:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4483", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4483", - "Title": "libxml2: out-of-bounds read", - "Description": "The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://rhn.redhat.com/errata/RHSA-2016-2957.html", - "http://www.debian.org/security/2016/dsa-3593", - "http://www.openwall.com/lists/oss-security/2016/05/03/8", - "http://www.openwall.com/lists/oss-security/2016/05/04/7", - "http://www.openwall.com/lists/oss-security/2016/06/07/4", - "http://www.openwall.com/lists/oss-security/2016/06/07/5", - "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", - "http://www.securityfocus.com/bid/90013", - "http://www.securitytracker.com/id/1036348", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483", - "https://git.gnome.org/browse/libxml2/commit/?id=c97750d11bb8b6f3303e7131fe526a61ac65bcfd", - "https://security.gentoo.org/glsa/201701-37", - "https://usn.ubuntu.com/usn/usn-2994-1", - "https://www.tenable.com/security/tns-2016-18" - ], - "PublishedDate": "2017-04-11T16:59:00Z", - "LastModifiedDate": "2018-01-05T02:30:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4658", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4658", - "Title": "libxml2: Use after free via namespace node in XPointer ranges", - "Description": "xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 10, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html", - "http://www.securityfocus.com/bid/93054", - "http://www.securitytracker.com/id/1036858", - "http://www.securitytracker.com/id/1038623", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658", - "https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b", - "https://github.com/sparklemotion/nokogiri/issues/1615", - "https://nvd.nist.gov/vuln/detail/CVE-2016-4658", - "https://security.gentoo.org/glsa/201701-37", - "https://support.apple.com/HT207141", - "https://support.apple.com/HT207142", - "https://support.apple.com/HT207143", - "https://support.apple.com/HT207170", - "https://usn.ubuntu.com/usn/usn-3235-1" - ], - "PublishedDate": "2016-09-25T10:59:00Z", - "LastModifiedDate": "2019-03-13T14:05:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9318", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9318", - "Title": "libxml2: XML External Entity vulnerability", - "Description": "libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-611" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L", - "V2Score": 5.8, - "V3Score": 6.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/94347", - "https://bugzilla.gnome.org/show_bug.cgi?id=772726", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9318", - "https://github.com/lsh123/xmlsec/issues/43", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/3739-1/", - "https://usn.ubuntu.com/3739-2/", - "https://usn.ubuntu.com/usn/usn-3739-1", - "https://usn.ubuntu.com/usn/usn-3739-2" - ], - "PublishedDate": "2016-11-16T00:59:00Z", - "LastModifiedDate": "2018-08-15T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-0663", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-0663", - "Title": "libxml2: Heap buffer overflow in xmlAddID", - "Description": "A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.securityfocus.com/bid/98877", - "http://www.securitytracker.com/id/1038623", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663", - "https://security.gentoo.org/glsa/201711-01", - "https://source.android.com/security/bulletin/2017-06-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-06-14T13:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16931", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16931", - "Title": "libxml2: Mishandling parameter-entity references", - "Description": "parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://xmlsoft.org/news.html", - "https://bugzilla.gnome.org/show_bug.cgi?id=766956", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16931", - "https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html" - ], - "PublishedDate": "2017-11-23T21:29:00Z", - "LastModifiedDate": "2018-02-04T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16932", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16932", - "Title": "libxml2: Infinite recursion in parameter entities", - "Description": "parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://xmlsoft.org/news.html", - "https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html", - "https://bugzilla.gnome.org/show_bug.cgi?id=759579", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932", - "https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961", - "https://github.com/sparklemotion/nokogiri/issues/1714", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16932.html", - "https://usn.ubuntu.com/3739-1/", - "https://usn.ubuntu.com/usn/usn-3504-1", - "https://usn.ubuntu.com/usn/usn-3504-1/", - "https://usn.ubuntu.com/usn/usn-3504-2", - "https://usn.ubuntu.com/usn/usn-3739-1" - ], - "PublishedDate": "2017-11-23T21:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7375", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7375", - "Title": "libxml2: Missing validation for external entities in xmlParsePEReference", - "Description": "A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-611" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98877", - "http://www.securitytracker.com/id/1038623", - "https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa", - "https://bugzilla.redhat.com/show_bug.cgi?id=1462203", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375", - "https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e", - "https://security.gentoo.org/glsa/201711-01", - "https://source.android.com/security/bulletin/2017-06-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2", - "https://www.debian.org/security/2017/dsa-3952" - ], - "PublishedDate": "2018-02-19T19:29:00Z", - "LastModifiedDate": "2018-03-18T14:17:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9047", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9047", - "Title": "libxml2: Buffer overflow in function xmlSnprintfElementContent", - "Description": "A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content-\u003etype is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content-\u003eprefix is appended to buf (if it actually fits) whereupon (ii) content-\u003ename is written to the buffer. However, the check for whether the content-\u003ename actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about \"size\" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.openwall.com/lists/oss-security/2017/05/15/1", - "http://www.securityfocus.com/bid/98599", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-05-18T06:29:00Z", - "LastModifiedDate": "2017-11-11T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9049", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9049", - "Title": "libxml2: Heap-based buffer over-read in function xmlDictComputeFastKey", - "Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.openwall.com/lists/oss-security/2017/05/15/1", - "http://www.securityfocus.com/bid/98601", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-05-18T06:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9050", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9050", - "Title": "libxml2: Heap-based buffer over-read in function xmlDictAddString", - "Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.openwall.com/lists/oss-security/2017/05/15/1", - "http://www.securityfocus.com/bid/98568", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050", - "https://github.com/sparklemotion/nokogiri/issues/1673", - "https://nvd.nist.gov/vuln/detail/CVE-2017-9050", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0663.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7375.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7376.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9047.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9048.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9049.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9050.html", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-1/", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-05-18T06:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-14404", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14404", - "Title": "libxml2: NULL pointer dereference in xpath.c:xmlXPathCompOpEval() can allow attackers to cause a denial of service", - "Description": "A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817", - "https://bugzilla.redhat.com/show_bug.cgi?id=1595985", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14404", - "https://github.com/sparklemotion/nokogiri/issues/1785", - "https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74", - "https://gitlab.gnome.org/GNOME/libxml2/commit/a436374994c47b12d5de1b8b1d191a098fa23594", - "https://gitlab.gnome.org/GNOME/libxml2/issues/10", - "https://groups.google.com/forum/#!msg/ruby-security-ann/uVrmO2HjqQw/Fw3ocLI0BQAJ", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", - "https://nvd.nist.gov/vuln/detail/CVE-2018-14404", - "https://usn.ubuntu.com/3739-1/", - "https://usn.ubuntu.com/3739-2/", - "https://usn.ubuntu.com/usn/usn-3739-1", - "https://usn.ubuntu.com/usn/usn-3739-2" - ], - "PublishedDate": "2018-07-19T13:29:00Z", - "LastModifiedDate": "2018-09-28T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19956", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19956", - "Title": "libxml2: There's a memory leak in xmlParseBalancedChunkMemoryRecover in parser.c that could result in a crash", - "Description": "xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc-\u003eoldNs.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19956", - "https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549", - "https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html", - "https://security.netapp.com/advisory/ntap-20200114-0002/", - "https://usn.ubuntu.com/usn/usn-4274-1" - ], - "PublishedDate": "2019-12-24T16:15:00Z", - "LastModifiedDate": "2020-01-14T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2017-18258", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18258", - "Title": "libxml2: denial of service in xz_head function in xzlib.c", - "Description": "The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18258", - "https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10284", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", - "https://nvd.nist.gov/vuln/detail/CVE-2017-18258", - "https://security.netapp.com/advisory/ntap-20190719-0001/", - "https://usn.ubuntu.com/3739-1/", - "https://usn.ubuntu.com/usn/usn-3739-1" - ], - "PublishedDate": "2018-04-08T17:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-5969", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-5969", - "Title": "libxml2: Null pointer dereference in xmlSaveDoc implementation", - "Description": "** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states \"I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 2.6, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/11/05/3", - "http://www.openwall.com/lists/oss-security/2017/02/13/1", - "http://www.securityfocus.com/bid/96188", - "https://bugzilla.gnome.org/show_bug.cgi?id=778519", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5969", - "https://security.gentoo.org/glsa/201711-01" - ], - "PublishedDate": "2017-04-11T16:59:00Z", - "LastModifiedDate": "2017-11-11T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8872", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8872", - "Title": "libxml2: Out-of-bounds read in htmlParseTryOrFinish", - "Description": "The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "https://bugzilla.gnome.org/show_bug.cgi?id=775200", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8872" - ], - "PublishedDate": "2017-05-10T05:29:00Z", - "LastModifiedDate": "2017-05-15T18:37:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9048", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9048", - "Title": "libxml2: Stack-based buffer overflow in function xmlSnprintfElementContent", - "Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 \u003c size. This vulnerability causes programs that use libxml2, such as PHP, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", - "V3Score": 4.8 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.openwall.com/lists/oss-security/2017/05/15/1", - "http://www.securityfocus.com/bid/98556", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-05-18T06:29:00Z", - "LastModifiedDate": "2017-11-11T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-14567", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14567", - "Title": "libxml2: Infinite loop when --with-lzma is used allows for denial of service via crafted XML file", - "Description": "libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/105198", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14567", - "https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", - "https://usn.ubuntu.com/3739-1/", - "https://usn.ubuntu.com/usn/usn-3739-1" - ], - "PublishedDate": "2018-08-16T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2016-5131", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5131", - "Title": "libxml2: use after free triggered by XPointer paths beginning with range-to", - "Description": "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - } - }, - "References": [ - "http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html", - "http://rhn.redhat.com/errata/RHSA-2016-1485.html", - "http://www.debian.org/security/2016/dsa-3637", - "http://www.securityfocus.com/bid/92053", - "http://www.securitytracker.com/id/1036428", - "http://www.securitytracker.com/id/1038623", - "http://www.ubuntu.com/usn/USN-3041-1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1358641", - "https://codereview.chromium.org/2127493002", - "https://crbug.com/623378", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131", - "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", - "https://security.gentoo.org/glsa/201610-09", - "https://security.gentoo.org/glsa/201701-37", - "https://source.android.com/security/bulletin/2017-05-01", - "https://support.apple.com/HT207141", - "https://support.apple.com/HT207142", - "https://support.apple.com/HT207143", - "https://support.apple.com/HT207170", - "https://usn.ubuntu.com/usn/usn-3041-1", - "https://usn.ubuntu.com/usn/usn-3235-1" - ], - "PublishedDate": "2016-07-23T19:59:00Z", - "LastModifiedDate": "2019-03-26T17:14:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15412", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15412", - "Title": "chromium-browser: use after free in libxml", - "Description": "Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 8.8 - } - }, - "References": [ - "http://www.securitytracker.com/id/1040348", - "https://access.redhat.com/errata/RHSA-2017:3401", - "https://access.redhat.com/errata/RHSA-2018:0287", - "https://bugzilla.gnome.org/show_bug.cgi?id=783160", - "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html", - "https://crbug.com/727039", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412", - "https://github.com/sparklemotion/nokogiri/issues/1714", - "https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15412.html", - "https://security.gentoo.org/glsa/201801-03", - "https://usn.ubuntu.com/usn/usn-3513-1", - "https://usn.ubuntu.com/usn/usn-3513-1/", - "https://usn.ubuntu.com/usn/usn-3513-2", - "https://www.debian.org/security/2018/dsa-4086" - ], - "PublishedDate": "2018-08-28T19:29:00Z", - "LastModifiedDate": "2018-10-25T11:35:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8035", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8035", - "Title": "libxml2: DoS when parsing specially crafted XML document if XZ support is enabled", - "Description": "The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 2.6 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html", - "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html", - "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html", - "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html", - "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html", - "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html", - "http://rhn.redhat.com/errata/RHSA-2016-1089.html", - "http://www.debian.org/security/2015/dsa-3430", - "http://www.openwall.com/lists/oss-security/2015/11/02/2", - "http://www.openwall.com/lists/oss-security/2015/11/02/4", - "http://www.openwall.com/lists/oss-security/2015/11/03/1", - "http://www.securityfocus.com/bid/77390", - "http://www.securitytracker.com/id/1034243", - "http://www.ubuntu.com/usn/USN-2812-1", - "http://xmlsoft.org/news.html", - "https://bugzilla.gnome.org/show_bug.cgi?id=757466", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", - "https://security.gentoo.org/glsa/201701-37", - "https://support.apple.com/HT206166", - "https://support.apple.com/HT206167", - "https://support.apple.com/HT206168", - "https://support.apple.com/HT206169", - "https://usn.ubuntu.com/usn/usn-2812-1" - ], - "PublishedDate": "2015-11-18T16:59:00Z", - "LastModifiedDate": "2019-03-08T16:06:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4483", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4483", - "Title": "libxml2: out-of-bounds read", - "Description": "The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://rhn.redhat.com/errata/RHSA-2016-2957.html", - "http://www.debian.org/security/2016/dsa-3593", - "http://www.openwall.com/lists/oss-security/2016/05/03/8", - "http://www.openwall.com/lists/oss-security/2016/05/04/7", - "http://www.openwall.com/lists/oss-security/2016/06/07/4", - "http://www.openwall.com/lists/oss-security/2016/06/07/5", - "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", - "http://www.securityfocus.com/bid/90013", - "http://www.securitytracker.com/id/1036348", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483", - "https://git.gnome.org/browse/libxml2/commit/?id=c97750d11bb8b6f3303e7131fe526a61ac65bcfd", - "https://security.gentoo.org/glsa/201701-37", - "https://usn.ubuntu.com/usn/usn-2994-1", - "https://www.tenable.com/security/tns-2016-18" - ], - "PublishedDate": "2017-04-11T16:59:00Z", - "LastModifiedDate": "2018-01-05T02:30:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4658", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4658", - "Title": "libxml2: Use after free via namespace node in XPointer ranges", - "Description": "xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 10, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html", - "http://www.securityfocus.com/bid/93054", - "http://www.securitytracker.com/id/1036858", - "http://www.securitytracker.com/id/1038623", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658", - "https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b", - "https://github.com/sparklemotion/nokogiri/issues/1615", - "https://nvd.nist.gov/vuln/detail/CVE-2016-4658", - "https://security.gentoo.org/glsa/201701-37", - "https://support.apple.com/HT207141", - "https://support.apple.com/HT207142", - "https://support.apple.com/HT207143", - "https://support.apple.com/HT207170", - "https://usn.ubuntu.com/usn/usn-3235-1" - ], - "PublishedDate": "2016-09-25T10:59:00Z", - "LastModifiedDate": "2019-03-13T14:05:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9318", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9318", - "Title": "libxml2: XML External Entity vulnerability", - "Description": "libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-611" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L", - "V2Score": 5.8, - "V3Score": 6.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/94347", - "https://bugzilla.gnome.org/show_bug.cgi?id=772726", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9318", - "https://github.com/lsh123/xmlsec/issues/43", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/3739-1/", - "https://usn.ubuntu.com/3739-2/", - "https://usn.ubuntu.com/usn/usn-3739-1", - "https://usn.ubuntu.com/usn/usn-3739-2" - ], - "PublishedDate": "2016-11-16T00:59:00Z", - "LastModifiedDate": "2018-08-15T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-0663", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-0663", - "Title": "libxml2: Heap buffer overflow in xmlAddID", - "Description": "A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.securityfocus.com/bid/98877", - "http://www.securitytracker.com/id/1038623", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663", - "https://security.gentoo.org/glsa/201711-01", - "https://source.android.com/security/bulletin/2017-06-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-06-14T13:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16931", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16931", - "Title": "libxml2: Mishandling parameter-entity references", - "Description": "parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://xmlsoft.org/news.html", - "https://bugzilla.gnome.org/show_bug.cgi?id=766956", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16931", - "https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html" - ], - "PublishedDate": "2017-11-23T21:29:00Z", - "LastModifiedDate": "2018-02-04T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16932", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16932", - "Title": "libxml2: Infinite recursion in parameter entities", - "Description": "parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://xmlsoft.org/news.html", - "https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html", - "https://bugzilla.gnome.org/show_bug.cgi?id=759579", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932", - "https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961", - "https://github.com/sparklemotion/nokogiri/issues/1714", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16932.html", - "https://usn.ubuntu.com/3739-1/", - "https://usn.ubuntu.com/usn/usn-3504-1", - "https://usn.ubuntu.com/usn/usn-3504-1/", - "https://usn.ubuntu.com/usn/usn-3504-2", - "https://usn.ubuntu.com/usn/usn-3739-1" - ], - "PublishedDate": "2017-11-23T21:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7375", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7375", - "Title": "libxml2: Missing validation for external entities in xmlParsePEReference", - "Description": "A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-611" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98877", - "http://www.securitytracker.com/id/1038623", - "https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa", - "https://bugzilla.redhat.com/show_bug.cgi?id=1462203", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375", - "https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e", - "https://security.gentoo.org/glsa/201711-01", - "https://source.android.com/security/bulletin/2017-06-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2", - "https://www.debian.org/security/2017/dsa-3952" - ], - "PublishedDate": "2018-02-19T19:29:00Z", - "LastModifiedDate": "2018-03-18T14:17:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9047", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9047", - "Title": "libxml2: Buffer overflow in function xmlSnprintfElementContent", - "Description": "A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content-\u003etype is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content-\u003eprefix is appended to buf (if it actually fits) whereupon (ii) content-\u003ename is written to the buffer. However, the check for whether the content-\u003ename actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about \"size\" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.openwall.com/lists/oss-security/2017/05/15/1", - "http://www.securityfocus.com/bid/98599", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-05-18T06:29:00Z", - "LastModifiedDate": "2017-11-11T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9049", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9049", - "Title": "libxml2: Heap-based buffer over-read in function xmlDictComputeFastKey", - "Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.openwall.com/lists/oss-security/2017/05/15/1", - "http://www.securityfocus.com/bid/98601", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-05-18T06:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9050", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9050", - "Title": "libxml2: Heap-based buffer over-read in function xmlDictAddString", - "Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.openwall.com/lists/oss-security/2017/05/15/1", - "http://www.securityfocus.com/bid/98568", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050", - "https://github.com/sparklemotion/nokogiri/issues/1673", - "https://nvd.nist.gov/vuln/detail/CVE-2017-9050", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0663.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7375.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7376.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9047.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9048.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9049.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9050.html", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-1/", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-05-18T06:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-14404", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14404", - "Title": "libxml2: NULL pointer dereference in xpath.c:xmlXPathCompOpEval() can allow attackers to cause a denial of service", - "Description": "A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817", - "https://bugzilla.redhat.com/show_bug.cgi?id=1595985", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14404", - "https://github.com/sparklemotion/nokogiri/issues/1785", - "https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74", - "https://gitlab.gnome.org/GNOME/libxml2/commit/a436374994c47b12d5de1b8b1d191a098fa23594", - "https://gitlab.gnome.org/GNOME/libxml2/issues/10", - "https://groups.google.com/forum/#!msg/ruby-security-ann/uVrmO2HjqQw/Fw3ocLI0BQAJ", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", - "https://nvd.nist.gov/vuln/detail/CVE-2018-14404", - "https://usn.ubuntu.com/3739-1/", - "https://usn.ubuntu.com/3739-2/", - "https://usn.ubuntu.com/usn/usn-3739-1", - "https://usn.ubuntu.com/usn/usn-3739-2" - ], - "PublishedDate": "2018-07-19T13:29:00Z", - "LastModifiedDate": "2018-09-28T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19956", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19956", - "Title": "libxml2: There's a memory leak in xmlParseBalancedChunkMemoryRecover in parser.c that could result in a crash", - "Description": "xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc-\u003eoldNs.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19956", - "https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549", - "https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html", - "https://security.netapp.com/advisory/ntap-20200114-0002/", - "https://usn.ubuntu.com/usn/usn-4274-1" - ], - "PublishedDate": "2019-12-24T16:15:00Z", - "LastModifiedDate": "2020-01-14T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2017-18258", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18258", - "Title": "libxml2: denial of service in xz_head function in xzlib.c", - "Description": "The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18258", - "https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10284", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", - "https://nvd.nist.gov/vuln/detail/CVE-2017-18258", - "https://security.netapp.com/advisory/ntap-20190719-0001/", - "https://usn.ubuntu.com/3739-1/", - "https://usn.ubuntu.com/usn/usn-3739-1" - ], - "PublishedDate": "2018-04-08T17:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-5969", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-5969", - "Title": "libxml2: Null pointer dereference in xmlSaveDoc implementation", - "Description": "** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states \"I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 2.6, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/11/05/3", - "http://www.openwall.com/lists/oss-security/2017/02/13/1", - "http://www.securityfocus.com/bid/96188", - "https://bugzilla.gnome.org/show_bug.cgi?id=778519", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5969", - "https://security.gentoo.org/glsa/201711-01" - ], - "PublishedDate": "2017-04-11T16:59:00Z", - "LastModifiedDate": "2017-11-11T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8872", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8872", - "Title": "libxml2: Out-of-bounds read in htmlParseTryOrFinish", - "Description": "The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "https://bugzilla.gnome.org/show_bug.cgi?id=775200", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8872" - ], - "PublishedDate": "2017-05-10T05:29:00Z", - "LastModifiedDate": "2017-05-15T18:37:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9048", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9048", - "Title": "libxml2: Stack-based buffer overflow in function xmlSnprintfElementContent", - "Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 \u003c size. This vulnerability causes programs that use libxml2, such as PHP, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", - "V3Score": 4.8 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.openwall.com/lists/oss-security/2017/05/15/1", - "http://www.securityfocus.com/bid/98556", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-05-18T06:29:00Z", - "LastModifiedDate": "2017-11-11T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-14567", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14567", - "Title": "libxml2: Infinite loop when --with-lzma is used allows for denial of service via crafted XML file", - "Description": "libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/105198", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14567", - "https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", - "https://usn.ubuntu.com/3739-1/", - "https://usn.ubuntu.com/usn/usn-3739-1" - ], - "PublishedDate": "2018-08-16T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2014-5461", - "PkgName": "lua", - "InstalledVersion": "5.1.4-15.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-5461", - "Title": "lua: overflow flaw in vararg functions", - "Description": "Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 4.4 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0414.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00030.html", - "http://secunia.com/advisories/59890", - "http://secunia.com/advisories/60869", - "http://secunia.com/advisories/61411", - "http://www.debian.org/security/2014/dsa-3015", - "http://www.debian.org/security/2014/dsa-3016", - "http://www.lua.org/bugs.html#5.2.2-1", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:144", - "http://www.openwall.com/lists/oss-security/2014/08/21/1", - "http://www.openwall.com/lists/oss-security/2014/08/21/4", - "http://www.openwall.com/lists/oss-security/2014/08/27/2", - "http://www.securityfocus.com/bid/69342", - "http://www.ubuntu.com/usn/USN-2338-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5461", - "https://security.gentoo.org/glsa/201701-53", - "https://usn.ubuntu.com/usn/usn-2338-1" - ], - "PublishedDate": "2014-09-04T17:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17543", - "PkgName": "lz4", - "InstalledVersion": "1.7.5-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17543", - "Title": "lz4: heap-based buffer overflow in LZ4_write32", - "Description": "LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states \"only a few specific / uncommon usages of the API are at risk.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-120" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00069.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00070.html", - "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15941", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17543", - "https://github.com/lz4/lz4/compare/v1.9.1...v1.9.2", - "https://github.com/lz4/lz4/issues/801", - "https://github.com/lz4/lz4/pull/756", - "https://github.com/lz4/lz4/pull/760", - "https://lists.apache.org/thread.html/25015588b770d67470b7ba7ea49a305d6735dd7f00eabe7d50ec1e17@%3Cissues.arrow.apache.org%3E", - "https://lists.apache.org/thread.html/793012683dc0fa6819b7c2560e6cf990811014c40c7d75412099c357@%3Cissues.arrow.apache.org%3E", - "https://lists.apache.org/thread.html/9ff0606d16be2ab6a81619e1c9e23c3e251756638e36272c8c8b7fa3@%3Cissues.arrow.apache.org%3E", - "https://lists.apache.org/thread.html/f0038c4fab2ee25aee849ebeff6b33b3aa89e07ccfb06b5c87b36316@%3Cissues.arrow.apache.org%3E", - "https://lists.apache.org/thread.html/f506bc371d4a068d5d84d7361293568f61167d3a1c3e91f0def2d7d3@%3Cdev.arrow.apache.org%3E" - ], - "PublishedDate": "2019-10-14T02:15:00Z", - "LastModifiedDate": "2019-10-24T15:15:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10684", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10684", - "Title": "ncurses: Stack-based buffer overflow in fmt_entry function in dump_entry.c", - "Description": "In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", - "V3Score": 5.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464687", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10684", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-06-29T23:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10685", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10685", - "Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function", - "Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-134" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464692", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-06-29T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17594", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", - "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-26T15:35:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17595", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", - "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-23T19:26:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11112", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11112", - "Title": "ncurses: Illegal address access in append_acs function", - "Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464686", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11113", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11113", - "Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function", - "Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464691", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2019-05-06T15:00:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13728", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13728", - "Title": "ncurses: Infinite loop in the next_char function", - "Description": "There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484274", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13729", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13729", - "Title": "ncurses: Illegal address access in the _nc_save_str function", - "Description": "There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13729", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13730", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13730", - "Title": "ncurses: Illegal address access in the function _nc_read_entry_source()", - "Description": "There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484284", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13730", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13731", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13731", - "Title": "ncurses: Illegal address access in the function postprocess_termcap()", - "Description": "There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484285", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13731", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13732", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13732", - "Title": "ncurses: Illegal address access in the function dump_uses()", - "Description": "There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484287", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13732", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13733", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13733", - "Title": "ncurses: Illegal address access in the function fmt_entry", - "Description": "There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484290", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13733", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13734", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13734", - "Title": "ncurses: Illegal address access in the function _nc_safe_strcat", - "Description": "There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484291", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13734", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16879", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16879", - "Title": "ncurses: Stack-based buffer overflow in the _nc_write_entry function", - "Description": "Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.5 - } - }, - "References": [ - "http://invisible-island.net/ncurses/NEWS.html#t20171125", - "http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16879", - "https://security.gentoo.org/glsa/201804-13", - "https://tools.cisco.com/security/center/viewAlert.x?alertId=57695" - ], - "PublishedDate": "2017-11-22T22:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19211", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19211", - "Title": "ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c", - "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1643754", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19211" - ], - "PublishedDate": "2018-11-12T19:29:00Z", - "LastModifiedDate": "2019-04-23T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19217", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19217", - "Title": "ncurses: Null pointer dereference at function _nc_name_match", - "Description": "** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1643753", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19217" - ], - "PublishedDate": "2018-11-12T19:29:00Z", - "LastModifiedDate": "2019-04-18T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10684", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10684", - "Title": "ncurses: Stack-based buffer overflow in fmt_entry function in dump_entry.c", - "Description": "In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", - "V3Score": 5.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464687", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10684", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-06-29T23:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10685", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10685", - "Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function", - "Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-134" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464692", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-06-29T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17594", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", - "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-26T15:35:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17595", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", - "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-23T19:26:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11112", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11112", - "Title": "ncurses: Illegal address access in append_acs function", - "Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464686", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11113", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11113", - "Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function", - "Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464691", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2019-05-06T15:00:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13728", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13728", - "Title": "ncurses: Infinite loop in the next_char function", - "Description": "There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484274", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13729", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13729", - "Title": "ncurses: Illegal address access in the _nc_save_str function", - "Description": "There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13729", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13730", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13730", - "Title": "ncurses: Illegal address access in the function _nc_read_entry_source()", - "Description": "There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484284", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13730", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13731", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13731", - "Title": "ncurses: Illegal address access in the function postprocess_termcap()", - "Description": "There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484285", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13731", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13732", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13732", - "Title": "ncurses: Illegal address access in the function dump_uses()", - "Description": "There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484287", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13732", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13733", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13733", - "Title": "ncurses: Illegal address access in the function fmt_entry", - "Description": "There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484290", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13733", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13734", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13734", - "Title": "ncurses: Illegal address access in the function _nc_safe_strcat", - "Description": "There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484291", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13734", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16879", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16879", - "Title": "ncurses: Stack-based buffer overflow in the _nc_write_entry function", - "Description": "Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.5 - } - }, - "References": [ - "http://invisible-island.net/ncurses/NEWS.html#t20171125", - "http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16879", - "https://security.gentoo.org/glsa/201804-13", - "https://tools.cisco.com/security/center/viewAlert.x?alertId=57695" - ], - "PublishedDate": "2017-11-22T22:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19211", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19211", - "Title": "ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c", - "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1643754", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19211" - ], - "PublishedDate": "2018-11-12T19:29:00Z", - "LastModifiedDate": "2019-04-23T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19217", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19217", - "Title": "ncurses: Null pointer dereference at function _nc_name_match", - "Description": "** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1643753", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19217" - ], - "PublishedDate": "2018-11-12T19:29:00Z", - "LastModifiedDate": "2019-04-18T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10684", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10684", - "Title": "ncurses: Stack-based buffer overflow in fmt_entry function in dump_entry.c", - "Description": "In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", - "V3Score": 5.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464687", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10684", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-06-29T23:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10685", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10685", - "Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function", - "Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-134" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464692", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-06-29T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17594", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", - "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-26T15:35:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17595", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", - "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-23T19:26:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11112", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11112", - "Title": "ncurses: Illegal address access in append_acs function", - "Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464686", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11113", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11113", - "Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function", - "Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464691", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2019-05-06T15:00:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13728", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13728", - "Title": "ncurses: Infinite loop in the next_char function", - "Description": "There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484274", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13729", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13729", - "Title": "ncurses: Illegal address access in the _nc_save_str function", - "Description": "There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13729", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13730", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13730", - "Title": "ncurses: Illegal address access in the function _nc_read_entry_source()", - "Description": "There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484284", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13730", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13731", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13731", - "Title": "ncurses: Illegal address access in the function postprocess_termcap()", - "Description": "There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484285", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13731", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13732", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13732", - "Title": "ncurses: Illegal address access in the function dump_uses()", - "Description": "There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484287", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13732", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13733", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13733", - "Title": "ncurses: Illegal address access in the function fmt_entry", - "Description": "There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484290", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13733", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13734", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13734", - "Title": "ncurses: Illegal address access in the function _nc_safe_strcat", - "Description": "There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484291", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13734", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16879", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16879", - "Title": "ncurses: Stack-based buffer overflow in the _nc_write_entry function", - "Description": "Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.5 - } - }, - "References": [ - "http://invisible-island.net/ncurses/NEWS.html#t20171125", - "http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16879", - "https://security.gentoo.org/glsa/201804-13", - "https://tools.cisco.com/security/center/viewAlert.x?alertId=57695" - ], - "PublishedDate": "2017-11-22T22:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19211", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19211", - "Title": "ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c", - "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1643754", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19211" - ], - "PublishedDate": "2018-11-12T19:29:00Z", - "LastModifiedDate": "2019-04-23T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19217", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19217", - "Title": "ncurses: Null pointer dereference at function _nc_name_match", - "Description": "** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1643753", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19217" - ], - "PublishedDate": "2018-11-12T19:29:00Z", - "LastModifiedDate": "2019-04-18T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-1951", - "PkgName": "nspr", - "InstalledVersion": "4.19.0-1.el7_5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1951", - "Title": "nspr: Memory allocation issue related to PR_*printf functions", - "Description": "Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before 4.12 allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long string to a PR_*printf function.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", - "V2Score": 7.5, - "V3Score": 8.6 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - } - }, - "References": [ - "http://www.securityfocus.com/bid/92385", - "http://www.securitytracker.com/id/1036590", - "http://www.ubuntu.com/usn/USN-3023-1", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1174015", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1951", - "https://groups.google.com/forum/#!topic/mozilla.dev.tech.nspr/dV4MyMsg6jw", - "https://groups.google.com/forum/message/raw?msg=mozilla.dev.tech.nspr/dV4MyMsg6jw/hhWcXOgJDQAJ", - "https://hg.mozilla.org/projects/nspr/rev/96381e3aaae2", - "https://usn.ubuntu.com/usn/usn-3023-1", - "https://usn.ubuntu.com/usn/usn-3028-1" - ], - "PublishedDate": "2016-08-07T19:59:00Z", - "LastModifiedDate": "2016-11-28T20:02:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0495", - "PkgName": "nspr", - "InstalledVersion": "4.19.0-1.el7_5", - "FixedVersion": "4.21.0-1.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", - "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", - "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0495.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://www.securitytracker.com/id/1041144", - "http://www.securitytracker.com/id/1041147", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1296", - "https://access.redhat.com/errata/RHSA-2019:1297", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", - "https://dev.gnupg.org/T4011", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", - "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", - "https://usn.ubuntu.com/3689-1/", - "https://usn.ubuntu.com/3689-2/", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/3850-1/", - "https://usn.ubuntu.com/3850-2/", - "https://usn.ubuntu.com/usn/usn-3689-1", - "https://usn.ubuntu.com/usn/usn-3689-2", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.debian.org/security/2018/dsa-4231", - "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-06-13T23:29:00Z", - "LastModifiedDate": "2019-05-30T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12404", - "PkgName": "nspr", - "InstalledVersion": "4.19.0-1.el7_5", - "FixedVersion": "4.21.0-1.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", - "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", - "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://cat.eyalro.net/", - "http://linux.oracle.com/cve/CVE-2018-12404.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", - "http://www.securityfocus.com/bid/107260", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2" - ], - "PublishedDate": "2019-05-02T17:29:00Z", - "LastModifiedDate": "2019-07-20T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-7.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2808", - "PkgName": "nss", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2808", - "Title": "SSL/TLS: \"Invariance Weakness\" vulnerability in RC4 stream cipher", - "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", - "http://linux.oracle.com/cve/CVE-2015-2808.html", - "http://linux.oracle.com/errata/ELSA-2015-1526.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html", - "http://marc.info/?l=bugtraq\u0026m=143456209711959\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143629696317098\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144059660127919\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144059703728085\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144104565600964\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2", - "http://rhn.redhat.com/errata/RHSA-2015-1006.html", - "http://rhn.redhat.com/errata/RHSA-2015-1007.html", - "http://rhn.redhat.com/errata/RHSA-2015-1020.html", - "http://rhn.redhat.com/errata/RHSA-2015-1021.html", - "http://rhn.redhat.com/errata/RHSA-2015-1091.html", - "http://rhn.redhat.com/errata/RHSA-2015-1228.html", - "http://rhn.redhat.com/errata/RHSA-2015-1229.html", - "http://rhn.redhat.com/errata/RHSA-2015-1230.html", - "http://rhn.redhat.com/errata/RHSA-2015-1241.html", - "http://rhn.redhat.com/errata/RHSA-2015-1242.html", - "http://rhn.redhat.com/errata/RHSA-2015-1243.html", - "http://rhn.redhat.com/errata/RHSA-2015-1526.html", - "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888", - "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892", - "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", - "http://www-304.ibm.com/support/docview.wss?uid=swg21903565", - "http://www-304.ibm.com/support/docview.wss?uid=swg21960015", - "http://www-304.ibm.com/support/docview.wss?uid=swg21960769", - "http://www.debian.org/security/2015/dsa-3316", - "http://www.debian.org/security/2015/dsa-3339", - "http://www.huawei.com/en/psirt/security-advisories/hw-454055", - "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "http://www.securityfocus.com/bid/73684", - "http://www.securityfocus.com/bid/91787", - "http://www.securitytracker.com/id/1032599", - "http://www.securitytracker.com/id/1032600", - "http://www.securitytracker.com/id/1032707", - "http://www.securitytracker.com/id/1032708", - "http://www.securitytracker.com/id/1032734", - "http://www.securitytracker.com/id/1032788", - "http://www.securitytracker.com/id/1032858", - "http://www.securitytracker.com/id/1032868", - "http://www.securitytracker.com/id/1032910", - "http://www.securitytracker.com/id/1032990", - "http://www.securitytracker.com/id/1033071", - "http://www.securitytracker.com/id/1033072", - "http://www.securitytracker.com/id/1033386", - "http://www.securitytracker.com/id/1033415", - "http://www.securitytracker.com/id/1033431", - "http://www.securitytracker.com/id/1033432", - "http://www.securitytracker.com/id/1033737", - "http://www.securitytracker.com/id/1033769", - "http://www.securitytracker.com/id/1036222", - "http://www.ubuntu.com/usn/USN-2696-1", - "http://www.ubuntu.com/usn/USN-2706-1", - "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808", - "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", - "https://kb.juniper.net/JSA10783", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163", - "https://security.gentoo.org/glsa/201512-10", - "https://usn.ubuntu.com/usn/usn-2696-1", - "https://usn.ubuntu.com/usn/usn-2706-1", - "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709", - "https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf" - ], - "PublishedDate": "2015-04-01T02:00:00Z", - "LastModifiedDate": "2018-01-18T18:18:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2183", - "PkgName": "nss", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2183", - "Title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)", - "Description": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.7 - } - }, - "References": [ - "http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/5d2bb853ae31", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759", - "http://linux.oracle.com/cve/CVE-2016-2183.html", - "http://linux.oracle.com/errata/ELSA-2018-2123.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", - "http://rhn.redhat.com/errata/RHSA-2017-0336.html", - "http://rhn.redhat.com/errata/RHSA-2017-0337.html", - "http://rhn.redhat.com/errata/RHSA-2017-0338.html", - "http://rhn.redhat.com/errata/RHSA-2017-0462.html", - "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697", - "http://www-01.ibm.com/support/docview.wss?uid=swg21991482", - "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", - "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", - "http://www.securityfocus.com/bid/92630", - "http://www.securityfocus.com/bid/95568", - "http://www.securitytracker.com/id/1036696", - "http://www.splunk.com/view/SP-CAAAPSV", - "http://www.splunk.com/view/SP-CAAAPUE", - "https://access.redhat.com/articles/2548661", - "https://access.redhat.com/errata/RHSA-2016:1940", - "https://access.redhat.com/errata/RHSA-2017:1216", - "https://access.redhat.com/errata/RHSA-2017:2708", - "https://access.redhat.com/errata/RHSA-2017:2709", - "https://access.redhat.com/errata/RHSA-2017:2710", - "https://access.redhat.com/errata/RHSA-2017:3113", - "https://access.redhat.com/errata/RHSA-2017:3114", - "https://access.redhat.com/errata/RHSA-2017:3239", - "https://access.redhat.com/errata/RHSA-2017:3240", - "https://access.redhat.com/errata/RHSA-2018:2123", - "https://access.redhat.com/errata/RHSA-2019:1245", - "https://access.redhat.com/errata/RHSA-2019:2859", - "https://access.redhat.com/security/cve/cve-2016-2183", - "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/", - "https://bto.bluecoat.com/security-advisory/sa133", - "https://bugzilla.redhat.com/show_bug.cgi?id=1369383", - "https://community.qualys.com/thread/16555", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183", - "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03765en_us", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849", - "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", - "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171", - "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/", - "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", - "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvb05575", - "https://security-tracker.debian.org/tracker/CVE-2016-2183", - "https://security.gentoo.org/glsa/201612-16", - "https://security.gentoo.org/glsa/201701-65", - "https://security.gentoo.org/glsa/201707-01", - "https://security.netapp.com/advisory/ntap-20160915-0001/", - "https://security.netapp.com/advisory/ntap-20170119-0001/", - "https://sweet32.info/", - "https://twitter.com/symantec/status/768786631159603200", - "https://usn.ubuntu.com/usn/usn-3087-1", - "https://usn.ubuntu.com/usn/usn-3179-1", - "https://usn.ubuntu.com/usn/usn-3194-1", - "https://usn.ubuntu.com/usn/usn-3198-1", - "https://usn.ubuntu.com/usn/usn-3270-1", - "https://usn.ubuntu.com/usn/usn-3372-1", - "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html", - "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008", - "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/", - "https://www.openssl.org/blog/blog/2016/08/24/sweet32/", - "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "https://www.sigsac.org/ccs/CCS2016/accepted-papers/", - "https://www.suse.com/security/cve/CVE-2016-2183.html", - "https://www.tenable.com/security/tns-2016-16", - "https://www.tenable.com/security/tns-2016-20", - "https://www.tenable.com/security/tns-2016-21", - "https://www.tenable.com/security/tns-2017-09", - "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue" - ], - "PublishedDate": "2016-09-01T00:59:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9074", - "PkgName": "nss", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9074", - "Title": "nss: Insufficient timing side-channel resistance in divSpoiler", - "Description": "An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/94341", - "http://www.securitytracker.com/id/1037298", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1293334", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", - "https://security.gentoo.org/glsa/201701-15", - "https://security.gentoo.org/glsa/201701-46", - "https://usn.ubuntu.com/usn/usn-3163-1", - "https://www.debian.org/security/2016/dsa-3730", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9074", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/", - "https://www.mozilla.org/security/advisories/mfsa2016-89/", - "https://www.mozilla.org/security/advisories/mfsa2016-90/", - "https://www.mozilla.org/security/advisories/mfsa2016-93/" - ], - "PublishedDate": "2018-06-11T21:29:00Z", - "LastModifiedDate": "2018-08-09T15:12:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9574", - "PkgName": "nss", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9574", - "Title": "nss: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA", - "Description": "nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-384" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - } - }, - "References": [ - "https://bugzilla.mozilla.org/show_bug.cgi?id=1320695", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9574", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9574" - ], - "PublishedDate": "2018-07-19T13:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0495", - "PkgName": "nss", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", - "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", - "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0495.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://www.securitytracker.com/id/1041144", - "http://www.securitytracker.com/id/1041147", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1296", - "https://access.redhat.com/errata/RHSA-2019:1297", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", - "https://dev.gnupg.org/T4011", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", - "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", - "https://usn.ubuntu.com/3689-1/", - "https://usn.ubuntu.com/3689-2/", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/3850-1/", - "https://usn.ubuntu.com/3850-2/", - "https://usn.ubuntu.com/usn/usn-3689-1", - "https://usn.ubuntu.com/usn/usn-3689-2", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.debian.org/security/2018/dsa-4231", - "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-06-13T23:29:00Z", - "LastModifiedDate": "2019-05-30T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12404", - "PkgName": "nss", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", - "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", - "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://cat.eyalro.net/", - "http://linux.oracle.com/cve/CVE-2018-12404.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", - "http://www.securityfocus.com/bid/107260", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2" - ], - "PublishedDate": "2019-05-02T17:29:00Z", - "LastModifiedDate": "2019-07-20T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18508", - "PkgName": "nss", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18508", - "Title": "nss: NULL pointer dereference in several CMS functions resulting in a denial of service", - "Description": "No description is available for this CVE.", - "Severity": "MEDIUM", - "CVSS": { - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18508.html", - "http://linux.oracle.com/errata/ELSA-2019-1951.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.42.1_release_notes", - "https://usn.ubuntu.com/usn/usn-3898-1", - "https://usn.ubuntu.com/usn/usn-3898-2" +{ + "SchemaVersion": 2, + "ArtifactName": "testdata/fixtures/images/centos-7.tar.gz", + "ArtifactType": "container_image", + "Metadata": { + "OS": { + "Family": "centos", + "Name": "7.6.1810" + }, + "ImageID": "sha256:9f38484d220fa527b1fb19747638497179500a1bed8bf0498eb788229229e6e1", + "DiffIDs": [ + "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + ], + "ImageConfig": { + "architecture": "amd64", + "container": "958baf5225f586da9c70a21e911a0a875402dd22d83133d78b3b3aa6130e7892", + "created": "2019-03-14T21:19:53.361167852Z", + "docker_version": "18.06.1-ce", + "history": [ + { + "created": "2019-03-14T21:19:52.66982152Z", + "created_by": "/bin/sh -c #(nop) ADD file:074f2c974463ab38cf3532134e8ba2c91c9e346457713f2e8b8e2ac0ee9fd83d in / " + }, + { + "created": "2019-03-14T21:19:53.099141434Z", + "created_by": "/bin/sh -c #(nop) LABEL org.label-schema.schema-version=1.0 org.label-schema.name=CentOS Base Image org.label-schema.vendor=CentOS org.label-schema.license=GPLv2 org.label-schema.build-date=20190305", + "empty_layer": true + }, + { + "created": "2019-03-14T21:19:53.361167852Z", + "created_by": "/bin/sh -c #(nop) CMD [\"/bin/bash\"]", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" ] }, - { - "VulnerabilityID": "CVE-2019-11719", - "PkgName": "nss", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11719", - "Title": "nss: Out-of-bounds read when importing curve25519 private key", - "Description": "When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11719.html", - "http://linux.oracle.com/errata/ELSA-2019-1951.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1540541", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11719", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11719", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11719", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11729", - "PkgName": "nss", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-7.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", - "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", - "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11729.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11756", - "PkgName": "nss", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11756", - "Title": "nss: UAF in sftk_FreeSession due to improper refcounting", - "Description": "Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox \u003c 71.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.1 - } - }, - "References": [ - "https://bugzilla.mozilla.org/show_bug.cgi?id=1508776", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11756", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47_release_notes", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-11756", - "https://www.mozilla.org/security/advisories/mfsa2019-36/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-13T18:02:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17006", - "PkgName": "nss", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17006", - "Title": "nss: Check length of inputs for cryptographic primitives", - "Description": "A vulnerability was discovered in nss where input text length was not checked when using certain cryptographic primitives. This could lead to a heap-buffer overflow resulting in a crash and data leak. The highest threat is to confidentiality and integrity of data as well as system availability.", - "Severity": "MEDIUM", - "CVSS": { - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes", - "https://hg.mozilla.org/projects/nss/rev/9d1f5e71773d4e3146524096d74cb96c8df51abe", - "https://hg.mozilla.org/projects/nss/rev/dfd6996fe7425eb0437346d11a01082f16fcfe34", - "https://usn.ubuntu.com/usn/usn-4231-1" - ] - }, - { - "VulnerabilityID": "CVE-2019-11727", - "PkgName": "nss", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11727", - "Title": "nss: PKCS#1 v1.5 signatures can be used for TLS 1.3", - "Description": "A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox \u003c 68.", - "Severity": "LOW", - "CweIDs": [ - "CWE-295" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", - "V3Score": 3.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11727.html", - "http://linux.oracle.com/errata/ELSA-2019-1951.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1552208", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11727", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11727", - "https://www.mozilla.org/security/advisories/mfsa2019-21/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-30T23:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17023", - "PkgName": "nss", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17023", - "Title": "nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state", - "Description": "After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox \u003c 72.", - "Severity": "LOW", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", - "V3Score": 5.3 - } - }, - "References": [ - "https://bugzilla.mozilla.org/show_bug.cgi?id=1590001", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.49_release_notes", - "https://usn.ubuntu.com/4234-1/", - "https://usn.ubuntu.com/usn/usn-4234-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17023", - "https://www.mozilla.org/security/advisories/mfsa2020-01/" - ], - "PublishedDate": "2020-01-08T22:15:00Z", - "LastModifiedDate": "2020-01-13T19:43:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-softokn", - "InstalledVersion": "3.36.0-5.el7_5", - "FixedVersion": "3.44.0-8.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2613", - "PkgName": "nss-softokn", - "InstalledVersion": "3.36.0-5.el7_5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2613", - "Title": "NSS / JCE: missing EC parameter validation in ECDH_Derive() (OpenJDK JCE, 8075833)", - "Description": "Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - } - }, - "References": [ - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", - "http://rhn.redhat.com/errata/RHSA-2015-1241.html", - "http://rhn.redhat.com/errata/RHSA-2015-1242.html", - "http://rhn.redhat.com/errata/RHSA-2015-1485.html", - "http://rhn.redhat.com/errata/RHSA-2015-1488.html", - "http://www.debian.org/security/2015/dsa-3316", - "http://www.debian.org/security/2015/dsa-3339", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA", - "http://www.securityfocus.com/bid/75871", - "http://www.securitytracker.com/id/1032910", - "http://www.ubuntu.com/usn/USN-2696-1", - "http://www.ubuntu.com/usn/USN-2706-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10139", - "https://security.gentoo.org/glsa/201603-11", - "https://security.gentoo.org/glsa/201603-14", - "https://usn.ubuntu.com/usn/usn-2696-1" - ], - "PublishedDate": "2015-07-16T10:59:00Z", - "LastModifiedDate": "2018-01-05T02:30:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7781", - "PkgName": "nss-softokn", - "InstalledVersion": "3.36.0-5.el7_5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7781", - "Title": "Mozilla: Elliptic curve point addition error when using mixed Jacobian-affine coordinates (MFSA 2017-18)", - "Description": "An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result \"POINT_AT_INFINITY\" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret. This vulnerability affects Firefox \u003c 55.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V3Score": 6.1 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100383", - "http://www.securitytracker.com/id/1039124", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1352039", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7781", - "https://usn.ubuntu.com/usn/usn-3391-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7781", - "https://www.mozilla.org/security/advisories/mfsa2017-18/" - ], - "PublishedDate": "2018-06-11T21:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0495", - "PkgName": "nss-softokn", - "InstalledVersion": "3.36.0-5.el7_5", - "FixedVersion": "3.44.0-5.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", - "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", - "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0495.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://www.securitytracker.com/id/1041144", - "http://www.securitytracker.com/id/1041147", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1296", - "https://access.redhat.com/errata/RHSA-2019:1297", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", - "https://dev.gnupg.org/T4011", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", - "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", - "https://usn.ubuntu.com/3689-1/", - "https://usn.ubuntu.com/3689-2/", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/3850-1/", - "https://usn.ubuntu.com/3850-2/", - "https://usn.ubuntu.com/usn/usn-3689-1", - "https://usn.ubuntu.com/usn/usn-3689-2", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.debian.org/security/2018/dsa-4231", - "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-06-13T23:29:00Z", - "LastModifiedDate": "2019-05-30T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12404", - "PkgName": "nss-softokn", - "InstalledVersion": "3.36.0-5.el7_5", - "FixedVersion": "3.44.0-5.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", - "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", - "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://cat.eyalro.net/", - "http://linux.oracle.com/cve/CVE-2018-12404.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", - "http://www.securityfocus.com/bid/107260", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2" - ], - "PublishedDate": "2019-05-02T17:29:00Z", - "LastModifiedDate": "2019-07-20T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11729", - "PkgName": "nss-softokn", - "InstalledVersion": "3.36.0-5.el7_5", - "FixedVersion": "3.44.0-8.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", - "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", - "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11729.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-1938", - "PkgName": "nss-softokn", - "InstalledVersion": "3.36.0-5.el7_5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1938", - "Title": "Mozilla NSS: Errors in mp_div and mp_exptmod cryptographic functions", - "Description": "The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.", - "Severity": "LOW", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V2Score": 6.4, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 2.6 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html", - "http://www.debian.org/security/2016/dsa-3688", - "http://www.mozilla.org/security/announce/2016/mfsa2016-07.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "http://www.securityfocus.com/bid/81955", - "http://www.securityfocus.com/bid/91787", - "http://www.securitytracker.com/id/1034825", - "http://www.ubuntu.com/usn/USN-2880-1", - "http://www.ubuntu.com/usn/USN-2880-2", - "http://www.ubuntu.com/usn/USN-2903-1", - "http://www.ubuntu.com/usn/USN-2903-2", - "http://www.ubuntu.com/usn/USN-2973-1", - "https://blog.fuzzing-project.org/37-Mozilla-NSS-Wrong-calculation-results-in-mp_div-and-mp_exptmod.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1190248", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1194947", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1938", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes", - "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_div.c", - "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_exptmod.c", - "https://hg.mozilla.org/projects/nss/diff/a555bf0fc23a/lib/freebl/mpi/mpi.c", - "https://security.gentoo.org/glsa/201605-06", - "https://security.gentoo.org/glsa/201701-46", - "https://usn.ubuntu.com/usn/usn-2880-1", - "https://usn.ubuntu.com/usn/usn-2903-1", - "https://usn.ubuntu.com/usn/usn-2973-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-07/" - ], - "PublishedDate": "2016-01-31T18:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.36.0-5.el7_5", - "FixedVersion": "3.44.0-8.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2613", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.36.0-5.el7_5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2613", - "Title": "NSS / JCE: missing EC parameter validation in ECDH_Derive() (OpenJDK JCE, 8075833)", - "Description": "Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - } - }, - "References": [ - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", - "http://rhn.redhat.com/errata/RHSA-2015-1241.html", - "http://rhn.redhat.com/errata/RHSA-2015-1242.html", - "http://rhn.redhat.com/errata/RHSA-2015-1485.html", - "http://rhn.redhat.com/errata/RHSA-2015-1488.html", - "http://www.debian.org/security/2015/dsa-3316", - "http://www.debian.org/security/2015/dsa-3339", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA", - "http://www.securityfocus.com/bid/75871", - "http://www.securitytracker.com/id/1032910", - "http://www.ubuntu.com/usn/USN-2696-1", - "http://www.ubuntu.com/usn/USN-2706-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10139", - "https://security.gentoo.org/glsa/201603-11", - "https://security.gentoo.org/glsa/201603-14", - "https://usn.ubuntu.com/usn/usn-2696-1" - ], - "PublishedDate": "2015-07-16T10:59:00Z", - "LastModifiedDate": "2018-01-05T02:30:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7781", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.36.0-5.el7_5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7781", - "Title": "Mozilla: Elliptic curve point addition error when using mixed Jacobian-affine coordinates (MFSA 2017-18)", - "Description": "An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result \"POINT_AT_INFINITY\" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret. This vulnerability affects Firefox \u003c 55.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V3Score": 6.1 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100383", - "http://www.securitytracker.com/id/1039124", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1352039", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7781", - "https://usn.ubuntu.com/usn/usn-3391-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7781", - "https://www.mozilla.org/security/advisories/mfsa2017-18/" - ], - "PublishedDate": "2018-06-11T21:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0495", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.36.0-5.el7_5", - "FixedVersion": "3.44.0-5.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", - "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", - "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0495.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://www.securitytracker.com/id/1041144", - "http://www.securitytracker.com/id/1041147", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1296", - "https://access.redhat.com/errata/RHSA-2019:1297", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", - "https://dev.gnupg.org/T4011", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", - "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", - "https://usn.ubuntu.com/3689-1/", - "https://usn.ubuntu.com/3689-2/", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/3850-1/", - "https://usn.ubuntu.com/3850-2/", - "https://usn.ubuntu.com/usn/usn-3689-1", - "https://usn.ubuntu.com/usn/usn-3689-2", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.debian.org/security/2018/dsa-4231", - "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-06-13T23:29:00Z", - "LastModifiedDate": "2019-05-30T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12404", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.36.0-5.el7_5", - "FixedVersion": "3.44.0-5.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", - "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", - "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://cat.eyalro.net/", - "http://linux.oracle.com/cve/CVE-2018-12404.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", - "http://www.securityfocus.com/bid/107260", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2" - ], - "PublishedDate": "2019-05-02T17:29:00Z", - "LastModifiedDate": "2019-07-20T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11729", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.36.0-5.el7_5", - "FixedVersion": "3.44.0-8.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", - "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", - "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11729.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-1938", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.36.0-5.el7_5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1938", - "Title": "Mozilla NSS: Errors in mp_div and mp_exptmod cryptographic functions", - "Description": "The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.", - "Severity": "LOW", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V2Score": 6.4, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 2.6 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html", - "http://www.debian.org/security/2016/dsa-3688", - "http://www.mozilla.org/security/announce/2016/mfsa2016-07.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "http://www.securityfocus.com/bid/81955", - "http://www.securityfocus.com/bid/91787", - "http://www.securitytracker.com/id/1034825", - "http://www.ubuntu.com/usn/USN-2880-1", - "http://www.ubuntu.com/usn/USN-2880-2", - "http://www.ubuntu.com/usn/USN-2903-1", - "http://www.ubuntu.com/usn/USN-2903-2", - "http://www.ubuntu.com/usn/USN-2973-1", - "https://blog.fuzzing-project.org/37-Mozilla-NSS-Wrong-calculation-results-in-mp_div-and-mp_exptmod.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1190248", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1194947", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1938", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes", - "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_div.c", - "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_exptmod.c", - "https://hg.mozilla.org/projects/nss/diff/a555bf0fc23a/lib/freebl/mpi/mpi.c", - "https://security.gentoo.org/glsa/201605-06", - "https://security.gentoo.org/glsa/201701-46", - "https://usn.ubuntu.com/usn/usn-2880-1", - "https://usn.ubuntu.com/usn/usn-2903-1", - "https://usn.ubuntu.com/usn/usn-2973-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-07/" - ], - "PublishedDate": "2016-01-31T18:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-7.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2808", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2808", - "Title": "SSL/TLS: \"Invariance Weakness\" vulnerability in RC4 stream cipher", - "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", - "http://linux.oracle.com/cve/CVE-2015-2808.html", - "http://linux.oracle.com/errata/ELSA-2015-1526.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html", - "http://marc.info/?l=bugtraq\u0026m=143456209711959\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143629696317098\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144059660127919\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144059703728085\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144104565600964\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2", - "http://rhn.redhat.com/errata/RHSA-2015-1006.html", - "http://rhn.redhat.com/errata/RHSA-2015-1007.html", - "http://rhn.redhat.com/errata/RHSA-2015-1020.html", - "http://rhn.redhat.com/errata/RHSA-2015-1021.html", - "http://rhn.redhat.com/errata/RHSA-2015-1091.html", - "http://rhn.redhat.com/errata/RHSA-2015-1228.html", - "http://rhn.redhat.com/errata/RHSA-2015-1229.html", - "http://rhn.redhat.com/errata/RHSA-2015-1230.html", - "http://rhn.redhat.com/errata/RHSA-2015-1241.html", - "http://rhn.redhat.com/errata/RHSA-2015-1242.html", - "http://rhn.redhat.com/errata/RHSA-2015-1243.html", - "http://rhn.redhat.com/errata/RHSA-2015-1526.html", - "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888", - "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892", - "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", - "http://www-304.ibm.com/support/docview.wss?uid=swg21903565", - "http://www-304.ibm.com/support/docview.wss?uid=swg21960015", - "http://www-304.ibm.com/support/docview.wss?uid=swg21960769", - "http://www.debian.org/security/2015/dsa-3316", - "http://www.debian.org/security/2015/dsa-3339", - "http://www.huawei.com/en/psirt/security-advisories/hw-454055", - "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "http://www.securityfocus.com/bid/73684", - "http://www.securityfocus.com/bid/91787", - "http://www.securitytracker.com/id/1032599", - "http://www.securitytracker.com/id/1032600", - "http://www.securitytracker.com/id/1032707", - "http://www.securitytracker.com/id/1032708", - "http://www.securitytracker.com/id/1032734", - "http://www.securitytracker.com/id/1032788", - "http://www.securitytracker.com/id/1032858", - "http://www.securitytracker.com/id/1032868", - "http://www.securitytracker.com/id/1032910", - "http://www.securitytracker.com/id/1032990", - "http://www.securitytracker.com/id/1033071", - "http://www.securitytracker.com/id/1033072", - "http://www.securitytracker.com/id/1033386", - "http://www.securitytracker.com/id/1033415", - "http://www.securitytracker.com/id/1033431", - "http://www.securitytracker.com/id/1033432", - "http://www.securitytracker.com/id/1033737", - "http://www.securitytracker.com/id/1033769", - "http://www.securitytracker.com/id/1036222", - "http://www.ubuntu.com/usn/USN-2696-1", - "http://www.ubuntu.com/usn/USN-2706-1", - "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808", - "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", - "https://kb.juniper.net/JSA10783", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163", - "https://security.gentoo.org/glsa/201512-10", - "https://usn.ubuntu.com/usn/usn-2696-1", - "https://usn.ubuntu.com/usn/usn-2706-1", - "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709", - "https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf" - ], - "PublishedDate": "2015-04-01T02:00:00Z", - "LastModifiedDate": "2018-01-18T18:18:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2183", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2183", - "Title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)", - "Description": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.7 - } - }, - "References": [ - "http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/5d2bb853ae31", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759", - "http://linux.oracle.com/cve/CVE-2016-2183.html", - "http://linux.oracle.com/errata/ELSA-2018-2123.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", - "http://rhn.redhat.com/errata/RHSA-2017-0336.html", - "http://rhn.redhat.com/errata/RHSA-2017-0337.html", - "http://rhn.redhat.com/errata/RHSA-2017-0338.html", - "http://rhn.redhat.com/errata/RHSA-2017-0462.html", - "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697", - "http://www-01.ibm.com/support/docview.wss?uid=swg21991482", - "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", - "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", - "http://www.securityfocus.com/bid/92630", - "http://www.securityfocus.com/bid/95568", - "http://www.securitytracker.com/id/1036696", - "http://www.splunk.com/view/SP-CAAAPSV", - "http://www.splunk.com/view/SP-CAAAPUE", - "https://access.redhat.com/articles/2548661", - "https://access.redhat.com/errata/RHSA-2016:1940", - "https://access.redhat.com/errata/RHSA-2017:1216", - "https://access.redhat.com/errata/RHSA-2017:2708", - "https://access.redhat.com/errata/RHSA-2017:2709", - "https://access.redhat.com/errata/RHSA-2017:2710", - "https://access.redhat.com/errata/RHSA-2017:3113", - "https://access.redhat.com/errata/RHSA-2017:3114", - "https://access.redhat.com/errata/RHSA-2017:3239", - "https://access.redhat.com/errata/RHSA-2017:3240", - "https://access.redhat.com/errata/RHSA-2018:2123", - "https://access.redhat.com/errata/RHSA-2019:1245", - "https://access.redhat.com/errata/RHSA-2019:2859", - "https://access.redhat.com/security/cve/cve-2016-2183", - "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/", - "https://bto.bluecoat.com/security-advisory/sa133", - "https://bugzilla.redhat.com/show_bug.cgi?id=1369383", - "https://community.qualys.com/thread/16555", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183", - "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03765en_us", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849", - "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", - "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171", - "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/", - "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", - "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvb05575", - "https://security-tracker.debian.org/tracker/CVE-2016-2183", - "https://security.gentoo.org/glsa/201612-16", - "https://security.gentoo.org/glsa/201701-65", - "https://security.gentoo.org/glsa/201707-01", - "https://security.netapp.com/advisory/ntap-20160915-0001/", - "https://security.netapp.com/advisory/ntap-20170119-0001/", - "https://sweet32.info/", - "https://twitter.com/symantec/status/768786631159603200", - "https://usn.ubuntu.com/usn/usn-3087-1", - "https://usn.ubuntu.com/usn/usn-3179-1", - "https://usn.ubuntu.com/usn/usn-3194-1", - "https://usn.ubuntu.com/usn/usn-3198-1", - "https://usn.ubuntu.com/usn/usn-3270-1", - "https://usn.ubuntu.com/usn/usn-3372-1", - "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html", - "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008", - "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/", - "https://www.openssl.org/blog/blog/2016/08/24/sweet32/", - "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "https://www.sigsac.org/ccs/CCS2016/accepted-papers/", - "https://www.suse.com/security/cve/CVE-2016-2183.html", - "https://www.tenable.com/security/tns-2016-16", - "https://www.tenable.com/security/tns-2016-20", - "https://www.tenable.com/security/tns-2016-21", - "https://www.tenable.com/security/tns-2017-09", - "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue" - ], - "PublishedDate": "2016-09-01T00:59:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9074", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9074", - "Title": "nss: Insufficient timing side-channel resistance in divSpoiler", - "Description": "An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/94341", - "http://www.securitytracker.com/id/1037298", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1293334", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", - "https://security.gentoo.org/glsa/201701-15", - "https://security.gentoo.org/glsa/201701-46", - "https://usn.ubuntu.com/usn/usn-3163-1", - "https://www.debian.org/security/2016/dsa-3730", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9074", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/", - "https://www.mozilla.org/security/advisories/mfsa2016-89/", - "https://www.mozilla.org/security/advisories/mfsa2016-90/", - "https://www.mozilla.org/security/advisories/mfsa2016-93/" - ], - "PublishedDate": "2018-06-11T21:29:00Z", - "LastModifiedDate": "2018-08-09T15:12:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9574", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9574", - "Title": "nss: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA", - "Description": "nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-384" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - } - }, - "References": [ - "https://bugzilla.mozilla.org/show_bug.cgi?id=1320695", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9574", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9574" - ], - "PublishedDate": "2018-07-19T13:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0495", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", - "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", - "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0495.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://www.securitytracker.com/id/1041144", - "http://www.securitytracker.com/id/1041147", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1296", - "https://access.redhat.com/errata/RHSA-2019:1297", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", - "https://dev.gnupg.org/T4011", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", - "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", - "https://usn.ubuntu.com/3689-1/", - "https://usn.ubuntu.com/3689-2/", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/3850-1/", - "https://usn.ubuntu.com/3850-2/", - "https://usn.ubuntu.com/usn/usn-3689-1", - "https://usn.ubuntu.com/usn/usn-3689-2", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.debian.org/security/2018/dsa-4231", - "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-06-13T23:29:00Z", - "LastModifiedDate": "2019-05-30T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12404", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", - "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", - "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://cat.eyalro.net/", - "http://linux.oracle.com/cve/CVE-2018-12404.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", - "http://www.securityfocus.com/bid/107260", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2" - ], - "PublishedDate": "2019-05-02T17:29:00Z", - "LastModifiedDate": "2019-07-20T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18508", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18508", - "Title": "nss: NULL pointer dereference in several CMS functions resulting in a denial of service", - "Description": "No description is available for this CVE.", - "Severity": "MEDIUM", - "CVSS": { - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18508.html", - "http://linux.oracle.com/errata/ELSA-2019-1951.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.42.1_release_notes", - "https://usn.ubuntu.com/usn/usn-3898-1", - "https://usn.ubuntu.com/usn/usn-3898-2" - ] - }, - { - "VulnerabilityID": "CVE-2019-11719", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11719", - "Title": "nss: Out-of-bounds read when importing curve25519 private key", - "Description": "When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11719.html", - "http://linux.oracle.com/errata/ELSA-2019-1951.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1540541", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11719", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11719", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11719", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11729", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-7.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", - "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", - "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11729.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11756", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11756", - "Title": "nss: UAF in sftk_FreeSession due to improper refcounting", - "Description": "Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox \u003c 71.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.1 - } - }, - "References": [ - "https://bugzilla.mozilla.org/show_bug.cgi?id=1508776", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11756", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47_release_notes", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-11756", - "https://www.mozilla.org/security/advisories/mfsa2019-36/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-13T18:02:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17006", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17006", - "Title": "nss: Check length of inputs for cryptographic primitives", - "Description": "A vulnerability was discovered in nss where input text length was not checked when using certain cryptographic primitives. This could lead to a heap-buffer overflow resulting in a crash and data leak. The highest threat is to confidentiality and integrity of data as well as system availability.", - "Severity": "MEDIUM", - "CVSS": { - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes", - "https://hg.mozilla.org/projects/nss/rev/9d1f5e71773d4e3146524096d74cb96c8df51abe", - "https://hg.mozilla.org/projects/nss/rev/dfd6996fe7425eb0437346d11a01082f16fcfe34", - "https://usn.ubuntu.com/usn/usn-4231-1" - ] - }, - { - "VulnerabilityID": "CVE-2019-11727", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11727", - "Title": "nss: PKCS#1 v1.5 signatures can be used for TLS 1.3", - "Description": "A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox \u003c 68.", - "Severity": "LOW", - "CweIDs": [ - "CWE-295" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", - "V3Score": 3.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11727.html", - "http://linux.oracle.com/errata/ELSA-2019-1951.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1552208", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11727", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11727", - "https://www.mozilla.org/security/advisories/mfsa2019-21/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-30T23:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17023", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17023", - "Title": "nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state", - "Description": "After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox \u003c 72.", - "Severity": "LOW", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", - "V3Score": 5.3 - } - }, - "References": [ - "https://bugzilla.mozilla.org/show_bug.cgi?id=1590001", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.49_release_notes", - "https://usn.ubuntu.com/4234-1/", - "https://usn.ubuntu.com/usn/usn-4234-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17023", - "https://www.mozilla.org/security/advisories/mfsa2020-01/" - ], - "PublishedDate": "2020-01-08T22:15:00Z", - "LastModifiedDate": "2020-01-13T19:43:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-7.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2808", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2808", - "Title": "SSL/TLS: \"Invariance Weakness\" vulnerability in RC4 stream cipher", - "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", - "http://linux.oracle.com/cve/CVE-2015-2808.html", - "http://linux.oracle.com/errata/ELSA-2015-1526.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html", - "http://marc.info/?l=bugtraq\u0026m=143456209711959\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143629696317098\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144059660127919\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144059703728085\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144104565600964\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2", - "http://rhn.redhat.com/errata/RHSA-2015-1006.html", - "http://rhn.redhat.com/errata/RHSA-2015-1007.html", - "http://rhn.redhat.com/errata/RHSA-2015-1020.html", - "http://rhn.redhat.com/errata/RHSA-2015-1021.html", - "http://rhn.redhat.com/errata/RHSA-2015-1091.html", - "http://rhn.redhat.com/errata/RHSA-2015-1228.html", - "http://rhn.redhat.com/errata/RHSA-2015-1229.html", - "http://rhn.redhat.com/errata/RHSA-2015-1230.html", - "http://rhn.redhat.com/errata/RHSA-2015-1241.html", - "http://rhn.redhat.com/errata/RHSA-2015-1242.html", - "http://rhn.redhat.com/errata/RHSA-2015-1243.html", - "http://rhn.redhat.com/errata/RHSA-2015-1526.html", - "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888", - "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892", - "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", - "http://www-304.ibm.com/support/docview.wss?uid=swg21903565", - "http://www-304.ibm.com/support/docview.wss?uid=swg21960015", - "http://www-304.ibm.com/support/docview.wss?uid=swg21960769", - "http://www.debian.org/security/2015/dsa-3316", - "http://www.debian.org/security/2015/dsa-3339", - "http://www.huawei.com/en/psirt/security-advisories/hw-454055", - "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "http://www.securityfocus.com/bid/73684", - "http://www.securityfocus.com/bid/91787", - "http://www.securitytracker.com/id/1032599", - "http://www.securitytracker.com/id/1032600", - "http://www.securitytracker.com/id/1032707", - "http://www.securitytracker.com/id/1032708", - "http://www.securitytracker.com/id/1032734", - "http://www.securitytracker.com/id/1032788", - "http://www.securitytracker.com/id/1032858", - "http://www.securitytracker.com/id/1032868", - "http://www.securitytracker.com/id/1032910", - "http://www.securitytracker.com/id/1032990", - "http://www.securitytracker.com/id/1033071", - "http://www.securitytracker.com/id/1033072", - "http://www.securitytracker.com/id/1033386", - "http://www.securitytracker.com/id/1033415", - "http://www.securitytracker.com/id/1033431", - "http://www.securitytracker.com/id/1033432", - "http://www.securitytracker.com/id/1033737", - "http://www.securitytracker.com/id/1033769", - "http://www.securitytracker.com/id/1036222", - "http://www.ubuntu.com/usn/USN-2696-1", - "http://www.ubuntu.com/usn/USN-2706-1", - "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808", - "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", - "https://kb.juniper.net/JSA10783", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163", - "https://security.gentoo.org/glsa/201512-10", - "https://usn.ubuntu.com/usn/usn-2696-1", - "https://usn.ubuntu.com/usn/usn-2706-1", - "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709", - "https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf" - ], - "PublishedDate": "2015-04-01T02:00:00Z", - "LastModifiedDate": "2018-01-18T18:18:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2183", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2183", - "Title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)", - "Description": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.7 - } - }, - "References": [ - "http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/5d2bb853ae31", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759", - "http://linux.oracle.com/cve/CVE-2016-2183.html", - "http://linux.oracle.com/errata/ELSA-2018-2123.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", - "http://rhn.redhat.com/errata/RHSA-2017-0336.html", - "http://rhn.redhat.com/errata/RHSA-2017-0337.html", - "http://rhn.redhat.com/errata/RHSA-2017-0338.html", - "http://rhn.redhat.com/errata/RHSA-2017-0462.html", - "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697", - "http://www-01.ibm.com/support/docview.wss?uid=swg21991482", - "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", - "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", - "http://www.securityfocus.com/bid/92630", - "http://www.securityfocus.com/bid/95568", - "http://www.securitytracker.com/id/1036696", - "http://www.splunk.com/view/SP-CAAAPSV", - "http://www.splunk.com/view/SP-CAAAPUE", - "https://access.redhat.com/articles/2548661", - "https://access.redhat.com/errata/RHSA-2016:1940", - "https://access.redhat.com/errata/RHSA-2017:1216", - "https://access.redhat.com/errata/RHSA-2017:2708", - "https://access.redhat.com/errata/RHSA-2017:2709", - "https://access.redhat.com/errata/RHSA-2017:2710", - "https://access.redhat.com/errata/RHSA-2017:3113", - "https://access.redhat.com/errata/RHSA-2017:3114", - "https://access.redhat.com/errata/RHSA-2017:3239", - "https://access.redhat.com/errata/RHSA-2017:3240", - "https://access.redhat.com/errata/RHSA-2018:2123", - "https://access.redhat.com/errata/RHSA-2019:1245", - "https://access.redhat.com/errata/RHSA-2019:2859", - "https://access.redhat.com/security/cve/cve-2016-2183", - "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/", - "https://bto.bluecoat.com/security-advisory/sa133", - "https://bugzilla.redhat.com/show_bug.cgi?id=1369383", - "https://community.qualys.com/thread/16555", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183", - "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03765en_us", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849", - "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", - "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171", - "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/", - "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", - "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvb05575", - "https://security-tracker.debian.org/tracker/CVE-2016-2183", - "https://security.gentoo.org/glsa/201612-16", - "https://security.gentoo.org/glsa/201701-65", - "https://security.gentoo.org/glsa/201707-01", - "https://security.netapp.com/advisory/ntap-20160915-0001/", - "https://security.netapp.com/advisory/ntap-20170119-0001/", - "https://sweet32.info/", - "https://twitter.com/symantec/status/768786631159603200", - "https://usn.ubuntu.com/usn/usn-3087-1", - "https://usn.ubuntu.com/usn/usn-3179-1", - "https://usn.ubuntu.com/usn/usn-3194-1", - "https://usn.ubuntu.com/usn/usn-3198-1", - "https://usn.ubuntu.com/usn/usn-3270-1", - "https://usn.ubuntu.com/usn/usn-3372-1", - "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html", - "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008", - "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/", - "https://www.openssl.org/blog/blog/2016/08/24/sweet32/", - "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "https://www.sigsac.org/ccs/CCS2016/accepted-papers/", - "https://www.suse.com/security/cve/CVE-2016-2183.html", - "https://www.tenable.com/security/tns-2016-16", - "https://www.tenable.com/security/tns-2016-20", - "https://www.tenable.com/security/tns-2016-21", - "https://www.tenable.com/security/tns-2017-09", - "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue" - ], - "PublishedDate": "2016-09-01T00:59:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9074", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9074", - "Title": "nss: Insufficient timing side-channel resistance in divSpoiler", - "Description": "An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/94341", - "http://www.securitytracker.com/id/1037298", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1293334", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", - "https://security.gentoo.org/glsa/201701-15", - "https://security.gentoo.org/glsa/201701-46", - "https://usn.ubuntu.com/usn/usn-3163-1", - "https://www.debian.org/security/2016/dsa-3730", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9074", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/", - "https://www.mozilla.org/security/advisories/mfsa2016-89/", - "https://www.mozilla.org/security/advisories/mfsa2016-90/", - "https://www.mozilla.org/security/advisories/mfsa2016-93/" - ], - "PublishedDate": "2018-06-11T21:29:00Z", - "LastModifiedDate": "2018-08-09T15:12:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9574", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9574", - "Title": "nss: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA", - "Description": "nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-384" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - } - }, - "References": [ - "https://bugzilla.mozilla.org/show_bug.cgi?id=1320695", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9574", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9574" - ], - "PublishedDate": "2018-07-19T13:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0495", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", - "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", - "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0495.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://www.securitytracker.com/id/1041144", - "http://www.securitytracker.com/id/1041147", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1296", - "https://access.redhat.com/errata/RHSA-2019:1297", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", - "https://dev.gnupg.org/T4011", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", - "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", - "https://usn.ubuntu.com/3689-1/", - "https://usn.ubuntu.com/3689-2/", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/3850-1/", - "https://usn.ubuntu.com/3850-2/", - "https://usn.ubuntu.com/usn/usn-3689-1", - "https://usn.ubuntu.com/usn/usn-3689-2", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.debian.org/security/2018/dsa-4231", - "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-06-13T23:29:00Z", - "LastModifiedDate": "2019-05-30T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12404", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", - "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", - "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://cat.eyalro.net/", - "http://linux.oracle.com/cve/CVE-2018-12404.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", - "http://www.securityfocus.com/bid/107260", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2" - ], - "PublishedDate": "2019-05-02T17:29:00Z", - "LastModifiedDate": "2019-07-20T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18508", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18508", - "Title": "nss: NULL pointer dereference in several CMS functions resulting in a denial of service", - "Description": "No description is available for this CVE.", - "Severity": "MEDIUM", - "CVSS": { - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18508.html", - "http://linux.oracle.com/errata/ELSA-2019-1951.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.42.1_release_notes", - "https://usn.ubuntu.com/usn/usn-3898-1", - "https://usn.ubuntu.com/usn/usn-3898-2" - ] - }, - { - "VulnerabilityID": "CVE-2019-11719", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11719", - "Title": "nss: Out-of-bounds read when importing curve25519 private key", - "Description": "When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11719.html", - "http://linux.oracle.com/errata/ELSA-2019-1951.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1540541", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11719", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11719", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11719", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11729", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-7.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", - "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", - "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11729.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11756", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11756", - "Title": "nss: UAF in sftk_FreeSession due to improper refcounting", - "Description": "Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox \u003c 71.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.1 - } - }, - "References": [ - "https://bugzilla.mozilla.org/show_bug.cgi?id=1508776", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11756", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47_release_notes", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-11756", - "https://www.mozilla.org/security/advisories/mfsa2019-36/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-13T18:02:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17006", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17006", - "Title": "nss: Check length of inputs for cryptographic primitives", - "Description": "A vulnerability was discovered in nss where input text length was not checked when using certain cryptographic primitives. This could lead to a heap-buffer overflow resulting in a crash and data leak. The highest threat is to confidentiality and integrity of data as well as system availability.", - "Severity": "MEDIUM", - "CVSS": { - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes", - "https://hg.mozilla.org/projects/nss/rev/9d1f5e71773d4e3146524096d74cb96c8df51abe", - "https://hg.mozilla.org/projects/nss/rev/dfd6996fe7425eb0437346d11a01082f16fcfe34", - "https://usn.ubuntu.com/usn/usn-4231-1" - ] - }, - { - "VulnerabilityID": "CVE-2019-11727", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11727", - "Title": "nss: PKCS#1 v1.5 signatures can be used for TLS 1.3", - "Description": "A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox \u003c 68.", - "Severity": "LOW", - "CweIDs": [ - "CWE-295" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", - "V3Score": 3.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11727.html", - "http://linux.oracle.com/errata/ELSA-2019-1951.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1552208", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11727", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11727", - "https://www.mozilla.org/security/advisories/mfsa2019-21/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-30T23:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17023", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17023", - "Title": "nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state", - "Description": "After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox \u003c 72.", - "Severity": "LOW", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", - "V3Score": 5.3 - } - }, - "References": [ - "https://bugzilla.mozilla.org/show_bug.cgi?id=1590001", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.49_release_notes", - "https://usn.ubuntu.com/4234-1/", - "https://usn.ubuntu.com/usn/usn-4234-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17023", - "https://www.mozilla.org/security/advisories/mfsa2020-01/" - ], - "PublishedDate": "2020-01-08T22:15:00Z", - "LastModifiedDate": "2020-01-13T19:43:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-util", - "InstalledVersion": "3.36.0-1.1.el7_6", - "FixedVersion": "3.44.0-4.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0495", - "PkgName": "nss-util", - "InstalledVersion": "3.36.0-1.1.el7_6", - "FixedVersion": "3.44.0-3.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", - "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", - "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0495.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://www.securitytracker.com/id/1041144", - "http://www.securitytracker.com/id/1041147", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1296", - "https://access.redhat.com/errata/RHSA-2019:1297", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", - "https://dev.gnupg.org/T4011", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", - "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", - "https://usn.ubuntu.com/3689-1/", - "https://usn.ubuntu.com/3689-2/", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/3850-1/", - "https://usn.ubuntu.com/3850-2/", - "https://usn.ubuntu.com/usn/usn-3689-1", - "https://usn.ubuntu.com/usn/usn-3689-2", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.debian.org/security/2018/dsa-4231", - "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-06-13T23:29:00Z", - "LastModifiedDate": "2019-05-30T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12404", - "PkgName": "nss-util", - "InstalledVersion": "3.36.0-1.1.el7_6", - "FixedVersion": "3.44.0-3.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", - "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", - "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://cat.eyalro.net/", - "http://linux.oracle.com/cve/CVE-2018-12404.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", - "http://www.securityfocus.com/bid/107260", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2" - ], - "PublishedDate": "2019-05-02T17:29:00Z", - "LastModifiedDate": "2019-07-20T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11729", - "PkgName": "nss-util", - "InstalledVersion": "3.36.0-1.1.el7_6", - "FixedVersion": "3.44.0-4.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", - "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", - "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11729.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2015-1546", - "PkgName": "openldap", - "InstalledVersion": "2.4.44-21.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1546", - "Title": "openldap: slapd crash in valueReturnFilter cleanup", - "Description": "Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matched values control.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html", - "http://lists.opensuse.org/opensuse-updates/2015-07/msg00069.html", - "http://secunia.com/advisories/62787", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:073", - "http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=2f1a2dd329b91afe561cd06b872d09630d4edb6a", - "http://www.openldap.org/its/?findid=8046", - "http://www.openwall.com/lists/oss-security/2015/02/07/3", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776991", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1546", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/100938", - "https://support.apple.com/HT204659" - ], - "PublishedDate": "2015-02-12T16:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13057", - "PkgName": "openldap", - "InstalledVersion": "2.4.44-21.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13057", - "Title": "openldap: Information disclosure issue in slapd component", - "Description": "An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.)", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 3.5, - "V3Score": 4.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.openldap.org/lists/openldap-announce/201907/msg00001.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13057", - "https://lists.debian.org/debian-lts-announce/2019/08/msg00024.html", - "https://openldap.org/its/?findid=9038", - "https://security.netapp.com/advisory/ntap-20190822-0004/", - "https://usn.ubuntu.com/4078-1/", - "https://usn.ubuntu.com/4078-2/", - "https://usn.ubuntu.com/usn/usn-4078-1", - "https://usn.ubuntu.com/usn/usn-4078-2", - "https://www.openldap.org/its/?findid=9038", - "https://www.openldap.org/lists/openldap-announce/201907/msg00001.html" - ], - "PublishedDate": "2019-07-26T13:15:00Z", - "LastModifiedDate": "2019-08-19T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13565", - "PkgName": "openldap", - "InstalledVersion": "2.4.44-21.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13565", - "Title": "openldap: ACL restrictions bypass due to sasl_ssf value being set permanently", - "Description": "An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, etc.). In other words, a successful authorization step completed by one user affects the authorization requirement for a different user.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", - "V3Score": 7.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", - "http://www.openldap.org/lists/openldap-announce/201907/msg00001.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13565", - "https://lists.debian.org/debian-lts-announce/2019/08/msg00024.html", - "https://openldap.org/its/?findid=9052", - "https://usn.ubuntu.com/4078-1/", - "https://usn.ubuntu.com/4078-2/", - "https://usn.ubuntu.com/usn/usn-4078-1", - "https://usn.ubuntu.com/usn/usn-4078-2", - "https://www.openldap.org/its/index.cgi/?findid=9052", - "https://www.openldap.org/lists/openldap-announce/201907/msg00001.html" - ], - "PublishedDate": "2019-07-26T13:15:00Z", - "LastModifiedDate": "2019-09-24T00:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4984", - "PkgName": "openldap", - "InstalledVersion": "2.4.44-21.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4984", - "Title": "openldap-servers: /usr/libexec/openldap/generate-server-cert.sh create world readable password file", - "Description": "/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it.", - "Severity": "LOW", - "CweIDs": [ - "CWE-362" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", - "V2Score": 1.9, - "V3Score": 2.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1346120" - ], - "PublishedDate": "2017-07-17T13:18:00Z", - "LastModifiedDate": "2019-04-22T17:48:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2808", - "PkgName": "openssl-libs", - "InstalledVersion": "1:1.0.2k-16.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2808", - "Title": "SSL/TLS: \"Invariance Weakness\" vulnerability in RC4 stream cipher", - "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", - "http://linux.oracle.com/cve/CVE-2015-2808.html", - "http://linux.oracle.com/errata/ELSA-2015-1526.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html", - "http://marc.info/?l=bugtraq\u0026m=143456209711959\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143629696317098\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144059660127919\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144059703728085\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144104565600964\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2", - "http://rhn.redhat.com/errata/RHSA-2015-1006.html", - "http://rhn.redhat.com/errata/RHSA-2015-1007.html", - "http://rhn.redhat.com/errata/RHSA-2015-1020.html", - "http://rhn.redhat.com/errata/RHSA-2015-1021.html", - "http://rhn.redhat.com/errata/RHSA-2015-1091.html", - "http://rhn.redhat.com/errata/RHSA-2015-1228.html", - "http://rhn.redhat.com/errata/RHSA-2015-1229.html", - "http://rhn.redhat.com/errata/RHSA-2015-1230.html", - "http://rhn.redhat.com/errata/RHSA-2015-1241.html", - "http://rhn.redhat.com/errata/RHSA-2015-1242.html", - "http://rhn.redhat.com/errata/RHSA-2015-1243.html", - "http://rhn.redhat.com/errata/RHSA-2015-1526.html", - "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888", - "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892", - "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", - "http://www-304.ibm.com/support/docview.wss?uid=swg21903565", - "http://www-304.ibm.com/support/docview.wss?uid=swg21960015", - "http://www-304.ibm.com/support/docview.wss?uid=swg21960769", - "http://www.debian.org/security/2015/dsa-3316", - "http://www.debian.org/security/2015/dsa-3339", - "http://www.huawei.com/en/psirt/security-advisories/hw-454055", - "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "http://www.securityfocus.com/bid/73684", - "http://www.securityfocus.com/bid/91787", - "http://www.securitytracker.com/id/1032599", - "http://www.securitytracker.com/id/1032600", - "http://www.securitytracker.com/id/1032707", - "http://www.securitytracker.com/id/1032708", - "http://www.securitytracker.com/id/1032734", - "http://www.securitytracker.com/id/1032788", - "http://www.securitytracker.com/id/1032858", - "http://www.securitytracker.com/id/1032868", - "http://www.securitytracker.com/id/1032910", - "http://www.securitytracker.com/id/1032990", - "http://www.securitytracker.com/id/1033071", - "http://www.securitytracker.com/id/1033072", - "http://www.securitytracker.com/id/1033386", - "http://www.securitytracker.com/id/1033415", - "http://www.securitytracker.com/id/1033431", - "http://www.securitytracker.com/id/1033432", - "http://www.securitytracker.com/id/1033737", - "http://www.securitytracker.com/id/1033769", - "http://www.securitytracker.com/id/1036222", - "http://www.ubuntu.com/usn/USN-2696-1", - "http://www.ubuntu.com/usn/USN-2706-1", - "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808", - "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", - "https://kb.juniper.net/JSA10783", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163", - "https://security.gentoo.org/glsa/201512-10", - "https://usn.ubuntu.com/usn/usn-2696-1", - "https://usn.ubuntu.com/usn/usn-2706-1", - "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709", - "https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf" - ], - "PublishedDate": "2015-04-01T02:00:00Z", - "LastModifiedDate": "2018-01-18T18:18:00Z" - }, - { - "VulnerabilityID": "CVE-2018-5407", - "PkgName": "openssl-libs", - "InstalledVersion": "1:1.0.2k-16.el7", - "FixedVersion": "1:1.0.2k-16.el7_6.1", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5407", - "Title": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)", - "Description": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", - "V3Score": 4.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-5407.html", - "http://linux.oracle.com/errata/ELSA-2019-2125.html", - "http://www.securityfocus.com/bid/105897", - "https://access.redhat.com/errata/RHSA-2019:0483", - "https://access.redhat.com/errata/RHSA-2019:0651", - "https://access.redhat.com/errata/RHSA-2019:0652", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407", - "https://eprint.iacr.org/2018/1060.pdf", - "https://github.com/bbbrumley/portsmash", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html", - "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", - "https://security.gentoo.org/glsa/201903-10", - "https://security.netapp.com/advisory/ntap-20181126-0001/", - "https://usn.ubuntu.com/3840-1/", - "https://usn.ubuntu.com/usn/usn-3840-1", - "https://www.debian.org/security/2018/dsa-4348", - "https://www.debian.org/security/2018/dsa-4355", - "https://www.exploit-db.com/exploits/45785/", - "https://www.openssl.org/news/secadv/20181112.txt", - "https://www.openwall.com/lists/oss-security/2018/11/01/4", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "https://www.tenable.com/security/tns-2018-16", - "https://www.tenable.com/security/tns-2018-17" - ], - "PublishedDate": "2018-11-15T21:29:00Z", - "LastModifiedDate": "2019-07-23T23:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1547", - "PkgName": "openssl-libs", - "InstalledVersion": "1:1.0.2k-16.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1547", - "Title": "openssl: side-channel weak encryption vulnerability", - "Description": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-311" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 1.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.5 - } - }, - "References": [ - "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", - "https://arxiv.org/abs/1909.01785", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a", - "https://seclists.org/bugtraq/2019/Sep/25", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-12T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1559", - "PkgName": "openssl-libs", - "InstalledVersion": "1:1.0.2k-16.el7", - "FixedVersion": "1:1.0.2k-19.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1559", - "Title": "openssl: 0-byte record padding oracle", - "Description": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", - "V3Score": 6.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-1559.html", - "http://linux.oracle.com/errata/ELSA-2019-2471.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html", - "http://www.securityfocus.com/bid/107174", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e", - "https://github.com/RUB-NDS/TLS-Padding-Oracles", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html", - "https://security.gentoo.org/glsa/201903-10", - "https://security.netapp.com/advisory/ntap-20190301-0001/", - "https://security.netapp.com/advisory/ntap-20190301-0002/", - "https://security.netapp.com/advisory/ntap-20190423-0002/", - "https://support.f5.com/csp/article/K18549143", - "https://usn.ubuntu.com/3899-1/", - "https://usn.ubuntu.com/usn/usn-3899-1", - "https://www.debian.org/security/2019/dsa-4400", - "https://www.openssl.org/news/secadv/20190226.txt", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "https://www.tenable.com/security/tns-2019-02", - "https://www.tenable.com/security/tns-2019-03" - ], - "PublishedDate": "2019-02-27T23:29:00Z", - "LastModifiedDate": "2019-05-22T00:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0734", - "PkgName": "openssl-libs", - "InstalledVersion": "1:1.0.2k-16.el7", - "FixedVersion": "1:1.0.2k-19.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0734", - "Title": "openssl: timing side channel attack in the DSA signature algorithm", - "Description": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).", - "Severity": "LOW", - "CweIDs": [ - "CWE-320" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0734.html", - "http://linux.oracle.com/errata/ELSA-2019-3700.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html", - "http://www.securityfocus.com/bid/105758", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7", - "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", - "https://security.netapp.com/advisory/ntap-20181105-0002/", - "https://security.netapp.com/advisory/ntap-20190118-0002/", - "https://security.netapp.com/advisory/ntap-20190423-0002/", - "https://usn.ubuntu.com/3840-1/", - "https://usn.ubuntu.com/usn/usn-3840-1", - "https://www.debian.org/security/2018/dsa-4348", - "https://www.debian.org/security/2018/dsa-4355", - "https://www.openssl.org/news/secadv/20181030.txt", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "https://www.tenable.com/security/tns-2018-16", - "https://www.tenable.com/security/tns-2018-17" - ], - "PublishedDate": "2018-10-30T12:29:00Z", - "LastModifiedDate": "2019-06-11T22:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0735", - "PkgName": "openssl-libs", - "InstalledVersion": "1:1.0.2k-16.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0735", - "Title": "openssl: timing side channel attack in the ECDSA signature generation", - "Description": "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).", - "Severity": "LOW", - "CweIDs": [ - "CWE-320" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0735.html", - "http://linux.oracle.com/errata/ELSA-2019-3700.html", - "http://www.securityfocus.com/bid/105750", - "http://www.securitytracker.com/id/1041986", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0735", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56fb454d281a023b3f950d969693553d3f3ceea1", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html", - "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", - "https://security.netapp.com/advisory/ntap-20181105-0002/", - "https://usn.ubuntu.com/3840-1/", - "https://usn.ubuntu.com/usn/usn-3840-1", - "https://www.debian.org/security/2018/dsa-4348", - "https://www.openssl.org/news/secadv/20181029.txt", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" - ], - "PublishedDate": "2018-10-29T13:29:00Z", - "LastModifiedDate": "2019-07-23T23:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1551", - "PkgName": "openssl-libs", - "InstalledVersion": "1:1.0.2k-16.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", - "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64", - "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.8 - } - }, - "References": [ - "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98", - "https://github.com/openssl/openssl/pull/10575", - "https://seclists.org/bugtraq/2019/Dec/39", - "https://seclists.org/bugtraq/2019/Dec/46", - "https://security.netapp.com/advisory/ntap-20191210-0001/", - "https://www.debian.org/security/2019/dsa-4594", - "https://www.openssl.org/news/secadv/20191206.txt", - "https://www.tenable.com/security/tns-2019-09" - ], - "PublishedDate": "2019-12-06T18:15:00Z", - "LastModifiedDate": "2019-12-25T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1563", - "PkgName": "openssl-libs", - "InstalledVersion": "1:1.0.2k-16.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", - "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey", - "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", - "Severity": "LOW", - "CweIDs": [ - "CWE-311" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 3.7 - } - }, - "References": [ - "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", - "https://seclists.org/bugtraq/2019/Sep/25", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-12T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8380", - "PkgName": "pcre", - "InstalledVersion": "8.32-17.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8380", - "Title": "pcre: OOB write when pcre_exec() is called with ovecsize of 1 (8.38/10)", - "Description": "The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \\01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173700.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/77695", - "https://blog.fuzzing-project.org/29-Heap-Overflow-in-PCRE.html", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://bugs.exim.org/show_bug.cgi?id=1637", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8380", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8387", - "PkgName": "pcre", - "InstalledVersion": "8.32-17.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8387", - "Title": "pcre: Integer overflow in subroutine calls (8.38/8)", - "Description": "PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-189" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/82990", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8387", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8390", - "PkgName": "pcre", - "InstalledVersion": "8.32-17.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8390", - "Title": "pcre: uninitialized memory read triggered by malformed posix character class (8.38/22)", - "Description": "PCRE before 8.38 mishandles the [: and \\\\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/82990", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8390", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8393", - "PkgName": "pcre", - "InstalledVersion": "8.32-17.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8393", - "Title": "pcre: pcregrep -q is not always quiet (8.38/28)", - "Description": "pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/82990", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8393", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8394", - "PkgName": "pcre", - "InstalledVersion": "8.32-17.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8394", - "Title": "pcre: Integer overflow caused by missing check for certain conditions (8.38/31)", - "Description": "PCRE before 8.38 mishandles the (?(\u003cdigits\u003e) and (?(R\u003cdigits\u003e) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-189" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/82990", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8394", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-6004", - "PkgName": "pcre", - "InstalledVersion": "8.32-17.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6004", - "Title": "pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3)", - "Description": "The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/96295", - "http://www.securitytracker.com/id/1037850", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://bugs.exim.org/show_bug.cgi?id=2035", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6004", - "https://security.gentoo.org/glsa/201706-11", - "https://vcs.pcre.org/pcre/code/trunk/pcre_jit_compile.c?r1=1676\u0026r2=1680\u0026view=patch" - ], - "PublishedDate": "2017-02-16T11:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7186", - "PkgName": "pcre", - "InstalledVersion": "8.32-17.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7186", - "Title": "pcre: Invalid Unicode property lookup (8.41/7, 10.24/2)", - "Description": "libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97030", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/", - "https://bugs.exim.org/show_bug.cgi?id=2052", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7186", - "https://security.gentoo.org/glsa/201710-09", - "https://security.gentoo.org/glsa/201710-25", - "https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649\u0026r2=1688\u0026sortby=date", - "https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490\u0026r2=1688\u0026sortby=date", - "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600\u0026r2=670\u0026sortby=date", - "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316\u0026r2=670\u0026sortby=date" - ], - "PublishedDate": "2017-03-20T00:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8382", - "PkgName": "pcre", - "InstalledVersion": "8.32-17.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8382", - "Title": "php: Regular Expression Uninitialized Pointer Information Disclosure Vulnerability (ZDI-CAN-2547)", - "Description": "The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V2Score": 6.4 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 1.9 - } - }, - "References": [ - "http://git.php.net/?p=php-src.git;a=commit;h=c351b47ce85a3a147cfa801fa9f0149ab4160834", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://vcs.pcre.org/pcre/code/trunk/pcre_exec.c?r1=1502\u0026r2=1510", - "http://www.openwall.com/lists/oss-security/2015/08/04/2", - "http://www.openwall.com/lists/oss-security/2015/08/04/3", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/76157", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://bugs.exim.org/show_bug.cgi?id=1537", - "https://bugzilla.redhat.com/show_bug.cgi?id=1187225", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8382", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2016-12-28T02:59:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11164", - "PkgName": "pcre", - "InstalledVersion": "8.32-17.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11164", - "Title": "pcre: OP_KETRMAX feature in the match function in pcre_exec.c", - "Description": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.", - "Severity": "LOW", - "CweIDs": [ - "CWE-674" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 7.8, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2017/07/11/3", - "http://www.securityfocus.com/bid/99575", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164" - ], - "PublishedDate": "2017-07-11T03:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7244", - "PkgName": "pcre", - "InstalledVersion": "8.32-17.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7244", - "Title": "pcre: invalid memory read in _pcre32_xclass (pcre_xclass.c)", - "Description": "The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97067", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7244", - "https://security.gentoo.org/glsa/201710-25" - ], - "PublishedDate": "2017-03-23T21:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7245", - "PkgName": "pcre", - "InstalledVersion": "8.32-17.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7245", - "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", - "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97067", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7245", - "https://security.gentoo.org/glsa/201710-25" - ], - "PublishedDate": "2017-03-23T21:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7246", - "PkgName": "pcre", - "InstalledVersion": "8.32-17.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7246", - "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", - "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97067", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7246", - "https://security.gentoo.org/glsa/201710-25" - ], - "PublishedDate": "2017-03-23T21:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1122", - "PkgName": "procps-ng", - "InstalledVersion": "3.3.10-23.el7", - "FixedVersion": "3.3.10-26.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1122", - "Title": "procps-ng, procps: Local privilege escalation in top", - "Description": "procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.4, - "V3Score": 7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 6.7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-1122.html", - "http://linux.oracle.com/errata/ELSA-2019-2189.html", - "http://seclists.org/oss-sec/2018/q2/122", - "http://www.securityfocus.com/bid/104214", - "https://access.redhat.com/errata/RHSA-2019:2189", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1122", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1122", - "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html", - "https://security.gentoo.org/glsa/201805-14", - "https://usn.ubuntu.com/3658-1/", - "https://usn.ubuntu.com/3658-3/", - "https://usn.ubuntu.com/usn/usn-3658-1", - "https://usn.ubuntu.com/usn/usn-3658-3", - "https://www.debian.org/security/2018/dsa-4208", - "https://www.exploit-db.com/exploits/44806/", - "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" - ], - "PublishedDate": "2018-05-23T14:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1121", - "PkgName": "procps-ng", - "InstalledVersion": "3.3.10-23.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1121", - "Title": "procps-ng, procps: process hiding through race condition enumerating /proc", - "Description": "procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.", - "Severity": "LOW", - "CweIDs": [ - "CWE-362" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", - "V3Score": 3.9 - } - }, - "References": [ - "http://seclists.org/oss-sec/2018/q2/122", - "http://www.securityfocus.com/bid/104214", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1121", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1121", - "https://security.gentoo.org/glsa/201805-14", - "https://www.exploit-db.com/exploits/44806/", - "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" - ], - "PublishedDate": "2018-06-13T20:29:00Z", - "LastModifiedDate": "2019-10-09T23:38:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1123", - "PkgName": "procps-ng", - "InstalledVersion": "3.3.10-23.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1123", - "Title": "procps-ng, procps: denial of service in ps via mmap buffer overflow", - "Description": "procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", - "V3Score": 3.9 - } - }, - "References": [ - "http://seclists.org/oss-sec/2018/q2/122", - "http://www.securityfocus.com/bid/104214", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1123", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1123", - "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html", - "https://security.gentoo.org/glsa/201805-14", - "https://usn.ubuntu.com/3658-1/", - "https://usn.ubuntu.com/3658-3/", - "https://usn.ubuntu.com/usn/usn-3658-1", - "https://usn.ubuntu.com/usn/usn-3658-3", - "https://www.debian.org/security/2018/dsa-4208", - "https://www.exploit-db.com/exploits/44806/", - "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" - ], - "PublishedDate": "2018-05-23T14:29:00Z", - "LastModifiedDate": "2019-10-09T23:38:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1125", - "PkgName": "procps-ng", - "InstalledVersion": "3.3.10-23.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1125", - "Title": "procps-ng, procps: stack buffer overflow in pgrep", - "Description": "procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", - "V3Score": 4.4 - } - }, - "References": [ - "http://seclists.org/oss-sec/2018/q2/122", - "http://www.securityfocus.com/bid/104214", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1125", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1125", - "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html", - "https://usn.ubuntu.com/3658-1/", - "https://usn.ubuntu.com/3658-3/", - "https://usn.ubuntu.com/usn/usn-3658-1", - "https://usn.ubuntu.com/usn/usn-3658-3", - "https://www.debian.org/security/2018/dsa-4208", - "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" - ], - "PublishedDate": "2018-05-23T14:29:00Z", - "LastModifiedDate": "2019-10-09T23:38:00Z" - }, - { - "VulnerabilityID": "CVE-2019-10160", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-80.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-10160", - "Title": "python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc", - "Description": "A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 9.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-10160.html", - "http://linux.oracle.com/errata/ELSA-2019-1587.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html", - "https://access.redhat.com/errata/RHSA-2019:1587", - "https://access.redhat.com/errata/RHSA-2019:1700", - "https://access.redhat.com/errata/RHSA-2019:2437", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10160", - "https://github.com/python/cpython/commit/250b62acc59921d399f0db47db3b462cd6037e09", - "https://github.com/python/cpython/commit/8d0ef0b5edeae52960c7ed05ae8a12388324f87e", - "https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de", - "https://github.com/python/cpython/commit/fd1771dbdd28709716bd531580c40ae5ed814468", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/", - "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html", - "https://security.netapp.com/advisory/ntap-20190617-0003/", - "https://usn.ubuntu.com/4127-1/", - "https://usn.ubuntu.com/4127-2/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-06-07T18:29:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9636", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-77.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9636", - "Title": "python: Information Disclosure due to urlsplit improper NFKC normalization", - "Description": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 9.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9636.html", - "http://linux.oracle.com/errata/ELSA-2019-1467.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", - "http://www.securityfocus.com/bid/107400", - "https://access.redhat.com/errata/RHBA-2019:0959", - "https://access.redhat.com/errata/RHSA-2019:0710", - "https://access.redhat.com/errata/RHSA-2019:0765", - "https://access.redhat.com/errata/RHSA-2019:0806", - "https://access.redhat.com/errata/RHSA-2019:0902", - "https://access.redhat.com/errata/RHSA-2019:0981", - "https://access.redhat.com/errata/RHSA-2019:0997", - "https://access.redhat.com/errata/RHSA-2019:1467", - "https://bugs.python.org/issue36216", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636", - "https://github.com/python/cpython/pull/12201", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/", - "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html", - "https://security.netapp.com/advisory/ntap-20190517-0001/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-08T21:29:00Z", - "LastModifiedDate": "2019-06-13T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2013-1664", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-1664", - "Title": "Python xml bindings: Internal entity expansion in Python XML libraries inflicts DoS vulnerabilities", - "Description": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html", - "http://bugs.python.org/issue17239", - "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html", - "http://rhn.redhat.com/errata/RHSA-2013-0657.html", - "http://rhn.redhat.com/errata/RHSA-2013-0658.html", - "http://rhn.redhat.com/errata/RHSA-2013-0670.html", - "http://ubuntu.com/usn/usn-1757-1", - "http://www.openwall.com/lists/oss-security/2013/02/19/2", - "http://www.openwall.com/lists/oss-security/2013/02/19/4", - "https://bugs.launchpad.net/nova/+bug/1100282", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1664", - "https://usn.ubuntu.com/usn/usn-1730-1", - "https://usn.ubuntu.com/usn/usn-1731-1", - "https://usn.ubuntu.com/usn/usn-1734-1", - "https://usn.ubuntu.com/usn/usn-1757-1", - "https://www.djangoproject.com/weblog/2013/feb/19/security/" - ], - "PublishedDate": "2013-04-03T00:55:00Z", - "LastModifiedDate": "2013-05-15T03:35:00Z" - }, - { - "VulnerabilityID": "CVE-2013-1665", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-1665", - "Title": "Python xml bindings: External entity expansion in Python XML libraries inflicts potential security flaws and DoS vulnerabilities", - "Description": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - } - }, - "References": [ - "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html", - "http://bugs.python.org/issue17239", - "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html", - "http://rhn.redhat.com/errata/RHSA-2013-0657.html", - "http://rhn.redhat.com/errata/RHSA-2013-0658.html", - "http://rhn.redhat.com/errata/RHSA-2013-0670.html", - "http://ubuntu.com/usn/usn-1757-1", - "http://www.debian.org/security/2013/dsa-2634", - "http://www.openwall.com/lists/oss-security/2013/02/19/2", - "http://www.openwall.com/lists/oss-security/2013/02/19/4", - "https://bugs.launchpad.net/keystone/+bug/1100279", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1665", - "https://usn.ubuntu.com/usn/usn-1730-1", - "https://usn.ubuntu.com/usn/usn-1757-1", - "https://www.djangoproject.com/weblog/2013/feb/19/security/" - ], - "PublishedDate": "2013-04-03T00:55:00Z", - "LastModifiedDate": "2013-05-15T03:35:00Z" - }, - { - "VulnerabilityID": "CVE-2013-7040", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-7040", - "Title": "python: hash secret can be recovered remotely", - "Description": "Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://bugs.python.org/issue14621", - "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", - "http://www.openwall.com/lists/oss-security/2013/12/09/13", - "http://www.openwall.com/lists/oss-security/2013/12/09/3", - "http://www.securityfocus.com/bid/64194", - "https://support.apple.com/kb/HT205031" - ], - "PublishedDate": "2014-05-19T14:55:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2017-1000158", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000158", - "Title": "python: Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow", - "Description": "CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://python-security.readthedocs.io/vuln/cve-2017-1000158_pystring_decodeescape_integer_overflow.html", - "http://www.securitytracker.com/id/1039890", - "https://bugs.python.org/issue30657", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000158", - "https://github.com/python/cpython/commit/c3c9db89273fabc62ea1b48389d9a3000c1c03ae", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00035.html", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00036.html", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html", - "https://security.gentoo.org/glsa/201805-02", - "https://usn.ubuntu.com/usn/usn-3496-1", - "https://usn.ubuntu.com/usn/usn-3496-2", - "https://usn.ubuntu.com/usn/usn-3496-3", - "https://www.debian.org/security/2018/dsa-4307" - ], - "PublishedDate": "2017-11-17T05:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-14647", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14647", - "Title": "python: Missing salt initialization in _elementtree.c module", - "Description": "Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. Python 3.8, 3.7, 3.6, 3.5, 3.4, 2.7 are believed to be vulnerable.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-909" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-14647.html", - "http://linux.oracle.com/errata/ELSA-2019-2030.html", - "http://www.securityfocus.com/bid/105396", - "http://www.securitytracker.com/id/1041740", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://access.redhat.com/errata/RHSA-2019:2030", - "https://bugs.python.org/issue34623", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14647", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14647", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBJCB2HWOJLP3L7CUQHJHNBHLSVOXJE5/", - "https://usn.ubuntu.com/3817-1/", - "https://usn.ubuntu.com/3817-2/", - "https://usn.ubuntu.com/usn/usn-3817-1", - "https://usn.ubuntu.com/usn/usn-3817-2", - "https://www.debian.org/security/2018/dsa-4306", - "https://www.debian.org/security/2018/dsa-4307" - ], - "PublishedDate": "2018-09-25T00:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20852", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20852", - "Title": "python: Cookie domain check returns incorrect results", - "Description": "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-20852.html", - "http://linux.oracle.com/errata/ELSA-2019-4884.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00071.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00074.html", - "https://bugs.python.org/issue35121", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20852", - "https://lists.debian.org/debian-lts-announce/2019/08/msg00022.html", - "https://python-security.readthedocs.io/vuln/cookie-domain-check.html", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-07-13T21:15:00Z", - "LastModifiedDate": "2019-08-17T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-16056", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16056", - "Title": "python: email.utils.parseaddr wrongly parses email addresses", - "Description": "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugs.python.org/issue34155", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16056", - "https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00018.html", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00019.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K4KZEFP6E4YPYB52AF4WXCUDSGQOTF37/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/", - "https://usn.ubuntu.com/usn/usn-4151-1", - "https://usn.ubuntu.com/usn/usn-4151-2" - ], - "PublishedDate": "2019-09-06T18:15:00Z", - "LastModifiedDate": "2019-09-11T05:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-16935", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16935", - "Title": "python: XSS vulnerability in the documentation XML-RPC server in server_title field", - "Description": "The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-79" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V3Score": 6.1 - } - }, - "References": [ - "https://bugs.python.org/issue38243", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16935", - "https://github.com/python/cpython/blob/35c0809158be7feae4c4f877a08b93baea2d8291/Lib/xmlrpc/server.py#L897", - "https://github.com/python/cpython/blob/e007860b8b3609ce0bc62b1780efaa06241520bd/Lib/DocXMLRPCServer.py#L213", - "https://github.com/python/cpython/pull/16373", - "https://security.netapp.com/advisory/ntap-20191017-0004/", - "https://usn.ubuntu.com/4151-1/", - "https://usn.ubuntu.com/4151-2/", - "https://usn.ubuntu.com/usn/usn-4151-1", - "https://usn.ubuntu.com/usn/usn-4151-2" - ], - "PublishedDate": "2019-09-28T02:15:00Z", - "LastModifiedDate": "2019-10-09T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-18348", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18348", - "Title": "python: CRLF injection via the host part of the url passed to urlopen()", - "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.)", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-74" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "https://bugs.python.org/issue30458#msg347282", - "https://bugzilla.redhat.com/show_bug.cgi?id=1727276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18348", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/", - "https://security.netapp.com/advisory/ntap-20191107-0004/" - ], - "PublishedDate": "2019-10-23T17:15:00Z", - "LastModifiedDate": "2019-11-07T10:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5010", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5010", - "Title": "python: NULL pointer dereference using a specially crafted X509 certificate", - "Description": "An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-5010.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "https://access.redhat.com/errata/RHSA-2019:3520", - "https://access.redhat.com/errata/RHSA-2019:3725", - "https://blog.talosintelligence.com/2019/01/vulnerability-spotlight-pythonorg.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010", - "https://github.com/python/cpython/pull/11569", - "https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0758", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-10-31T21:15:00Z", - "LastModifiedDate": "2019-11-06T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9740", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9740", - "Title": "python: CRLF injection via the query part of the url passed to urlopen()", - "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-93" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V2Score": 4.3, - "V3Score": 6.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9740.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "http://www.securityfocus.com/bid/107466", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://bugs.python.org/issue36276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://python-security.readthedocs.io/vuln/http-header-injection2.html", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-13T03:29:00Z", - "LastModifiedDate": "2019-05-28T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9947", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9947", - "Title": "python: CRLF injection via the path part of the url passed to urlopen()", - "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-93" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V2Score": 4.3, - "V3Score": 6.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9947.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://bugs.python.org/issue35906", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9947", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://python-security.readthedocs.io/vuln/http-header-injection2.html", - "https://security.netapp.com/advisory/ntap-20190404-0004/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-23T18:29:00Z", - "LastModifiedDate": "2019-05-28T19:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9948", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9948", - "Title": "python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms", - "Description": "urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", - "V3Score": 7.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9948.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", - "http://www.securityfocus.com/bid/107549", - "https://bugs.python.org/issue35907", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948", - "https://github.com/python/cpython/pull/11842", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", - "https://security.netapp.com/advisory/ntap-20190404-0004/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-23T18:29:00Z", - "LastModifiedDate": "2019-06-19T02:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1000030", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000030", - "Title": "python: Heap-Buffer-Overflow and Heap-Use-After-Free in Objects/fileobject.c", - "Description": "Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3-\u003eMalloc-\u003eThread1-\u003eFree's-\u003eThread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119", - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "https://bugs.python.org/issue31530", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000030", - "https://drive.google.com/file/d/1oyR9DAZjZK_SCn3mor6NRAYLJS6ueXaY/view", - "https://security.gentoo.org/glsa/201811-02", - "https://usn.ubuntu.com/3817-1/", - "https://usn.ubuntu.com/3817-2/", - "https://usn.ubuntu.com/usn/usn-3817-1", - "https://usn.ubuntu.com/usn/usn-3817-2", - "https://www.dropbox.com/sh/sj3ee7xv55j36k7/AADwP-YfOYikBMuy32e0uvPFa?dl=0" - ], - "PublishedDate": "2018-02-08T17:29:00Z", - "LastModifiedDate": "2019-10-09T23:32:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9674", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9674", - "Title": "python: Nested zip file (Zip bomb) vulnerability in Lib/zipfile.py", - "Description": "Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.", - "Severity": "LOW", - "CweIDs": [ - "CWE-400" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://bugs.python.org/issue36260", - "https://bugs.python.org/issue36462", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9674", - "https://github.com/python/cpython/blob/master/Lib/zipfile.py", - "https://github.com/python/cpython/commit/3ba51d587f6897a45301ce9126300c14fcd4eba2", - "https://python-security.readthedocs.io/security.html#archives-and-zip-bomb", - "https://security.netapp.com/advisory/ntap-20200221-0003/", - "https://www.python.org/news/security/" - ], - "PublishedDate": "2020-02-04T15:15:00Z", - "LastModifiedDate": "2020-02-24T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-10160", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-80.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-10160", - "Title": "python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc", - "Description": "A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 9.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-10160.html", - "http://linux.oracle.com/errata/ELSA-2019-1587.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html", - "https://access.redhat.com/errata/RHSA-2019:1587", - "https://access.redhat.com/errata/RHSA-2019:1700", - "https://access.redhat.com/errata/RHSA-2019:2437", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10160", - "https://github.com/python/cpython/commit/250b62acc59921d399f0db47db3b462cd6037e09", - "https://github.com/python/cpython/commit/8d0ef0b5edeae52960c7ed05ae8a12388324f87e", - "https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de", - "https://github.com/python/cpython/commit/fd1771dbdd28709716bd531580c40ae5ed814468", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/", - "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html", - "https://security.netapp.com/advisory/ntap-20190617-0003/", - "https://usn.ubuntu.com/4127-1/", - "https://usn.ubuntu.com/4127-2/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-06-07T18:29:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9636", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-77.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9636", - "Title": "python: Information Disclosure due to urlsplit improper NFKC normalization", - "Description": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 9.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9636.html", - "http://linux.oracle.com/errata/ELSA-2019-1467.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", - "http://www.securityfocus.com/bid/107400", - "https://access.redhat.com/errata/RHBA-2019:0959", - "https://access.redhat.com/errata/RHSA-2019:0710", - "https://access.redhat.com/errata/RHSA-2019:0765", - "https://access.redhat.com/errata/RHSA-2019:0806", - "https://access.redhat.com/errata/RHSA-2019:0902", - "https://access.redhat.com/errata/RHSA-2019:0981", - "https://access.redhat.com/errata/RHSA-2019:0997", - "https://access.redhat.com/errata/RHSA-2019:1467", - "https://bugs.python.org/issue36216", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636", - "https://github.com/python/cpython/pull/12201", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/", - "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html", - "https://security.netapp.com/advisory/ntap-20190517-0001/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-08T21:29:00Z", - "LastModifiedDate": "2019-06-13T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2013-1664", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-1664", - "Title": "Python xml bindings: Internal entity expansion in Python XML libraries inflicts DoS vulnerabilities", - "Description": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html", - "http://bugs.python.org/issue17239", - "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html", - "http://rhn.redhat.com/errata/RHSA-2013-0657.html", - "http://rhn.redhat.com/errata/RHSA-2013-0658.html", - "http://rhn.redhat.com/errata/RHSA-2013-0670.html", - "http://ubuntu.com/usn/usn-1757-1", - "http://www.openwall.com/lists/oss-security/2013/02/19/2", - "http://www.openwall.com/lists/oss-security/2013/02/19/4", - "https://bugs.launchpad.net/nova/+bug/1100282", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1664", - "https://usn.ubuntu.com/usn/usn-1730-1", - "https://usn.ubuntu.com/usn/usn-1731-1", - "https://usn.ubuntu.com/usn/usn-1734-1", - "https://usn.ubuntu.com/usn/usn-1757-1", - "https://www.djangoproject.com/weblog/2013/feb/19/security/" - ], - "PublishedDate": "2013-04-03T00:55:00Z", - "LastModifiedDate": "2013-05-15T03:35:00Z" - }, - { - "VulnerabilityID": "CVE-2013-1665", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-1665", - "Title": "Python xml bindings: External entity expansion in Python XML libraries inflicts potential security flaws and DoS vulnerabilities", - "Description": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - } - }, - "References": [ - "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html", - "http://bugs.python.org/issue17239", - "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html", - "http://rhn.redhat.com/errata/RHSA-2013-0657.html", - "http://rhn.redhat.com/errata/RHSA-2013-0658.html", - "http://rhn.redhat.com/errata/RHSA-2013-0670.html", - "http://ubuntu.com/usn/usn-1757-1", - "http://www.debian.org/security/2013/dsa-2634", - "http://www.openwall.com/lists/oss-security/2013/02/19/2", - "http://www.openwall.com/lists/oss-security/2013/02/19/4", - "https://bugs.launchpad.net/keystone/+bug/1100279", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1665", - "https://usn.ubuntu.com/usn/usn-1730-1", - "https://usn.ubuntu.com/usn/usn-1757-1", - "https://www.djangoproject.com/weblog/2013/feb/19/security/" - ], - "PublishedDate": "2013-04-03T00:55:00Z", - "LastModifiedDate": "2013-05-15T03:35:00Z" - }, - { - "VulnerabilityID": "CVE-2013-7040", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-7040", - "Title": "python: hash secret can be recovered remotely", - "Description": "Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://bugs.python.org/issue14621", - "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", - "http://www.openwall.com/lists/oss-security/2013/12/09/13", - "http://www.openwall.com/lists/oss-security/2013/12/09/3", - "http://www.securityfocus.com/bid/64194", - "https://support.apple.com/kb/HT205031" - ], - "PublishedDate": "2014-05-19T14:55:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2017-1000158", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000158", - "Title": "python: Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow", - "Description": "CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://python-security.readthedocs.io/vuln/cve-2017-1000158_pystring_decodeescape_integer_overflow.html", - "http://www.securitytracker.com/id/1039890", - "https://bugs.python.org/issue30657", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000158", - "https://github.com/python/cpython/commit/c3c9db89273fabc62ea1b48389d9a3000c1c03ae", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00035.html", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00036.html", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html", - "https://security.gentoo.org/glsa/201805-02", - "https://usn.ubuntu.com/usn/usn-3496-1", - "https://usn.ubuntu.com/usn/usn-3496-2", - "https://usn.ubuntu.com/usn/usn-3496-3", - "https://www.debian.org/security/2018/dsa-4307" - ], - "PublishedDate": "2017-11-17T05:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-14647", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14647", - "Title": "python: Missing salt initialization in _elementtree.c module", - "Description": "Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. Python 3.8, 3.7, 3.6, 3.5, 3.4, 2.7 are believed to be vulnerable.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-909" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-14647.html", - "http://linux.oracle.com/errata/ELSA-2019-2030.html", - "http://www.securityfocus.com/bid/105396", - "http://www.securitytracker.com/id/1041740", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://access.redhat.com/errata/RHSA-2019:2030", - "https://bugs.python.org/issue34623", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14647", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14647", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBJCB2HWOJLP3L7CUQHJHNBHLSVOXJE5/", - "https://usn.ubuntu.com/3817-1/", - "https://usn.ubuntu.com/3817-2/", - "https://usn.ubuntu.com/usn/usn-3817-1", - "https://usn.ubuntu.com/usn/usn-3817-2", - "https://www.debian.org/security/2018/dsa-4306", - "https://www.debian.org/security/2018/dsa-4307" - ], - "PublishedDate": "2018-09-25T00:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20852", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20852", - "Title": "python: Cookie domain check returns incorrect results", - "Description": "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-20852.html", - "http://linux.oracle.com/errata/ELSA-2019-4884.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00071.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00074.html", - "https://bugs.python.org/issue35121", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20852", - "https://lists.debian.org/debian-lts-announce/2019/08/msg00022.html", - "https://python-security.readthedocs.io/vuln/cookie-domain-check.html", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-07-13T21:15:00Z", - "LastModifiedDate": "2019-08-17T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-16056", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16056", - "Title": "python: email.utils.parseaddr wrongly parses email addresses", - "Description": "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugs.python.org/issue34155", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16056", - "https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00018.html", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00019.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K4KZEFP6E4YPYB52AF4WXCUDSGQOTF37/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/", - "https://usn.ubuntu.com/usn/usn-4151-1", - "https://usn.ubuntu.com/usn/usn-4151-2" - ], - "PublishedDate": "2019-09-06T18:15:00Z", - "LastModifiedDate": "2019-09-11T05:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-16935", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16935", - "Title": "python: XSS vulnerability in the documentation XML-RPC server in server_title field", - "Description": "The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-79" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V3Score": 6.1 - } - }, - "References": [ - "https://bugs.python.org/issue38243", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16935", - "https://github.com/python/cpython/blob/35c0809158be7feae4c4f877a08b93baea2d8291/Lib/xmlrpc/server.py#L897", - "https://github.com/python/cpython/blob/e007860b8b3609ce0bc62b1780efaa06241520bd/Lib/DocXMLRPCServer.py#L213", - "https://github.com/python/cpython/pull/16373", - "https://security.netapp.com/advisory/ntap-20191017-0004/", - "https://usn.ubuntu.com/4151-1/", - "https://usn.ubuntu.com/4151-2/", - "https://usn.ubuntu.com/usn/usn-4151-1", - "https://usn.ubuntu.com/usn/usn-4151-2" - ], - "PublishedDate": "2019-09-28T02:15:00Z", - "LastModifiedDate": "2019-10-09T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-18348", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18348", - "Title": "python: CRLF injection via the host part of the url passed to urlopen()", - "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.)", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-74" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "https://bugs.python.org/issue30458#msg347282", - "https://bugzilla.redhat.com/show_bug.cgi?id=1727276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18348", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/", - "https://security.netapp.com/advisory/ntap-20191107-0004/" - ], - "PublishedDate": "2019-10-23T17:15:00Z", - "LastModifiedDate": "2019-11-07T10:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5010", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5010", - "Title": "python: NULL pointer dereference using a specially crafted X509 certificate", - "Description": "An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-5010.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "https://access.redhat.com/errata/RHSA-2019:3520", - "https://access.redhat.com/errata/RHSA-2019:3725", - "https://blog.talosintelligence.com/2019/01/vulnerability-spotlight-pythonorg.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010", - "https://github.com/python/cpython/pull/11569", - "https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0758", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-10-31T21:15:00Z", - "LastModifiedDate": "2019-11-06T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9740", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9740", - "Title": "python: CRLF injection via the query part of the url passed to urlopen()", - "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-93" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V2Score": 4.3, - "V3Score": 6.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9740.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "http://www.securityfocus.com/bid/107466", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://bugs.python.org/issue36276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://python-security.readthedocs.io/vuln/http-header-injection2.html", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-13T03:29:00Z", - "LastModifiedDate": "2019-05-28T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9947", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9947", - "Title": "python: CRLF injection via the path part of the url passed to urlopen()", - "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-93" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V2Score": 4.3, - "V3Score": 6.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9947.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://bugs.python.org/issue35906", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9947", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://python-security.readthedocs.io/vuln/http-header-injection2.html", - "https://security.netapp.com/advisory/ntap-20190404-0004/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-23T18:29:00Z", - "LastModifiedDate": "2019-05-28T19:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9948", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9948", - "Title": "python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms", - "Description": "urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", - "V3Score": 7.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9948.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", - "http://www.securityfocus.com/bid/107549", - "https://bugs.python.org/issue35907", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948", - "https://github.com/python/cpython/pull/11842", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", - "https://security.netapp.com/advisory/ntap-20190404-0004/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-23T18:29:00Z", - "LastModifiedDate": "2019-06-19T02:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1000030", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000030", - "Title": "python: Heap-Buffer-Overflow and Heap-Use-After-Free in Objects/fileobject.c", - "Description": "Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3-\u003eMalloc-\u003eThread1-\u003eFree's-\u003eThread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119", - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "https://bugs.python.org/issue31530", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000030", - "https://drive.google.com/file/d/1oyR9DAZjZK_SCn3mor6NRAYLJS6ueXaY/view", - "https://security.gentoo.org/glsa/201811-02", - "https://usn.ubuntu.com/3817-1/", - "https://usn.ubuntu.com/3817-2/", - "https://usn.ubuntu.com/usn/usn-3817-1", - "https://usn.ubuntu.com/usn/usn-3817-2", - "https://www.dropbox.com/sh/sj3ee7xv55j36k7/AADwP-YfOYikBMuy32e0uvPFa?dl=0" - ], - "PublishedDate": "2018-02-08T17:29:00Z", - "LastModifiedDate": "2019-10-09T23:32:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9674", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9674", - "Title": "python: Nested zip file (Zip bomb) vulnerability in Lib/zipfile.py", - "Description": "Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.", - "Severity": "LOW", - "CweIDs": [ - "CWE-400" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://bugs.python.org/issue36260", - "https://bugs.python.org/issue36462", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9674", - "https://github.com/python/cpython/blob/master/Lib/zipfile.py", - "https://github.com/python/cpython/commit/3ba51d587f6897a45301ce9126300c14fcd4eba2", - "https://python-security.readthedocs.io/security.html#archives-and-zip-bomb", - "https://security.netapp.com/advisory/ntap-20200221-0003/", - "https://www.python.org/news/security/" - ], - "PublishedDate": "2020-02-04T15:15:00Z", - "LastModifiedDate": "2020-02-24T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-7091", - "PkgName": "readline", - "InstalledVersion": "6.2-10.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-7091", - "Title": "sudo: Possible info leak via INPUTRC", - "Description": "sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.9, - "V3Score": 4.4 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N", - "V2Score": 3.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-7091.html", - "http://linux.oracle.com/errata/ELSA-2016-2593.html", - "http://www.securityfocus.com/bid/92615", - "https://lists.gnu.org/archive/html/bug-readline/2016-05/msg00009.html", - "https://rhn.redhat.com/errata/RHSA-2016-2593.html" - ], - "PublishedDate": "2016-12-22T21:59:00Z", - "LastModifiedDate": "2016-12-23T18:17:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7500", - "PkgName": "rpm", - "InstalledVersion": "4.11.3-35.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7500", - "Title": "rpm: Following symlinks to directories when installing packages allows privilege escalation", - "Description": "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1450369", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7500", - "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9", - "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79" - ], - "PublishedDate": "2018-08-13T17:29:00Z", - "LastModifiedDate": "2019-10-09T23:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7501", - "PkgName": "rpm", - "InstalledVersion": "4.11.3-35.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7501", - "Title": "rpm: Following symlinks to files when installing packages allows privilege escalation", - "Description": "It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1452133", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7501", - "https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc", - "https://security.gentoo.org/glsa/201811-22" - ], - "PublishedDate": "2017-11-22T22:29:00Z", - "LastModifiedDate": "2018-11-29T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7500", - "PkgName": "rpm-build-libs", - "InstalledVersion": "4.11.3-35.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7500", - "Title": "rpm: Following symlinks to directories when installing packages allows privilege escalation", - "Description": "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1450369", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7500", - "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9", - "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79" - ], - "PublishedDate": "2018-08-13T17:29:00Z", - "LastModifiedDate": "2019-10-09T23:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7501", - "PkgName": "rpm-build-libs", - "InstalledVersion": "4.11.3-35.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7501", - "Title": "rpm: Following symlinks to files when installing packages allows privilege escalation", - "Description": "It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1452133", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7501", - "https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc", - "https://security.gentoo.org/glsa/201811-22" - ], - "PublishedDate": "2017-11-22T22:29:00Z", - "LastModifiedDate": "2018-11-29T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7500", - "PkgName": "rpm-libs", - "InstalledVersion": "4.11.3-35.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7500", - "Title": "rpm: Following symlinks to directories when installing packages allows privilege escalation", - "Description": "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1450369", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7500", - "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9", - "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79" - ], - "PublishedDate": "2018-08-13T17:29:00Z", - "LastModifiedDate": "2019-10-09T23:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7501", - "PkgName": "rpm-libs", - "InstalledVersion": "4.11.3-35.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7501", - "Title": "rpm: Following symlinks to files when installing packages allows privilege escalation", - "Description": "It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1452133", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7501", - "https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc", - "https://security.gentoo.org/glsa/201811-22" - ], - "PublishedDate": "2017-11-22T22:29:00Z", - "LastModifiedDate": "2018-11-29T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7500", - "PkgName": "rpm-python", - "InstalledVersion": "4.11.3-35.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7500", - "Title": "rpm: Following symlinks to directories when installing packages allows privilege escalation", - "Description": "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1450369", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7500", - "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9", - "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79" - ], - "PublishedDate": "2018-08-13T17:29:00Z", - "LastModifiedDate": "2019-10-09T23:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7501", - "PkgName": "rpm-python", - "InstalledVersion": "4.11.3-35.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7501", - "Title": "rpm: Following symlinks to files when installing packages allows privilege escalation", - "Description": "It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1452133", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7501", - "https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc", - "https://security.gentoo.org/glsa/201811-22" - ], - "PublishedDate": "2017-11-22T22:29:00Z", - "LastModifiedDate": "2018-11-29T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13734", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "FixedVersion": "3.7.17-8.el7_7.1", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13734", - "Title": "sqlite: fts3: improve shadow table corruption detection", - "Description": "Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 8.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-13734.html", - "http://linux.oracle.com/errata/ELSA-2020-0273.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html", - "https://access.redhat.com/errata/RHSA-2019:4238", - "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", - "https://crbug.com/1025466", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13734", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/" - ], - "PublishedDate": "2019-12-10T22:15:00Z", - "LastModifiedDate": "2019-12-16T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5827", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5827", - "Title": "chromium-browser: out-of-bounds access in SQLite", - "Description": "Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 8.8 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html", - "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html", - "https://crbug.com/952406", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5827", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/", - "https://usn.ubuntu.com/usn/usn-4205-1" - ], - "PublishedDate": "2019-06-27T17:15:00Z", - "LastModifiedDate": "2019-07-25T04:15:00Z" - }, - { - "VulnerabilityID": "CVE-2015-7036", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-7036", - "Title": "sqlite: arbitrary code execution on databases with malformed schema", - "Description": "The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API call with a crafted pointer value in the second argument.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 5.1 - } - }, - "References": [ - "http://support.apple.com/kb/HT204941", - "http://support.apple.com/kb/HT204942", - "http://zerodayinitiative.com/advisories/ZDI-15-570/", - "https://security.gentoo.org/glsa/201612-21" - ], - "PublishedDate": "2015-11-22T03:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7000", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7000", - "Title": "chromium-browser: pointer disclosure in sqlite", - "Description": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the \"SQLite\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98767", - "http://www.securityfocus.com/bid/99950", - "https://access.redhat.com/errata/RHSA-2017:1833", - "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7000", - "https://security.gentoo.org/glsa/201709-15", - "https://support.apple.com/HT207797", - "https://support.apple.com/HT207798", - "https://www.debian.org/security/2017/dsa-3926", - "https://www.sqlite.org/bindptr.html" - ], - "PublishedDate": "2018-04-03T06:29:00Z", - "LastModifiedDate": "2018-04-27T18:00:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13751", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13751", - "Title": "sqlite: fts3: improve detection of corrupted records", - "Description": "Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html", - "https://access.redhat.com/errata/RHSA-2019:4238", - "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", - "https://crbug.com/1025465", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13751", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/" - ], - "PublishedDate": "2019-12-10T22:15:00Z", - "LastModifiedDate": "2019-12-16T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13752", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13752", - "Title": "sqlite: fts3: improve shadow table corruption detection", - "Description": "Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html", - "https://access.redhat.com/errata/RHSA-2019:4238", - "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", - "https://crbug.com/1025470", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13752", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/" - ], - "PublishedDate": "2019-12-10T22:15:00Z", - "LastModifiedDate": "2019-12-16T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13753", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13753", - "Title": "sqlite: fts3: incorrectly removed corruption check", - "Description": "Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html", - "https://access.redhat.com/errata/RHSA-2019:4238", - "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", - "https://crbug.com/1025471", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13753", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/" - ], - "PublishedDate": "2019-12-10T22:15:00Z", - "LastModifiedDate": "2019-12-16T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19603", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19603", - "Title": "sqlite: mishandles certain SELECT statements with a nonexistent VIEW, leading to DoS", - "Description": "SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19603", - "https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13", - "https://security.netapp.com/advisory/ntap-20191223-0001/", - "https://www.sqlite.org/" - ], - "PublishedDate": "2019-12-09T19:15:00Z", - "LastModifiedDate": "2020-02-03T14:22:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19645", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19645", - "Title": "sqlite: infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements", - "Description": "alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-674" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19645", - "https://github.com/sqlite/sqlite/commit/38096961c7cd109110ac21d3ed7dad7e0cb0ae06", - "https://security.netapp.com/advisory/ntap-20191223-0001/" - ], - "PublishedDate": "2019-12-09T16:15:00Z", - "LastModifiedDate": "2019-12-23T05:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19880", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19880", - "Title": "sqlite: invalid pointer dereference in exprListAppendList in window.c", - "Description": "exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19880", - "https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54", - "https://security.netapp.com/advisory/ntap-20200114-0001/" - ], - "PublishedDate": "2019-12-18T06:15:00Z", - "LastModifiedDate": "2020-01-14T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19924", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19924", - "Title": "sqlite: incorrect sqlite3WindowRewrite() error handling leads to mishandling certain parser-tree rewriting", - "Description": "SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-755" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V3Score": 5.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19924", - "https://github.com/sqlite/sqlite/commit/8654186b0236d556aa85528c2573ee0b6ab71be3", - "https://security.netapp.com/advisory/ntap-20200114-0003/" - ], - "PublishedDate": "2019-12-24T16:15:00Z", - "LastModifiedDate": "2020-01-14T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-20218", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20218", - "Title": "sqlite: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error", - "Description": "selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-755" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20218", - "https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387" - ], - "PublishedDate": "2020-01-02T14:16:00Z", - "LastModifiedDate": "2020-01-16T20:35:00Z" - }, - { - "VulnerabilityID": "CVE-2019-8457", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-8457", - "Title": "sqlite: heap out-of-bound read in function rtreenode()", - "Description": "SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00074.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8457", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPKYSWCOM3CL66RI76TYVIG6TJ263RXH/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJPFGA45DI4F5MCF2OAACGH3HQOF4G3M/", - "https://security.netapp.com/advisory/ntap-20190606-0002/", - "https://usn.ubuntu.com/4004-1/", - "https://usn.ubuntu.com/4004-2/", - "https://usn.ubuntu.com/4019-1/", - "https://usn.ubuntu.com/4019-2/", - "https://usn.ubuntu.com/usn/usn-4004-1", - "https://usn.ubuntu.com/usn/usn-4004-2", - "https://usn.ubuntu.com/usn/usn-4019-1", - "https://usn.ubuntu.com/usn/usn-4019-2", - "https://www.oracle.com/security-alerts/cpujan2020.html", - "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "https://www.sqlite.org/releaselog/3_28_0.html", - "https://www.sqlite.org/src/info/90acdbfce9c08858" - ], - "PublishedDate": "2019-05-30T16:29:00Z", - "LastModifiedDate": "2020-01-15T20:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6153", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6153", - "Title": "sqlite: Tempdir selection vulnerability", - "Description": "os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4.6, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", - "V2Score": 1.2, - "V3Score": 2.2 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00053.html", - "http://www.openwall.com/lists/oss-security/2016/07/01/1", - "http://www.openwall.com/lists/oss-security/2016/07/01/2", - "http://www.securityfocus.com/bid/91546", - "http://www.sqlite.org/cgi/src/info/67985761aa93fb61", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6153", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IGQTH7V45QVHFDXJAEECHEO3HHD644WZ/", - "https://usn.ubuntu.com/usn/usn-4019-1", - "https://usn.ubuntu.com/usn/usn-4019-2", - "https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt", - "https://www.sqlite.org/releaselog/3_13_0.html", - "https://www.tenable.com/security/tns-2016-20" - ], - "PublishedDate": "2016-09-26T16:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10989", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10989", - "Title": "sqlite: Heap-buffer overflow in the getNodeSize function", - "Description": "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html", - "http://marc.info/?l=sqlite-users\u0026m=149933696214713\u0026w=2", - "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "http://www.securityfocus.com/bid/99502", - "http://www.securitytracker.com/id/1039427", - "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405", - "https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10989", - "https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html", - "https://sqlite.org/src/info/66de6f4a", - "https://sqlite.org/src/vpatch?from=0db20efe201736b3\u0026to=66de6f4a9504ec26", - "https://support.apple.com/HT208112", - "https://support.apple.com/HT208113", - "https://support.apple.com/HT208115", - "https://support.apple.com/HT208144", - "https://usn.ubuntu.com/4019-1/", - "https://usn.ubuntu.com/4019-2/", - "https://usn.ubuntu.com/usn/usn-4019-1", - "https://usn.ubuntu.com/usn/usn-4019-2" - ], - "PublishedDate": "2017-07-07T12:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13685", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13685", - "Title": "sqlite: Local DoS via dump_callback function", - "Description": "The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html", - "http://www.securityfocus.com/bid/100521", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13685", - "https://usn.ubuntu.com/usn/usn-4019-1", - "https://usn.ubuntu.com/usn/usn-4019-2" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2017-08-31T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15286", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15286", - "Title": "sqlite: NULL pointer dereference in tableColumnList", - "Description": "SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never initialized.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101285", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15286", - "https://github.com/Ha0Team/crash-of-sqlite3/blob/master/poc.md" - ], - "PublishedDate": "2017-10-12T08:29:00Z", - "LastModifiedDate": "2017-10-27T14:18:00Z" - }, - { - "VulnerabilityID": "CVE-2018-8740", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-8740", - "Title": "sqlite: NULL pointer dereference with databases with schema corrupted with CREATE TABLE AS allows for denial of service", - "Description": "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html", - "http://www.securityfocus.com/bid/103466", - "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964", - "https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8740", - "https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html", - "https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema", - "https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d\u0026to=d75e67654aa9620b" - ], - "PublishedDate": "2018-03-17T00:29:00Z", - "LastModifiedDate": "2019-05-22T03:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19244", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19244", - "Title": "sqlite: allows a crash if a sub-select uses both DISTINCT and window functions and also has certain ORDER BY usage", - "Description": "sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19244", - "https://github.com/sqlite/sqlite/commit/e59c562b3f6894f84c715772c4b116d7b5c01348", - "https://usn.ubuntu.com/4205-1/", - "https://usn.ubuntu.com/usn/usn-4205-1" - ], - "PublishedDate": "2019-11-25T20:15:00Z", - "LastModifiedDate": "2019-12-04T16:11:00Z" - }, - { - "VulnerabilityID": "CVE-2013-4392", - "PkgName": "systemd", - "InstalledVersion": "219-62.el7_6.5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4392", - "Title": "systemd: TOCTOU race condition when updating file permissions and SELinux security contexts", - "Description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 3.3 - } - }, - "References": [ - "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", - "http://www.openwall.com/lists/oss-security/2013/10/01/9", - "https://bugzilla.redhat.com/show_bug.cgi?id=859060" - ], - "PublishedDate": "2013-10-28T22:55:00Z", - "LastModifiedDate": "2013-12-08T06:00:00Z" - }, - { - "VulnerabilityID": "CVE-2017-18078", - "PkgName": "systemd", - "InstalledVersion": "219-62.el7_6.5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18078", - "Title": "systemd: Unsafe handling of hard links allowing privilege escalation", - "Description": "systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 6.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2018-02/msg00109.html", - "http://packetstormsecurity.com/files/146184/systemd-Local-Privilege-Escalation.html", - "http://www.openwall.com/lists/oss-security/2018/01/29/3", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18078", - "https://github.com/systemd/systemd/issues/7736", - "https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html", - "https://www.exploit-db.com/exploits/43935/", - "https://www.openwall.com/lists/oss-security/2018/01/29/4" - ], - "PublishedDate": "2018-01-29T05:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-15686", - "PkgName": "systemd", - "InstalledVersion": "219-62.el7_6.5", - "FixedVersion": "219-67.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-15686", - "Title": "systemd: line splitting via fgets() allows for state injection during daemon-reexec", - "Description": "A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-502" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 10, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-15686.html", - "http://linux.oracle.com/errata/ELSA-2019-2091.html", - "http://www.securityfocus.com/bid/105747", - "https://access.redhat.com/errata/RHSA-2019:2091", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15686", - "https://github.com/systemd/systemd/pull/10519", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html", - "https://security.gentoo.org/glsa/201810-10", - "https://usn.ubuntu.com/3816-1/", - "https://usn.ubuntu.com/usn/usn-3816-1", - "https://www.exploit-db.com/exploits/45714/" - ], - "PublishedDate": "2018-10-26T14:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16866", - "PkgName": "systemd", - "InstalledVersion": "219-62.el7_6.5", - "FixedVersion": "219-67.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16866", - "Title": "systemd: out-of-bounds read when parsing a crafted syslog message", - "Description": "An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 2.1, - "V3Score": 3.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16866.html", - "http://linux.oracle.com/errata/ELSA-2019-2091.html", - "http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html", - "http://seclists.org/fulldisclosure/2019/May/21", - "http://www.openwall.com/lists/oss-security/2019/05/10/4", - "http://www.securityfocus.com/bid/106527", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16866", - "https://seclists.org/bugtraq/2019/May/25", - "https://security.gentoo.org/glsa/201903-07", - "https://security.netapp.com/advisory/ntap-20190117-0001/", - "https://usn.ubuntu.com/3855-1/", - "https://usn.ubuntu.com/usn/usn-3855-1", - "https://www.debian.org/security/2019/dsa-4367", - "https://www.qualys.com/2019/01/09/system-down/system-down.txt" - ], - "PublishedDate": "2019-01-11T19:29:00Z", - "LastModifiedDate": "2019-05-13T20:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6954", - "PkgName": "systemd", - "InstalledVersion": "219-62.el7_6.5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6954", - "Title": "systemd: Mishandled symlinks in systemd-tmpfiles allows local users to obtain ownership of arbitrary files", - "Description": "systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6954", - "https://github.com/systemd/systemd/issues/7986", - "https://usn.ubuntu.com/3816-1/", - "https://usn.ubuntu.com/3816-2/", - "https://usn.ubuntu.com/usn/usn-3816-1", - "https://usn.ubuntu.com/usn/usn-3816-2" - ], - "PublishedDate": "2018-02-13T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3842", - "PkgName": "systemd", - "InstalledVersion": "219-62.el7_6.5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3842", - "Title": "systemd: Spoofing of XDG_SEAT allows for actions to be checked against \"allow_active\" instead of \"allow_any\"", - "Description": "In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the \"allow_active\" element rather than \"allow_any\".", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.4, - "V3Score": 7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 4.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html", - "http://packetstormsecurity.com/files/152610/systemd-Seat-Verification-Active-Session-Spoofing.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3842", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3842", - "https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STR36RJE4ZZIORMDXRERVBHMPRNRTHAC/", - "https://usn.ubuntu.com/usn/usn-3938-1", - "https://www.exploit-db.com/exploits/46743/" - ], - "PublishedDate": "2019-04-09T21:29:00Z", - "LastModifiedDate": "2019-05-28T00:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6349", - "PkgName": "systemd", - "InstalledVersion": "219-62.el7_6.5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6349", - "Title": "oci-register-machine: information exposure for docker containers", - "Description": "The machinectl command in oci-register-machine allows local users to list running containers and possibly obtain sensitive information by running that command.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 2.1, - "V3Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/07/26/9", - "http://www.openwall.com/lists/oss-security/2016/10/13/7", - "http://www.securityfocus.com/bid/92143", - "https://bugzilla.redhat.com/show_bug.cgi?id=1360634", - "https://github.com/projectatomic/oci-register-machine/pull/22" - ], - "PublishedDate": "2017-03-29T20:59:00Z", - "LastModifiedDate": "2017-04-06T13:33:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16888", - "PkgName": "systemd", - "InstalledVersion": "219-62.el7_6.5", - "FixedVersion": "219-67.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16888", - "Title": "systemd: kills privileged process if unprivileged PIDFile was tampered", - "Description": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20", - "CWE-732" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16888.html", - "http://linux.oracle.com/errata/ELSA-2019-2091.html", - "https://access.redhat.com/errata/RHSA-2019:2091", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16888", - "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74@%3Cuser.cassandra.apache.org%3E", - "https://security.netapp.com/advisory/ntap-20190307-0007/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2019-01-14T22:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-20386", - "PkgName": "systemd", - "InstalledVersion": "219-62.el7_6.5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20386", - "Title": "systemd: a memory leak was discovered in button_open in login/logind-button.c when udev events are received", - "Description": "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 2.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20386", - "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad", - "https://security.netapp.com/advisory/ntap-20200210-0002/", - "https://usn.ubuntu.com/4269-1/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2020-01-21T06:15:00Z", - "LastModifiedDate": "2020-02-10T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2013-4392", - "PkgName": "systemd-libs", - "InstalledVersion": "219-62.el7_6.5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4392", - "Title": "systemd: TOCTOU race condition when updating file permissions and SELinux security contexts", - "Description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 3.3 - } - }, - "References": [ - "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", - "http://www.openwall.com/lists/oss-security/2013/10/01/9", - "https://bugzilla.redhat.com/show_bug.cgi?id=859060" - ], - "PublishedDate": "2013-10-28T22:55:00Z", - "LastModifiedDate": "2013-12-08T06:00:00Z" - }, - { - "VulnerabilityID": "CVE-2017-18078", - "PkgName": "systemd-libs", - "InstalledVersion": "219-62.el7_6.5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18078", - "Title": "systemd: Unsafe handling of hard links allowing privilege escalation", - "Description": "systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 6.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2018-02/msg00109.html", - "http://packetstormsecurity.com/files/146184/systemd-Local-Privilege-Escalation.html", - "http://www.openwall.com/lists/oss-security/2018/01/29/3", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18078", - "https://github.com/systemd/systemd/issues/7736", - "https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html", - "https://www.exploit-db.com/exploits/43935/", - "https://www.openwall.com/lists/oss-security/2018/01/29/4" - ], - "PublishedDate": "2018-01-29T05:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-15686", - "PkgName": "systemd-libs", - "InstalledVersion": "219-62.el7_6.5", - "FixedVersion": "219-67.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-15686", - "Title": "systemd: line splitting via fgets() allows for state injection during daemon-reexec", - "Description": "A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-502" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 10, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-15686.html", - "http://linux.oracle.com/errata/ELSA-2019-2091.html", - "http://www.securityfocus.com/bid/105747", - "https://access.redhat.com/errata/RHSA-2019:2091", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15686", - "https://github.com/systemd/systemd/pull/10519", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html", - "https://security.gentoo.org/glsa/201810-10", - "https://usn.ubuntu.com/3816-1/", - "https://usn.ubuntu.com/usn/usn-3816-1", - "https://www.exploit-db.com/exploits/45714/" - ], - "PublishedDate": "2018-10-26T14:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16866", - "PkgName": "systemd-libs", - "InstalledVersion": "219-62.el7_6.5", - "FixedVersion": "219-67.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16866", - "Title": "systemd: out-of-bounds read when parsing a crafted syslog message", - "Description": "An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 2.1, - "V3Score": 3.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16866.html", - "http://linux.oracle.com/errata/ELSA-2019-2091.html", - "http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html", - "http://seclists.org/fulldisclosure/2019/May/21", - "http://www.openwall.com/lists/oss-security/2019/05/10/4", - "http://www.securityfocus.com/bid/106527", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16866", - "https://seclists.org/bugtraq/2019/May/25", - "https://security.gentoo.org/glsa/201903-07", - "https://security.netapp.com/advisory/ntap-20190117-0001/", - "https://usn.ubuntu.com/3855-1/", - "https://usn.ubuntu.com/usn/usn-3855-1", - "https://www.debian.org/security/2019/dsa-4367", - "https://www.qualys.com/2019/01/09/system-down/system-down.txt" - ], - "PublishedDate": "2019-01-11T19:29:00Z", - "LastModifiedDate": "2019-05-13T20:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6954", - "PkgName": "systemd-libs", - "InstalledVersion": "219-62.el7_6.5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6954", - "Title": "systemd: Mishandled symlinks in systemd-tmpfiles allows local users to obtain ownership of arbitrary files", - "Description": "systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6954", - "https://github.com/systemd/systemd/issues/7986", - "https://usn.ubuntu.com/3816-1/", - "https://usn.ubuntu.com/3816-2/", - "https://usn.ubuntu.com/usn/usn-3816-1", - "https://usn.ubuntu.com/usn/usn-3816-2" - ], - "PublishedDate": "2018-02-13T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3842", - "PkgName": "systemd-libs", - "InstalledVersion": "219-62.el7_6.5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3842", - "Title": "systemd: Spoofing of XDG_SEAT allows for actions to be checked against \"allow_active\" instead of \"allow_any\"", - "Description": "In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the \"allow_active\" element rather than \"allow_any\".", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.4, - "V3Score": 7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 4.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html", - "http://packetstormsecurity.com/files/152610/systemd-Seat-Verification-Active-Session-Spoofing.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3842", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3842", - "https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STR36RJE4ZZIORMDXRERVBHMPRNRTHAC/", - "https://usn.ubuntu.com/usn/usn-3938-1", - "https://www.exploit-db.com/exploits/46743/" - ], - "PublishedDate": "2019-04-09T21:29:00Z", - "LastModifiedDate": "2019-05-28T00:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6349", - "PkgName": "systemd-libs", - "InstalledVersion": "219-62.el7_6.5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6349", - "Title": "oci-register-machine: information exposure for docker containers", - "Description": "The machinectl command in oci-register-machine allows local users to list running containers and possibly obtain sensitive information by running that command.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 2.1, - "V3Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/07/26/9", - "http://www.openwall.com/lists/oss-security/2016/10/13/7", - "http://www.securityfocus.com/bid/92143", - "https://bugzilla.redhat.com/show_bug.cgi?id=1360634", - "https://github.com/projectatomic/oci-register-machine/pull/22" - ], - "PublishedDate": "2017-03-29T20:59:00Z", - "LastModifiedDate": "2017-04-06T13:33:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16888", - "PkgName": "systemd-libs", - "InstalledVersion": "219-62.el7_6.5", - "FixedVersion": "219-67.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16888", - "Title": "systemd: kills privileged process if unprivileged PIDFile was tampered", - "Description": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20", - "CWE-732" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16888.html", - "http://linux.oracle.com/errata/ELSA-2019-2091.html", - "https://access.redhat.com/errata/RHSA-2019:2091", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16888", - "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74@%3Cuser.cassandra.apache.org%3E", - "https://security.netapp.com/advisory/ntap-20190307-0007/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2019-01-14T22:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-20386", - "PkgName": "systemd-libs", - "InstalledVersion": "219-62.el7_6.5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20386", - "Title": "systemd: a memory leak was discovered in button_open in login/logind-button.c when udev events are received", - "Description": "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 2.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20386", - "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad", - "https://security.netapp.com/advisory/ntap-20200210-0002/", - "https://usn.ubuntu.com/4269-1/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2020-01-21T06:15:00Z", - "LastModifiedDate": "2020-02-10T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6321", - "PkgName": "tar", - "InstalledVersion": "2:1.26-35.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6321", - "Title": "tar: Bypassing the extract path name", - "Description": "Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-22" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 5.1 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d", - "http://lists.gnu.org/archive/html/bug-tar/2016-10/msg00016.html", - "http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html", - "http://seclists.org/fulldisclosure/2016/Oct/102", - "http://seclists.org/fulldisclosure/2016/Oct/96", - "http://www.debian.org/security/2016/dsa-3702", - "http://www.securityfocus.com/bid/93937", - "http://www.ubuntu.com/usn/USN-3132-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6321", - "https://security.gentoo.org/glsa/201611-19", - "https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt", - "https://sintonen.fi/advisories/tar-extract-pathname-bypass.txt", - "https://usn.ubuntu.com/usn/usn-3132-1" - ], - "PublishedDate": "2016-12-09T22:59:00Z", - "LastModifiedDate": "2017-07-01T01:30:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20482", - "PkgName": "tar", - "InstalledVersion": "2:1.26-35.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20482", - "Title": "tar: Infinite read loop in sparse_dump_region function in sparse.c", - "Description": "GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42ccd1e2377945fd0414eca1a49294bff454", - "http://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html", - "http://www.securityfocus.com/bid/106354", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20482", - "https://lists.debian.org/debian-lts-announce/2018/12/msg00023.html", - "https://news.ycombinator.com/item?id=18745431", - "https://security.gentoo.org/glsa/201903-05", - "https://twitter.com/thatcks/status/1076166645708668928", - "https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug" - ], - "PublishedDate": "2018-12-26T18:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9923", - "PkgName": "tar", - "InstalledVersion": "2:1.26-35.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9923", - "Title": "tar: null-pointer dereference in pax_decode_header in sparse.c", - "Description": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html", - "http://savannah.gnu.org/bugs/?55369", - "https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241" - ], - "PublishedDate": "2019-03-22T08:29:00Z", - "LastModifiedDate": "2019-04-24T19:02:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9114", - "PkgName": "util-linux", - "InstalledVersion": "2.23.2-59.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9114", - "Title": "util-linux: command injection flaw in blkid", - "Description": "Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-77" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V2Score": 6.2 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146229.html", - "http://lists.opensuse.org/opensuse-updates/2015-01/msg00035.html", - "http://www.openwall.com/lists/oss-security/2014/11/26/21", - "http://www.securityfocus.com/bid/71327", - "https://bugzilla.redhat.com/show_bug.cgi?id=1168485", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9114", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/98993", - "https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc", - "https://security.gentoo.org/glsa/201612-14" - ], - "PublishedDate": "2017-03-31T16:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2779", - "PkgName": "util-linux", - "InstalledVersion": "2.23.2-59.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", - "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", - "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 6.2, - "V3Score": 8.6 - } - }, - "References": [ - "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", - "http://www.openwall.com/lists/oss-security/2016/02/27/1", - "http://www.openwall.com/lists/oss-security/2016/02/27/2", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" - ], - "PublishedDate": "2017-02-07T15:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5218", - "PkgName": "util-linux", - "InstalledVersion": "2.23.2-59.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5218", - "Title": "colcrt: global-buffer-overflow", - "Description": "Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2015-11/msg00035.html", - "http://www.spinics.net/lists/util-linux-ng/msg11873.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=1259322", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5218", - "https://github.com/kerolasa/lelux-utiliteetit/commit/70e3fcf293c1827a2655a86584ab13075124a8a8", - "https://github.com/kerolasa/lelux-utiliteetit/commit/d883d64d96ab9bef510745d064a351145b9babec", - "https://www.kernel.org/pub/linux/utils/util-linux/v2.27/v2.27-ReleaseNotes" - ], - "PublishedDate": "2015-11-09T16:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2019-12735", - "PkgName": "vim-minimal", - "InstalledVersion": "2:7.4.160-5.el7", - "FixedVersion": "2:7.4.160-6.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12735", - "Title": "vim/neovim: ':source!' command allows arbitrary command execution via modelines", - "Description": "getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-78" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 9.3, - "V3Score": 8.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 6.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-12735.html", - "http://linux.oracle.com/errata/ELSA-2019-1774.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00031.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00036.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00037.html", - "http://www.securityfocus.com/bid/108724", - "https://bugs.debian.org/930020", - "https://bugs.debian.org/930024", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12735", - "https://github.com/neovim/neovim/pull/10082", - "https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md", - "https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2BMDSHTF754TITC6AQJPCS5IRIDMMIM7/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRIRBC2YRGKPAWVRMZS4SZTGGCVRVZPR/", - "https://usn.ubuntu.com/4016-1/", - "https://usn.ubuntu.com/4016-2/", - "https://usn.ubuntu.com/usn/usn-4016-1", - "https://usn.ubuntu.com/usn/usn-4016-2", - "https://www.debian.org/security/2019/dsa-4467" - ], - "PublishedDate": "2019-06-05T14:29:00Z", - "LastModifiedDate": "2019-06-13T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-1000382", - "PkgName": "vim-minimal", - "InstalledVersion": "2:7.4.160-5.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000382", - "Title": "vim: Ignores umask when creating a swap file", - "Description": "VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file (\"[ORIGINAL_FILENAME].swp\") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 2.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.5 - } - }, - "References": [ - "http://security.cucumberlinux.com/security/details.php?id=120", - "http://www.openwall.com/lists/oss-security/2017/10/31/1" - ], - "PublishedDate": "2017-10-31T20:29:00Z", - "LastModifiedDate": "2017-11-27T16:24:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11109", - "PkgName": "vim-minimal", - "InstalledVersion": "2:7.4.160-5.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11109", - "Title": "vim: Use-after-free via crafted file", - "Description": "Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. NOTE: there might be a limited number of scenarios in which this has security relevance.", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1468492", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11109", - "https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11109.html", - "https://www.mail-archive.com/vim_dev@googlegroups.com/msg45274.html" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2019-08-03T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17087", - "PkgName": "vim-minimal", - "InstalledVersion": "2:7.4.160-5.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17087", - "Title": "vim: Sets the group ownership of a .swp file to the editor's primary group", - "Description": "fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 2.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.5 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2017/11/27/2", - "http://security.cucumberlinux.com/security/details.php?id=166", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17087", - "https://github.com/vim/vim/commit/5a73e0ca54c77e067c3b12ea6f35e3e8681e8cf8", - "https://groups.google.com/d/msg/vim_dev/sRT9BtjLWMk/BRtSXNU4BwAJ", - "https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html" - ], - "PublishedDate": "2017-12-01T08:29:00Z", - "LastModifiedDate": "2019-08-03T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2017-5953", - "PkgName": "vim-minimal", - "InstalledVersion": "2:7.4.160-5.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-5953", - "Title": "vim: Tree length values not validated properly when handling a spell file", - "Description": "vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.5 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3786", - "http://www.securityfocus.com/bid/96217", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5953", - "https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d", - "https://groups.google.com/forum/#!topic/vim_dev/t-3RSdEnrHY", - "https://security.gentoo.org/glsa/201706-26", - "https://usn.ubuntu.com/4016-1/", - "https://usn.ubuntu.com/usn/usn-4016-1" - ], - "PublishedDate": "2017-02-10T07:59:00Z", - "LastModifiedDate": "2019-06-11T20:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-6350", - "PkgName": "vim-minimal", - "InstalledVersion": "2:7.4.160-5.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6350", - "Title": "vim: Integer overflow at an unserialize_uep memory allocation site", - "Description": "An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/96448", - "http://www.securitytracker.com/id/1037949", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6350", - "https://github.com/vim/vim/commit/0c8485f0e4931463c0f7986e1ea84a7d79f10c75", - "https://groups.google.com/forum/#!topic/vim_dev/L_dOHOOiQ5Q", - "https://groups.google.com/forum/#!topic/vim_dev/QPZc0CY9j3Y", - "https://security.gentoo.org/glsa/201706-26" - ], - "PublishedDate": "2017-02-27T07:59:00Z", - "LastModifiedDate": "2018-08-13T21:47:00Z" + "config": { + "Cmd": [ + "/bin/bash" + ], + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + ], + "Image": "sha256:294e8d8145287e70f07328cc09d840fad8980b801223321b983442f097aff0d8", + "Labels": { + "org.label-schema.build-date": "20190305", + "org.label-schema.license": "GPLv2", + "org.label-schema.name": "CentOS Base Image", + "org.label-schema.schema-version": "1.0", + "org.label-schema.vendor": "CentOS" + }, + "ArgsEscaped": true } - ] - } -] \ No newline at end of file + } + }, + "Results": [ + { + "Target": "testdata/fixtures/images/centos-7.tar.gz (centos 7.6.1810)", + "Class": "os-pkgs", + "Type": "centos", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2015-5186", + "PkgName": "audit-libs", + "InstalledVersion": "2.8.4-4.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5186", + "Title": "Audit: log terminal emulator escape sequences handling", + "Description": "Audit before 2.4.4 in Linux does not sanitize escape characters in filenames.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V2Score": 4.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2015/08/13/9", + "http://www.securityfocus.com/bid/76840", + "https://bugzilla.redhat.com/show_bug.cgi?id=1251621", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5186", + "https://people.redhat.com/sgrubb/audit/ChangeLog" + ], + "PublishedDate": "2017-09-06T21:29:00Z", + "LastModifiedDate": "2017-09-13T11:17:00Z" + }, + { + "VulnerabilityID": "CVE-2012-6711", + "PkgName": "bash", + "InstalledVersion": "4.2.46-31.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2012-6711", + "Title": "bash: heap-based buffer overflow during echo of unsupported characters", + "Description": "A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to print through the \"echo -e\" built-in function, may use this flaw to crash a script or execute code with the privileges of the bash process. This occurs because ansicstr() in lib/sh/strtrans.c mishandles u32cconv().", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/bash.git/commit/?h=devel\u0026id=863d31ae775d56b785dc5b0105b6d251515d81d5", + "http://www.securityfocus.com/bid/108824", + "https://bugzilla.redhat.com/show_bug.cgi?id=1721071", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6711" + ], + "PublishedDate": "2019-06-18T18:15:00Z", + "LastModifiedDate": "2019-06-20T09:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9924", + "PkgName": "bash", + "InstalledVersion": "4.2.46-31.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9924", + "Title": "bash: BASH_CMD is writable in restricted bash shells", + "Description": "rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/bash.git/tree/CHANGES?h=bash-4.4-testing#n65", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00049.html", + "https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1803441", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9924", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00028.html", + "https://lists.gnu.org/archive/html/bug-bash/2017-03/msg00077.html", + "https://security.netapp.com/advisory/ntap-20190411-0001/", + "https://usn.ubuntu.com/usn/usn-4058-1", + "https://usn.ubuntu.com/usn/usn-4058-2" + ], + "PublishedDate": "2019-03-22T08:29:00Z", + "LastModifiedDate": "2019-04-11T22:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-18276", + "PkgName": "bash", + "InstalledVersion": "4.2.46-31.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18276", + "Title": "bash: when effective UID is not equal to its real UID the saved UID is not dropped", + "Description": "An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support \"saved UID\" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use \"enable -f\" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.", + "Severity": "LOW", + "CweIDs": [ + "CWE-273" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V2Score": 7.2 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276", + "https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff", + "https://www.youtube.com/watch?v=-wGtxJ8opa8" + ], + "PublishedDate": "2019-11-28T01:15:00Z", + "LastModifiedDate": "2020-01-22T14:27:00Z" + }, + { + "VulnerabilityID": "CVE-2018-5743", + "PkgName": "bind-license", + "InstalledVersion": "32:9.9.4-73.el7_6", + "FixedVersion": "32:9.9.4-74.el7_6.1", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5743", + "Title": "bind: Limiting simultaneous TCP clients is ineffective", + "Description": "By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.6, 9.12.0 -\u003e 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -\u003e 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -\u003e 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", + "V3Score": 8.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-5743.html", + "http://linux.oracle.com/errata/ELSA-2019-1492.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743", + "https://kb.isc.org/docs/cve-2018-5743", + "https://support.f5.com/csp/article/K74009656?utm_source=f5support\u0026amp;utm_medium=RSS", + "https://usn.ubuntu.com/usn/usn-3956-1", + "https://usn.ubuntu.com/usn/usn-3956-2", + "https://www.synology.com/security/advisory/Synology_SA_19_20" + ], + "PublishedDate": "2019-10-09T16:15:00Z", + "LastModifiedDate": "2019-12-18T18:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-5741", + "PkgName": "bind-license", + "InstalledVersion": "32:9.9.4-73.el7_6", + "FixedVersion": "32:9.11.4-9.P2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5741", + "Title": "bind: Incorrect documentation of krb5-subdomain and ms-subdomain update policies", + "Description": "To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-254" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 4, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-5741.html", + "http://linux.oracle.com/errata/ELSA-2019-2057.html", + "http://www.securityfocus.com/bid/105379", + "http://www.securitytracker.com/id/1041674", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5741", + "https://kb.isc.org/docs/cve-2018-5741", + "https://security.gentoo.org/glsa/201903-13", + "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03927en_us" + ], + "PublishedDate": "2019-01-16T20:29:00Z", + "LastModifiedDate": "2019-07-26T22:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-6477", + "PkgName": "bind-license", + "InstalledVersion": "32:9.9.4-73.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-6477", + "Title": "bind: TCP Pipelining doesn't limit TCP clients on a single connection", + "Description": "With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the server has been provisioned to handle. When a TCP connection with a large number of pipelined queries is closed, the load on the server releasing these multiple resources can cause it to become unresponsive, even for queries that can be answered authoritatively or from cache. (This is most likely to be perceived as an intermittent server problem).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-400" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6477", + "https://kb.isc.org/docs/cve-2019-6477", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3DEMNZMKR57VQJCG5ZN55ZGTQRL2TFQ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XGURMGQHX45KR4QDRCSUQHODUFOGNGAN/", + "https://support.f5.com/csp/article/K15840535?utm_source=f5support\u0026amp;utm_medium=RSS", + "https://usn.ubuntu.com/usn/usn-4197-1", + "https://www.synology.com/security/advisory/Synology_SA_19_39" + ], + "PublishedDate": "2019-11-26T16:15:00Z", + "LastModifiedDate": "2019-12-18T18:30:00Z" + }, + { + "VulnerabilityID": "CVE-2013-5661", + "PkgName": "bind-license", + "InstalledVersion": "32:9.9.4-73.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-5661", + "Title": "DNS response rate limiting can simplify cache poisoning attacks", + "Description": "Cache Poisoning issue exists in DNS Response Rate Limiting.", + "Severity": "LOW", + "CweIDs": [ + "CWE-290" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", + "V2Score": 2.6 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", + "V2Score": 2.6 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5661", + "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5661", + "https://security-tracker.debian.org/tracker/CVE-2013-5661" + ], + "PublishedDate": "2019-11-05T19:15:00Z", + "LastModifiedDate": "2019-11-08T19:04:00Z" + }, + { + "VulnerabilityID": "CVE-2016-6170", + "PkgName": "bind-license", + "InstalledVersion": "32:9.9.4-73.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6170", + "Title": "bind: Improper restriction of zone size limit", + "Description": "ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4, + "V3Score": 6.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4, + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/07/06/3", + "http://www.securityfocus.com/bid/91611", + "http://www.securitytracker.com/id/1036241", + "https://bugzilla.redhat.com/show_bug.cgi?id=1353563", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6170", + "https://github.com/sischkg/xfer-limit/blob/master/README.md", + "https://kb.isc.org/article/AA-01390", + "https://kb.isc.org/article/AA-01390/0/Operational-Notification%3A-A-party-that-is-allowed-control-over-zone-data-can-overwhelm-a-server-by-transferring-huge-quantities-of-data.html", + "https://kb.isc.org/article/AA-01390/169/CVE-2016-6170", + "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html", + "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015073.html", + "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015075.html", + "https://security.gentoo.org/glsa/201610-07" + ], + "PublishedDate": "2016-07-06T14:59:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-5745", + "PkgName": "bind-license", + "InstalledVersion": "32:9.9.4-73.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5745", + "Title": "bind: An assertion failure if a trust anchor rolls over to an unsupported key algorithm when using managed-keys", + "Description": "\"managed-keys\" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. Versions affected: BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.5-P1, 9.12.0 -\u003e 9.12.3-P1, and versions 9.9.3-S1 -\u003e 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -\u003e 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745.", + "Severity": "LOW", + "CweIDs": [ + "CWE-327" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", + "V2Score": 3.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 4.9 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-5745.html", + "http://linux.oracle.com/errata/ELSA-2019-3552.html", + "https://access.redhat.com/errata/RHSA-2019:3552", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5745", + "https://kb.isc.org/docs/cve-2018-5745", + "https://usn.ubuntu.com/usn/usn-3893-1", + "https://usn.ubuntu.com/usn/usn-3893-2" + ], + "PublishedDate": "2019-10-09T16:15:00Z", + "LastModifiedDate": "2019-11-06T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-6465", + "PkgName": "bind-license", + "InstalledVersion": "32:9.9.4-73.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-6465", + "Title": "bind: Controls for zone transfers may not be properly applied to DLZs if the zones are writable", + "Description": "Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.5-P2, 9.12.0 -\u003e 9.12.3-P2, and versions 9.9.3-S1 -\u003e 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -\u003e 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465.", + "Severity": "LOW", + "CweIDs": [ + "CWE-732" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-6465.html", + "http://linux.oracle.com/errata/ELSA-2019-3552.html", + "https://access.redhat.com/errata/RHSA-2019:3552", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6465", + "https://kb.isc.org/docs/cve-2019-6465", + "https://usn.ubuntu.com/usn/usn-3893-1", + "https://usn.ubuntu.com/usn/usn-3893-2" + ], + "PublishedDate": "2019-10-09T16:15:00Z", + "LastModifiedDate": "2019-12-16T16:57:00Z" + }, + { + "VulnerabilityID": "CVE-2017-6965", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6965", + "Title": "binutils: Heap-based buffer overflow in target_specific_reloc_handling in readelf", + "Description": "readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6965", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21137" + ], + "PublishedDate": "2017-03-17T09:59:00Z", + "LastModifiedDate": "2017-09-19T01:36:00Z" + }, + { + "VulnerabilityID": "CVE-2017-6966", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6966", + "Title": "binutils: Use-after-free in target_specific_reloc_handling in readelf", + "Description": "readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6966", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21139" + ], + "PublishedDate": "2017-03-17T09:59:00Z", + "LastModifiedDate": "2017-09-19T01:36:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1000876", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "FixedVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000876", + "Title": "binutils: integer overflow leads to heap-based buffer overflow in objdump", + "Description": "binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-1000876.html", + "http://linux.oracle.com/errata/ELSA-2019-2075.html", + "http://www.securityfocus.com/bid/106304", + "https://access.redhat.com/errata/RHSA-2019:2075", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000876", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23994", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3a551c7a1b80fca579461774860574eabfd7f18f" + ], + "PublishedDate": "2018-12-20T17:29:00Z", + "LastModifiedDate": "2019-08-06T15:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20673", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20673", + "Title": "libiberty: Integer overflow in demangle_template() function", + "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106454", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24039" + ], + "PublishedDate": "2019-01-04T18:29:00Z", + "LastModifiedDate": "2019-01-15T14:36:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9074", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9074", + "Title": "binutils: out-of-bound read in function bfd_getl32 in libbfd.c", + "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://security.netapp.com/advisory/ntap-20190314-0003/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24235", + "https://support.f5.com/csp/article/K09092524" + ], + "PublishedDate": "2019-02-24T00:29:00Z", + "LastModifiedDate": "2019-05-23T23:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9075", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9075", + "Title": "binutils: heap-based buffer overflow in function _bfd_archive_64_bit_slurp_armap in archive64.c", + "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://security.netapp.com/advisory/ntap-20190314-0003/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24236", + "https://support.f5.com/csp/article/K42059040" + ], + "PublishedDate": "2019-02-24T00:29:00Z", + "LastModifiedDate": "2019-05-23T23:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9077", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9077", + "Title": "binutils: heap-based buffer overflow in function process_mips_specific in readelf.c", + "Description": "An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/107139", + "https://security.netapp.com/advisory/ntap-20190314-0003/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24243", + "https://support.f5.com/csp/article/K00056379" + ], + "PublishedDate": "2019-02-24T00:29:00Z", + "LastModifiedDate": "2019-05-24T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2014-9939", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9939", + "Title": "binutils: buffer overflow in ihex.c", + "Description": "ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", + "V2Score": 1.2 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2015/07/31/6", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9939", + "https://sourceware.org/bugzilla/show_bug.cgi?id=18750", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e27a9d5f22f9f7ead11738b1546d0b5c737266b", + "https://usn.ubuntu.com/usn/usn-3367-1" + ], + "PublishedDate": "2017-03-21T06:59:00Z", + "LastModifiedDate": "2017-03-22T19:12:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8538", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8538", + "Title": "libdwarf: Out-of-bounds read in dwarf_leb.c", + "Description": "dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV).", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "V2Score": 1.7 + } + }, + "References": [ + "http://sourceforge.net/p/libdwarf/code/ci/da724a0bc5eec8e9ec0b0cb0c238a80e34466459/", + "http://www.openwall.com/lists/oss-security/2015/12/09/2", + "http://www.openwall.com/lists/oss-security/2015/12/10/3", + "https://bugzilla.redhat.com/show_bug.cgi?id=1289385", + "https://bugzilla.redhat.com/show_bug.cgi?id=1291299", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8538" + ], + "PublishedDate": "2017-06-07T20:29:00Z", + "LastModifiedDate": "2017-06-14T18:17:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2226", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2226", + "Title": "gcc: Exploitable buffer overflow", + "Description": "Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190", + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V2Score": 6.8, + "V3Score": 3.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90103", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1", + "https://www.exploit-db.com/exploits/42386/" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-08-12T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4487", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4487", + "Title": "gcc: Invalid write due to a use-after-free to array btypevec", + "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"btypevec.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V2Score": 2.6, + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90025", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", + "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4488", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4488", + "Title": "gcc: Invalid write due to a use-after-free to array ktypevec", + "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"ktypevec.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V2Score": 5.1, + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90025", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", + "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4489", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4489", + "Title": "gcc: Invalid write due to integer overflow", + "Description": "Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the \"demangling of virtual tables.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 4, + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90017", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4490", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4490", + "Title": "gcc: Write access violation", + "Description": "Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 4, + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90019", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4491", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4491", + "Title": "gcc: Stack overflow due to infinite recursion in d_print_comp", + "Description": "The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90016", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909", + "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4492", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4492", + "Title": "gcc: Read access violations", + "Description": "Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 4.4 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 2.6, + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90014", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", + "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4493", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4493", + "Title": "gcc: Read access violations", + "Description": "The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 2.6, + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90014", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", + "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12449", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12449", + "Title": "binutils: out of bounds heap read in _bfd_vms_save_sized_string function", + "Description": "The _bfd_vms_save_sized_string function in vms-misc.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12449", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21840" + ], + "PublishedDate": "2017-08-04T15:29:00Z", + "LastModifiedDate": "2017-08-07T18:39:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12451", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12451", + "Title": "binutils: out of bounds stack read in _bfd_xcoff_read_ar_hdr function", + "Description": "The _bfd_xcoff_read_ar_hdr function in bfd/coff-rs6000.c and bfd/coff64-rs6000.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds stack read via a crafted COFF image file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12451", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21786" + ], + "PublishedDate": "2017-08-04T15:29:00Z", + "LastModifiedDate": "2017-08-07T18:37:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12452", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12452", + "Title": "binutils: out of bounds heap read in bfd_mach_o_i386_canonicalize_one_reloc function", + "Description": "The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted mach-o file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12452", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21813" + ], + "PublishedDate": "2017-08-04T15:29:00Z", + "LastModifiedDate": "2017-08-07T18:36:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12453", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12453", + "Title": "binutils: out of bounds heap read in __bfd_vms_slurp_eeom function", + "Description": "The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12453", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21813" + ], + "PublishedDate": "2017-08-04T15:29:00Z", + "LastModifiedDate": "2017-08-07T18:35:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12454", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12454", + "Title": "binutils: Arbitrary memory read in _bfd_vms_slurp_egs function", + "Description": "The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an arbitrary memory read via a crafted vms alpha file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12454", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21813" + ], + "PublishedDate": "2017-08-04T15:29:00Z", + "LastModifiedDate": "2017-08-07T13:05:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12455", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12455", + "Title": "binutils: out of bounds heap read in evax_bfd_print_emh function", + "Description": "The evax_bfd_print_emh function in vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12455", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21840" + ], + "PublishedDate": "2017-08-04T15:29:00Z", + "LastModifiedDate": "2017-08-07T13:05:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12456", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12456", + "Title": "binutils: out of bounds heap read in read_symbol_stabs_debugging_inf function", + "Description": "The read_symbol_stabs_debugging_info function in rddbg.c in GNU Binutils 2.29 and earlier allows remote attackers to cause an out of bounds heap read via a crafted binary file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12456", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21813" + ], + "PublishedDate": "2017-08-04T15:29:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12457", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12457", + "Title": "binutils: NULL pointer dereference in bfd_make_section_with_flags function", + "Description": "The bfd_make_section_with_flags function in section.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a NULL dereference via a crafted file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12457", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21840" + ], + "PublishedDate": "2017-08-04T15:29:00Z", + "LastModifiedDate": "2017-08-07T13:20:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12458", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12458", + "Title": "binutils: out of bounds heap read in nlm_swap_auxiliary_headers_in function", + "Description": "The nlm_swap_auxiliary_headers_in function in bfd/nlmcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted nlm file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12458", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21840" + ], + "PublishedDate": "2017-08-04T15:29:00Z", + "LastModifiedDate": "2017-08-07T14:23:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12799", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12799", + "Title": "binutils: Heap-based 1 byte buffer over-write in elf_read_notes function in bfd/elf.c", + "Description": "The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/100292", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12799", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21933" + ], + "PublishedDate": "2017-08-10T18:29:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12967", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12967", + "Title": "binutils: Stack-based buffer over-read in getsym function in tekhex.c", + "Description": "The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/100462", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12967", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21962" + ], + "PublishedDate": "2017-08-19T16:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13710", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13710", + "Title": "binutils: NULL pointer dereference in the setup_group function", + "Description": "The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a group section that is too small.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/100499", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13710", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0c54f69295208331faab9bc5e995111a35672f9b", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d6f8dea6798528de0fc762409595251eeeb1f547" + ], + "PublishedDate": "2017-08-27T16:29:00Z", + "LastModifiedDate": "2017-08-30T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13716", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13716", + "Title": "binutils: Memory leak with the C++ symbol demangler routine in libiberty", + "Description": "The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).", + "Severity": "LOW", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 7.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13716", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22009" + ], + "PublishedDate": "2017-08-28T21:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13757", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13757", + "Title": "binutils: heap-based buffer over-read in elf_i386_get_synthetic_symtab in elf32-i386.c and elf_x86_64_get_synthetic_symtab in elf64-x86-64.c", + "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the PLT section size, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to elf_i386_get_synthetic_symtab in elf32-i386.c and elf_x86_64_get_synthetic_symtab in elf64-x86-64.c.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/100532", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13757", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22018", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=90efb6422939ca031804266fba669f77c22a274a" + ], + "PublishedDate": "2017-08-29T23:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-14128", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14128", + "Title": "binutils: Heap-based buffer over-read in the decode_line_info function", + "Description": "The decode_line_info function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (read_1_byte heap-based buffer over-read and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/100623", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14128", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22059", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e8b60085eb3e6f2c41bc0c00c0d759fa7f72780" + ], + "PublishedDate": "2017-09-04T20:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-14129", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14129", + "Title": "binutils: Heap-based buffer over-read in the read_section function", + "Description": "The read_section function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (parse_comp_unit heap-based buffer over-read and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/100624", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14129", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22047", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e4f2723003859dc6b33ca0dadbc4a7659ebf1643" + ], + "PublishedDate": "2017-09-04T20:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-14130", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14130", + "Title": "binutils: Heap-based buffer over-read in the _bfd_elf_parse_attributes function", + "Description": "The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (_bfd_elf_attr_strdup heap-based buffer over-read and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/100625", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14130", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22058", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=2a143b99fc4a5094a9cf128f3184d8e6818c8229" + ], + "PublishedDate": "2017-09-04T20:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-14529", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14529", + "Title": "binutils: heap-based buffer over-read in bfd_getl16 function in peXXigen.c", + "Description": "The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PE file, related to the bfd_getl16 function.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14529", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22113", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4d465c689a8fb27212ef358d0aee89d60dee69a6", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dcaaca89e8618eba35193c27afcb1cfa54f74582" + ], + "PublishedDate": "2017-09-18T00:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-14729", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14729", + "Title": "binutils: Heap buffer overflow in the *_get_synthetic_symtab functions", + "Description": "The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://blogs.gentoo.org/ago/2017/09/25/binutils-heap-based-buffer-overflow-in-_bfd_x86_elf_get_synthetic_symtab-elfxx-x86-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14729", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22170", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=56933f9e3e90eebf1018ed7417d6c1184b91db6b", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=61e3bf5f83f7e505b6bc51ef65426e5b31e6e360" + ], + "PublishedDate": "2017-09-25T16:29:00Z", + "LastModifiedDate": "2017-09-28T16:51:00Z" + }, + { + "VulnerabilityID": "CVE-2017-14745", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14745", + "Title": "binutils: Integer overflow in the *_get_synthetic_symtab functions", + "Description": "The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, interpret a -1 value as a sorting count instead of an error flag, which allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14745", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22148" + ], + "PublishedDate": "2017-09-26T16:29:00Z", + "LastModifiedDate": "2017-09-29T18:37:00Z" + }, + { + "VulnerabilityID": "CVE-2017-14930", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14930", + "Title": "binutils: Memory leak in decode_line_info", + "Description": "Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 7.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14930", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22191" + ], + "PublishedDate": "2017-09-30T01:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-14932", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14932", + "Title": "binutils: Infinite loop in the decode_line_info", + "Description": "decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14932", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22204", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e338894dc2e603683bed2172e8e9f25b29051005" + ], + "PublishedDate": "2017-09-30T01:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-14933", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14933", + "Title": "binutils: Infinite loop in read_formatted_entries", + "Description": "read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/101203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14933", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22210", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=30d0157a2ad64e64e5ff9fcc0dbe78a3e682f573", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=33e0a9a056bd23e923b929a4f2ab049ade0b1c32" + ], + "PublishedDate": "2017-09-30T01:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-14934", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14934", + "Title": "binutils: Infinite loop in process_debug_info", + "Description": "process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure.", + "Severity": "LOW", + "CweIDs": [ + "CWE-131", + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/101204", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14934", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22219", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=19485196044b2521af979f1e5c4a89bfb90fba0b" + ], + "PublishedDate": "2017-09-30T01:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-14938", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14938", + "Title": "binutils: Excessive memory allocation in _bfd_elf_slurp_version_tables", + "Description": "_bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/101212", + "https://blogs.gentoo.org/ago/2017/09/26/binutils-memory-allocation-failure-in-_bfd_elf_slurp_version_tables-elf-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14938", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22166", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bd61e135492ecf624880e6b78e5fcde3c9716df6" + ], + "PublishedDate": "2017-09-30T01:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-14939", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14939", + "Title": "binutils: Heap-based buffer over-read in the decode_line_info", + "Description": "decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to read_1_byte.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/101216", + "https://blogs.gentoo.org/ago/2017/09/26/binutils-heap-based-buffer-overflow-in-read_1_byte-dwarf2-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14939", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22169", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=515f23e63c0074ab531bc954f84ca40c6281a724", + "https://www.exploit-db.com/exploits/42970/" + ], + "PublishedDate": "2017-09-30T01:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-14940", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14940", + "Title": "binutils: NULL pointer dereference in the scan_unit_for_symbols", + "Description": "scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://blogs.gentoo.org/ago/2017/09/26/binutils-null-pointer-dereference-in-scan_unit_for_symbols-dwarf2-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14940", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22166", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0d76029f92182c3682d8be2c833d45bc9a2068fe" + ], + "PublishedDate": "2017-09-30T01:29:00Z", + "LastModifiedDate": "2017-10-03T17:37:00Z" + }, + { + "VulnerabilityID": "CVE-2017-14974", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14974", + "Title": "binutils: NULL pointer dereference in the *_get_synthetic_symtab functions", + "Description": "The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14974", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22163", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e70c19e3a4c26e9c1ebf0c9170d105039b56d7cf" + ], + "PublishedDate": "2017-10-02T01:29:00Z", + "LastModifiedDate": "2017-10-05T16:23:00Z" + }, + { + "VulnerabilityID": "CVE-2017-15020", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15020", + "Title": "binutils: Heap-based buffer overflow in parse_die", + "Description": "dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles pointers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file, related to parse_die and parse_line_table, as demonstrated by a parse_die heap-based buffer over-read.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-parse_die-dwarf1-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15020", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22202", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1da5c9a485f3dcac4c45e96ef4b7dae5948314b5" + ], + "PublishedDate": "2017-10-05T01:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-15021", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15021", + "Title": "binutils: Heap-based buffer over-read in bfd_get_debug_link_info_1", + "Description": "bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to bfd_getl32.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-bfd_getl32-opncls-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15021", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22197", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=52b36c51e5bf6d7600fdc6ba115b170b0e78e31d" + ], + "PublishedDate": "2017-10-05T01:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-15022", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15022", + "Title": "binutils: NULL pointer dereference in dwarf2.c", + "Description": "dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of service (bfd_hash_hash NULL pointer dereference, or out-of-bounds access, and application crash) via a crafted ELF file, related to scan_unit_for_symbols and parse_comp_unit.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-bfd_hash_hash-hash-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15022", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22201", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=11855d8a1f11b102a702ab76e95b22082cccf2f8" + ], + "PublishedDate": "2017-10-05T01:29:00Z", + "LastModifiedDate": "2017-10-11T17:37:00Z" + }, + { + "VulnerabilityID": "CVE-2017-15023", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15023", + "Title": "binutils: NULL pointer dereference in read_formatted_entries", + "Description": "read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/101611", + "https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15023", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22200", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c361faae8d964db951b7100cada4dcdc983df1bf" + ], + "PublishedDate": "2017-10-05T01:29:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-15024", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15024", + "Title": "binutils: Infinite recursion in find_abstract_instance_name", + "Description": "find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://blogs.gentoo.org/ago/2017/10/03/binutils-infinite-loop-in-find_abstract_instance_name-dwarf2-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15024", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22187", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=52a93b95ec0771c97e26f0bb28630a271a667bd2" + ], + "PublishedDate": "2017-10-05T01:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-15025", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15025", + "Title": "binutils: Divide-by-zero in decode_line_info", + "Description": "decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-369" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://blogs.gentoo.org/ago/2017/10/03/binutils-divide-by-zero-in-decode_line_info-dwarf2-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15025", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22186", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d8010d3e75ec7194a4703774090b27486b742d48" + ], + "PublishedDate": "2017-10-05T01:29:00Z", + "LastModifiedDate": "2017-10-11T17:38:00Z" + }, + { + "VulnerabilityID": "CVE-2017-15225", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15225", + "Title": "binutils: Memory leak in _bfd_dwarf2_cleanup_debug_info", + "Description": "_bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15225", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22212", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b55ec8b676ed05d93ee49d6c79ae0403616c4fb0" + ], + "PublishedDate": "2017-10-10T23:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-15938", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15938", + "Title": "binutils: Invalid memory read in find_abstract_instance_name", + "Description": "dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash).", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/101610", + "https://blogs.gentoo.org/ago/2017/10/24/binutils-invalid-memory-read-in-find_abstract_instance_name-dwarf2-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15938", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22209", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1b86808a86077722ee4f42ff97f836b12420bb2a" + ], + "PublishedDate": "2017-10-27T21:29:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-15939", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15939", + "Title": "binutils: NULL pointer dereference in the concat_filename", + "Description": "dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. NOTE: this issue is caused by an incomplete fix for CVE-2017-15023.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/101613", + "https://blogs.gentoo.org/ago/2017/10/24/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c-incomplete-fix-for-cve-2017-15023/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15939", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22205", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a54018b72d75abf2e74bf36016702da06399c1d9" + ], + "PublishedDate": "2017-10-27T21:29:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-15996", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15996", + "Title": "binutils: Excessive memory allocation in elfcomm.c", + "Description": "elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a \"buffer overflow on fuzzed archive header,\" related to an uninitialized variable, an improper conditional jump, and the get_archive_member_name, process_archive_index_and_symbols, and setup_archive functions.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/101608", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15996", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22361", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d91f0b20e561e326ee91a09a76206257bde8438b" + ], + "PublishedDate": "2017-10-29T17:29:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16826", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16826", + "Title": "binutils: Invalid memory access in the coff_slurp_line_table function", + "Description": "The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16826", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22376", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a67d66eb97e7613a38ffe6622d837303b3ecd31d" + ], + "PublishedDate": "2017-11-15T08:29:00Z", + "LastModifiedDate": "2018-11-27T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16827", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16827", + "Title": "binutils: Invalid free in the aout_get_external_symbols function", + "Description": "The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16827", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22306", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0301ce1486b1450f219202677f30d0fa97335419" + ], + "PublishedDate": "2017-11-15T08:29:00Z", + "LastModifiedDate": "2018-11-27T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16828", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16828", + "Title": "binutils: Integer overflow in the display_debug_frames function", + "Description": "The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file, related to print_debug_frame.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16828", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22386", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bf59c5d5f4f5b8b4da1f5f605cfa546f8029b43d" + ], + "PublishedDate": "2017-11-15T08:29:00Z", + "LastModifiedDate": "2018-11-27T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16829", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16829", + "Title": "binutils: Out-of-bounds read in the _bfd_elf_parse_gnu_properties function", + "Description": "The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16829", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22307", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cf54ebff3b7361989712fd9c0128a9b255578163" + ], + "PublishedDate": "2017-11-15T08:29:00Z", + "LastModifiedDate": "2018-11-27T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16830", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16830", + "Title": "binutils: Segmentation fault in the print_gnu_property_note function", + "Description": "The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/101941", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16830", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22384", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6ab2c4ed51f9c4243691755e1b1d2149c6a426f4" + ], + "PublishedDate": "2017-11-15T08:29:00Z", + "LastModifiedDate": "2018-11-27T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16831", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16831", + "Title": "binutils: Integer overflow in coffgen.c", + "Description": "coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16831", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22385", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6cee897971d4d7cd37d2a686bb6d2aa3e759c8ca" + ], + "PublishedDate": "2017-11-15T08:29:00Z", + "LastModifiedDate": "2018-11-27T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16832", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16832", + "Title": "binutils: Segmentation fault in the pe_bfd_read_buildid function", + "Description": "The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16832", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22373", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0bb6961f18b8e832d88b490d421ca56cea16c45b" + ], + "PublishedDate": "2017-11-15T08:29:00Z", + "LastModifiedDate": "2018-11-27T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-17080", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17080", + "Title": "binutils: Heap-based buffer over-read in bfd_getl32", + "Description": "elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate sizes of core notes, which allows remote attackers to cause a denial of service (bfd_getl32 heap-based buffer over-read and application crash) via a crafted object file, related to elfcore_grok_netbsd_procinfo, elfcore_grok_openbsd_procinfo, and elfcore_grok_nto_status.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17080", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22421" + ], + "PublishedDate": "2017-11-30T21:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-17121", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17121", + "Title": "binutils: Memory access violation via a crafted COFF binary", + "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location after the end of the to-be-relocated section.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17121", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22506", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b23dc97fe237a1d9e850d7cbeee066183a00630b" + ], + "PublishedDate": "2017-12-04T08:29:00Z", + "LastModifiedDate": "2018-11-27T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-17122", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17122", + "Title": "binutils: Excessive memory allocation in the dump_relocs_in_section function", + "Description": "The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to cause a denial of service (excessive memory allocation, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PE file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17122", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22508", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d785b7d4b877ed465d04072e17ca19d0f47d840f" + ], + "PublishedDate": "2017-12-04T08:29:00Z", + "LastModifiedDate": "2019-03-14T02:32:00Z" + }, + { + "VulnerabilityID": "CVE-2017-17123", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17123", + "Title": "binutils: NULL pointer dereference in the coff_slurp_reloc_table function", + "Description": "The coff_slurp_reloc_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted COFF based file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17123", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22509", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4581a1c7d304ce14e714b27522ebf3d0188d6543" + ], + "PublishedDate": "2017-12-04T08:29:00Z", + "LastModifiedDate": "2018-11-27T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-17124", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17124", + "Title": "binutils: Heap buffer overflow in the _bfd_coff_read_string_table function", + "Description": "The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not properly validate the size of the external string table, which allows remote attackers to cause a denial of service (excessive memory consumption, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted COFF binary.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17124", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22507", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b0029dce6867de1a2828293177b0e030d2f0f03c" + ], + "PublishedDate": "2017-12-04T08:29:00Z", + "LastModifiedDate": "2018-11-27T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-17125", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17125", + "Title": "binutils: Buffer over-read in the _bfd_elf_get_symbol_version_string function", + "Description": "nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global symbols, which allows remote attackers to cause a denial of service (_bfd_elf_get_symbol_version_string buffer over-read and application crash) or possibly have unspecified other impact via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17125", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22443", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=160b1a618ad94988410dc81fce9189fcda5b7ff4" + ], + "PublishedDate": "2017-12-04T08:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-17126", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17126", + "Title": "binutils: Invalid memory access in the load_debug_section function", + "Description": "The load_debug_section function in readelf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via an ELF file that lacks section headers.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17126", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22510", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f425ec6600b69e39eb605f3128806ff688137ea8" + ], + "PublishedDate": "2017-12-04T08:29:00Z", + "LastModifiedDate": "2019-03-13T19:31:00Z" + }, + { + "VulnerabilityID": "CVE-2017-6969", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6969", + "Title": "binutils: Heap-based buffer over-read in readelf when processing corrupt RL78 binaries", + "Description": "readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2017/03/16/8", + "http://www.securityfocus.com/bid/97065", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6969", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21156" + ], + "PublishedDate": "2017-03-17T09:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7209", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7209", + "Title": "binutils: Null pointer dereference in dump_section_as_bytes function in readelf", + "Description": "The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/96994", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7209", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21135" + ], + "PublishedDate": "2017-03-21T06:59:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7210", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7210", + "Title": "binutils: Heap-based buffer over-reads in objdump", + "Description": "objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/96992", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7210", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21157" + ], + "PublishedDate": "2017-03-21T06:59:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7223", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7223", + "Title": "binutils: Global buffer overflow when attempting to unget EOF character", + "Description": "GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7223", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20898" + ], + "PublishedDate": "2017-03-22T16:59:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7224", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7224", + "Title": "binutils: Invalid write in find_nearest_line function", + "Description": "The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97277", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7224", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20892" + ], + "PublishedDate": "2017-03-22T16:59:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7225", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7225", + "Title": "binutils: Null pointer dereference and invalid write in find_nearest_line function in addr2line", + "Description": "The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97275", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7225", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20891" + ], + "PublishedDate": "2017-03-22T16:59:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7226", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7226", + "Title": "binutils: Heap-based buffer over-read in pe_ILF_object_p function in libbfd", + "Description": "The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7226", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20905" + ], + "PublishedDate": "2017-03-22T16:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7227", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7227", + "Title": "binutils: Heap-based buffer overflow in ld due to missing null termination", + "Description": "GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of '\\0' termination of a name field in ldlex.l.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97209", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7227", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20906" + ], + "PublishedDate": "2017-03-22T16:59:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7299", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7299", + "Title": "binutils: Out-of-bounds read in bfd_elf_final_link function", + "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) does not check the format of the input file before trying to read the ELF reloc section header. The vulnerability leads to a GNU linker (ld) program crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97217", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7299", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20908" + ], + "PublishedDate": "2017-03-29T15:59:00Z", + "LastModifiedDate": "2017-03-31T16:28:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7300", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7300", + "Title": "binutils: Heap-buffer overflow in aout_link_add_symbols function", + "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97219", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7300", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20909" + ], + "PublishedDate": "2017-03-29T15:59:00Z", + "LastModifiedDate": "2017-03-31T17:00:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7301", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7301", + "Title": "binutils: Off-by-one error in aout_link_add_symbols function", + "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully check the string offset. The vulnerability could lead to a GNU linker (ld) program crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97218", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7301", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20924" + ], + "PublishedDate": "2017-03-29T15:59:00Z", + "LastModifiedDate": "2017-03-31T17:02:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7302", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7302", + "Title": "binutils: Out-of-bounds read in wap_std_reloc_out function", + "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability causes Binutils utilities like strip to crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7302", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20921" + ], + "PublishedDate": "2017-03-29T15:59:00Z", + "LastModifiedDate": "2017-03-31T16:28:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7303", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7303", + "Title": "binutils: Out-of-bounds read in find_link function", + "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers before attempting to match them. This vulnerability causes Binutils utilities like strip to crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97213", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7303", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20922" + ], + "PublishedDate": "2017-03-29T15:59:00Z", + "LastModifiedDate": "2017-03-31T17:00:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7304", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7304", + "Title": "binutils: Out-of-bounds read in copy_special_section_fields function", + "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field before attempting to follow it. This vulnerability causes Binutils utilities like strip to crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7304", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20931" + ], + "PublishedDate": "2017-03-29T15:59:00Z", + "LastModifiedDate": "2017-03-31T17:06:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7614", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7614", + "Title": "binutils: NULL pointer dereference in bfd_elf_final_link function", + "Description": "elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a \"member access within null pointer\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an \"int main() {return 0;}\" program.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://blogs.gentoo.org/ago/2017/04/05/binutils-two-null-pointer-dereference-in-elflink-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7614", + "https://security.gentoo.org/glsa/201709-02" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2017-09-19T01:36:00Z" + }, + { + "VulnerabilityID": "CVE-2017-8392", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8392", + "Title": "binutils: NULL pointer dereference in the _bfd_dwarf2_find_nearest_line function", + "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21409" + ], + "PublishedDate": "2017-05-01T18:59:00Z", + "LastModifiedDate": "2017-09-19T01:36:00Z" + }, + { + "VulnerabilityID": "CVE-2017-8393", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8393", + "Title": "binutils: Out-of-bounds read due to wrong assumption for objcopy and strip", + "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy and strip, to crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8393", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21412" + ], + "PublishedDate": "2017-05-01T18:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-8394", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8394", + "Title": "binutils: NULL pointer dereference in the _bfd_elf_large_com_section", + "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8394", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21414" + ], + "PublishedDate": "2017-05-01T18:59:00Z", + "LastModifiedDate": "2017-09-19T01:36:00Z" + }, + { + "VulnerabilityID": "CVE-2017-8395", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8395", + "Title": "binutils: Out-of-bounds write in the _bfd_generic_get_section_contents function", + "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid write of size 8 because of missing a malloc() return-value check to see if memory had actually been allocated in the _bfd_generic_get_section_contents function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8395", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21431" + ], + "PublishedDate": "2017-05-01T18:59:00Z", + "LastModifiedDate": "2017-09-19T01:36:00Z" + }, + { + "VulnerabilityID": "CVE-2017-8396", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8396", + "Title": "binutils: Out-of-bounds read in the existing reloc offset range tests", + "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8396", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21432" + ], + "PublishedDate": "2017-05-01T18:59:00Z", + "LastModifiedDate": "2017-09-19T01:36:00Z" + }, + { + "VulnerabilityID": "CVE-2017-8397", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8397", + "Title": "binutils: Out-of-bounds read and write while processing binary containing reloc(s) with negative addresses", + "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 and an invalid write of size 1 during processing of a corrupt binary containing reloc(s) with negative addresses. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8397", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21434" + ], + "PublishedDate": "2017-05-01T18:59:00Z", + "LastModifiedDate": "2017-09-19T01:36:00Z" + }, + { + "VulnerabilityID": "CVE-2017-8398", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8398", + "Title": "binutils: Out-of-bounds read while dumping the debug information from a corrupt binary", + "Description": "dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8398", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21438" + ], + "PublishedDate": "2017-05-01T18:59:00Z", + "LastModifiedDate": "2017-09-19T01:36:00Z" + }, + { + "VulnerabilityID": "CVE-2017-8421", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8421", + "Title": "binutils: Memory exhaustion in objdump via a crafted PE file", + "Description": "The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file. Additional validation in dump_relocs_in_section in objdump.c can resolve this.", + "Severity": "LOW", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 7.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8421", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21440" + ], + "PublishedDate": "2017-05-02T17:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9038", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9038", + "Title": "binutils: Heap-buffer overflow in the byte_get_little_endian", + "Description": "GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to the byte_get_little_endian function in elfcomm.c, the get_unwind_section_word function in readelf.c, and ARM unwind information that contains invalid word offsets.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/98589", + "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9038", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f32ba72991d2406b21ab17edc234a2f3fa7fb23d" + ], + "PublishedDate": "2017-05-18T01:29:00Z", + "LastModifiedDate": "2017-09-19T01:36:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9039", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9039", + "Title": "binutils: Memory consumption via many program headers", + "Description": "GNU Binutils 2.28 allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file with many program headers, related to the get_program_headers function in readelf.c.", + "Severity": "LOW", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/98580", + "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9039", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=82156ab704b08b124d319c0decdbd48b3ca2dac5" + ], + "PublishedDate": "2017-05-18T01:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9040", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9040", + "Title": "binutils: NULL pointer dereference in the process_mips_specific_function", + "Description": "GNU Binutils 2017-04-03 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash), related to the process_mips_specific function in readelf.c, via a crafted ELF file that triggers a large memory-allocation attempt.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/98579", + "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9040", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf" + ], + "PublishedDate": "2017-05-18T01:29:00Z", + "LastModifiedDate": "2017-09-19T01:36:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9041", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9041", + "Title": "binutils: Heap buffer overflow in the process_mips_specific function", + "Description": "GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to MIPS GOT mishandling in the process_mips_specific function in readelf.c.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/98598", + "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9041", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75ec1fdbb797a389e4fe4aaf2e15358a070dcc19", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c4ab9505b53cdc899506ed421fddb7e1f8faf7a3" + ], + "PublishedDate": "2017-05-18T01:29:00Z", + "LastModifiedDate": "2017-09-19T01:36:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9042", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9042", + "Title": "binutils: Invalid variable type in readelf.c", + "Description": "readelf.c in GNU Binutils 2017-04-12 has a \"cannot be represented in type long\" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-704" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9042", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf" + ], + "PublishedDate": "2017-05-18T01:29:00Z", + "LastModifiedDate": "2017-09-19T01:36:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9043", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9043", + "Title": "binutils: Shift exponent too large for type unsigned long in readelf.c", + "Description": "readelf.c in GNU Binutils 2017-04-12 has a \"shift exponent too large for type unsigned long\" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/98591", + "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9043", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ddef72cdc10d82ba011a7ff81cafbbd3466acf54" + ], + "PublishedDate": "2017-05-18T01:29:00Z", + "LastModifiedDate": "2017-05-25T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9044", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9044", + "Title": "binutils: Out-of-bounds read in the print_symbol_for_build_attribute function", + "Description": "The print_symbol_for_build_attribute function in readelf.c in GNU Binutils 2017-04-12 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/98587", + "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9044" + ], + "PublishedDate": "2017-05-18T01:29:00Z", + "LastModifiedDate": "2017-05-25T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9742", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9742", + "Title": "binutils: Global buffer over-read in print_insn_score16 function while disassembling corrupt score binary", + "Description": "The score_opcodes function in opcodes/score7-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99105", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9742", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21576", + "https://www.exploit-db.com/exploits/42203/" + ], + "PublishedDate": "2017-06-19T04:29:00Z", + "LastModifiedDate": "2017-09-19T01:36:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9743", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9743", + "Title": "binutils: Global buffer over-read in print_insn_score32 function while disassembling corrupt score binary", + "Description": "The print_insn_score32 function in opcodes/score7-dis.c:552 in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99106", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9743", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21577" + ], + "PublishedDate": "2017-06-19T04:29:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9744", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9744", + "Title": "binutils: Address violation in sh_elf_set_mach_from_flags function when disassembling a corrupt SH binary", + "Description": "The sh_elf_set_mach_from_flags function in bfd/elf32-sh.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99108", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9744", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21578" + ], + "PublishedDate": "2017-06-19T04:29:00Z", + "LastModifiedDate": "2017-06-26T16:10:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9745", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9745", + "Title": "binutils: Heap buffer over-read in _bfd_vms_slurp_etir function when handling VMS alpha binaries", + "Description": "The _bfd_vms_slurp_etir function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99109", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9745", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21579" + ], + "PublishedDate": "2017-06-19T04:29:00Z", + "LastModifiedDate": "2017-06-26T16:13:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9746", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9746", + "Title": "binutils: Heap buffer over-read in disassemble_bytes function when disassembling a corrupt binary", + "Description": "The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing for this file during \"objdump -D\" execution.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99117", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9746", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21580", + "https://www.exploit-db.com/exploits/42199/" + ], + "PublishedDate": "2017-06-19T04:29:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9747", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9747", + "Title": "binutils: Stack-based buffer over-read in ieee_archive_p function while disassembling corrupt IEEE binary", + "Description": "The ieee_archive_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution. NOTE: this may be related to a compiler bug.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99114", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9747", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21581", + "https://www.exploit-db.com/exploits/42200/" + ], + "PublishedDate": "2017-06-19T04:29:00Z", + "LastModifiedDate": "2017-08-13T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9748", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9748", + "Title": "binutils: Stack-based buffer over-read in ieee_object_p function", + "Description": "The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution. NOTE: this may be related to a compiler bug.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99110", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9748", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21582", + "https://www.exploit-db.com/exploits/42202/" + ], + "PublishedDate": "2017-06-19T04:29:00Z", + "LastModifiedDate": "2017-08-12T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9749", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9749", + "Title": "binutils: Global buffer over-read in *regs* macros when disassembling corrupt bfin binary", + "Description": "The *regs* macros in opcodes/bfin-dis.c in GNU Binutils 2.28 allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99113", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9749", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21586", + "https://www.exploit-db.com/exploits/42201/" + ], + "PublishedDate": "2017-06-19T04:29:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9750", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9750", + "Title": "binutils: Global buffer over-read in opcodes/rx-decode.opc when disassembling a corrupt RX binary", + "Description": "opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain scale arrays, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99118", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9750", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21587", + "https://www.exploit-db.com/exploits/42198/" + ], + "PublishedDate": "2017-06-19T04:29:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9751", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9751", + "Title": "binutils: Stack-based buffer over-read in opcodes/rl78-decode.opc when disassembling a corrupt RL78 binary", + "Description": "opcodes/rl78-decode.opc in GNU Binutils 2.28 has an unbounded GETBYTE macro, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9751", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21588" + ], + "PublishedDate": "2017-06-19T04:29:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9752", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9752", + "Title": "binutils: Heap buffer over-read in f_bfd_vms_get_value function when processing a corrupt Alpha VMA binary", + "Description": "bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file in the _bfd_vms_get_value and _bfd_vms_slurp_etir functions during \"objdump -D\" execution.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99122", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9752", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21589" + ], + "PublishedDate": "2017-06-19T04:29:00Z", + "LastModifiedDate": "2017-06-26T16:20:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9753", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9753", + "Title": "binutils: Address violation in versados_mkobject function when disassembling a corrupt versados binary", + "Description": "The versados_mkobject function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not initialize a certain data structure, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99116", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9753", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21591" + ], + "PublishedDate": "2017-06-19T04:29:00Z", + "LastModifiedDate": "2017-06-26T16:20:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9754", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9754", + "Title": "binutils: Stack-based buffer over-read in process_otr function", + "Description": "The process_otr function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not validate a certain offset, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99125", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9754", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21591" + ], + "PublishedDate": "2017-06-19T04:29:00Z", + "LastModifiedDate": "2017-06-26T16:21:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9755", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9755", + "Title": "binutils: Global buffer over-read in opcodes/i386-dis.c while checking invalid registers", + "Description": "opcodes/i386-dis.c in GNU Binutils 2.28 does not consider the number of registers for bnd mode, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99124", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9755", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21594" + ], + "PublishedDate": "2017-06-19T04:29:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9756", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9756", + "Title": "binutils: Address violation in aarch64_ext_ldst_reglist function when disassembling corrupt aarch64 binary", + "Description": "The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99103", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9756", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21595", + "https://www.exploit-db.com/exploits/42204/" + ], + "PublishedDate": "2017-06-19T04:29:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9954", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9954", + "Title": "binutils: stack-based buffer over-read in getvalue function", + "Description": "The getvalue function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted tekhex file, as demonstrated by mishandling within the nm program.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99307", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9954", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21670" + ], + "PublishedDate": "2017-06-26T23:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9955", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9955", + "Title": "binutils: heap buffer over-read in get_build_id function", + "Description": "The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file in which a certain size field is larger than a corresponding data field, as demonstrated by mishandling within the objdump program.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99573", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9955", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21665" + ], + "PublishedDate": "2017-06-26T23:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12641", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "FixedVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12641", + "Title": "binutils: Stack Exhaustion in the demangling functions provided by libiberty", + "Description": "An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new.", + "Severity": "LOW", + "CweIDs": [ + "CWE-400" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-12641.html", + "http://linux.oracle.com/errata/ELSA-2019-2075.html", + "https://access.redhat.com/errata/RHSA-2019:2075", + "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763099", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12641", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85452", + "https://security.gentoo.org/glsa/201908-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23058" + ], + "PublishedDate": "2018-06-22T12:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12697", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "FixedVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12697", + "Title": "binutils: NULL pointer dereference in work_stuff_copy_to_from in cplus-dem.c.", + "Description": "A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-12697.html", + "http://linux.oracle.com/errata/ELSA-2019-2075.html", + "http://www.securityfocus.com/bid/104538", + "https://access.redhat.com/errata/RHSA-2019:2075", + "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12697", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454", + "https://security.gentoo.org/glsa/201908-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23057" + ], + "PublishedDate": "2018-06-23T23:29:00Z", + "LastModifiedDate": "2019-08-03T13:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12698", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12698", + "Title": "binutils: excessive memory consumption in demangle_template in cplus-dem.c", + "Description": "demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the \"Create an array for saving the template argument values\" XNEWVEC call. This can occur during execution of objdump.", + "Severity": "LOW", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/104539", + "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12698", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454", + "https://security.gentoo.org/glsa/201908-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23057" + ], + "PublishedDate": "2018-06-23T23:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12699", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12699", + "Title": "binutils: heap-based buffer overflow in finish_stab in stabs.c", + "Description": "finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump.", + "Severity": "LOW", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/104540", + "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12699", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454", + "https://security.gentoo.org/glsa/201908-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23057" + ], + "PublishedDate": "2018-06-23T23:29:00Z", + "LastModifiedDate": "2019-08-03T13:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12700", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12700", + "Title": "binutils: Stack Exhaustion in debug_write_type in debug.c", + "Description": "A Stack Exhaustion issue was discovered in debug_write_type in debug.c in GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion.", + "Severity": "LOW", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/104541", + "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12700", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454", + "https://security.gentoo.org/glsa/201908-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23057" + ], + "PublishedDate": "2018-06-23T23:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12934", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12934", + "Title": "binutils: Uncontrolled Resource Consumption in remember_Ktype in cplus-dem.c", + "Description": "remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.", + "Severity": "LOW", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763101", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85453", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23059" + ], + "PublishedDate": "2018-06-28T14:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-17794", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17794", + "Title": "binutils: NULL pointer dereference in libiberty/cplus-dem.c:work_stuff_copy_to_from() via crafted input", + "Description": "An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in work_stuff_copy_to_from when called from iterate_demangle_function.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17794", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87350" + ], + "PublishedDate": "2018-09-30T20:29:00Z", + "LastModifiedDate": "2018-11-28T15:06:00Z" + }, + { + "VulnerabilityID": "CVE-2018-17985", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17985", + "Title": "binutils: Stack consumption problem caused by the cplus_demangle_type", + "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls to itself in certain scenarios involving many 'P' characters.", + "Severity": "LOW", + "CweIDs": [ + "CWE-400" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17985", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87335" + ], + "PublishedDate": "2018-10-04T23:29:00Z", + "LastModifiedDate": "2019-10-31T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18483", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18483", + "Title": "binutils: Integer overflow in cplus-dem.c:get_count() allows for denial of service", + "Description": "The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", + "http://www.securityfocus.com/bid/105689", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87602", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23767" + ], + "PublishedDate": "2018-10-18T21:29:00Z", + "LastModifiedDate": "2019-10-31T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18484", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18484", + "Title": "binutils: Stack exhaustion in cp-demangle.c allows for denial of service", + "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplus_demangle_type, d_bare_function_type, d_function_type.", + "Severity": "LOW", + "CweIDs": [ + "CWE-400" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", + "http://www.securityfocus.com/bid/105693", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18484", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87636" + ], + "PublishedDate": "2018-10-18T21:29:00Z", + "LastModifiedDate": "2019-10-31T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18605", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18605", + "Title": "binutils: heap-based buffer over-read in sec_merge_hash_lookup in merge.c", + "Description": "A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", + "http://www.securityfocus.com/bid/105754", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18605", + "https://deb.freexian.com/extended-lts/tracker/CVE-2018-18605", + "https://security.netapp.com/advisory/ntap-20190307-0003/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23804", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ab419ddbb2cdd17ca83618990f2cacf904ce1d61" + ], + "PublishedDate": "2018-10-23T17:29:00Z", + "LastModifiedDate": "2019-10-31T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18606", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18606", + "Title": "binutils: NULL pointer dereference in _bfd_add_merge_section in merge_strings function in merge.c", + "Description": "An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", + "http://www.securityfocus.com/bid/105754", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18606", + "https://deb.freexian.com/extended-lts/tracker/CVE-2018-18606", + "https://security.netapp.com/advisory/ntap-20190307-0003/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23806", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=45a0eaf77022963d639d6d19871dbab7b79703fc" + ], + "PublishedDate": "2018-10-23T17:29:00Z", + "LastModifiedDate": "2019-10-31T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18607", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18607", + "Title": "binutils: NULL pointer dereference in elf_link_input_bfd in elflink.c", + "Description": "An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", + "http://www.securityfocus.com/bid/105754", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18607", + "https://deb.freexian.com/extended-lts/tracker/CVE-2018-18607", + "https://security.netapp.com/advisory/ntap-20190307-0003/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23805", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=102def4da826b3d9e169741421e5e67e8731909a" + ], + "PublishedDate": "2018-10-23T17:29:00Z", + "LastModifiedDate": "2019-10-31T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18700", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18700", + "Title": "binutils: Recursive Stack Overflow within function d_name, d_encoding, and d_local_name in cp-demangle.c", + "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions d_name(), d_encoding(), and d_local_name() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.", + "Severity": "LOW", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18700", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87681" + ], + "PublishedDate": "2018-10-29T12:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18701", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18701", + "Title": "binutils: infinite recursion in next_is_type_qual and cplus_demangle_type functions in cp-demangle.c", + "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.", + "Severity": "LOW", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18701", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87675" + ], + "PublishedDate": "2018-10-29T12:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-19932", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19932", + "Title": "binutils: Integer overflow due to the IS_CONTAINED_BY_LMA macro resulting in a denial of service", + "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106144", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19932", + "https://security.gentoo.org/glsa/201908-01", + "https://security.netapp.com/advisory/ntap-20190221-0004/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23932", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=beab453223769279cc1cef68a1622ab8978641f7" + ], + "PublishedDate": "2018-12-07T07:29:00Z", + "LastModifiedDate": "2019-08-03T13:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20002", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20002", + "Title": "binutils: memory leak in _bfd_generic_read_minisymbols function in syms.c", + "Description": "The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.", + "Severity": "LOW", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106142", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20002", + "https://security.gentoo.org/glsa/201908-01", + "https://security.netapp.com/advisory/ntap-20190221-0004/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23952", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c2f5dc30afa34696f2da0081c4ac50b958ecb0e9", + "https://support.f5.com/csp/article/K62602089" + ], + "PublishedDate": "2018-12-10T02:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20657", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20657", + "Title": "libiberty: Memory leak in demangle_template function resulting in a denial of service", + "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", + "Severity": "LOW", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-20657.html", + "http://linux.oracle.com/errata/ELSA-2019-3352.html", + "http://www.securityfocus.com/bid/106444", + "https://access.redhat.com/errata/RHSA-2019:3352", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539", + "https://support.f5.com/csp/article/K62602089" + ], + "PublishedDate": "2019-01-02T14:29:00Z", + "LastModifiedDate": "2019-11-06T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-6323", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6323", + "Title": "binutils: Integer overflow in elf_object_p function in elfcode.h", + "Description": "The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", + "http://www.securityfocus.com/bid/102821", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6323", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22746", + "https://www.exploit-db.com/exploits/44035/" + ], + "PublishedDate": "2018-01-26T08:29:00Z", + "LastModifiedDate": "2019-10-31T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-6759", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6759", + "Title": "binutils: Unchecked strnlen in opncls.c:bfd_get_debug_link_info_1() can allow lead to denial of service", + "Description": "The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", + "http://www.securityfocus.com/bid/103030", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6759", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22794" + ], + "PublishedDate": "2018-02-06T21:29:00Z", + "LastModifiedDate": "2019-10-31T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-6872", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6872", + "Title": "binutils: out of bounds read in elf_parse_notes function in elf.c file in libbfd library", + "Description": "The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", + "http://www.securityfocus.com/bid/103103", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6872", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22788", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=ef135d4314fd4c2d7da66b9d7b59af4a85b0f7e6" + ], + "PublishedDate": "2018-02-09T06:29:00Z", + "LastModifiedDate": "2019-10-31T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1010204", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010204", + "Title": "binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service", + "Description": "GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125", + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + } + }, + "References": [ + "https://security.netapp.com/advisory/ntap-20190822-0001/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23765" + ], + "PublishedDate": "2019-07-23T14:15:00Z", + "LastModifiedDate": "2019-08-22T07:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-14250", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14250", + "Title": "binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow", + "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/109354", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90924", + "https://gcc.gnu.org/ml/gcc-patches/2019-07/msg01003.html", + "https://security.netapp.com/advisory/ntap-20190822-0002/" + ], + "PublishedDate": "2019-07-24T04:15:00Z", + "LastModifiedDate": "2019-08-22T07:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17450", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17450", + "Title": "binutils: denial of service via crafted ELF file", + "Description": "find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://security.netapp.com/advisory/ntap-20191024-0002/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=25078" + ], + "PublishedDate": "2019-10-10T17:15:00Z", + "LastModifiedDate": "2019-10-24T06:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17451", + "PkgName": "binutils", + "InstalledVersion": "2.27-34.base.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17451", + "Title": "binutils: integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c", + "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "V3Score": 4.4 + } + }, + "References": [ + "https://security.netapp.com/advisory/ntap-20191024-0002/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=25070", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=336bfbeb1848f4b9558456fdcf283ee8a32d7fd1" + ], + "PublishedDate": "2019-10-10T17:15:00Z", + "LastModifiedDate": "2019-10-24T06:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-3189", + "PkgName": "bzip2-libs", + "InstalledVersion": "1.0.6-13.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-3189", + "Title": "bzip2: heap use after free in bzip2recover", + "Description": "Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.", + "Severity": "LOW", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/06/20/1", + "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", + "http://www.securityfocus.com/bid/91297", + "http://www.securitytracker.com/id/1036132", + "https://bugzilla.redhat.com/show_bug.cgi?id=1319648", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3189", + "https://marc.info/?l=oss-security\u0026m=146642106322396\u0026w=2", + "https://security.gentoo.org/glsa/201708-08", + "https://usn.ubuntu.com/usn/usn-4038-1", + "https://usn.ubuntu.com/usn/usn-4038-2" + ], + "PublishedDate": "2016-06-30T17:59:00Z", + "LastModifiedDate": "2017-08-22T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-12900", + "PkgName": "bzip2-libs", + "InstalledVersion": "1.0.6-13.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12900", + "Title": "bzip2: out-of-bounds write in function BZ2_decompress", + "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", + "Severity": "LOW", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4 + } + }, + "References": [ + "https://bugs.launchpad.net/ubuntu/+source/bzip2/+bug/1834494", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12900", + "https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html", + "https://usn.ubuntu.com/4038-1/", + "https://usn.ubuntu.com/4038-2/", + "https://usn.ubuntu.com/usn/usn-4038-1", + "https://usn.ubuntu.com/usn/usn-4038-2", + "https://usn.ubuntu.com/usn/usn-4038-3", + "https://usn.ubuntu.com/usn/usn-4038-4", + "https://usn.ubuntu.com/usn/usn-4146-1", + "https://usn.ubuntu.com/usn/usn-4146-2" + ], + "PublishedDate": "2019-06-19T23:15:00Z", + "LastModifiedDate": "2019-06-24T23:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2781", + "PkgName": "coreutils", + "InstalledVersion": "8.22-23.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2781", + "Title": "coreutils: Non-privileged session can escape to the parent session in chroot", + "Description": "chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", + "V2Score": 2.1, + "V3Score": 6.5 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "V2Score": 6.2, + "V3Score": 8.6 + } + }, + "References": [ + "http://seclists.org/oss-sec/2016/q1/452", + "http://www.openwall.com/lists/oss-security/2016/02/28/2", + "http://www.openwall.com/lists/oss-security/2016/02/28/3", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2781" + ], + "PublishedDate": "2017-02-07T15:59:00Z", + "LastModifiedDate": "2017-02-27T19:32:00Z" + }, + { + "VulnerabilityID": "CVE-2017-18018", + "PkgName": "coreutils", + "InstalledVersion": "8.22-23.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18018", + "Title": "coreutils: race condition vulnerability in chown and chgrp", + "Description": "In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX \"-R -L\" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-362" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 4.2 + } + }, + "References": [ + "http://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html" + ], + "PublishedDate": "2018-01-04T04:29:00Z", + "LastModifiedDate": "2018-01-19T15:46:00Z" + }, + { + "VulnerabilityID": "CVE-2014-9471", + "PkgName": "coreutils", + "InstalledVersion": "8.22-23.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9471", + "Title": "coreutils: memory corruption flaw in parse_datetime()", + "Description": "The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the \"--date=TZ=\"123\"345\" @1\" string to the touch or date command.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V2Score": 2.6 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2015-0029.html", + "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16872", + "http://debbugs.gnu.org/cgi/bugreport.cgi?msg=11;filename=date-tz-crash.patch;att=1;bug=16872", + "http://debbugs.gnu.org/cgi/bugreport.cgi?msg=19;filename=coreutils-date-crash.patch;att=1;bug=16872", + "http://secunia.com/advisories/62226", + "http://ubuntu.com/usn/usn-2473-1", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:179", + "http://www.openwall.com/lists/oss-security/2014/11/25/1", + "http://www.openwall.com/lists/oss-security/2014/11/25/4", + "http://www.openwall.com/lists/oss-security/2015/01/03/11", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766147", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9471", + "https://security.gentoo.org/glsa/201612-22", + "https://usn.ubuntu.com/usn/usn-2473-1" + ], + "PublishedDate": "2015-01-16T16:59:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-4041", + "PkgName": "coreutils", + "InstalledVersion": "8.22-23.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-4041", + "Title": "coreutils: heap buffer overflow in sort(1) keycompare_mb()", + "Description": "The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings.", + "Severity": "LOW", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", + "V2Score": 3.7 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2015/05/15/1", + "https://bugzilla.suse.com/show_bug.cgi?id=928749", + "https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940" + ], + "PublishedDate": "2020-01-24T17:15:00Z", + "LastModifiedDate": "2020-02-01T17:33:00Z" + }, + { + "VulnerabilityID": "CVE-2015-4042", + "PkgName": "coreutils", + "InstalledVersion": "8.22-23.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-4042", + "Title": "coreutils: possible buffer overflow in keycompare_mb()", + "Description": "Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", + "V2Score": 3.7 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2015/05/15/1", + "https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940" + ], + "PublishedDate": "2020-01-24T17:15:00Z", + "LastModifiedDate": "2020-02-01T17:33:00Z" + }, + { + "VulnerabilityID": "CVE-2019-14866", + "PkgName": "cpio", + "InstalledVersion": "2.11-27.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14866", + "Title": "cpio: improper input validation when writing tar header fields leads to unexpect tar generation", + "Description": "In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have access to. Extracting those archives from a high-privilege user without carefully reviewing them may lead to the compromise of the system.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", + "V2Score": 6.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 6.7 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14866", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14866", + "https://lists.gnu.org/archive/html/bug-cpio/2019-08/msg00003.html", + "https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00000.html", + "https://usn.ubuntu.com/usn/usn-4176-1" + ], + "PublishedDate": "2020-01-07T17:15:00Z", + "LastModifiedDate": "2020-01-10T14:27:00Z" + }, + { + "VulnerabilityID": "CVE-2015-1197", + "PkgName": "cpio", + "InstalledVersion": "2.11-27.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1197", + "Title": "cpio: directory traversal through symlinks", + "Description": "cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.", + "Severity": "LOW", + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", + "V2Score": 1.9 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 2.1 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2015-0080.html", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:066", + "http://www.openwall.com/lists/oss-security/2015/01/07/5", + "http://www.openwall.com/lists/oss-security/2015/01/18/7", + "http://www.securityfocus.com/bid/71914", + "http://www.ubuntu.com/usn/USN-2906-1", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774669", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1197", + "https://lists.gnu.org/archive/html/bug-cpio/2015-01/msg00000.html", + "https://usn.ubuntu.com/usn/usn-2906-1" + ], + "PublishedDate": "2015-02-19T15:59:00Z", + "LastModifiedDate": "2016-12-06T02:59:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2037", + "PkgName": "cpio", + "InstalledVersion": "2.11-27.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2037", + "Title": "cpio: out of bounds write", + "Description": "The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V2Score": 4.3, + "V3Score": 4.3 + } + }, + "References": [ + "http://www.debian.org/security/2016/dsa-3483", + "http://www.openwall.com/lists/oss-security/2016/01/19/4", + "http://www.openwall.com/lists/oss-security/2016/01/22/4", + "http://www.securityfocus.com/bid/82293", + "http://www.securitytracker.com/id/1035067", + "http://www.ubuntu.com/usn/USN-2906-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2037", + "https://usn.ubuntu.com/usn/usn-2906-1" + ], + "PublishedDate": "2016-02-22T15:59:00Z", + "LastModifiedDate": "2016-12-06T03:07:00Z" + }, + { + "VulnerabilityID": "CVE-2016-6318", + "PkgName": "cracklib", + "InstalledVersion": "2.9.0-11.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6318", + "Title": "cracklib: Stack-based buffer overflow when parsing large GECOS field", + "Description": "Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V2Score": 1.9, + "V3Score": 4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-updates/2016-08/msg00122.html", + "http://seclists.org/oss-sec/2016/q3/290", + "http://www.openwall.com/lists/oss-security/2016/08/16/2", + "http://www.securityfocus.com/bid/92478", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6318", + "https://security.gentoo.org/glsa/201612-25" + ], + "PublishedDate": "2016-09-07T19:28:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2016-6318", + "PkgName": "cracklib-dicts", + "InstalledVersion": "2.9.0-11.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6318", + "Title": "cracklib: Stack-based buffer overflow when parsing large GECOS field", + "Description": "Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V2Score": 1.9, + "V3Score": 4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-updates/2016-08/msg00122.html", + "http://seclists.org/oss-sec/2016/q3/290", + "http://www.openwall.com/lists/oss-security/2016/08/16/2", + "http://www.securityfocus.com/bid/92478", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6318", + "https://security.gentoo.org/glsa/201612-25" + ], + "PublishedDate": "2016-09-07T19:28:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2015-3153", + "PkgName": "curl", + "InstalledVersion": "7.29.0-51.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-3153", + "Title": "curl: sensitive HTTP server headers also sent to proxies", + "Description": "The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + } + }, + "References": [ + "http://curl.haxx.se/docs/adv_20150429.html", + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743", + "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", + "http://lists.opensuse.org/opensuse-updates/2015-05/msg00017.html", + "http://www.debian.org/security/2015/dsa-3240", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", + "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", + "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", + "http://www.securityfocus.com/bid/74408", + "http://www.securitytracker.com/id/1032233", + "http://www.ubuntu.com/usn/USN-2591-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3153", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10131", + "https://support.apple.com/kb/HT205031", + "https://usn.ubuntu.com/usn/usn-2591-1" + ], + "PublishedDate": "2015-05-01T15:59:00Z", + "LastModifiedDate": "2018-10-17T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8615", + "PkgName": "curl", + "InstalledVersion": "7.29.0-51.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8615", + "Title": "curl: Cookie injection for other servers", + "Description": "A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-254" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 4.3, + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8615.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94096", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8615", + "https://curl.haxx.se/CVE-2016-8615.patch", + "https://curl.haxx.se/docs/adv_20161102A.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-08-01T06:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8617", + "PkgName": "curl", + "InstalledVersion": "7.29.0-51.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8617", + "Title": "curl: Out-of-bounds write via unchecked multiplication", + "Description": "The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.4, + "V3Score": 7 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 4.3, + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8617.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94097", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8617", + "https://curl.haxx.se/CVE-2016-8617.patch", + "https://curl.haxx.se/docs/adv_20161102C.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-07-31T22:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8618", + "PkgName": "curl", + "InstalledVersion": "7.29.0-51.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8618", + "Title": "curl: Double-free in curl_maprintf", + "Description": "The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 4.3, + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8618.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94098", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8618", + "https://curl.haxx.se/docs/adv_20161102D.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-07-31T21:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8619", + "PkgName": "curl", + "InstalledVersion": "7.29.0-51.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8619", + "Title": "curl: Double-free in krb5 code", + "Description": "The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 4.3, + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8619.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94100", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8619", + "https://curl.haxx.se/CVE-2016-8619.patch", + "https://curl.haxx.se/docs/adv_20161102E.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-08-01T06:29:00Z", + "LastModifiedDate": "2019-10-09T23:20:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8624", + "PkgName": "curl", + "InstalledVersion": "7.29.0-51.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8624", + "Title": "curl: Invalid URL parsing with '#'", + "Description": "curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 4.3, + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8624.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94103", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8624", + "https://curl.haxx.se/docs/adv_20161102J.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-07-31T21:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8625", + "PkgName": "curl", + "InstalledVersion": "7.29.0-51.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8625", + "Title": "curl: IDNA 2003 makes curl use wrong host", + "Description": "curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 4.3, + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8625.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.securityfocus.com/bid/94107", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8625", + "https://curl.haxx.se/CVE-2016-8625.patch", + "https://curl.haxx.se/docs/adv_20161102K.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8625", + "https://security.gentoo.org/glsa/201701-47", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-08-01T06:29:00Z", + "LastModifiedDate": "2019-10-09T23:20:00Z" + }, + { + "VulnerabilityID": "CVE-2017-1000254", + "PkgName": "curl", + "InstalledVersion": "7.29.0-51.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000254", + "Title": "curl: FTP PWD response parser out of bounds read", + "Description": "libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "http://www.debian.org/security/2017/dsa-3992", + "http://www.securityfocus.com/bid/101115", + "http://www.securitytracker.com/id/1039509", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://curl.haxx.se/673d0cd8.patch", + "https://curl.haxx.se/docs/adv_20171004.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000254", + "https://security.gentoo.org/glsa/201712-04", + "https://support.apple.com/HT208331", + "https://usn.ubuntu.com/usn/usn-3441-1", + "https://usn.ubuntu.com/usn/usn-3441-2" + ], + "PublishedDate": "2017-10-06T13:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-8817", + "PkgName": "curl", + "InstalledVersion": "7.29.0-51.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8817", + "Title": "curl: FTP wildcard out of bounds read", + "Description": "The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", + "V3Score": 3.1 + } + }, + "References": [ + "http://security.cucumberlinux.com/security/details.php?id=162", + "http://www.securityfocus.com/bid/102057", + "http://www.securitytracker.com/id/1039897", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://curl.haxx.se/docs/adv_2017-ae72.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8817", + "https://lists.debian.org/debian-lts-announce/2017/11/msg00040.html", + "https://security.gentoo.org/glsa/201712-04", + "https://usn.ubuntu.com/usn/usn-3498-1", + "https://usn.ubuntu.com/usn/usn-3498-2", + "https://www.debian.org/security/2017/dsa-4051" + ], + "PublishedDate": "2017-11-29T18:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20483", + "PkgName": "curl", + "InstalledVersion": "7.29.0-51.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20483", + "Title": "wget: Information exposure in set_file_metadata function in xattr.c", + "Description": "set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-255" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 2.1, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/wget.git/tree/NEWS", + "http://linux.oracle.com/cve/CVE-2018-20483.html", + "http://linux.oracle.com/errata/ELSA-2019-3701.html", + "http://www.securityfocus.com/bid/106358", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20483", + "https://security.gentoo.org/glsa/201903-08", + "https://security.netapp.com/advisory/ntap-20190321-0002/", + "https://twitter.com/marcan42/status/1077676739877232640", + "https://usn.ubuntu.com/3943-1/", + "https://usn.ubuntu.com/usn/usn-3943-1" + ], + "PublishedDate": "2018-12-26T18:29:00Z", + "LastModifiedDate": "2019-04-09T16:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5482", + "PkgName": "curl", + "InstalledVersion": "7.29.0-51.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5482", + "Title": "curl: heap buffer overflow in function tftp_receive_packet()", + "Description": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-120" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 6.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", + "https://curl.haxx.se/docs/CVE-2019-5482.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", + "https://usn.ubuntu.com/usn/usn-4129-1", + "https://usn.ubuntu.com/usn/usn-4129-2" + ], + "PublishedDate": "2019-09-16T19:15:00Z", + "LastModifiedDate": "2019-09-18T00:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-0755", + "PkgName": "curl", + "InstalledVersion": "7.29.0-51.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-0755", + "Title": "curl: NTLM credentials not-checked for proxy connection re-use", + "Description": "The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.", + "Severity": "LOW", + "CweIDs": [ + "CWE-287" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 5, + "V3Score": 7.3 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", + "V2Score": 4 + } + }, + "References": [ + "http://curl.haxx.se/docs/adv_20160127A.html", + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176546.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177342.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177383.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176413.html", + "http://lists.opensuse.org/opensuse-updates/2016-02/msg00031.html", + "http://lists.opensuse.org/opensuse-updates/2016-02/msg00044.html", + "http://lists.opensuse.org/opensuse-updates/2016-02/msg00047.html", + "http://packetstormsecurity.com/files/135695/Slackware-Security-Advisory-curl-Updates.html", + "http://www.debian.org/security/2016/dsa-3455", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/82307", + "http://www.securitytracker.com/id/1034882", + "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.519965", + "http://www.ubuntu.com/usn/USN-2882-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0755", + "https://security.gentoo.org/glsa/201701-47", + "https://support.apple.com/HT207170", + "https://usn.ubuntu.com/usn/usn-2882-1" + ], + "PublishedDate": "2016-01-29T20:59:00Z", + "LastModifiedDate": "2018-10-17T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8616", + "PkgName": "curl", + "InstalledVersion": "7.29.0-51.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8616", + "Title": "curl: Case insensitive password comparison", + "Description": "A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.", + "Severity": "LOW", + "CweIDs": [ + "CWE-255" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 2.6, + "V3Score": 3.7 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8616.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94094", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8616", + "https://curl.haxx.se/CVE-2016-8616.patch", + "https://curl.haxx.se/docs/adv_20161102B.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-08-01T06:29:00Z", + "LastModifiedDate": "2019-10-09T23:20:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8621", + "PkgName": "curl", + "InstalledVersion": "7.29.0-51.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8621", + "Title": "curl: curl_getdate out-of-bounds read", + "Description": "The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8621.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94101", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8621", + "https://curl.haxx.se/CVE-2016-8621.patch", + "https://curl.haxx.se/docs/adv_20161102G.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-07-31T22:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8622", + "PkgName": "curl", + "InstalledVersion": "7.29.0-51.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8622", + "Title": "curl: URL unescape heap overflow via integer truncation", + "Description": "The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer.", + "Severity": "LOW", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 2.6, + "V3Score": 3.7 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8622.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94105", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8622", + "https://curl.haxx.se/docs/adv_20161102H.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-07-31T21:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8623", + "PkgName": "curl", + "InstalledVersion": "7.29.0-51.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8623", + "Title": "curl: Use-after-free via shared cookies", + "Description": "A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.", + "Severity": "LOW", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 4.3, + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8623.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94106", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8623", + "https://curl.haxx.se/CVE-2016-8623.patch", + "https://curl.haxx.se/docs/adv_20161102I.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-08-01T06:29:00Z", + "LastModifiedDate": "2019-10-09T23:20:00Z" + }, + { + "VulnerabilityID": "CVE-2016-9586", + "PkgName": "curl", + "InstalledVersion": "7.29.0-51.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9586", + "Title": "curl: printf floating point buffer overflow", + "Description": "curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.1 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 2.6, + "V3Score": 5.9 + } + }, + "References": [ + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/95019", + "http://www.securitytracker.com/id/1037515", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9586", + "https://curl.haxx.se/docs/adv_20161221A.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9586", + "https://github.com/curl/curl/commit/curl-7_51_0-162-g3ab3c16", + "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3441-1", + "https://usn.ubuntu.com/usn/usn-3441-2" + ], + "PublishedDate": "2018-04-23T18:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-1000100", + "PkgName": "curl", + "InstalledVersion": "7.29.0-51.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000100", + "Title": "curl: TFTP sends more than buffer size", + "Description": "When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.8 + } + }, + "References": [ + "http://www.debian.org/security/2017/dsa-3992", + "http://www.securityfocus.com/bid/100286", + "http://www.securitytracker.com/id/1039118", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://curl.haxx.se/docs/adv_20170809B.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000100", + "https://security.gentoo.org/glsa/201709-14", + "https://support.apple.com/HT208221", + "https://usn.ubuntu.com/usn/usn-3441-1", + "https://usn.ubuntu.com/usn/usn-3441-2" + ], + "PublishedDate": "2017-10-05T01:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7407", + "PkgName": "curl", + "InstalledVersion": "7.29.0-51.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7407", + "Title": "curl: --write-out out of bounds read", + "Description": "The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 2.1, + "V3Score": 2.4 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", + "V3Score": 1.8 + } + }, + "References": [ + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://curl.haxx.se/docs/adv_20170403.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7407", + "https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13", + "https://security.gentoo.org/glsa/201709-14", + "https://usn.ubuntu.com/usn/usn-3441-1", + "https://usn.ubuntu.com/usn/usn-3441-2" + ], + "PublishedDate": "2017-04-03T20:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-14618", + "PkgName": "curl", + "InstalledVersion": "7.29.0-51.el7", + "FixedVersion": "7.29.0-51.el7_6.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14618", + "Title": "curl: NTLM password overflow via integer overflow", + "Description": "curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 10, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-14618.html", + "http://linux.oracle.com/errata/ELSA-2019-1880.html", + "http://www.securitytracker.com/id/1041605", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618", + "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf", + "https://curl.haxx.se/docs/CVE-2018-14618.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14618", + "https://github.com/curl/curl/issues/2756", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0014", + "https://security.gentoo.org/glsa/201903-03", + "https://usn.ubuntu.com/3765-1/", + "https://usn.ubuntu.com/3765-2/", + "https://usn.ubuntu.com/usn/usn-3765-1", + "https://usn.ubuntu.com/usn/usn-3765-2", + "https://www.debian.org/security/2018/dsa-4286" + ], + "PublishedDate": "2018-09-05T19:29:00Z", + "LastModifiedDate": "2019-04-22T17:48:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16842", + "PkgName": "curl", + "InstalledVersion": "7.29.0-51.el7", + "FixedVersion": "7.29.0-54.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16842", + "Title": "curl: Heap-based buffer over-read in the curl tool warning formatting", + "Description": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", + "V3Score": 3.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16842.html", + "http://linux.oracle.com/errata/ELSA-2019-2181.html", + "http://www.securitytracker.com/id/1042014", + "https://access.redhat.com/errata/RHSA-2019:2181", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842", + "https://curl.haxx.se/docs/CVE-2018-16842.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16842", + "https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211", + "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", + "https://security.gentoo.org/glsa/201903-03", + "https://usn.ubuntu.com/3805-1/", + "https://usn.ubuntu.com/3805-2/", + "https://usn.ubuntu.com/usn/usn-3805-1", + "https://usn.ubuntu.com/usn/usn-3805-2", + "https://www.debian.org/security/2018/dsa-4331" + ], + "PublishedDate": "2018-10-31T19:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5436", + "PkgName": "curl", + "InstalledVersion": "7.29.0-51.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5436", + "Title": "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function", + "Description": "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html", + "https://curl.haxx.se/docs/CVE-2019-5436.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/", + "https://security.netapp.com/advisory/ntap-20190606-0004/", + "https://usn.ubuntu.com/usn/usn-3993-1", + "https://usn.ubuntu.com/usn/usn-3993-2" + ], + "PublishedDate": "2019-05-28T19:29:00Z", + "LastModifiedDate": "2019-06-09T05:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19906", + "PkgName": "cyrus-sasl-lib", + "InstalledVersion": "2.1.26-23.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19906", + "Title": "cyrus-sasl: denial of service in _sasl_add_string function", + "Description": "cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19906", + "https://github.com/cyrusimap/cyrus-sasl/issues/587", + "https://lists.debian.org/debian-lts-announce/2019/12/msg00027.html", + "https://seclists.org/bugtraq/2019/Dec/42", + "https://usn.ubuntu.com/4256-1/", + "https://usn.ubuntu.com/usn/usn-4256-1", + "https://www.debian.org/security/2019/dsa-4591", + "https://www.openldap.org/its/index.cgi/Incoming?id=9123" + ], + "PublishedDate": "2019-12-19T18:15:00Z", + "LastModifiedDate": "2020-01-30T18:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-12749", + "PkgName": "dbus", + "InstalledVersion": "1:1.10.24-12.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12749", + "Title": "dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass", + "Description": "dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-287" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "V2Score": 3.6, + "V3Score": 7.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-12749.html", + "http://linux.oracle.com/errata/ELSA-2019-3707.html", + "http://www.openwall.com/lists/oss-security/2019/06/11/2", + "http://www.securityfocus.com/bid/108751", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12749", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00005.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2CQF37O73VH2JDVX2ILX2KD2KLXLQOU/", + "https://seclists.org/bugtraq/2019/Jun/16", + "https://usn.ubuntu.com/4015-1/", + "https://usn.ubuntu.com/4015-2/", + "https://usn.ubuntu.com/usn/usn-4015-1", + "https://usn.ubuntu.com/usn/usn-4015-2", + "https://www.debian.org/security/2019/dsa-4462", + "https://www.openwall.com/lists/oss-security/2019/06/11/2" + ], + "PublishedDate": "2019-06-11T17:29:00Z", + "LastModifiedDate": "2019-06-14T14:29:00Z" + }, + { + "VulnerabilityID": "CVE-2014-3477", + "PkgName": "dbus", + "InstalledVersion": "1:1.10.24-12.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3477", + "Title": "dbus: denial of service flaw in dbus-daemon", + "Description": "The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P", + "V2Score": 3.6 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2014-0266.html", + "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8\u0026id=24c590703ca47eb71ddef453de43126b90954567", + "http://lists.opensuse.org/opensuse-updates/2014-06/msg00042.html", + "http://lists.opensuse.org/opensuse-updates/2014-07/msg00012.html", + "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", + "http://seclists.org/oss-sec/2014/q2/509", + "http://secunia.com/advisories/59428", + "http://secunia.com/advisories/59611", + "http://secunia.com/advisories/59798", + "http://www.debian.org/security/2014/dsa-2971", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", + "http://www.securityfocus.com/bid/67986", + "https://bugs.freedesktop.org/show_bug.cgi?id=78979", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3477", + "https://usn.ubuntu.com/usn/usn-2275-1" + ], + "PublishedDate": "2014-07-01T17:55:00Z", + "LastModifiedDate": "2015-04-15T02:00:00Z" + }, + { + "VulnerabilityID": "CVE-2014-3532", + "PkgName": "dbus", + "InstalledVersion": "1:1.10.24-12.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3532", + "Title": "dbus: denial of service in file descriptor passing feature", + "Description": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2014-0294.html", + "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", + "http://openwall.com/lists/oss-security/2014/07/02/4", + "http://secunia.com/advisories/59611", + "http://secunia.com/advisories/59798", + "http://secunia.com/advisories/60236", + "http://www.debian.org/security/2014/dsa-2971", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", + "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", + "https://bugs.freedesktop.org/show_bug.cgi?id=80163", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3532", + "https://usn.ubuntu.com/usn/usn-2275-1" + ], + "PublishedDate": "2014-07-19T19:55:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2014-3533", + "PkgName": "dbus", + "InstalledVersion": "1:1.10.24-12.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3533", + "Title": "dbus: denial of service when forwarding invalid file descriptors", + "Description": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2014-0294.html", + "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", + "http://openwall.com/lists/oss-security/2014/07/02/4", + "http://secunia.com/advisories/59611", + "http://secunia.com/advisories/59798", + "http://secunia.com/advisories/60236", + "http://www.debian.org/security/2014/dsa-2971", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", + "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", + "https://bugs.freedesktop.org/show_bug.cgi?id=79694", + "https://bugs.freedesktop.org/show_bug.cgi?id=80469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3533", + "https://usn.ubuntu.com/usn/usn-2275-1" + ], + "PublishedDate": "2014-07-19T19:55:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2014-3635", + "PkgName": "dbus", + "InstalledVersion": "1:1.10.24-12.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3635", + "Title": "dbus: heap-based buffer overflow flaw in file descriptor passing", + "Description": "Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 4.4 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2014-0395.html", + "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", + "http://secunia.com/advisories/61378", + "http://www.debian.org/security/2014/dsa-3026", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", + "http://www.openwall.com/lists/oss-security/2014/09/16/9", + "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "http://www.securitytracker.com/id/1030864", + "http://www.ubuntu.com/usn/USN-2352-1", + "https://bugs.freedesktop.org/show_bug.cgi?id=83622", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3635", + "https://usn.ubuntu.com/usn/usn-2352-1" + ], + "PublishedDate": "2014-09-22T15:55:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2014-3636", + "PkgName": "dbus", + "InstalledVersion": "1:1.10.24-12.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3636", + "Title": "dbus: denial of service by queuing or splitting file descriptors", + "Description": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 1.9 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2014-0395.html", + "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", + "http://secunia.com/advisories/61378", + "http://www.debian.org/security/2014/dsa-3026", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", + "http://www.openwall.com/lists/oss-security/2014/09/16/9", + "http://www.securitytracker.com/id/1030864", + "http://www.ubuntu.com/usn/USN-2352-1", + "https://bugs.freedesktop.org/show_bug.cgi?id=82820", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3636", + "https://usn.ubuntu.com/usn/usn-2352-1" + ], + "PublishedDate": "2014-10-25T20:55:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2014-3637", + "PkgName": "dbus", + "InstalledVersion": "1:1.10.24-12.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3637", + "Title": "dbus: denial of service by creating unkillable D-Bus connections", + "Description": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.", + "Severity": "LOW", + "CweIDs": [ + "CWE-17" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2014-0395.html", + "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", + "http://secunia.com/advisories/61378", + "http://www.debian.org/security/2014/dsa-3026", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", + "http://www.openwall.com/lists/oss-security/2014/09/16/9", + "http://www.openwall.com/lists/oss-security/2019/06/24/13", + "http://www.openwall.com/lists/oss-security/2019/06/24/14", + "http://www.securitytracker.com/id/1030864", + "http://www.ubuntu.com/usn/USN-2352-1", + "https://bugs.freedesktop.org/show_bug.cgi?id=80559", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3637", + "https://usn.ubuntu.com/usn/usn-2352-1" + ], + "PublishedDate": "2014-09-22T15:55:00Z", + "LastModifiedDate": "2019-06-24T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2014-3638", + "PkgName": "dbus", + "InstalledVersion": "1:1.10.24-12.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3638", + "Title": "dbus: denial of service in method call handling", + "Description": "The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2014-0395.html", + "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html", + "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", + "http://secunia.com/advisories/61378", + "http://secunia.com/advisories/61431", + "http://www.debian.org/security/2014/dsa-3026", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", + "http://www.openwall.com/lists/oss-security/2014/09/16/9", + "http://www.securitytracker.com/id/1030864", + "http://www.ubuntu.com/usn/USN-2352-1", + "https://bugs.freedesktop.org/show_bug.cgi?id=81053", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3638", + "https://usn.ubuntu.com/usn/usn-2352-1" + ], + "PublishedDate": "2014-09-22T15:55:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2014-3639", + "PkgName": "dbus", + "InstalledVersion": "1:1.10.24-12.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3639", + "Title": "dbus: denial of service flaw in incomplete connection handling", + "Description": "The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2014-0395.html", + "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html", + "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", + "http://secunia.com/advisories/61378", + "http://secunia.com/advisories/61431", + "http://www.debian.org/security/2014/dsa-3026", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", + "http://www.openwall.com/lists/oss-security/2014/09/16/9", + "http://www.securitytracker.com/id/1030864", + "http://www.ubuntu.com/usn/USN-2352-1", + "https://bugs.freedesktop.org/show_bug.cgi?id=80919", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3639", + "https://usn.ubuntu.com/usn/usn-2352-1" + ], + "PublishedDate": "2014-09-22T15:55:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2015-0245", + "PkgName": "dbus", + "InstalledVersion": "1:1.10.24-12.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-0245", + "Title": "dbus: denial of service in dbus systemd activation", + "Description": "D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds.", + "Severity": "LOW", + "CweIDs": [ + "CWE-362" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 1.9 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 1.9 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2015-0071.html", + "http://lists.opensuse.org/opensuse-updates/2015-02/msg00066.html", + "http://www.debian.org/security/2015/dsa-3161", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", + "http://www.openwall.com/lists/oss-security/2015/02/09/6", + "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0245", + "https://usn.ubuntu.com/usn/usn-3116-1" + ], + "PublishedDate": "2015-02-13T15:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2019-12749", + "PkgName": "dbus-libs", + "InstalledVersion": "1:1.10.24-12.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12749", + "Title": "dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass", + "Description": "dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-287" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "V2Score": 3.6, + "V3Score": 7.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-12749.html", + "http://linux.oracle.com/errata/ELSA-2019-3707.html", + "http://www.openwall.com/lists/oss-security/2019/06/11/2", + "http://www.securityfocus.com/bid/108751", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12749", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00005.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2CQF37O73VH2JDVX2ILX2KD2KLXLQOU/", + "https://seclists.org/bugtraq/2019/Jun/16", + "https://usn.ubuntu.com/4015-1/", + "https://usn.ubuntu.com/4015-2/", + "https://usn.ubuntu.com/usn/usn-4015-1", + "https://usn.ubuntu.com/usn/usn-4015-2", + "https://www.debian.org/security/2019/dsa-4462", + "https://www.openwall.com/lists/oss-security/2019/06/11/2" + ], + "PublishedDate": "2019-06-11T17:29:00Z", + "LastModifiedDate": "2019-06-14T14:29:00Z" + }, + { + "VulnerabilityID": "CVE-2014-3477", + "PkgName": "dbus-libs", + "InstalledVersion": "1:1.10.24-12.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3477", + "Title": "dbus: denial of service flaw in dbus-daemon", + "Description": "The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P", + "V2Score": 3.6 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2014-0266.html", + "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8\u0026id=24c590703ca47eb71ddef453de43126b90954567", + "http://lists.opensuse.org/opensuse-updates/2014-06/msg00042.html", + "http://lists.opensuse.org/opensuse-updates/2014-07/msg00012.html", + "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", + "http://seclists.org/oss-sec/2014/q2/509", + "http://secunia.com/advisories/59428", + "http://secunia.com/advisories/59611", + "http://secunia.com/advisories/59798", + "http://www.debian.org/security/2014/dsa-2971", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", + "http://www.securityfocus.com/bid/67986", + "https://bugs.freedesktop.org/show_bug.cgi?id=78979", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3477", + "https://usn.ubuntu.com/usn/usn-2275-1" + ], + "PublishedDate": "2014-07-01T17:55:00Z", + "LastModifiedDate": "2015-04-15T02:00:00Z" + }, + { + "VulnerabilityID": "CVE-2014-3532", + "PkgName": "dbus-libs", + "InstalledVersion": "1:1.10.24-12.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3532", + "Title": "dbus: denial of service in file descriptor passing feature", + "Description": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2014-0294.html", + "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", + "http://openwall.com/lists/oss-security/2014/07/02/4", + "http://secunia.com/advisories/59611", + "http://secunia.com/advisories/59798", + "http://secunia.com/advisories/60236", + "http://www.debian.org/security/2014/dsa-2971", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", + "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", + "https://bugs.freedesktop.org/show_bug.cgi?id=80163", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3532", + "https://usn.ubuntu.com/usn/usn-2275-1" + ], + "PublishedDate": "2014-07-19T19:55:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2014-3533", + "PkgName": "dbus-libs", + "InstalledVersion": "1:1.10.24-12.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3533", + "Title": "dbus: denial of service when forwarding invalid file descriptors", + "Description": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2014-0294.html", + "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", + "http://openwall.com/lists/oss-security/2014/07/02/4", + "http://secunia.com/advisories/59611", + "http://secunia.com/advisories/59798", + "http://secunia.com/advisories/60236", + "http://www.debian.org/security/2014/dsa-2971", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", + "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", + "https://bugs.freedesktop.org/show_bug.cgi?id=79694", + "https://bugs.freedesktop.org/show_bug.cgi?id=80469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3533", + "https://usn.ubuntu.com/usn/usn-2275-1" + ], + "PublishedDate": "2014-07-19T19:55:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2014-3635", + "PkgName": "dbus-libs", + "InstalledVersion": "1:1.10.24-12.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3635", + "Title": "dbus: heap-based buffer overflow flaw in file descriptor passing", + "Description": "Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 4.4 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2014-0395.html", + "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", + "http://secunia.com/advisories/61378", + "http://www.debian.org/security/2014/dsa-3026", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", + "http://www.openwall.com/lists/oss-security/2014/09/16/9", + "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "http://www.securitytracker.com/id/1030864", + "http://www.ubuntu.com/usn/USN-2352-1", + "https://bugs.freedesktop.org/show_bug.cgi?id=83622", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3635", + "https://usn.ubuntu.com/usn/usn-2352-1" + ], + "PublishedDate": "2014-09-22T15:55:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2014-3636", + "PkgName": "dbus-libs", + "InstalledVersion": "1:1.10.24-12.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3636", + "Title": "dbus: denial of service by queuing or splitting file descriptors", + "Description": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 1.9 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2014-0395.html", + "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", + "http://secunia.com/advisories/61378", + "http://www.debian.org/security/2014/dsa-3026", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", + "http://www.openwall.com/lists/oss-security/2014/09/16/9", + "http://www.securitytracker.com/id/1030864", + "http://www.ubuntu.com/usn/USN-2352-1", + "https://bugs.freedesktop.org/show_bug.cgi?id=82820", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3636", + "https://usn.ubuntu.com/usn/usn-2352-1" + ], + "PublishedDate": "2014-10-25T20:55:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2014-3637", + "PkgName": "dbus-libs", + "InstalledVersion": "1:1.10.24-12.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3637", + "Title": "dbus: denial of service by creating unkillable D-Bus connections", + "Description": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.", + "Severity": "LOW", + "CweIDs": [ + "CWE-17" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2014-0395.html", + "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", + "http://secunia.com/advisories/61378", + "http://www.debian.org/security/2014/dsa-3026", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", + "http://www.openwall.com/lists/oss-security/2014/09/16/9", + "http://www.openwall.com/lists/oss-security/2019/06/24/13", + "http://www.openwall.com/lists/oss-security/2019/06/24/14", + "http://www.securitytracker.com/id/1030864", + "http://www.ubuntu.com/usn/USN-2352-1", + "https://bugs.freedesktop.org/show_bug.cgi?id=80559", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3637", + "https://usn.ubuntu.com/usn/usn-2352-1" + ], + "PublishedDate": "2014-09-22T15:55:00Z", + "LastModifiedDate": "2019-06-24T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2014-3638", + "PkgName": "dbus-libs", + "InstalledVersion": "1:1.10.24-12.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3638", + "Title": "dbus: denial of service in method call handling", + "Description": "The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2014-0395.html", + "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html", + "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", + "http://secunia.com/advisories/61378", + "http://secunia.com/advisories/61431", + "http://www.debian.org/security/2014/dsa-3026", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", + "http://www.openwall.com/lists/oss-security/2014/09/16/9", + "http://www.securitytracker.com/id/1030864", + "http://www.ubuntu.com/usn/USN-2352-1", + "https://bugs.freedesktop.org/show_bug.cgi?id=81053", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3638", + "https://usn.ubuntu.com/usn/usn-2352-1" + ], + "PublishedDate": "2014-09-22T15:55:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2014-3639", + "PkgName": "dbus-libs", + "InstalledVersion": "1:1.10.24-12.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3639", + "Title": "dbus: denial of service flaw in incomplete connection handling", + "Description": "The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2014-0395.html", + "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html", + "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", + "http://secunia.com/advisories/61378", + "http://secunia.com/advisories/61431", + "http://www.debian.org/security/2014/dsa-3026", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", + "http://www.openwall.com/lists/oss-security/2014/09/16/9", + "http://www.securitytracker.com/id/1030864", + "http://www.ubuntu.com/usn/USN-2352-1", + "https://bugs.freedesktop.org/show_bug.cgi?id=80919", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3639", + "https://usn.ubuntu.com/usn/usn-2352-1" + ], + "PublishedDate": "2014-09-22T15:55:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2015-0245", + "PkgName": "dbus-libs", + "InstalledVersion": "1:1.10.24-12.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-0245", + "Title": "dbus: denial of service in dbus systemd activation", + "Description": "D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds.", + "Severity": "LOW", + "CweIDs": [ + "CWE-362" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 1.9 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 1.9 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2015-0071.html", + "http://lists.opensuse.org/opensuse-updates/2015-02/msg00066.html", + "http://www.debian.org/security/2015/dsa-3161", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", + "http://www.openwall.com/lists/oss-security/2015/02/09/6", + "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0245", + "https://usn.ubuntu.com/usn/usn-3116-1" + ], + "PublishedDate": "2015-02-13T15:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4484", + "PkgName": "dracut", + "InstalledVersion": "033-554.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4484", + "Title": "dracut: Brute force attack on LUKS password decryption via initramfs", + "Description": "The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-287" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 6.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 6.8 + } + }, + "References": [ + "http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html", + "http://www.openwall.com/lists/oss-security/2016/11/14/13", + "http://www.openwall.com/lists/oss-security/2016/11/15/1", + "http://www.openwall.com/lists/oss-security/2016/11/15/4", + "http://www.openwall.com/lists/oss-security/2016/11/16/6", + "http://www.securityfocus.com/bid/94315", + "https://access.redhat.com/articles/2786581", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4484", + "https://gitlab.com/cryptsetup/cryptsetup/commit/ef8a7d82d8d3716ae9b58179590f7908981fa0cb" + ], + "PublishedDate": "2017-01-23T21:59:00Z", + "LastModifiedDate": "2017-01-26T02:59:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10254", + "PkgName": "elfutils-default-yama-scope", + "InstalledVersion": "0.172-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10254", + "Title": "elfutils: Memory allocation failure in allocate_elf", + "Description": "The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2017/03/22/2", + "https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-allocate_elf-common-h/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10254", + "https://lists.fedorahosted.org/archives/list/elfutils-devel@lists.fedorahosted.org/message/EJWVY7TMRDEMWPAPNVU3V4MZYG5HANF2/", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-03-23T16:59:00Z", + "LastModifiedDate": "2018-06-07T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10255", + "PkgName": "elfutils-default-yama-scope", + "InstalledVersion": "0.172-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10255", + "Title": "elfutils: Memory allocation failure in __libelf_set_rawdata_wrlock (elf_getdata.c)", + "Description": "The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2017/03/22/1", + "https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-__libelf_set_rawdata_wrlock-elf_getdata-c/", + "https://bugzilla.redhat.com/show_bug.cgi?id=1387584", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10255", + "https://lists.fedorahosted.org/archives/list/elfutils-devel@lists.fedorahosted.org/thread/Q4LE47FPEVRZANMV6JE2NMHYO4H5MHGJ/", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-03-23T16:59:00Z", + "LastModifiedDate": "2018-06-07T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7607", + "PkgName": "elfutils-default-yama-scope", + "InstalledVersion": "0.172-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7607", + "Title": "elfutils: Heap-buffer overflow in the handle_gnu_hash function", + "Description": "The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "http://www.securityfocus.com/bid/98608", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7607", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7608", + "PkgName": "elfutils-default-yama-scope", + "InstalledVersion": "0.172-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7608", + "Title": "elfutils: Heap-buffer overflow in the ebl_object_note_type_name function", + "Description": "The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "http://www.securityfocus.com/bid/98609", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7608", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7609", + "PkgName": "elfutils-default-yama-scope", + "InstalledVersion": "0.172-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7609", + "Title": "elfutils: Memory allocation failure in elf_compress.c", + "Description": "elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7609", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2018-06-07T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7610", + "PkgName": "elfutils-default-yama-scope", + "InstalledVersion": "0.172-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7610", + "Title": "elfutils: Heap-buffer overflow in the check_group function", + "Description": "The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7610", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7611", + "PkgName": "elfutils-default-yama-scope", + "InstalledVersion": "0.172-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7611", + "Title": "elfutils: Heap-buffer overflow in the check_symtab_shndx function", + "Description": "The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7611", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7612", + "PkgName": "elfutils-default-yama-scope", + "InstalledVersion": "0.172-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7612", + "Title": "elfutils: Heap-buffer overflow in the check_sysv_hash function", + "Description": "The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7612", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7613", + "PkgName": "elfutils-default-yama-scope", + "InstalledVersion": "0.172-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7613", + "Title": "elfutils: elflint.c does not validate the number of sections and segments", + "Description": "elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7613", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2019-06-20T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16062", + "PkgName": "elfutils-default-yama-scope", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16062", + "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file", + "Description": "dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16062.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://access.redhat.com/errata/RHSA-2019:2197", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23541", + "https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-08-29T03:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16402", + "PkgName": "elfutils-default-yama-scope", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16402", + "Title": "elfutils: Double-free due to double decompression of sections in crafted ELF causes crash", + "Description": "libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.", + "Severity": "LOW", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16402.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16402", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23528", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-09-03T19:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16403", + "PkgName": "elfutils-default-yama-scope", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16403", + "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash", + "Description": "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16403.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://access.redhat.com/errata/RHSA-2019:2197", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16403", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23529", + "https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-09-03T19:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18310", + "PkgName": "elfutils-default-yama-scope", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18310", + "Title": "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl", + "Description": "An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-18310.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23752", + "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-10-15T02:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18520", + "PkgName": "elfutils-default-yama-scope", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18520", + "Title": "elfutils: eu-size cannot handle recursive ar files", + "Description": "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-18520.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23787", + "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-10-19T17:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18521", + "PkgName": "elfutils-default-yama-scope", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18521", + "Title": "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c", + "Description": "Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.", + "Severity": "LOW", + "CweIDs": [ + "CWE-369" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-18521.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23786", + "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-10-19T17:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7149", + "PkgName": "elfutils-default-yama-scope", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7149", + "Title": "elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw", + "Description": "A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7149.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7149", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24102", + "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2019-01-29T00:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7150", + "PkgName": "elfutils-default-yama-scope", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7150", + "Title": "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c", + "Description": "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7150.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24103", + "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2019-01-29T00:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7664", + "PkgName": "elfutils-default-yama-scope", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7664", + "Title": "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h", + "Description": "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7664.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://access.redhat.com/errata/RHSA-2019:2197", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24084" + ], + "PublishedDate": "2019-02-09T16:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7665", + "PkgName": "elfutils-default-yama-scope", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7665", + "Title": "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c", + "Description": "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7665.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24089", + "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2019-02-09T16:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10254", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10254", + "Title": "elfutils: Memory allocation failure in allocate_elf", + "Description": "The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2017/03/22/2", + "https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-allocate_elf-common-h/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10254", + "https://lists.fedorahosted.org/archives/list/elfutils-devel@lists.fedorahosted.org/message/EJWVY7TMRDEMWPAPNVU3V4MZYG5HANF2/", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-03-23T16:59:00Z", + "LastModifiedDate": "2018-06-07T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10255", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10255", + "Title": "elfutils: Memory allocation failure in __libelf_set_rawdata_wrlock (elf_getdata.c)", + "Description": "The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2017/03/22/1", + "https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-__libelf_set_rawdata_wrlock-elf_getdata-c/", + "https://bugzilla.redhat.com/show_bug.cgi?id=1387584", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10255", + "https://lists.fedorahosted.org/archives/list/elfutils-devel@lists.fedorahosted.org/thread/Q4LE47FPEVRZANMV6JE2NMHYO4H5MHGJ/", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-03-23T16:59:00Z", + "LastModifiedDate": "2018-06-07T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7607", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7607", + "Title": "elfutils: Heap-buffer overflow in the handle_gnu_hash function", + "Description": "The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "http://www.securityfocus.com/bid/98608", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7607", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7608", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7608", + "Title": "elfutils: Heap-buffer overflow in the ebl_object_note_type_name function", + "Description": "The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "http://www.securityfocus.com/bid/98609", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7608", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7609", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7609", + "Title": "elfutils: Memory allocation failure in elf_compress.c", + "Description": "elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7609", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2018-06-07T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7610", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7610", + "Title": "elfutils: Heap-buffer overflow in the check_group function", + "Description": "The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7610", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7611", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7611", + "Title": "elfutils: Heap-buffer overflow in the check_symtab_shndx function", + "Description": "The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7611", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7612", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7612", + "Title": "elfutils: Heap-buffer overflow in the check_sysv_hash function", + "Description": "The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7612", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7613", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7613", + "Title": "elfutils: elflint.c does not validate the number of sections and segments", + "Description": "elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7613", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2019-06-20T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16062", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16062", + "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file", + "Description": "dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16062.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://access.redhat.com/errata/RHSA-2019:2197", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23541", + "https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-08-29T03:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16402", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16402", + "Title": "elfutils: Double-free due to double decompression of sections in crafted ELF causes crash", + "Description": "libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.", + "Severity": "LOW", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16402.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16402", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23528", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-09-03T19:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16403", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16403", + "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash", + "Description": "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16403.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://access.redhat.com/errata/RHSA-2019:2197", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16403", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23529", + "https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-09-03T19:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18310", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18310", + "Title": "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl", + "Description": "An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-18310.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23752", + "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-10-15T02:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18520", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18520", + "Title": "elfutils: eu-size cannot handle recursive ar files", + "Description": "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-18520.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23787", + "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-10-19T17:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18521", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18521", + "Title": "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c", + "Description": "Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.", + "Severity": "LOW", + "CweIDs": [ + "CWE-369" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-18521.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23786", + "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-10-19T17:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7149", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7149", + "Title": "elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw", + "Description": "A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7149.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7149", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24102", + "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2019-01-29T00:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7150", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7150", + "Title": "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c", + "Description": "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7150.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24103", + "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2019-01-29T00:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7664", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7664", + "Title": "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h", + "Description": "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7664.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://access.redhat.com/errata/RHSA-2019:2197", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24084" + ], + "PublishedDate": "2019-02-09T16:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7665", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7665", + "Title": "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c", + "Description": "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7665.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24089", + "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2019-02-09T16:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10254", + "PkgName": "elfutils-libs", + "InstalledVersion": "0.172-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10254", + "Title": "elfutils: Memory allocation failure in allocate_elf", + "Description": "The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2017/03/22/2", + "https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-allocate_elf-common-h/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10254", + "https://lists.fedorahosted.org/archives/list/elfutils-devel@lists.fedorahosted.org/message/EJWVY7TMRDEMWPAPNVU3V4MZYG5HANF2/", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-03-23T16:59:00Z", + "LastModifiedDate": "2018-06-07T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10255", + "PkgName": "elfutils-libs", + "InstalledVersion": "0.172-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10255", + "Title": "elfutils: Memory allocation failure in __libelf_set_rawdata_wrlock (elf_getdata.c)", + "Description": "The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2017/03/22/1", + "https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-__libelf_set_rawdata_wrlock-elf_getdata-c/", + "https://bugzilla.redhat.com/show_bug.cgi?id=1387584", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10255", + "https://lists.fedorahosted.org/archives/list/elfutils-devel@lists.fedorahosted.org/thread/Q4LE47FPEVRZANMV6JE2NMHYO4H5MHGJ/", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-03-23T16:59:00Z", + "LastModifiedDate": "2018-06-07T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7607", + "PkgName": "elfutils-libs", + "InstalledVersion": "0.172-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7607", + "Title": "elfutils: Heap-buffer overflow in the handle_gnu_hash function", + "Description": "The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "http://www.securityfocus.com/bid/98608", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7607", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7608", + "PkgName": "elfutils-libs", + "InstalledVersion": "0.172-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7608", + "Title": "elfutils: Heap-buffer overflow in the ebl_object_note_type_name function", + "Description": "The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "http://www.securityfocus.com/bid/98609", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7608", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7609", + "PkgName": "elfutils-libs", + "InstalledVersion": "0.172-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7609", + "Title": "elfutils: Memory allocation failure in elf_compress.c", + "Description": "elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7609", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2018-06-07T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7610", + "PkgName": "elfutils-libs", + "InstalledVersion": "0.172-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7610", + "Title": "elfutils: Heap-buffer overflow in the check_group function", + "Description": "The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7610", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7611", + "PkgName": "elfutils-libs", + "InstalledVersion": "0.172-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7611", + "Title": "elfutils: Heap-buffer overflow in the check_symtab_shndx function", + "Description": "The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7611", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7612", + "PkgName": "elfutils-libs", + "InstalledVersion": "0.172-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7612", + "Title": "elfutils: Heap-buffer overflow in the check_sysv_hash function", + "Description": "The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7612", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7613", + "PkgName": "elfutils-libs", + "InstalledVersion": "0.172-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7613", + "Title": "elfutils: elflint.c does not validate the number of sections and segments", + "Description": "elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7613", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2019-06-20T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16062", + "PkgName": "elfutils-libs", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16062", + "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file", + "Description": "dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16062.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://access.redhat.com/errata/RHSA-2019:2197", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23541", + "https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-08-29T03:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16402", + "PkgName": "elfutils-libs", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16402", + "Title": "elfutils: Double-free due to double decompression of sections in crafted ELF causes crash", + "Description": "libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.", + "Severity": "LOW", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16402.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16402", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23528", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-09-03T19:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16403", + "PkgName": "elfutils-libs", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16403", + "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash", + "Description": "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16403.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://access.redhat.com/errata/RHSA-2019:2197", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16403", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23529", + "https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-09-03T19:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18310", + "PkgName": "elfutils-libs", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18310", + "Title": "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl", + "Description": "An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-18310.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23752", + "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-10-15T02:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18520", + "PkgName": "elfutils-libs", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18520", + "Title": "elfutils: eu-size cannot handle recursive ar files", + "Description": "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-18520.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23787", + "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-10-19T17:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18521", + "PkgName": "elfutils-libs", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18521", + "Title": "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c", + "Description": "Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.", + "Severity": "LOW", + "CweIDs": [ + "CWE-369" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-18521.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23786", + "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-10-19T17:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7149", + "PkgName": "elfutils-libs", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7149", + "Title": "elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw", + "Description": "A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7149.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7149", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24102", + "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2019-01-29T00:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7150", + "PkgName": "elfutils-libs", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7150", + "Title": "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c", + "Description": "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7150.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24103", + "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2019-01-29T00:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7664", + "PkgName": "elfutils-libs", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7664", + "Title": "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h", + "Description": "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7664.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://access.redhat.com/errata/RHSA-2019:2197", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24084" + ], + "PublishedDate": "2019-02-09T16:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7665", + "PkgName": "elfutils-libs", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7665", + "Title": "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c", + "Description": "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7665.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24089", + "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2019-02-09T16:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2012-6702", + "PkgName": "expat", + "InstalledVersion": "2.1.0-10.el7_3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2012-6702", + "Title": "expat: Using XML_Parse before rand() results into non-random output", + "Description": "Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + } + }, + "References": [ + "http://seclists.org/oss-sec/2016/q2/468", + "http://www.debian.org/security/2016/dsa-3597", + "http://www.openwall.com/lists/oss-security/2016/06/03/8", + "http://www.openwall.com/lists/oss-security/2016/06/04/1", + "http://www.securityfocus.com/bid/91483", + "http://www.ubuntu.com/usn/USN-3010-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6702", + "https://security.gentoo.org/glsa/201701-21", + "https://source.android.com/security/bulletin/2016-11-01.html", + "https://usn.ubuntu.com/usn/usn-3010-1", + "https://usn.ubuntu.com/usn/usn-3013-1", + "https://www.tenable.com/security/tns-2016-20" + ], + "PublishedDate": "2016-06-16T18:59:00Z", + "LastModifiedDate": "2019-01-18T17:55:00Z" + }, + { + "VulnerabilityID": "CVE-2013-0340", + "PkgName": "expat", + "InstalledVersion": "2.1.0-10.el7_3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-0340", + "Title": "expat: internal entity expansion", + "Description": "expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2013/02/22/3", + "http://securitytracker.com/id?1028213", + "http://www.openwall.com/lists/oss-security/2013/04/12/6", + "http://www.osvdb.org/90634", + "http://www.securityfocus.com/bid/58233", + "https://security.gentoo.org/glsa/201701-21" + ], + "PublishedDate": "2014-01-21T18:55:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-2716", + "PkgName": "expat", + "InstalledVersion": "2.1.0-10.el7_3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2716", + "Title": "Mozilla: Buffer overflow when parsing compressed XML (MFSA 2015-54)", + "Description": "Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2015-2716.html", + "http://linux.oracle.com/errata/ELSA-2015-1012.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html", + "http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html", + "http://rhn.redhat.com/errata/RHSA-2015-0988.html", + "http://rhn.redhat.com/errata/RHSA-2015-1012.html", + "http://www.debian.org/security/2015/dsa-3260", + "http://www.debian.org/security/2015/dsa-3264", + "http://www.mozilla.org/security/announce/2015/mfsa2015-54.html", + "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "http://www.securityfocus.com/bid/74611", + "http://www.ubuntu.com/usn/USN-2602-1", + "http://www.ubuntu.com/usn/USN-2603-1", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1140537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2716", + "https://hg.mozilla.org/releases/mozilla-esr31/rev/2f3e78643f5c", + "https://security.gentoo.org/glsa/201605-06", + "https://usn.ubuntu.com/usn/usn-2602-1", + "https://usn.ubuntu.com/usn/usn-2603-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2015-54/", + "https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7", + "https://www.tenable.com/security/tns-2016-20" + ], + "PublishedDate": "2015-05-14T10:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4472", + "PkgName": "expat", + "InstalledVersion": "2.1.0-10.el7_3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4472", + "Title": "expat: Undefined behavior and pointer overflows", + "Description": "The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.1 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", + "V2Score": 5.1 + } + }, + "References": [ + "http://www.securityfocus.com/bid/91528", + "http://www.ubuntu.com/usn/USN-3013-1", + "https://bugzilla.redhat.com/show_bug.cgi?id=1344251", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4472", + "https://security.gentoo.org/glsa/201701-21", + "https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde", + "https://usn.ubuntu.com/usn/usn-3013-1", + "https://www.tenable.com/security/tns-2016-20" + ], + "PublishedDate": "2016-06-30T17:59:00Z", + "LastModifiedDate": "2017-11-03T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-5300", + "PkgName": "expat", + "InstalledVersion": "2.1.0-10.el7_3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5300", + "Title": "expat: Little entropy used for hash initialization", + "Description": "The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 7.8, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://seclists.org/oss-sec/2016/q2/468", + "http://www.debian.org/security/2016/dsa-3597", + "http://www.openwall.com/lists/oss-security/2016/06/04/4", + "http://www.openwall.com/lists/oss-security/2016/06/04/5", + "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", + "http://www.securityfocus.com/bid/91159", + "http://www.ubuntu.com/usn/USN-3010-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5300", + "https://security.gentoo.org/glsa/201701-21", + "https://source.android.com/security/bulletin/2016-11-01.html", + "https://usn.ubuntu.com/usn/usn-3010-1", + "https://usn.ubuntu.com/usn/usn-3013-1", + "https://www.tenable.com/security/tns-2016-20" + ], + "PublishedDate": "2016-06-16T18:59:00Z", + "LastModifiedDate": "2019-01-23T12:59:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9233", + "PkgName": "expat", + "InstalledVersion": "2.1.0-10.el7_3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9233", + "Title": "expat: Inifinite loop due to invalid XML in external entity", + "Description": "XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-611", + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.debian.org/security/2017/dsa-3898", + "http://www.openwall.com/lists/oss-security/2017/06/17/7", + "http://www.securityfocus.com/bid/99276", + "http://www.securitytracker.com/id/1039427", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9233", + "https://github.com/libexpat/libexpat/blob/master/expat/Changes", + "https://libexpat.github.io/doc/cve-2017-9233/", + "https://support.apple.com/HT208112", + "https://support.apple.com/HT208113", + "https://support.apple.com/HT208115", + "https://support.apple.com/HT208144", + "https://support.f5.com/csp/article/K03244804", + "https://usn.ubuntu.com/usn/usn-3356-1", + "https://usn.ubuntu.com/usn/usn-3356-2" + ], + "PublishedDate": "2017-07-25T20:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20843", + "PkgName": "expat", + "InstalledVersion": "2.1.0-10.el7_3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20843", + "Title": "expat: large number of colons in input makes parser consume high amount of resources, leading to DoS", + "Description": "In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-611" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 7.8, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931031", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20843", + "https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes", + "https://github.com/libexpat/libexpat/issues/186", + "https://github.com/libexpat/libexpat/pull/262", + "https://github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00028.html", + "https://seclists.org/bugtraq/2019/Jun/39", + "https://security.netapp.com/advisory/ntap-20190703-0001/", + "https://usn.ubuntu.com/4040-1/", + "https://usn.ubuntu.com/4040-2/", + "https://usn.ubuntu.com/usn/usn-4040-1", + "https://usn.ubuntu.com/usn/usn-4040-2", + "https://www.debian.org/security/2019/dsa-4472" + ], + "PublishedDate": "2019-06-24T17:15:00Z", + "LastModifiedDate": "2019-06-26T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-9063", + "PkgName": "expat", + "InstalledVersion": "2.1.0-10.el7_3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9063", + "Title": "firefox: Possible integer overflow to fix inside XML_Parse in Expat", + "Description": "An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox \u003c 50.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V2Score": 4.3, + "V3Score": 3.1 + } + }, + "References": [ + "http://www.securityfocus.com/bid/94337", + "http://www.securitytracker.com/id/1037298", + "http://www.securitytracker.com/id/1039427", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1274777", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063", + "https://usn.ubuntu.com/usn/usn-3124-1", + "https://www.debian.org/security/2017/dsa-3898", + "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/", + "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9063", + "https://www.mozilla.org/security/advisories/mfsa2016-89/" + ], + "PublishedDate": "2018-06-11T21:29:00Z", + "LastModifiedDate": "2018-07-30T18:31:00Z" + }, + { + "VulnerabilityID": "CVE-2019-15903", + "PkgName": "expat", + "InstalledVersion": "2.1.0-10.el7_3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-15903", + "Title": "expat: heap-based buffer over-read via crafted XML input", + "Description": "In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.", + "Severity": "LOW", + "CweIDs": [ + "CWE-611" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-15903.html", + "http://linux.oracle.com/errata/ELSA-2019-3237.html", + "http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903", + "https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43", + "https://github.com/libexpat/libexpat/issues/317", + "https://github.com/libexpat/libexpat/issues/342", + "https://github.com/libexpat/libexpat/pull/318", + "https://seclists.org/bugtraq/2019/Sep/30", + "https://usn.ubuntu.com/4132-1/", + "https://usn.ubuntu.com/4132-2/", + "https://usn.ubuntu.com/usn/usn-4132-1", + "https://usn.ubuntu.com/usn/usn-4132-2", + "https://usn.ubuntu.com/usn/usn-4165-1", + "https://usn.ubuntu.com/usn/usn-4202-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-15903" + ], + "PublishedDate": "2019-09-04T06:15:00Z", + "LastModifiedDate": "2019-09-12T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2014-9620", + "PkgName": "file-libs", + "InstalledVersion": "5.11-35.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9620", + "Title": "file: limit the number of ELF notes processed", + "Description": "The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 1.9 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2015-0040.html", + "http://linux.oracle.com/cve/CVE-2014-9620.html", + "http://linux.oracle.com/errata/ELSA-2016-0760.html", + "http://mx.gw.com/pipermail/file/2014/001653.html", + "http://mx.gw.com/pipermail/file/2015/001660.html", + "http://rhn.redhat.com/errata/RHSA-2016-0760.html", + "http://www.debian.org/security/2015/dsa-3121", + "http://www.openwall.com/lists/oss-security/2015/01/17/9", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "http://www.securityfocus.com/bid/71715", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9620", + "https://github.com/file/file/commit/ce90e05774dd77d86cfc8dfa6da57b32816841c4", + "https://security.gentoo.org/glsa/201503-08", + "https://usn.ubuntu.com/3686-1/", + "https://usn.ubuntu.com/usn/usn-3686-1" + ], + "PublishedDate": "2015-01-21T18:59:00Z", + "LastModifiedDate": "2018-06-16T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8865", + "PkgName": "file-libs", + "InstalledVersion": "5.11-35.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8865", + "Title": "file: Buffer over-write in finfo_open with malformed magic file", + "Description": "The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 7.3 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 5.1, + "V3Score": 5.6 + } + }, + "References": [ + "http://bugs.gw.com/view.php?id=522", + "http://git.php.net/?p=php-src.git;a=commit;h=fe13566c93f118a15a96320a546c7878fd0cfc5e", + "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html", + "http://rhn.redhat.com/errata/RHSA-2016-2750.html", + "http://www.debian.org/security/2016/dsa-3560", + "http://www.openwall.com/lists/oss-security/2016/04/11/7", + "http://www.openwall.com/lists/oss-security/2016/04/24/1", + "http://www.php.net/ChangeLog-5.php", + "http://www.php.net/ChangeLog-7.php", + "http://www.securityfocus.com/bid/85802", + "http://www.ubuntu.com/usn/USN-2952-1", + "http://www.ubuntu.com/usn/USN-2952-2", + "https://bugs.php.net/bug.php?id=71527", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8865", + "https://github.com/file/file/commit/6713ca45e7757297381f4b4cdb9cf5e624a9ad36", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", + "https://security.gentoo.org/glsa/201611-22", + "https://security.gentoo.org/glsa/201701-42", + "https://support.apple.com/HT206567", + "https://usn.ubuntu.com/3686-1/", + "https://usn.ubuntu.com/3686-2/", + "https://usn.ubuntu.com/usn/usn-2952-1", + "https://usn.ubuntu.com/usn/usn-2984-1", + "https://usn.ubuntu.com/usn/usn-3686-1", + "https://usn.ubuntu.com/usn/usn-3686-2" + ], + "PublishedDate": "2016-05-20T10:59:00Z", + "LastModifiedDate": "2018-06-30T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-10360", + "PkgName": "file-libs", + "InstalledVersion": "5.11-35.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-10360", + "Title": "file: out-of-bounds read via a crafted ELF file", + "Description": "The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10360", + "https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22", + "https://security.gentoo.org/glsa/201806-08", + "https://usn.ubuntu.com/3686-1/", + "https://usn.ubuntu.com/3686-2/", + "https://usn.ubuntu.com/usn/usn-3686-1", + "https://usn.ubuntu.com/usn/usn-3686-2" + ], + "PublishedDate": "2018-06-11T10:29:00Z", + "LastModifiedDate": "2019-05-02T14:40:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8385", + "PkgName": "glib2", + "InstalledVersion": "2.56.1-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8385", + "Title": "pcre: buffer overflow caused by named forward reference to duplicate group number (8.38/30)", + "Description": "PCRE before 8.38 mishandles the /(?|(\\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2015-8385.html", + "http://linux.oracle.com/errata/ELSA-2016-1025.html", + "http://rhn.redhat.com/errata/RHSA-2016-1025.html", + "http://rhn.redhat.com/errata/RHSA-2016-2750.html", + "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", + "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", + "http://www.openwall.com/lists/oss-security/2015/11/29/1", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "http://www.securityfocus.com/bid/85572", + "https://access.redhat.com/errata/RHSA-2016:1132", + "https://bto.bluecoat.com/security-advisory/sa128", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8385", + "https://security.gentoo.org/glsa/201607-02", + "https://usn.ubuntu.com/usn/usn-2943-1" + ], + "PublishedDate": "2015-12-02T01:59:00Z", + "LastModifiedDate": "2019-12-27T16:08:00Z" + }, + { + "VulnerabilityID": "CVE-2016-3191", + "PkgName": "glib2", + "InstalledVersion": "2.56.1-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-3191", + "Title": "pcre: workspace overflow for (*ACCEPT) with deeply nested parentheses (8.39/13, 10.22/12)", + "Description": "The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-3191.html", + "http://linux.oracle.com/errata/ELSA-2016-1025.html", + "http://rhn.redhat.com/errata/RHSA-2016-1025.html", + "http://vcs.pcre.org/pcre2?view=revision\u0026revision=489", + "http://vcs.pcre.org/pcre?view=revision\u0026revision=1631", + "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "http://www.securityfocus.com/bid/84810", + "https://access.redhat.com/errata/RHSA-2016:1132", + "https://bto.bluecoat.com/security-advisory/sa128", + "https://bugs.debian.org/815920", + "https://bugs.debian.org/815921", + "https://bugs.exim.org/show_bug.cgi?id=1791", + "https://bugzilla.redhat.com/show_bug.cgi?id=1311503", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3191", + "https://usn.ubuntu.com/usn/usn-2943-1", + "https://www.tenable.com/security/tns-2016-18" + ], + "PublishedDate": "2016-03-17T23:59:00Z", + "LastModifiedDate": "2018-01-05T02:30:00Z" + }, + { + "VulnerabilityID": "CVE-2015-2327", + "PkgName": "glib2", + "InstalledVersion": "2.56.1-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2327", + "Title": "pcre: infinite recursion compiling pattern with zero-repeated groups that include recursive back reference (8.36/19)", + "Description": "PCRE before 8.36 mishandles the /(((a\\2)|(a*)\\g\u003c-1\u003e))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://rhn.redhat.com/errata/RHSA-2016-2750.html", + "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", + "http://www.fortiguard.com/advisory/FG-VD-15-010/", + "http://www.openwall.com/lists/oss-security/2015/11/29/1", + "http://www.securityfocus.com/bid/74924", + "https://bugs.exim.org/show_bug.cgi?id=1503", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2327", + "https://jira.mongodb.org/browse/SERVER-17252", + "https://usn.ubuntu.com/usn/usn-2943-1" + ], + "PublishedDate": "2015-12-02T01:59:00Z", + "LastModifiedDate": "2018-01-05T02:30:00Z" + }, + { + "VulnerabilityID": "CVE-2015-2328", + "PkgName": "glib2", + "InstalledVersion": "2.56.1-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2328", + "Title": "pcre: infinite recursion compiling pattern with recursive reference in a group with indefinite repeat (8.36/20)", + "Description": "PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-19" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2015-2328.html", + "http://linux.oracle.com/errata/ELSA-2016-1025.html", + "http://rhn.redhat.com/errata/RHSA-2016-1025.html", + "http://rhn.redhat.com/errata/RHSA-2016-2750.html", + "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", + "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", + "http://www.fortiguard.com/advisory/FG-VD-15-014/", + "http://www.openwall.com/lists/oss-security/2015/11/29/1", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "http://www.securityfocus.com/bid/74924", + "https://bugs.exim.org/show_bug.cgi?id=1515", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2328", + "https://jira.mongodb.org/browse/SERVER-17252", + "https://usn.ubuntu.com/usn/usn-2943-1" + ], + "PublishedDate": "2015-12-02T01:59:00Z", + "LastModifiedDate": "2019-12-27T16:08:00Z" + }, + { + "VulnerabilityID": "CVE-2015-3217", + "PkgName": "glib2", + "InstalledVersion": "2.56.1-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-3217", + "Title": "pcre: stack overflow caused by mishandled group empty match (8.38/11)", + "Description": "PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\\\.|([^\\\\\\\\W_])?)+)+$/.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2015-3217.html", + "http://linux.oracle.com/errata/ELSA-2016-1025.html", + "http://rhn.redhat.com/errata/RHSA-2016-1025.html", + "http://rhn.redhat.com/errata/RHSA-2016-2750.html", + "http://vcs.pcre.org/pcre?view=revision\u0026revision=1566", + "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", + "http://www.openwall.com/lists/oss-security/2015/06/03/7", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "http://www.securityfocus.com/bid/75018", + "https://access.redhat.com/errata/RHSA-2016:1132", + "https://bugs.exim.org/show_bug.cgi?id=1638", + "https://bugzilla.redhat.com/show_bug.cgi?id=1228283", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3217" + ], + "PublishedDate": "2016-12-13T16:59:00Z", + "LastModifiedDate": "2018-05-18T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-5073", + "PkgName": "glib2", + "InstalledVersion": "2.56.1-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5073", + "Title": "CVE-2015-8388 pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18)", + "Description": "Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119", + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2015-5073.html", + "http://linux.oracle.com/errata/ELSA-2016-1025.html", + "http://rhn.redhat.com/errata/RHSA-2016-1025.html", + "http://rhn.redhat.com/errata/RHSA-2016-2750.html", + "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?revision=1609\u0026view=markup", + "http://vcs.pcre.org/pcre?view=revision\u0026revision=1571", + "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", + "http://www.openwall.com/lists/oss-security/2015/06/26/1", + "http://www.openwall.com/lists/oss-security/2015/06/26/3", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "http://www.securityfocus.com/bid/75430", + "http://www.securitytracker.com/id/1033154", + "https://access.redhat.com/errata/RHSA-2016:1132", + "https://bugs.exim.org/show_bug.cgi?id=1651", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5073", + "https://security.gentoo.org/glsa/201607-02", + "https://usn.ubuntu.com/usn/usn-2694-1", + "https://usn.ubuntu.com/usn/usn-2943-1" + ], + "PublishedDate": "2016-12-13T16:59:00Z", + "LastModifiedDate": "2018-05-18T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8387", + "PkgName": "glib2", + "InstalledVersion": "2.56.1-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8387", + "Title": "pcre: Integer overflow in subroutine calls (8.38/8)", + "Description": "PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-189" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", + "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", + "http://www.openwall.com/lists/oss-security/2015/11/29/1", + "http://www.securityfocus.com/bid/82990", + "https://bto.bluecoat.com/security-advisory/sa128", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8387", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", + "https://security.gentoo.org/glsa/201607-02", + "https://usn.ubuntu.com/usn/usn-2943-1" + ], + "PublishedDate": "2015-12-02T01:59:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8388", + "PkgName": "glib2", + "InstalledVersion": "2.56.1-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8388", + "Title": "CVE-2015-5073 CVE-2015-8388 pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18)", + "Description": "PCRE before 8.38 mishandles the /(?=di(?\u003c=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119", + "CWE-185" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2015-8388.html", + "http://linux.oracle.com/errata/ELSA-2016-1025.html", + "http://rhn.redhat.com/errata/RHSA-2016-1025.html", + "http://rhn.redhat.com/errata/RHSA-2016-2750.html", + "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", + "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", + "http://www.openwall.com/lists/oss-security/2015/11/29/1", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "http://www.securityfocus.com/bid/85576", + "https://access.redhat.com/errata/RHSA-2016:1132", + "https://bto.bluecoat.com/security-advisory/sa128", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8388", + "https://security.gentoo.org/glsa/201607-02", + "https://usn.ubuntu.com/usn/usn-2943-1" + ], + "PublishedDate": "2015-12-02T01:59:00Z", + "LastModifiedDate": "2019-12-27T16:08:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8390", + "PkgName": "glib2", + "InstalledVersion": "2.56.1-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8390", + "Title": "pcre: uninitialized memory read triggered by malformed posix character class (8.38/22)", + "Description": "PCRE before 8.38 mishandles the [: and \\\\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", + "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", + "http://www.openwall.com/lists/oss-security/2015/11/29/1", + "http://www.securityfocus.com/bid/82990", + "https://bto.bluecoat.com/security-advisory/sa128", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8390", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", + "https://security.gentoo.org/glsa/201607-02", + "https://usn.ubuntu.com/usn/usn-2943-1" + ], + "PublishedDate": "2015-12-02T01:59:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8391", + "PkgName": "glib2", + "InstalledVersion": "2.56.1-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8391", + "Title": "pcre: inefficient posix character class syntax check (8.38/16)", + "Description": "The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:C", + "V2Score": 9 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2015-8391.html", + "http://linux.oracle.com/errata/ELSA-2016-1025.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", + "http://rhn.redhat.com/errata/RHSA-2016-1025.html", + "http://rhn.redhat.com/errata/RHSA-2016-2750.html", + "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", + "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", + "http://www.openwall.com/lists/oss-security/2015/11/29/1", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "http://www.securityfocus.com/bid/82990", + "https://access.redhat.com/errata/RHSA-2016:1132", + "https://bto.bluecoat.com/security-advisory/sa128", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8391", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", + "https://security.gentoo.org/glsa/201607-02", + "https://usn.ubuntu.com/usn/usn-2943-1" + ], + "PublishedDate": "2015-12-02T01:59:00Z", + "LastModifiedDate": "2018-01-05T02:30:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8394", + "PkgName": "glib2", + "InstalledVersion": "2.56.1-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8394", + "Title": "pcre: Integer overflow caused by missing check for certain conditions (8.38/31)", + "Description": "PCRE before 8.38 mishandles the (?(\u003cdigits\u003e) and (?(R\u003cdigits\u003e) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-189" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", + "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", + "http://www.openwall.com/lists/oss-security/2015/11/29/1", + "http://www.securityfocus.com/bid/82990", + "https://bto.bluecoat.com/security-advisory/sa128", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8394", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", + "https://security.gentoo.org/glsa/201607-02", + "https://usn.ubuntu.com/usn/usn-2943-1" + ], + "PublishedDate": "2015-12-02T01:59:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-12450", + "PkgName": "glib2", + "InstalledVersion": "2.56.1-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12450", + "Title": "glib2: file_copy_fallback in gio/gfile.c in GNOME GLib does not properly restrict file permissions while a copy operation is in progress", + "Description": "file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-275" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", + "V3Score": 6.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-12450.html", + "http://linux.oracle.com/errata/ELSA-2019-3530.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12450", + "https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00013.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2W4WIOAGO3M743M5KZLVQZM3NGHQDYLI/", + "https://security.netapp.com/advisory/ntap-20190606-0003/", + "https://usn.ubuntu.com/4014-1/", + "https://usn.ubuntu.com/4014-2/", + "https://usn.ubuntu.com/usn/usn-4014-1", + "https://usn.ubuntu.com/usn/usn-4014-2" + ], + "PublishedDate": "2019-05-29T17:29:00Z", + "LastModifiedDate": "2019-06-11T14:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9633", + "PkgName": "glib2", + "InstalledVersion": "2.56.1-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9633", + "Title": "glib: g_socket_client_connected_callback in gio/gsocketclient.c allows to cause denial of service", + "Description": "gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mishandling and application crash) via a crafted web site, as demonstrated by GNOME Web (aka Epiphany).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "V3Score": 8.2 + } + }, + "References": [ + "http://www.securityfocus.com/bid/107391", + "https://gitlab.gnome.org/GNOME/glib/issues/1649" + ], + "PublishedDate": "2019-03-08T08:29:00Z", + "LastModifiedDate": "2019-03-14T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8386", + "PkgName": "glib2", + "InstalledVersion": "2.56.1-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8386", + "Title": "pcre: Buffer overflow caused by lookbehind assertion (8.38/6)", + "Description": "PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V2Score": 2.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2015-8386.html", + "http://linux.oracle.com/errata/ELSA-2016-1025.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", + "http://rhn.redhat.com/errata/RHSA-2016-1025.html", + "http://rhn.redhat.com/errata/RHSA-2016-2750.html", + "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", + "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", + "http://www.openwall.com/lists/oss-security/2015/11/29/1", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "http://www.securityfocus.com/bid/82990", + "https://access.redhat.com/errata/RHSA-2016:1132", + "https://bto.bluecoat.com/security-advisory/sa128", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8386", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", + "https://security.gentoo.org/glsa/201607-02", + "https://usn.ubuntu.com/usn/usn-2943-1" + ], + "PublishedDate": "2015-12-02T01:59:00Z", + "LastModifiedDate": "2019-12-27T16:08:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11164", + "PkgName": "glib2", + "InstalledVersion": "2.56.1-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11164", + "Title": "pcre: OP_KETRMAX feature in the match function in pcre_exec.c", + "Description": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 7.8, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2017/07/11/3", + "http://www.securityfocus.com/bid/99575", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164" + ], + "PublishedDate": "2017-07-11T03:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7244", + "PkgName": "glib2", + "InstalledVersion": "2.56.1-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7244", + "Title": "pcre: invalid memory read in _pcre32_xclass (pcre_xclass.c)", + "Description": "The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97067", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7244", + "https://security.gentoo.org/glsa/201710-25" + ], + "PublishedDate": "2017-03-23T21:59:00Z", + "LastModifiedDate": "2018-08-17T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7245", + "PkgName": "glib2", + "InstalledVersion": "2.56.1-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7245", + "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", + "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97067", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7245", + "https://security.gentoo.org/glsa/201710-25" + ], + "PublishedDate": "2017-03-23T21:59:00Z", + "LastModifiedDate": "2018-08-17T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7246", + "PkgName": "glib2", + "InstalledVersion": "2.56.1-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7246", + "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", + "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97067", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7246", + "https://security.gentoo.org/glsa/201710-25" + ], + "PublishedDate": "2017-03-23T21:59:00Z", + "LastModifiedDate": "2018-08-17T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16428", + "PkgName": "glib2", + "InstalledVersion": "2.56.1-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16428", + "Title": "glib2: NULL pointer dereference in g_markup_parse_context_end_parse() function in gmarkup.c", + "Description": "In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.1 + } + }, + "References": [ + "http://www.securityfocus.com/bid/105210", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16428", + "https://gitlab.gnome.org/GNOME/glib/commit/fccef3cc822af74699cca84cd202719ae61ca3b9", + "https://gitlab.gnome.org/GNOME/glib/issues/1364", + "https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html", + "https://usn.ubuntu.com/3767-1/", + "https://usn.ubuntu.com/3767-2/", + "https://usn.ubuntu.com/usn/usn-3767-1", + "https://usn.ubuntu.com/usn/usn-3767-2" + ], + "PublishedDate": "2018-09-04T00:29:00Z", + "LastModifiedDate": "2019-07-31T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16429", + "PkgName": "glib2", + "InstalledVersion": "2.56.1-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16429", + "Title": "glib2: Out-of-bounds read in g_markup_parse_context_parse() in gmarkup.c", + "Description": "GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str().", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", + "V3Score": 3.6 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16429", + "https://gitlab.gnome.org/GNOME/glib/commit/cec71705406f0b2790422f0c1aa0ff3b4b464b1b", + "https://gitlab.gnome.org/GNOME/glib/issues/1361", + "https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html", + "https://usn.ubuntu.com/3767-1/", + "https://usn.ubuntu.com/3767-2/", + "https://usn.ubuntu.com/usn/usn-3767-1", + "https://usn.ubuntu.com/usn/usn-3767-2" + ], + "PublishedDate": "2018-09-04T00:29:00Z", + "LastModifiedDate": "2019-07-31T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-13012", + "PkgName": "glib2", + "InstalledVersion": "2.56.1-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13012", + "Title": "glib2: insecure permissions for files and directories", + "Description": "The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb-\u003edir, NULL, NULL) and files using g_file_replace_contents (kfsb-\u003efile, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450.", + "Severity": "LOW", + "CweIDs": [ + "CWE-275" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00022.html", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931234#12", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13012", + "https://gitlab.gnome.org/GNOME/glib/commit/5e4da714f00f6bfb2ccd6d73d61329c6f3a08429", + "https://gitlab.gnome.org/GNOME/glib/issues/1658", + "https://gitlab.gnome.org/GNOME/glib/merge_requests/450", + "https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html", + "https://lists.debian.org/debian-lts-announce/2019/08/msg00004.html", + "https://security.netapp.com/advisory/ntap-20190806-0003/", + "https://usn.ubuntu.com/4049-1/", + "https://usn.ubuntu.com/4049-2/", + "https://usn.ubuntu.com/usn/usn-4049-1", + "https://usn.ubuntu.com/usn/usn-4049-2", + "https://usn.ubuntu.com/usn/usn-4049-3", + "https://usn.ubuntu.com/usn/usn-4049-4" + ], + "PublishedDate": "2019-06-28T15:15:00Z", + "LastModifiedDate": "2019-07-29T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2009-5155", + "PkgName": "glibc", + "InstalledVersion": "2.17-260.el7_6.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2009-5155", + "Title": "glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result", + "Description": "In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-19" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5155", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=11053", + "https://sourceware.org/bugzilla/show_bug.cgi?id=18986", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672", + "https://support.f5.com/csp/article/K64119434" + ], + "PublishedDate": "2019-02-26T02:29:00Z", + "LastModifiedDate": "2019-03-25T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8983", + "PkgName": "glibc", + "InstalledVersion": "2.17-260.el7_6.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8983", + "Title": "glibc: _IO_wstr_overflow integer overflow", + "Description": "Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 4.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2015/02/22/15", + "http://www.openwall.com/lists/oss-security/2017/02/14/9", + "http://www.securityfocus.com/bid/72740", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8983", + "https://sourceware.org/bugzilla/show_bug.cgi?id=17269", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bdf1ff052a8e23d637f2c838fa5642d78fcedc33", + "https://usn.ubuntu.com/usn/usn-3239-1", + "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html" + ], + "PublishedDate": "2017-03-20T16:59:00Z", + "LastModifiedDate": "2017-03-22T19:12:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10739", + "PkgName": "glibc", + "InstalledVersion": "2.17-260.el7_6.3", + "FixedVersion": "2.17-292.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10739", + "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 4.6, + "V3Score": 5.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-10739.html", + "http://linux.oracle.com/errata/ELSA-2019-3513.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html", + "http://www.securityfocus.com/bid/106672", + "https://access.redhat.com/errata/RHSA-2019:2118", + "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20018" + ], + "PublishedDate": "2019-01-21T19:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-1234", + "PkgName": "glibc", + "InstalledVersion": "2.17-260.el7_6.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1234", + "Title": "glibc: Stack-based buffer overflow in glob with GLOB_ALTDIRFUNC and crafted directory", + "Description": "Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", + "V2Score": 4.6, + "V3Score": 4.8 + } + }, + "References": [ + "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html", + "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html", + "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html", + "http://www.openwall.com/lists/oss-security/2016/03/07/16", + "http://www.securityfocus.com/bid/84204", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1234", + "https://security.gentoo.org/glsa/201702-11", + "https://sourceware.org/bugzilla/show_bug.cgi?id=19779", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5171f3079f2cc53e0548fc4967361f4d1ce9d7ea", + "https://usn.ubuntu.com/usn/usn-3239-1" + ], + "PublishedDate": "2016-06-01T20:59:00Z", + "LastModifiedDate": "2019-05-31T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2017-8804", + "PkgName": "glibc", + "InstalledVersion": "2.17-260.el7_6.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8804", + "Title": "glibc: memory leak in sunrpc when decoding malformed XDR", + "Description": "The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-502" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 7.8, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2017/05/05/2", + "http://www.securityfocus.com/bid/98339", + "https://bugzilla.suse.com/show_bug.cgi?id=1037559#c7", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21461", + "https://sourceware.org/ml/libc-alpha/2017-05/msg00105.html" + ], + "PublishedDate": "2017-05-07T18:29:00Z", + "LastModifiedDate": "2017-05-16T01:34:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1010022", + "PkgName": "glibc", + "InstalledVersion": "2.17-260.el7_6.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010022", + "Title": "glibc: stack guard protection bypass", + "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850" + ], + "PublishedDate": "2019-07-15T04:15:00Z", + "LastModifiedDate": "2019-07-18T15:44:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9169", + "PkgName": "glibc", + "InstalledVersion": "2.17-260.el7_6.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9169", + "Title": "glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/107160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24114", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9", + "https://support.f5.com/csp/article/K54823184" + ], + "PublishedDate": "2019-02-26T02:29:00Z", + "LastModifiedDate": "2019-04-16T05:29:00Z" + }, + { + "VulnerabilityID": "CVE-2014-4043", + "PkgName": "glibc", + "InstalledVersion": "2.17-260.el7_6.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-4043", + "Title": "glibc: posix_spawn_file_actions_addopen fails to copy the path argument", + "Description": "The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.", + "Severity": "LOW", + "CweIDs": [ + "CWE-94" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:S/C:P/I:N/A:N", + "V2Score": 1 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00012.html", + "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", + "http://seclists.org/fulldisclosure/2019/Jun/18", + "http://www.mandriva.com/security/advisories?name=MDVSA-2014:152", + "http://www.openwall.com/lists/oss-security/2014/06/13/2", + "http://www.securityfocus.com/bid/68006", + "https://bugzilla.redhat.com/show_bug.cgi?id=1109263", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/93784", + "https://seclists.org/bugtraq/2019/Jun/14", + "https://security.gentoo.org/glsa/201503-04", + "https://sourceware.org/bugzilla/show_bug.cgi?id=17048", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=ChangeLog;h=3020b9ac232315df362521aeaf85f21cb9926db8;hp=d86e73963dd9fb5e21b1a28326630337226812aa;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=posix/spawn_faction_addopen.c;h=40800b8e6e81341501c0fb8a91009529e2048dec;hp=47f62425b696a4fdd511b2a057746322eb6518db;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=89e435f3559c53084498e9baad22172b64429362", + "https://usn.ubuntu.com/usn/usn-2306-1" + ], + "PublishedDate": "2014-10-06T23:55:00Z", + "LastModifiedDate": "2019-06-13T21:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8982", + "PkgName": "glibc", + "InstalledVersion": "2.17-260.el7_6.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8982", + "Title": "glibc: multiple overflows in strxfrm()", + "Description": "Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:N", + "V2Score": 2.6 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2015/09/08/2", + "http://www.openwall.com/lists/oss-security/2015/02/13/3", + "http://www.openwall.com/lists/oss-security/2017/02/14/9", + "http://www.securityfocus.com/bid/72602", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8982", + "https://sourceware.org/bugzilla/show_bug.cgi?id=16009", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=0f9e585480ed", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0f9e585480ed", + "https://usn.ubuntu.com/usn/usn-3239-1" + ], + "PublishedDate": "2017-03-15T19:59:00Z", + "LastModifiedDate": "2017-03-17T12:26:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8984", + "PkgName": "glibc", + "InstalledVersion": "2.17-260.el7_6.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8984", + "Title": "glibc: potential denial of service in internal_fnmatch()", + "Description": "The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", + "V2Score": 1.2 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2015/02/26/5", + "http://www.openwall.com/lists/oss-security/2017/02/14/9", + "http://www.securityfocus.com/bid/72789", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8984", + "https://sourceware.org/bugzilla/show_bug.cgi?id=18032", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a28f4d55a6cc33474c0792fe93b5942d81bf185", + "https://usn.ubuntu.com/usn/usn-3239-1", + "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html" + ], + "PublishedDate": "2017-03-20T16:59:00Z", + "LastModifiedDate": "2017-03-22T19:12:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8985", + "PkgName": "glibc", + "InstalledVersion": "2.17-260.el7_6.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8985", + "Title": "glibc: potential denial of service in pop_fail_stack()", + "Description": "The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.", + "Severity": "LOW", + "CweIDs": [ + "CWE-19" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 1.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2017/02/14/9", + "http://www.securityfocus.com/bid/76916", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8985", + "https://security.gentoo.org/glsa/201908-06" + ], + "PublishedDate": "2017-03-20T16:59:00Z", + "LastModifiedDate": "2019-08-15T18:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10228", + "PkgName": "glibc", + "InstalledVersion": "2.17-260.el7_6.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228", + "Title": "glibc: iconv program can hang when invoked with the -c option", + "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2017/03/01/10", + "http://www.securityfocus.com/bid/96525", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228", + "https://sourceware.org/bugzilla/show_bug.cgi?id=19519" + ], + "PublishedDate": "2017-03-02T01:59:00Z", + "LastModifiedDate": "2017-03-04T02:59:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4429", + "PkgName": "glibc", + "InstalledVersion": "2.17-260.el7_6.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4429", + "Title": "glibc: libtirpc: stack (frame) overflow in Sun RPC clntudp_call()", + "Description": "Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V2Score": 2.6 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html", + "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html", + "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", + "http://www.securityfocus.com/bid/102073", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4429", + "https://source.android.com/security/bulletin/2017-12-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20112", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bc779a1a5b3035133024b21e2f339fe4219fb11c", + "https://usn.ubuntu.com/3759-1/", + "https://usn.ubuntu.com/3759-2/", + "https://usn.ubuntu.com/usn/usn-3239-1", + "https://usn.ubuntu.com/usn/usn-3759-1", + "https://usn.ubuntu.com/usn/usn-3759-2" + ], + "PublishedDate": "2016-06-10T15:59:00Z", + "LastModifiedDate": "2019-03-22T17:32:00Z" + }, + { + "VulnerabilityID": "CVE-2017-15671", + "PkgName": "glibc", + "InstalledVersion": "2.17-260.el7_6.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15671", + "Title": "glibc: Memory leak in glob with GLOB_TILDE", + "Description": "The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).", + "Severity": "LOW", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/101517", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15671", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22325" + ], + "PublishedDate": "2017-10-20T17:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1010023", + "PkgName": "glibc", + "InstalledVersion": "2.17-260.el7_6.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010023", + "Title": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", + "Description": "GNU Libc current is affected by: Re-mapping current loaded libray with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code.", + "Severity": "LOW", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.securityfocus.com/bid/109167", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "https://support.f5.com/csp/article/K11932200?utm_source=f5support\u0026amp;utm_medium=RSS" + ], + "PublishedDate": "2019-07-15T04:15:00Z", + "LastModifiedDate": "2019-10-09T20:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19126", + "PkgName": "glibc", + "InstalledVersion": "2.17-260.el7_6.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19126", + "Title": "glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries", + "Description": "On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 2.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 2.9 + } + }, + "References": [ + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFJ5E7NWOL6ROE5QVICHKIOUGCPFJVUH/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=25204" + ], + "PublishedDate": "2019-11-19T22:15:00Z", + "LastModifiedDate": "2020-01-21T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2009-5155", + "PkgName": "glibc-common", + "InstalledVersion": "2.17-260.el7_6.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2009-5155", + "Title": "glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result", + "Description": "In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-19" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5155", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=11053", + "https://sourceware.org/bugzilla/show_bug.cgi?id=18986", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672", + "https://support.f5.com/csp/article/K64119434" + ], + "PublishedDate": "2019-02-26T02:29:00Z", + "LastModifiedDate": "2019-03-25T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8983", + "PkgName": "glibc-common", + "InstalledVersion": "2.17-260.el7_6.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8983", + "Title": "glibc: _IO_wstr_overflow integer overflow", + "Description": "Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 4.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2015/02/22/15", + "http://www.openwall.com/lists/oss-security/2017/02/14/9", + "http://www.securityfocus.com/bid/72740", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8983", + "https://sourceware.org/bugzilla/show_bug.cgi?id=17269", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bdf1ff052a8e23d637f2c838fa5642d78fcedc33", + "https://usn.ubuntu.com/usn/usn-3239-1", + "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html" + ], + "PublishedDate": "2017-03-20T16:59:00Z", + "LastModifiedDate": "2017-03-22T19:12:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10739", + "PkgName": "glibc-common", + "InstalledVersion": "2.17-260.el7_6.3", + "FixedVersion": "2.17-292.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10739", + "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 4.6, + "V3Score": 5.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-10739.html", + "http://linux.oracle.com/errata/ELSA-2019-3513.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html", + "http://www.securityfocus.com/bid/106672", + "https://access.redhat.com/errata/RHSA-2019:2118", + "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20018" + ], + "PublishedDate": "2019-01-21T19:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-1234", + "PkgName": "glibc-common", + "InstalledVersion": "2.17-260.el7_6.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1234", + "Title": "glibc: Stack-based buffer overflow in glob with GLOB_ALTDIRFUNC and crafted directory", + "Description": "Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", + "V2Score": 4.6, + "V3Score": 4.8 + } + }, + "References": [ + "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html", + "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html", + "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html", + "http://www.openwall.com/lists/oss-security/2016/03/07/16", + "http://www.securityfocus.com/bid/84204", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1234", + "https://security.gentoo.org/glsa/201702-11", + "https://sourceware.org/bugzilla/show_bug.cgi?id=19779", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5171f3079f2cc53e0548fc4967361f4d1ce9d7ea", + "https://usn.ubuntu.com/usn/usn-3239-1" + ], + "PublishedDate": "2016-06-01T20:59:00Z", + "LastModifiedDate": "2019-05-31T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2017-8804", + "PkgName": "glibc-common", + "InstalledVersion": "2.17-260.el7_6.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8804", + "Title": "glibc: memory leak in sunrpc when decoding malformed XDR", + "Description": "The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-502" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 7.8, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2017/05/05/2", + "http://www.securityfocus.com/bid/98339", + "https://bugzilla.suse.com/show_bug.cgi?id=1037559#c7", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21461", + "https://sourceware.org/ml/libc-alpha/2017-05/msg00105.html" + ], + "PublishedDate": "2017-05-07T18:29:00Z", + "LastModifiedDate": "2017-05-16T01:34:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1010022", + "PkgName": "glibc-common", + "InstalledVersion": "2.17-260.el7_6.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010022", + "Title": "glibc: stack guard protection bypass", + "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850" + ], + "PublishedDate": "2019-07-15T04:15:00Z", + "LastModifiedDate": "2019-07-18T15:44:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9169", + "PkgName": "glibc-common", + "InstalledVersion": "2.17-260.el7_6.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9169", + "Title": "glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/107160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24114", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9", + "https://support.f5.com/csp/article/K54823184" + ], + "PublishedDate": "2019-02-26T02:29:00Z", + "LastModifiedDate": "2019-04-16T05:29:00Z" + }, + { + "VulnerabilityID": "CVE-2014-4043", + "PkgName": "glibc-common", + "InstalledVersion": "2.17-260.el7_6.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-4043", + "Title": "glibc: posix_spawn_file_actions_addopen fails to copy the path argument", + "Description": "The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.", + "Severity": "LOW", + "CweIDs": [ + "CWE-94" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:S/C:P/I:N/A:N", + "V2Score": 1 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00012.html", + "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", + "http://seclists.org/fulldisclosure/2019/Jun/18", + "http://www.mandriva.com/security/advisories?name=MDVSA-2014:152", + "http://www.openwall.com/lists/oss-security/2014/06/13/2", + "http://www.securityfocus.com/bid/68006", + "https://bugzilla.redhat.com/show_bug.cgi?id=1109263", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/93784", + "https://seclists.org/bugtraq/2019/Jun/14", + "https://security.gentoo.org/glsa/201503-04", + "https://sourceware.org/bugzilla/show_bug.cgi?id=17048", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=ChangeLog;h=3020b9ac232315df362521aeaf85f21cb9926db8;hp=d86e73963dd9fb5e21b1a28326630337226812aa;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=posix/spawn_faction_addopen.c;h=40800b8e6e81341501c0fb8a91009529e2048dec;hp=47f62425b696a4fdd511b2a057746322eb6518db;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=89e435f3559c53084498e9baad22172b64429362", + "https://usn.ubuntu.com/usn/usn-2306-1" + ], + "PublishedDate": "2014-10-06T23:55:00Z", + "LastModifiedDate": "2019-06-13T21:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8982", + "PkgName": "glibc-common", + "InstalledVersion": "2.17-260.el7_6.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8982", + "Title": "glibc: multiple overflows in strxfrm()", + "Description": "Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:N", + "V2Score": 2.6 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2015/09/08/2", + "http://www.openwall.com/lists/oss-security/2015/02/13/3", + "http://www.openwall.com/lists/oss-security/2017/02/14/9", + "http://www.securityfocus.com/bid/72602", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8982", + "https://sourceware.org/bugzilla/show_bug.cgi?id=16009", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=0f9e585480ed", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0f9e585480ed", + "https://usn.ubuntu.com/usn/usn-3239-1" + ], + "PublishedDate": "2017-03-15T19:59:00Z", + "LastModifiedDate": "2017-03-17T12:26:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8984", + "PkgName": "glibc-common", + "InstalledVersion": "2.17-260.el7_6.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8984", + "Title": "glibc: potential denial of service in internal_fnmatch()", + "Description": "The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", + "V2Score": 1.2 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2015/02/26/5", + "http://www.openwall.com/lists/oss-security/2017/02/14/9", + "http://www.securityfocus.com/bid/72789", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8984", + "https://sourceware.org/bugzilla/show_bug.cgi?id=18032", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a28f4d55a6cc33474c0792fe93b5942d81bf185", + "https://usn.ubuntu.com/usn/usn-3239-1", + "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html" + ], + "PublishedDate": "2017-03-20T16:59:00Z", + "LastModifiedDate": "2017-03-22T19:12:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8985", + "PkgName": "glibc-common", + "InstalledVersion": "2.17-260.el7_6.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8985", + "Title": "glibc: potential denial of service in pop_fail_stack()", + "Description": "The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.", + "Severity": "LOW", + "CweIDs": [ + "CWE-19" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 1.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2017/02/14/9", + "http://www.securityfocus.com/bid/76916", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8985", + "https://security.gentoo.org/glsa/201908-06" + ], + "PublishedDate": "2017-03-20T16:59:00Z", + "LastModifiedDate": "2019-08-15T18:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10228", + "PkgName": "glibc-common", + "InstalledVersion": "2.17-260.el7_6.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228", + "Title": "glibc: iconv program can hang when invoked with the -c option", + "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2017/03/01/10", + "http://www.securityfocus.com/bid/96525", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228", + "https://sourceware.org/bugzilla/show_bug.cgi?id=19519" + ], + "PublishedDate": "2017-03-02T01:59:00Z", + "LastModifiedDate": "2017-03-04T02:59:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4429", + "PkgName": "glibc-common", + "InstalledVersion": "2.17-260.el7_6.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4429", + "Title": "glibc: libtirpc: stack (frame) overflow in Sun RPC clntudp_call()", + "Description": "Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V2Score": 2.6 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html", + "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html", + "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", + "http://www.securityfocus.com/bid/102073", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4429", + "https://source.android.com/security/bulletin/2017-12-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20112", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bc779a1a5b3035133024b21e2f339fe4219fb11c", + "https://usn.ubuntu.com/3759-1/", + "https://usn.ubuntu.com/3759-2/", + "https://usn.ubuntu.com/usn/usn-3239-1", + "https://usn.ubuntu.com/usn/usn-3759-1", + "https://usn.ubuntu.com/usn/usn-3759-2" + ], + "PublishedDate": "2016-06-10T15:59:00Z", + "LastModifiedDate": "2019-03-22T17:32:00Z" + }, + { + "VulnerabilityID": "CVE-2017-15671", + "PkgName": "glibc-common", + "InstalledVersion": "2.17-260.el7_6.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15671", + "Title": "glibc: Memory leak in glob with GLOB_TILDE", + "Description": "The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).", + "Severity": "LOW", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/101517", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15671", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22325" + ], + "PublishedDate": "2017-10-20T17:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1010023", + "PkgName": "glibc-common", + "InstalledVersion": "2.17-260.el7_6.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010023", + "Title": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", + "Description": "GNU Libc current is affected by: Re-mapping current loaded libray with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code.", + "Severity": "LOW", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.securityfocus.com/bid/109167", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "https://support.f5.com/csp/article/K11932200?utm_source=f5support\u0026amp;utm_medium=RSS" + ], + "PublishedDate": "2019-07-15T04:15:00Z", + "LastModifiedDate": "2019-10-09T20:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19126", + "PkgName": "glibc-common", + "InstalledVersion": "2.17-260.el7_6.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19126", + "Title": "glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries", + "Description": "On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 2.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 2.9 + } + }, + "References": [ + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFJ5E7NWOL6ROE5QVICHKIOUGCPFJVUH/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=25204" + ], + "PublishedDate": "2019-11-19T22:15:00Z", + "LastModifiedDate": "2020-01-21T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2014-4617", + "PkgName": "gnupg2", + "InstalledVersion": "2.0.22-5.el7_5", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-4617", + "Title": "gnupg: infinite loop when decompressing data packets", + "Description": "The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + } + }, + "References": [ + "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=014b2103fcb12f261135e3954f26e9e07b39e342", + "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=11fdfcf82bd8d2b5bc38292a29876e10770f4b0a", + "http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html", + "http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html", + "http://lists.opensuse.org/opensuse-updates/2014-07/msg00010.html", + "http://secunia.com/advisories/59213", + "http://secunia.com/advisories/59351", + "http://secunia.com/advisories/59534", + "http://secunia.com/advisories/59578", + "http://www.debian.org/security/2014/dsa-2967", + "http://www.debian.org/security/2014/dsa-2968", + "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", + "http://www.ubuntu.com/usn/USN-2258-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4617", + "https://usn.ubuntu.com/usn/usn-2258-1" + ], + "PublishedDate": "2014-06-25T11:19:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2019-13050", + "PkgName": "gnupg2", + "InstalledVersion": "2.0.22-5.el7_5", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13050", + "Title": "GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack which leads to persistent DoS", + "Description": "Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-297" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/articles/4264021", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13050", + "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f", + "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html", + "https://twitter.com/lambdafu/status/1147162583969009664" + ], + "PublishedDate": "2019-06-29T17:15:00Z", + "LastModifiedDate": "2019-07-09T20:15:00Z" + }, + { + "VulnerabilityID": "CVE-2014-3591", + "PkgName": "gnupg2", + "InstalledVersion": "2.0.22-5.el7_5", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3591", + "Title": "libgcrypt: use ciphertext blinding for Elgamal decryption (new side-channel attack)", + "Description": "Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 1.9 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", + "V2Score": 1.2 + } + }, + "References": [ + "http://www.cs.tau.ac.il/~tromer/radioexp/", + "http://www.debian.org/security/2015/dsa-3184", + "http://www.debian.org/security/2015/dsa-3185", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3591", + "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html", + "https://usn.ubuntu.com/usn/usn-2554-1", + "https://usn.ubuntu.com/usn/usn-2555-1" + ], + "PublishedDate": "2019-11-29T22:15:00Z", + "LastModifiedDate": "2019-12-05T18:06:00Z" + }, + { + "VulnerabilityID": "CVE-2015-0837", + "PkgName": "gnupg2", + "InstalledVersion": "2.0.22-5.el7_5", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-0837", + "Title": "libgcrypt: last-level cache side-channel attack", + "Description": "The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a \"Last-Level Cache Side-Channel Attack.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-203" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", + "V2Score": 1.2 + } + }, + "References": [ + "http://www.debian.org/security/2015/dsa-3184", + "http://www.debian.org/security/2015/dsa-3185", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0837", + "https://ieeexplore.ieee.org/document/7163050", + "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html", + "https://usn.ubuntu.com/usn/usn-2554-1", + "https://usn.ubuntu.com/usn/usn-2555-1" + ], + "PublishedDate": "2019-11-29T22:15:00Z", + "LastModifiedDate": "2019-12-14T13:59:00Z" + }, + { + "VulnerabilityID": "CVE-2015-1606", + "PkgName": "gnupg2", + "InstalledVersion": "2.0.22-5.el7_5", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1606", + "Title": "gnupg2: invalid memory read using a garbled keyring", + "Description": "The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", + "V2Score": 1.2 + } + }, + "References": [ + "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=f0f71a721ccd7ab9e40b8b6b028b59632c0cc648", + "http://www.debian.org/security/2015/dsa-3184", + "http://www.openwall.com/lists/oss-security/2015/02/13/14", + "http://www.openwall.com/lists/oss-security/2015/02/14/6", + "http://www.securitytracker.com/id/1031876", + "https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1606", + "https://usn.ubuntu.com/usn/usn-2554-1" + ], + "PublishedDate": "2019-11-20T19:15:00Z", + "LastModifiedDate": "2019-11-22T16:33:00Z" + }, + { + "VulnerabilityID": "CVE-2015-1607", + "PkgName": "gnupg2", + "InstalledVersion": "2.0.22-5.el7_5", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1607", + "Title": "gnupg2: memcpy with overlapping ranges (keybox_search.c)", + "Description": "kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and \"memcpy with overlapping ranges.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", + "V2Score": 1.2 + } + }, + "References": [ + "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=2183683bd633818dd031b090b5530951de76f392", + "http://www.openwall.com/lists/oss-security/2015/02/13/14", + "http://www.openwall.com/lists/oss-security/2015/02/14/6", + "http://www.securityfocus.com/bid/72610", + "http://www.ubuntu.com/usn/usn-2554-1/", + "https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1607", + "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000361.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000362.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", + "https://usn.ubuntu.com/usn/usn-2554-1" + ], + "PublishedDate": "2019-11-20T19:15:00Z", + "LastModifiedDate": "2019-11-22T16:19:00Z" + }, + { + "VulnerabilityID": "CVE-2018-9234", + "PkgName": "gnupg2", + "InstalledVersion": "2.0.22-5.el7_5", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-9234", + "Title": "GnuPG: Unenforced configuration allows for apparently valid certifications actually signed by signing subkeys", + "Description": "GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.", + "Severity": "LOW", + "CweIDs": [ + "CWE-320" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", + "V3Score": 2.2 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9234", + "https://dev.gnupg.org/T3844", + "https://usn.ubuntu.com/3675-1/", + "https://usn.ubuntu.com/usn/usn-3675-1" + ], + "PublishedDate": "2018-04-04T00:29:00Z", + "LastModifiedDate": "2019-02-27T19:37:00Z" + }, + { + "VulnerabilityID": "CVE-2014-3564", + "PkgName": "gpgme", + "InstalledVersion": "1.3.2-5.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3564", + "Title": "gpgme: heap-based buffer overflow in gpgsm status handler", + "Description": "Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to \"different line lengths in a specific order.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", + "V2Score": 5.1 + } + }, + "References": [ + "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f7911fc215845e89b50d6af5ff4a83dd77", + "http://seclists.org/oss-sec/2014/q3/266", + "http://www.debian.org/security/2014/dsa-3005", + "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "http://www.osvdb.org/109699", + "http://www.securityfocus.com/bid/68990", + "https://bugzilla.redhat.com/show_bug.cgi?id=1113267", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3564", + "https://usn.ubuntu.com/usn/usn-2307-1" + ], + "PublishedDate": "2014-10-20T17:55:00Z", + "LastModifiedDate": "2016-10-18T03:44:00Z" + }, + { + "VulnerabilityID": "CVE-2014-5351", + "PkgName": "krb5-libs", + "InstalledVersion": "1.15.1-37.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-5351", + "Title": "krb5: current keys returned when randomizing the keys for a service principal", + "Description": "The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-255" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:H/Au:S/C:P/I:N/A:N", + "V2Score": 2.1 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:S/C:P/I:N/A:N", + "V2Score": 2.1 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2014-0477.html", + "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8018", + "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140132.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html", + "http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html", + "http://security.gentoo.org/glsa/glsa-201412-53.xml", + "http://www.mandriva.com/security/advisories?name=MDVSA-2014:224", + "http://www.securityfocus.com/bid/70380", + "http://www.securitytracker.com/id/1031003", + "http://www.ubuntu.com/usn/USN-2498-1", + "https://bugzilla.redhat.com/show_bug.cgi?id=1145425", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5351", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/97028", + "https://github.com/krb5/krb5/commit/af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6ca", + "https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html", + "https://usn.ubuntu.com/usn/usn-2498-1" + ], + "PublishedDate": "2014-10-10T01:55:00Z", + "LastModifiedDate": "2020-01-21T15:46:00Z" + }, + { + "VulnerabilityID": "CVE-2015-2695", + "PkgName": "krb5-libs", + "InstalledVersion": "1.15.1-37.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2695", + "Title": "krb5: SPNEGO context aliasing bugs", + "Description": "lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-18" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", + "V2Score": 7.1 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8244", + "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00007.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html", + "http://www.debian.org/security/2015/dsa-3395", + "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "http://www.securityfocus.com/bid/90687", + "http://www.securitytracker.com/id/1034084", + "http://www.ubuntu.com/usn/USN-2810-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2695", + "https://github.com/krb5/krb5/commit/b51b33f2bc5d1497ddf5bd107f791c101695000d", + "https://security.gentoo.org/glsa/201611-14", + "https://usn.ubuntu.com/usn/usn-2810-1" + ], + "PublishedDate": "2015-11-09T03:59:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-2696", + "PkgName": "krb5-libs", + "InstalledVersion": "1.15.1-37.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2696", + "Title": "krb5: IAKERB context aliasing flaw", + "Description": "lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-18" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", + "V2Score": 7.1 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8244", + "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html", + "http://www.debian.org/security/2015/dsa-3395", + "http://www.securityfocus.com/bid/90675", + "http://www.securitytracker.com/id/1034084", + "http://www.ubuntu.com/usn/USN-2810-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2696", + "https://github.com/krb5/krb5/commit/e04f0283516e80d2f93366e0d479d13c9b5c8c2a", + "https://security.gentoo.org/glsa/201611-14", + "https://usn.ubuntu.com/usn/usn-2810-1" + ], + "PublishedDate": "2015-11-09T03:59:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-2697", + "PkgName": "krb5-libs", + "InstalledVersion": "1.15.1-37.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2697", + "Title": "krb5: build_principal() memory flaw", + "Description": "The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\\0' character in a long realm field within a TGS request.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C", + "V2Score": 6.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "V2Score": 4 + } + }, + "References": [ + "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8252", + "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html", + "http://www.debian.org/security/2015/dsa-3395", + "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "http://www.securityfocus.com/bid/77581", + "http://www.securitytracker.com/id/1034084", + "http://www.ubuntu.com/usn/USN-2810-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2697", + "https://github.com/krb5/krb5/commit/f0c094a1b745d91ef2f9a4eae2149aac026a5789", + "https://security.gentoo.org/glsa/201611-14", + "https://usn.ubuntu.com/usn/usn-2810-1" + ], + "PublishedDate": "2015-11-09T03:59:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-15088", + "PkgName": "krb5-libs", + "InstalledVersion": "1.15.1-37.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15088", + "Title": "krb5: Buffer overflow in get_matching_data()", + "Description": "plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_oneline_ex functions. NOTE: this has security relevance only in use cases outside of the MIT Kerberos distribution, e.g., the use of get_matching_data in KDC certauth plugin code that is specific to Red Hat.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.1 + } + }, + "References": [ + "http://www.securityfocus.com/bid/101594", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871698", + "https://bugzilla.redhat.com/show_bug.cgi?id=1504045", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15088", + "https://github.com/krb5/krb5/commit/fbb687db1088ddd894d975996e5f6a4252b9a2b4", + "https://github.com/krb5/krb5/pull/707" + ], + "PublishedDate": "2017-11-23T17:29:00Z", + "LastModifiedDate": "2019-10-09T23:24:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20217", + "PkgName": "krb5-libs", + "InstalledVersion": "1.15.1-37.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20217", + "Title": "krb5: Reachable assertion in the KDC using S4U2Self requests", + "Description": "A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-617" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 3.5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.3 + } + }, + "References": [ + "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20217", + "https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086", + "https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2KNHELH4YHNT6H2ESJWX2UIDXLBNGB2O/", + "https://security.netapp.com/advisory/ntap-20190416-0006/" + ], + "PublishedDate": "2018-12-26T21:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11462", + "PkgName": "krb5-libs", + "InstalledVersion": "1.15.1-37.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11462", + "Title": "krb5: Automatic sec context deletion could lead to double-free", + "Description": "Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.", + "Severity": "LOW", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598", + "https://bugzilla.redhat.com/show_bug.cgi?id=1488873", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11462", + "https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2FPRUP4YVOEBGEROUYWZFEQ64HTMGNED/" + ], + "PublishedDate": "2017-09-13T16:29:00Z", + "LastModifiedDate": "2020-01-21T15:47:00Z" + }, + { + "VulnerabilityID": "CVE-2014-9114", + "PkgName": "libblkid", + "InstalledVersion": "2.23.2-59.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9114", + "Title": "util-linux: command injection flaw in blkid", + "Description": "Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-77" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V2Score": 6.2 + } + }, + "References": [ + "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146229.html", + "http://lists.opensuse.org/opensuse-updates/2015-01/msg00035.html", + "http://www.openwall.com/lists/oss-security/2014/11/26/21", + "http://www.securityfocus.com/bid/71327", + "https://bugzilla.redhat.com/show_bug.cgi?id=1168485", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9114", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/98993", + "https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc", + "https://security.gentoo.org/glsa/201612-14" + ], + "PublishedDate": "2017-03-31T16:59:00Z", + "LastModifiedDate": "2019-01-04T14:14:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2779", + "PkgName": "libblkid", + "InstalledVersion": "2.23.2-59.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", + "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", + "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "V2Score": 6.2, + "V3Score": 8.6 + } + }, + "References": [ + "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", + "http://www.openwall.com/lists/oss-security/2016/02/27/1", + "http://www.openwall.com/lists/oss-security/2016/02/27/2", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" + ], + "PublishedDate": "2017-02-07T15:59:00Z", + "LastModifiedDate": "2019-01-04T14:14:00Z" + }, + { + "VulnerabilityID": "CVE-2015-5218", + "PkgName": "libblkid", + "InstalledVersion": "2.23.2-59.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5218", + "Title": "colcrt: global-buffer-overflow", + "Description": "Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", + "V2Score": 3.7 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-updates/2015-11/msg00035.html", + "http://www.spinics.net/lists/util-linux-ng/msg11873.html", + "https://bugzilla.redhat.com/show_bug.cgi?id=1259322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5218", + "https://github.com/kerolasa/lelux-utiliteetit/commit/70e3fcf293c1827a2655a86584ab13075124a8a8", + "https://github.com/kerolasa/lelux-utiliteetit/commit/d883d64d96ab9bef510745d064a351145b9babec", + "https://www.kernel.org/pub/linux/utils/util-linux/v2.27/v2.27-ReleaseNotes" + ], + "PublishedDate": "2015-11-09T16:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2015-0247", + "PkgName": "libcom_err", + "InstalledVersion": "1.42.9-13.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-0247", + "Title": "e2fsprogs: ext2fs_open2() missing first_meta_bg boundary check leading to heap buffer overflow (oCERT-015-002)", + "Description": "Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", + "V2Score": 6.9 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2015-0061.html", + "http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149434.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150606.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150805.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00019.html", + "http://lists.opensuse.org/opensuse-updates/2015-06/msg00010.html", + "http://packetstormsecurity.com/files/130283/e2fsprogs-Input-Sanitization.html", + "http://www.debian.org/security/2015/dsa-3166", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:045", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:067", + "http://www.ocert.org/advisories/ocert-2015-002.html", + "http://www.securityfocus.com/archive/1/534633/100/0/threaded", + "http://www.securityfocus.com/bid/72520", + "http://www.ubuntu.com/usn/USN-2507-1", + "https://bugzilla.redhat.com/show_bug.cgi?id=1187032", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0247", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/100740", + "https://security.gentoo.org/glsa/201701-06", + "https://usn.ubuntu.com/usn/usn-2507-1" + ], + "PublishedDate": "2015-02-17T15:59:00Z", + "LastModifiedDate": "2018-10-09T19:55:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5094", + "PkgName": "libcom_err", + "InstalledVersion": "1.42.9-13.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", + "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", + "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", + "https://seclists.org/bugtraq/2019/Sep/58", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", + "https://usn.ubuntu.com/4142-2/", + "https://usn.ubuntu.com/usn/usn-4142-1", + "https://usn.ubuntu.com/usn/usn-4142-2", + "https://www.debian.org/security/2019/dsa-4535" + ], + "PublishedDate": "2019-09-24T22:15:00Z", + "LastModifiedDate": "2019-09-28T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5188", + "PkgName": "libcom_err", + "InstalledVersion": "1.42.9-13.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", + "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", + "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", + "https://usn.ubuntu.com/4249-1/", + "https://usn.ubuntu.com/usn/usn-4249-1" + ], + "PublishedDate": "2020-01-08T16:15:00Z", + "LastModifiedDate": "2020-01-28T06:15:00Z" + }, + { + "VulnerabilityID": "CVE-2015-1572", + "PkgName": "libcom_err", + "InstalledVersion": "1.42.9-13.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1572", + "Title": "e2fsprogs: potential buffer overflow in closefs() (incomplete CVE-2015-0247 fix)", + "Description": "Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V2Score": 6.2 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2015-0088.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150606.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150805.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00019.html", + "http://lists.opensuse.org/opensuse-updates/2015-06/msg00006.html", + "http://lists.opensuse.org/opensuse-updates/2015-06/msg00010.html", + "http://www.debian.org/security/2015/dsa-3166", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:067", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:068", + "http://www.securityfocus.com/bid/72709", + "http://www.ubuntu.com/usn/USN-2507-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1572", + "https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=49d0fe2a14f2a23da2fe299643379b8c1d37df73", + "https://security.gentoo.org/glsa/201507-22", + "https://usn.ubuntu.com/usn/usn-2507-1" + ], + "PublishedDate": "2015-02-24T15:59:00Z", + "LastModifiedDate": "2017-11-08T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-3153", + "PkgName": "libcurl", + "InstalledVersion": "7.29.0-51.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-3153", + "Title": "curl: sensitive HTTP server headers also sent to proxies", + "Description": "The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + } + }, + "References": [ + "http://curl.haxx.se/docs/adv_20150429.html", + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743", + "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", + "http://lists.opensuse.org/opensuse-updates/2015-05/msg00017.html", + "http://www.debian.org/security/2015/dsa-3240", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", + "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", + "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", + "http://www.securityfocus.com/bid/74408", + "http://www.securitytracker.com/id/1032233", + "http://www.ubuntu.com/usn/USN-2591-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3153", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10131", + "https://support.apple.com/kb/HT205031", + "https://usn.ubuntu.com/usn/usn-2591-1" + ], + "PublishedDate": "2015-05-01T15:59:00Z", + "LastModifiedDate": "2018-10-17T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8615", + "PkgName": "libcurl", + "InstalledVersion": "7.29.0-51.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8615", + "Title": "curl: Cookie injection for other servers", + "Description": "A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-254" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 4.3, + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8615.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94096", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8615", + "https://curl.haxx.se/CVE-2016-8615.patch", + "https://curl.haxx.se/docs/adv_20161102A.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-08-01T06:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8617", + "PkgName": "libcurl", + "InstalledVersion": "7.29.0-51.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8617", + "Title": "curl: Out-of-bounds write via unchecked multiplication", + "Description": "The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.4, + "V3Score": 7 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 4.3, + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8617.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94097", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8617", + "https://curl.haxx.se/CVE-2016-8617.patch", + "https://curl.haxx.se/docs/adv_20161102C.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-07-31T22:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8618", + "PkgName": "libcurl", + "InstalledVersion": "7.29.0-51.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8618", + "Title": "curl: Double-free in curl_maprintf", + "Description": "The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 4.3, + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8618.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94098", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8618", + "https://curl.haxx.se/docs/adv_20161102D.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-07-31T21:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8619", + "PkgName": "libcurl", + "InstalledVersion": "7.29.0-51.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8619", + "Title": "curl: Double-free in krb5 code", + "Description": "The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 4.3, + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8619.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94100", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8619", + "https://curl.haxx.se/CVE-2016-8619.patch", + "https://curl.haxx.se/docs/adv_20161102E.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-08-01T06:29:00Z", + "LastModifiedDate": "2019-10-09T23:20:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8624", + "PkgName": "libcurl", + "InstalledVersion": "7.29.0-51.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8624", + "Title": "curl: Invalid URL parsing with '#'", + "Description": "curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 4.3, + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8624.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94103", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8624", + "https://curl.haxx.se/docs/adv_20161102J.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-07-31T21:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8625", + "PkgName": "libcurl", + "InstalledVersion": "7.29.0-51.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8625", + "Title": "curl: IDNA 2003 makes curl use wrong host", + "Description": "curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 4.3, + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8625.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.securityfocus.com/bid/94107", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8625", + "https://curl.haxx.se/CVE-2016-8625.patch", + "https://curl.haxx.se/docs/adv_20161102K.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8625", + "https://security.gentoo.org/glsa/201701-47", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-08-01T06:29:00Z", + "LastModifiedDate": "2019-10-09T23:20:00Z" + }, + { + "VulnerabilityID": "CVE-2017-1000254", + "PkgName": "libcurl", + "InstalledVersion": "7.29.0-51.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000254", + "Title": "curl: FTP PWD response parser out of bounds read", + "Description": "libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "http://www.debian.org/security/2017/dsa-3992", + "http://www.securityfocus.com/bid/101115", + "http://www.securitytracker.com/id/1039509", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://curl.haxx.se/673d0cd8.patch", + "https://curl.haxx.se/docs/adv_20171004.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000254", + "https://security.gentoo.org/glsa/201712-04", + "https://support.apple.com/HT208331", + "https://usn.ubuntu.com/usn/usn-3441-1", + "https://usn.ubuntu.com/usn/usn-3441-2" + ], + "PublishedDate": "2017-10-06T13:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-8817", + "PkgName": "libcurl", + "InstalledVersion": "7.29.0-51.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8817", + "Title": "curl: FTP wildcard out of bounds read", + "Description": "The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", + "V3Score": 3.1 + } + }, + "References": [ + "http://security.cucumberlinux.com/security/details.php?id=162", + "http://www.securityfocus.com/bid/102057", + "http://www.securitytracker.com/id/1039897", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://curl.haxx.se/docs/adv_2017-ae72.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8817", + "https://lists.debian.org/debian-lts-announce/2017/11/msg00040.html", + "https://security.gentoo.org/glsa/201712-04", + "https://usn.ubuntu.com/usn/usn-3498-1", + "https://usn.ubuntu.com/usn/usn-3498-2", + "https://www.debian.org/security/2017/dsa-4051" + ], + "PublishedDate": "2017-11-29T18:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20483", + "PkgName": "libcurl", + "InstalledVersion": "7.29.0-51.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20483", + "Title": "wget: Information exposure in set_file_metadata function in xattr.c", + "Description": "set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-255" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 2.1, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/wget.git/tree/NEWS", + "http://linux.oracle.com/cve/CVE-2018-20483.html", + "http://linux.oracle.com/errata/ELSA-2019-3701.html", + "http://www.securityfocus.com/bid/106358", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20483", + "https://security.gentoo.org/glsa/201903-08", + "https://security.netapp.com/advisory/ntap-20190321-0002/", + "https://twitter.com/marcan42/status/1077676739877232640", + "https://usn.ubuntu.com/3943-1/", + "https://usn.ubuntu.com/usn/usn-3943-1" + ], + "PublishedDate": "2018-12-26T18:29:00Z", + "LastModifiedDate": "2019-04-09T16:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5482", + "PkgName": "libcurl", + "InstalledVersion": "7.29.0-51.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5482", + "Title": "curl: heap buffer overflow in function tftp_receive_packet()", + "Description": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-120" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 6.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", + "https://curl.haxx.se/docs/CVE-2019-5482.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", + "https://usn.ubuntu.com/usn/usn-4129-1", + "https://usn.ubuntu.com/usn/usn-4129-2" + ], + "PublishedDate": "2019-09-16T19:15:00Z", + "LastModifiedDate": "2019-09-18T00:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-0755", + "PkgName": "libcurl", + "InstalledVersion": "7.29.0-51.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-0755", + "Title": "curl: NTLM credentials not-checked for proxy connection re-use", + "Description": "The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.", + "Severity": "LOW", + "CweIDs": [ + "CWE-287" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 5, + "V3Score": 7.3 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", + "V2Score": 4 + } + }, + "References": [ + "http://curl.haxx.se/docs/adv_20160127A.html", + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176546.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177342.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177383.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176413.html", + "http://lists.opensuse.org/opensuse-updates/2016-02/msg00031.html", + "http://lists.opensuse.org/opensuse-updates/2016-02/msg00044.html", + "http://lists.opensuse.org/opensuse-updates/2016-02/msg00047.html", + "http://packetstormsecurity.com/files/135695/Slackware-Security-Advisory-curl-Updates.html", + "http://www.debian.org/security/2016/dsa-3455", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/82307", + "http://www.securitytracker.com/id/1034882", + "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.519965", + "http://www.ubuntu.com/usn/USN-2882-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0755", + "https://security.gentoo.org/glsa/201701-47", + "https://support.apple.com/HT207170", + "https://usn.ubuntu.com/usn/usn-2882-1" + ], + "PublishedDate": "2016-01-29T20:59:00Z", + "LastModifiedDate": "2018-10-17T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8616", + "PkgName": "libcurl", + "InstalledVersion": "7.29.0-51.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8616", + "Title": "curl: Case insensitive password comparison", + "Description": "A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.", + "Severity": "LOW", + "CweIDs": [ + "CWE-255" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 2.6, + "V3Score": 3.7 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8616.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94094", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8616", + "https://curl.haxx.se/CVE-2016-8616.patch", + "https://curl.haxx.se/docs/adv_20161102B.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-08-01T06:29:00Z", + "LastModifiedDate": "2019-10-09T23:20:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8621", + "PkgName": "libcurl", + "InstalledVersion": "7.29.0-51.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8621", + "Title": "curl: curl_getdate out-of-bounds read", + "Description": "The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8621.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94101", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8621", + "https://curl.haxx.se/CVE-2016-8621.patch", + "https://curl.haxx.se/docs/adv_20161102G.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-07-31T22:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8622", + "PkgName": "libcurl", + "InstalledVersion": "7.29.0-51.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8622", + "Title": "curl: URL unescape heap overflow via integer truncation", + "Description": "The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer.", + "Severity": "LOW", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 2.6, + "V3Score": 3.7 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8622.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94105", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8622", + "https://curl.haxx.se/docs/adv_20161102H.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-07-31T21:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8623", + "PkgName": "libcurl", + "InstalledVersion": "7.29.0-51.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8623", + "Title": "curl: Use-after-free via shared cookies", + "Description": "A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.", + "Severity": "LOW", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 4.3, + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8623.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94106", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8623", + "https://curl.haxx.se/CVE-2016-8623.patch", + "https://curl.haxx.se/docs/adv_20161102I.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-08-01T06:29:00Z", + "LastModifiedDate": "2019-10-09T23:20:00Z" + }, + { + "VulnerabilityID": "CVE-2016-9586", + "PkgName": "libcurl", + "InstalledVersion": "7.29.0-51.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9586", + "Title": "curl: printf floating point buffer overflow", + "Description": "curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.1 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 2.6, + "V3Score": 5.9 + } + }, + "References": [ + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/95019", + "http://www.securitytracker.com/id/1037515", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9586", + "https://curl.haxx.se/docs/adv_20161221A.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9586", + "https://github.com/curl/curl/commit/curl-7_51_0-162-g3ab3c16", + "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3441-1", + "https://usn.ubuntu.com/usn/usn-3441-2" + ], + "PublishedDate": "2018-04-23T18:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-1000100", + "PkgName": "libcurl", + "InstalledVersion": "7.29.0-51.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000100", + "Title": "curl: TFTP sends more than buffer size", + "Description": "When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.8 + } + }, + "References": [ + "http://www.debian.org/security/2017/dsa-3992", + "http://www.securityfocus.com/bid/100286", + "http://www.securitytracker.com/id/1039118", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://curl.haxx.se/docs/adv_20170809B.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000100", + "https://security.gentoo.org/glsa/201709-14", + "https://support.apple.com/HT208221", + "https://usn.ubuntu.com/usn/usn-3441-1", + "https://usn.ubuntu.com/usn/usn-3441-2" + ], + "PublishedDate": "2017-10-05T01:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7407", + "PkgName": "libcurl", + "InstalledVersion": "7.29.0-51.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7407", + "Title": "curl: --write-out out of bounds read", + "Description": "The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 2.1, + "V3Score": 2.4 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", + "V3Score": 1.8 + } + }, + "References": [ + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://curl.haxx.se/docs/adv_20170403.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7407", + "https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13", + "https://security.gentoo.org/glsa/201709-14", + "https://usn.ubuntu.com/usn/usn-3441-1", + "https://usn.ubuntu.com/usn/usn-3441-2" + ], + "PublishedDate": "2017-04-03T20:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-14618", + "PkgName": "libcurl", + "InstalledVersion": "7.29.0-51.el7", + "FixedVersion": "7.29.0-51.el7_6.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14618", + "Title": "curl: NTLM password overflow via integer overflow", + "Description": "curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 10, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-14618.html", + "http://linux.oracle.com/errata/ELSA-2019-1880.html", + "http://www.securitytracker.com/id/1041605", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618", + "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf", + "https://curl.haxx.se/docs/CVE-2018-14618.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14618", + "https://github.com/curl/curl/issues/2756", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0014", + "https://security.gentoo.org/glsa/201903-03", + "https://usn.ubuntu.com/3765-1/", + "https://usn.ubuntu.com/3765-2/", + "https://usn.ubuntu.com/usn/usn-3765-1", + "https://usn.ubuntu.com/usn/usn-3765-2", + "https://www.debian.org/security/2018/dsa-4286" + ], + "PublishedDate": "2018-09-05T19:29:00Z", + "LastModifiedDate": "2019-04-22T17:48:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16842", + "PkgName": "libcurl", + "InstalledVersion": "7.29.0-51.el7", + "FixedVersion": "7.29.0-54.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16842", + "Title": "curl: Heap-based buffer over-read in the curl tool warning formatting", + "Description": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", + "V3Score": 3.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16842.html", + "http://linux.oracle.com/errata/ELSA-2019-2181.html", + "http://www.securitytracker.com/id/1042014", + "https://access.redhat.com/errata/RHSA-2019:2181", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842", + "https://curl.haxx.se/docs/CVE-2018-16842.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16842", + "https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211", + "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", + "https://security.gentoo.org/glsa/201903-03", + "https://usn.ubuntu.com/3805-1/", + "https://usn.ubuntu.com/3805-2/", + "https://usn.ubuntu.com/usn/usn-3805-1", + "https://usn.ubuntu.com/usn/usn-3805-2", + "https://www.debian.org/security/2018/dsa-4331" + ], + "PublishedDate": "2018-10-31T19:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5436", + "PkgName": "libcurl", + "InstalledVersion": "7.29.0-51.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5436", + "Title": "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function", + "Description": "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html", + "https://curl.haxx.se/docs/CVE-2019-5436.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/", + "https://security.netapp.com/advisory/ntap-20190606-0004/", + "https://usn.ubuntu.com/usn/usn-3993-1", + "https://usn.ubuntu.com/usn/usn-3993-2" + ], + "PublishedDate": "2019-05-28T19:29:00Z", + "LastModifiedDate": "2019-06-09T05:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-10140", + "PkgName": "libdb", + "InstalledVersion": "5.3.21-24.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10140", + "Title": "libdb: Reads DB_CONFIG from the current working directory", + "Description": "Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 4.5 + } + }, + "References": [ + "http://seclists.org/oss-sec/2017/q3/285", + "http://www.openwall.com/lists/oss-security/2017/08/12/1", + "http://www.postfix.org/announcements/postfix-3.2.2.html", + "https://access.redhat.com/errata/RHSA-2019:0366", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10140", + "https://usn.ubuntu.com/usn/usn-3489-1", + "https://usn.ubuntu.com/usn/usn-3489-2" + ], + "PublishedDate": "2018-04-16T17:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-10140", + "PkgName": "libdb-utils", + "InstalledVersion": "5.3.21-24.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10140", + "Title": "libdb: Reads DB_CONFIG from the current working directory", + "Description": "Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 4.5 + } + }, + "References": [ + "http://seclists.org/oss-sec/2017/q3/285", + "http://www.openwall.com/lists/oss-security/2017/08/12/1", + "http://www.postfix.org/announcements/postfix-3.2.2.html", + "https://access.redhat.com/errata/RHSA-2019:0366", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10140", + "https://usn.ubuntu.com/usn/usn-3489-1", + "https://usn.ubuntu.com/usn/usn-3489-2" + ], + "PublishedDate": "2018-04-16T17:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2014-5044", + "PkgName": "libgcc", + "InstalledVersion": "4.8.5-36.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-5044", + "Title": "gcc: integer overflow flaws in libgfortran", + "Description": "Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2014/07/23/7", + "http://www.openwall.com/lists/oss-security/2014/07/24/1", + "http://www.openwall.com/lists/oss-security/2014/07/31/6", + "https://bugzilla.redhat.com/show_bug.cgi?id=1122812", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5044", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/94849", + "https://gcc.gnu.org/viewcvs/gcc/trunk/libgfortran/ChangeLog?limit_changes=0\u0026view=markup\u0026pathrev=211721", + "https://gcc.gnu.org/viewcvs/gcc?limit_changes=0\u0026view=revision\u0026revision=211721" + ], + "PublishedDate": "2018-03-07T15:29:00Z", + "LastModifiedDate": "2018-03-27T23:48:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20673", + "PkgName": "libgcc", + "InstalledVersion": "4.8.5-36.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20673", + "Title": "libiberty: Integer overflow in demangle_template() function", + "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106454", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24039" + ], + "PublishedDate": "2019-01-04T18:29:00Z", + "LastModifiedDate": "2019-01-15T14:36:00Z" + }, + { + "VulnerabilityID": "CVE-2015-5276", + "PkgName": "libgcc", + "InstalledVersion": "4.8.5-36.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5276", + "Title": "gcc: Predictable randomness from std::random_device", + "Description": "The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "V2Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-updates/2015-11/msg00054.html", + "http://lists.opensuse.org/opensuse-updates/2016-04/msg00052.html", + "http://www.securitytracker.com/id/1034375", + "https://bugzilla.redhat.com/show_bug.cgi?id=1262846", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5276", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65142", + "https://gcc.gnu.org/ml/gcc-patches/2015-09/msg01050.html" + ], + "PublishedDate": "2015-11-17T15:59:00Z", + "LastModifiedDate": "2019-02-12T19:05:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2226", + "PkgName": "libgcc", + "InstalledVersion": "4.8.5-36.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2226", + "Title": "gcc: Exploitable buffer overflow", + "Description": "Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190", + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V2Score": 6.8, + "V3Score": 3.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90103", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1", + "https://www.exploit-db.com/exploits/42386/" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-08-12T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4487", + "PkgName": "libgcc", + "InstalledVersion": "4.8.5-36.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4487", + "Title": "gcc: Invalid write due to a use-after-free to array btypevec", + "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"btypevec.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V2Score": 2.6, + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90025", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", + "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4488", + "PkgName": "libgcc", + "InstalledVersion": "4.8.5-36.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4488", + "Title": "gcc: Invalid write due to a use-after-free to array ktypevec", + "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"ktypevec.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V2Score": 5.1, + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90025", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", + "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4489", + "PkgName": "libgcc", + "InstalledVersion": "4.8.5-36.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4489", + "Title": "gcc: Invalid write due to integer overflow", + "Description": "Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the \"demangling of virtual tables.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 4, + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90017", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4490", + "PkgName": "libgcc", + "InstalledVersion": "4.8.5-36.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4490", + "Title": "gcc: Write access violation", + "Description": "Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 4, + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90019", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4491", + "PkgName": "libgcc", + "InstalledVersion": "4.8.5-36.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4491", + "Title": "gcc: Stack overflow due to infinite recursion in d_print_comp", + "Description": "The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90016", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909", + "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4492", + "PkgName": "libgcc", + "InstalledVersion": "4.8.5-36.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4492", + "Title": "gcc: Read access violations", + "Description": "Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 4.4 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 2.6, + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90014", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", + "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4493", + "PkgName": "libgcc", + "InstalledVersion": "4.8.5-36.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4493", + "Title": "gcc: Read access violations", + "Description": "The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 2.6, + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90014", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", + "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20657", + "PkgName": "libgcc", + "InstalledVersion": "4.8.5-36.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20657", + "Title": "libiberty: Memory leak in demangle_template function resulting in a denial of service", + "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", + "Severity": "LOW", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-20657.html", + "http://linux.oracle.com/errata/ELSA-2019-3352.html", + "http://www.securityfocus.com/bid/106444", + "https://access.redhat.com/errata/RHSA-2019:3352", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539", + "https://support.f5.com/csp/article/K62602089" + ], + "PublishedDate": "2019-01-02T14:29:00Z", + "LastModifiedDate": "2019-11-06T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-14250", + "PkgName": "libgcc", + "InstalledVersion": "4.8.5-36.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14250", + "Title": "binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow", + "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/109354", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90924", + "https://gcc.gnu.org/ml/gcc-patches/2019-07/msg01003.html", + "https://security.netapp.com/advisory/ntap-20190822-0002/" + ], + "PublishedDate": "2019-07-24T04:15:00Z", + "LastModifiedDate": "2019-08-22T07:15:00Z" + }, + { + "VulnerabilityID": "CVE-2014-5270", + "PkgName": "libgcrypt", + "InstalledVersion": "1.5.3-14.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-5270", + "Title": "libgcrypt: ELGAMAL side-channel attack", + "Description": "Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 2.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 1.9 + } + }, + "References": [ + "http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000352.html", + "http://openwall.com/lists/oss-security/2014/08/16/2", + "http://www.cs.tau.ac.il/~tromer/handsoff/", + "http://www.debian.org/security/2014/dsa-3024", + "http://www.debian.org/security/2014/dsa-3073", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5270", + "https://usn.ubuntu.com/usn/usn-2339-1", + "https://usn.ubuntu.com/usn/usn-2339-2" + ], + "PublishedDate": "2014-10-10T01:55:00Z", + "LastModifiedDate": "2017-11-04T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7526", + "PkgName": "libgcrypt", + "InstalledVersion": "1.5.3-14.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7526", + "Title": "libgcrypt: Use of left-to-right sliding window method allows full RSA key recovery", + "Description": "libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99338", + "http://www.securitytracker.com/id/1038915", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7526", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7526", + "https://eprint.iacr.org/2017/627", + "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=78130828e9a140a9de4dafadbc844dbb64cb709a", + "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=8725c99ffa41778f382ca97233183bcd687bb0ce", + "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=e6a3dc9900433bbc8ad362a595a3837318c28fa9", + "https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html", + "https://usn.ubuntu.com/3733-1/", + "https://usn.ubuntu.com/3733-2/", + "https://usn.ubuntu.com/usn/usn-3347-1", + "https://usn.ubuntu.com/usn/usn-3347-2", + "https://usn.ubuntu.com/usn/usn-3733-1", + "https://usn.ubuntu.com/usn/usn-3733-2", + "https://www.debian.org/security/2017/dsa-3901", + "https://www.debian.org/security/2017/dsa-3960" + ], + "PublishedDate": "2018-07-26T13:29:00Z", + "LastModifiedDate": "2019-10-09T23:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-12904", + "PkgName": "libgcrypt", + "InstalledVersion": "1.5.3-14.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12904", + "Title": "Libgcrypt: physical addresses being available to other processes leads to a flush-and-reload side-channel attack", + "Description": "In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.)", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00049.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12904", + "https://dev.gnupg.org/T4541", + "https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020", + "https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762", + "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html" + ], + "PublishedDate": "2019-06-20T00:15:00Z", + "LastModifiedDate": "2019-07-23T18:15:00Z" + }, + { + "VulnerabilityID": "CVE-2014-3591", + "PkgName": "libgcrypt", + "InstalledVersion": "1.5.3-14.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3591", + "Title": "libgcrypt: use ciphertext blinding for Elgamal decryption (new side-channel attack)", + "Description": "Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 1.9 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", + "V2Score": 1.2 + } + }, + "References": [ + "http://www.cs.tau.ac.il/~tromer/radioexp/", + "http://www.debian.org/security/2015/dsa-3184", + "http://www.debian.org/security/2015/dsa-3185", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3591", + "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html", + "https://usn.ubuntu.com/usn/usn-2554-1", + "https://usn.ubuntu.com/usn/usn-2555-1" + ], + "PublishedDate": "2019-11-29T22:15:00Z", + "LastModifiedDate": "2019-12-05T18:06:00Z" + }, + { + "VulnerabilityID": "CVE-2015-0837", + "PkgName": "libgcrypt", + "InstalledVersion": "1.5.3-14.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-0837", + "Title": "libgcrypt: last-level cache side-channel attack", + "Description": "The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a \"Last-Level Cache Side-Channel Attack.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-203" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", + "V2Score": 1.2 + } + }, + "References": [ + "http://www.debian.org/security/2015/dsa-3184", + "http://www.debian.org/security/2015/dsa-3185", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0837", + "https://ieeexplore.ieee.org/document/7163050", + "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html", + "https://usn.ubuntu.com/usn/usn-2554-1", + "https://usn.ubuntu.com/usn/usn-2555-1" + ], + "PublishedDate": "2019-11-29T22:15:00Z", + "LastModifiedDate": "2019-12-14T13:59:00Z" + }, + { + "VulnerabilityID": "CVE-2015-2059", + "PkgName": "libidn", + "InstalledVersion": "1.28-4.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2059", + "Title": "libidn: out-of-bounds read with stringprep on invalid UTF-8", + "Description": "The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", + "V2Score": 2.6 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=2e97c279", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162537.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162549.html", + "http://lists.opensuse.org/opensuse-updates/2015-07/msg00042.html", + "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html", + "http://www.debian.org/security/2016/dsa-3578", + "http://www.openwall.com/lists/oss-security/2015/02/23/25", + "http://www.securityfocus.com/bid/72736", + "http://www.ubuntu.com/usn/USN-3068-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2059", + "https://github.com/jabberd2/jabberd2/issues/85", + "https://lists.gnu.org/archive/html/help-libidn/2015-07/msg00026.html (regression)", + "https://usn.ubuntu.com/usn/usn-3068-1" + ], + "PublishedDate": "2015-08-12T14:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8948", + "PkgName": "libidn", + "InstalledVersion": "1.28-4.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8948", + "Title": "libidn: Out-of-bounds read due to use of fgets with fixed-size buffer", + "Description": "idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 2.6, + "V3Score": 3.7 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=570e68886c41c2e765e6218cb317d9a9a447a041", + "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html", + "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html", + "http://www.debian.org/security/2016/dsa-3658", + "http://www.openwall.com/lists/oss-security/2016/07/20/6", + "http://www.openwall.com/lists/oss-security/2016/07/21/4", + "http://www.securityfocus.com/bid/92070", + "http://www.ubuntu.com/usn/USN-3068-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8948", + "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html", + "https://marc.info/?l=oss-security\u0026m=146910769415616\u0026w=2", + "https://usn.ubuntu.com/usn/usn-3068-1" + ], + "PublishedDate": "2016-09-07T20:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2016-6261", + "PkgName": "libidn", + "InstalledVersion": "1.28-4.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6261", + "Title": "libidn: Out of bounds stack read in idna_to_ascii_4i", + "Description": "The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 2.6, + "V3Score": 3.7 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d", + "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html", + "http://www.debian.org/security/2016/dsa-3658", + "http://www.openwall.com/lists/oss-security/2016/07/20/6", + "http://www.openwall.com/lists/oss-security/2016/07/21/4", + "http://www.securityfocus.com/bid/92070", + "http://www.ubuntu.com/usn/USN-3068-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6261", + "https://lists.gnu.org/archive/html/help-libidn/2015-07/msg00016.html", + "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html", + "https://usn.ubuntu.com/usn/usn-3068-1" + ], + "PublishedDate": "2016-09-07T20:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2016-6262", + "PkgName": "libidn", + "InstalledVersion": "1.28-4.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6262", + "Title": "libidn: Out-of-bounds read when reading zero byte as input", + "Description": "idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V2Score": 2.6, + "V3Score": 3.7 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60", + "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html", + "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html", + "http://www.openwall.com/lists/oss-security/2016/07/20/6", + "http://www.openwall.com/lists/oss-security/2016/07/21/4", + "http://www.securityfocus.com/bid/92070", + "http://www.ubuntu.com/usn/USN-3068-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6262", + "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html", + "https://usn.ubuntu.com/usn/usn-3068-1" + ], + "PublishedDate": "2016-09-07T20:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2016-6263", + "PkgName": "libidn", + "InstalledVersion": "1.28-4.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6263", + "Title": "libidn: Crash when given invalid UTF-8 data on input", + "Description": "The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V2Score": 2.6, + "V3Score": 3.7 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f425555", + "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html", + "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html", + "http://www.debian.org/security/2016/dsa-3658", + "http://www.openwall.com/lists/oss-security/2016/07/20/6", + "http://www.openwall.com/lists/oss-security/2016/07/21/4", + "http://www.securityfocus.com/bid/92070", + "http://www.ubuntu.com/usn/USN-3068-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6263", + "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html", + "https://usn.ubuntu.com/usn/usn-3068-1" + ], + "PublishedDate": "2016-09-07T20:59:00Z", + "LastModifiedDate": "2016-11-28T20:31:00Z" + }, + { + "VulnerabilityID": "CVE-2017-14062", + "PkgName": "libidn", + "InstalledVersion": "1.28-4.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14062", + "Title": "libidn2: Integer overflow in puny_decode.c/decode_digit", + "Description": "Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.debian.org/security/2017/dsa-3988", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14062", + "https://gitlab.com/libidn/libidn2/blob/master/NEWS", + "https://gitlab.com/libidn/libidn2/commit/3284eb342cd0ed1a18786e3fcdf0cdd7e76676bd", + "https://lists.debian.org/debian-lts-announce/2018/07/msg00040.html", + "https://usn.ubuntu.com/usn/usn-3421-1", + "https://usn.ubuntu.com/usn/usn-3434-1", + "https://usn.ubuntu.com/usn/usn-3434-2" + ], + "PublishedDate": "2017-08-31T16:29:00Z", + "LastModifiedDate": "2020-02-18T19:27:00Z" + }, + { + "VulnerabilityID": "CVE-2014-9114", + "PkgName": "libmount", + "InstalledVersion": "2.23.2-59.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9114", + "Title": "util-linux: command injection flaw in blkid", + "Description": "Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-77" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V2Score": 6.2 + } + }, + "References": [ + "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146229.html", + "http://lists.opensuse.org/opensuse-updates/2015-01/msg00035.html", + "http://www.openwall.com/lists/oss-security/2014/11/26/21", + "http://www.securityfocus.com/bid/71327", + "https://bugzilla.redhat.com/show_bug.cgi?id=1168485", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9114", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/98993", + "https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc", + "https://security.gentoo.org/glsa/201612-14" + ], + "PublishedDate": "2017-03-31T16:59:00Z", + "LastModifiedDate": "2019-01-04T14:14:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2779", + "PkgName": "libmount", + "InstalledVersion": "2.23.2-59.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", + "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", + "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "V2Score": 6.2, + "V3Score": 8.6 + } + }, + "References": [ + "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", + "http://www.openwall.com/lists/oss-security/2016/02/27/1", + "http://www.openwall.com/lists/oss-security/2016/02/27/2", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" + ], + "PublishedDate": "2017-02-07T15:59:00Z", + "LastModifiedDate": "2019-01-04T14:14:00Z" + }, + { + "VulnerabilityID": "CVE-2015-5218", + "PkgName": "libmount", + "InstalledVersion": "2.23.2-59.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5218", + "Title": "colcrt: global-buffer-overflow", + "Description": "Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", + "V2Score": 3.7 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-updates/2015-11/msg00035.html", + "http://www.spinics.net/lists/util-linux-ng/msg11873.html", + "https://bugzilla.redhat.com/show_bug.cgi?id=1259322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5218", + "https://github.com/kerolasa/lelux-utiliteetit/commit/70e3fcf293c1827a2655a86584ab13075124a8a8", + "https://github.com/kerolasa/lelux-utiliteetit/commit/d883d64d96ab9bef510745d064a351145b9babec", + "https://www.kernel.org/pub/linux/utils/util-linux/v2.27/v2.27-ReleaseNotes" + ], + "PublishedDate": "2015-11-09T16:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2014-9114", + "PkgName": "libsmartcols", + "InstalledVersion": "2.23.2-59.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9114", + "Title": "util-linux: command injection flaw in blkid", + "Description": "Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-77" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V2Score": 6.2 + } + }, + "References": [ + "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146229.html", + "http://lists.opensuse.org/opensuse-updates/2015-01/msg00035.html", + "http://www.openwall.com/lists/oss-security/2014/11/26/21", + "http://www.securityfocus.com/bid/71327", + "https://bugzilla.redhat.com/show_bug.cgi?id=1168485", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9114", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/98993", + "https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc", + "https://security.gentoo.org/glsa/201612-14" + ], + "PublishedDate": "2017-03-31T16:59:00Z", + "LastModifiedDate": "2019-01-04T14:14:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2779", + "PkgName": "libsmartcols", + "InstalledVersion": "2.23.2-59.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", + "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", + "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "V2Score": 6.2, + "V3Score": 8.6 + } + }, + "References": [ + "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", + "http://www.openwall.com/lists/oss-security/2016/02/27/1", + "http://www.openwall.com/lists/oss-security/2016/02/27/2", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" + ], + "PublishedDate": "2017-02-07T15:59:00Z", + "LastModifiedDate": "2019-01-04T14:14:00Z" + }, + { + "VulnerabilityID": "CVE-2015-5218", + "PkgName": "libsmartcols", + "InstalledVersion": "2.23.2-59.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5218", + "Title": "colcrt: global-buffer-overflow", + "Description": "Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", + "V2Score": 3.7 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-updates/2015-11/msg00035.html", + "http://www.spinics.net/lists/util-linux-ng/msg11873.html", + "https://bugzilla.redhat.com/show_bug.cgi?id=1259322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5218", + "https://github.com/kerolasa/lelux-utiliteetit/commit/70e3fcf293c1827a2655a86584ab13075124a8a8", + "https://github.com/kerolasa/lelux-utiliteetit/commit/d883d64d96ab9bef510745d064a351145b9babec", + "https://www.kernel.org/pub/linux/utils/util-linux/v2.27/v2.27-ReleaseNotes" + ], + "PublishedDate": "2015-11-09T16:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3855", + "PkgName": "libssh2", + "InstalledVersion": "1.4.3-12.el7", + "FixedVersion": "1.4.3-12.el7_6.2", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3855", + "Title": "libssh2: Integer overflow in transport read resulting in out of bounds write", + "Description": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 9.3, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-3855.html", + "http://linux.oracle.com/errata/ELSA-2019-1652.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", + "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", + "http://www.openwall.com/lists/oss-security/2019/03/18/3", + "http://www.securityfocus.com/bid/107485", + "https://access.redhat.com/errata/RHSA-2019:0679", + "https://access.redhat.com/errata/RHSA-2019:1175", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3855", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3855", + "https://github.com/libssh2/libssh2/pull/315", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", + "https://seclists.org/bugtraq/2019/Apr/25", + "https://seclists.org/bugtraq/2019/Mar/25", + "https://security.netapp.com/advisory/ntap-20190327-0005/", + "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", + "https://www.debian.org/security/2019/dsa-4431", + "https://www.libssh2.org/CVE-2019-3855.html" + ], + "PublishedDate": "2019-03-21T21:29:00Z", + "LastModifiedDate": "2019-05-14T21:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3856", + "PkgName": "libssh2", + "InstalledVersion": "1.4.3-12.el7", + "FixedVersion": "1.4.3-12.el7_6.2", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3856", + "Title": "libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write", + "Description": "An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-3856.html", + "http://linux.oracle.com/errata/ELSA-2019-1652.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", + "https://access.redhat.com/errata/RHSA-2019:0679", + "https://access.redhat.com/errata/RHSA-2019:1175", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3856", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3856", + "https://github.com/libssh2/libssh2/pull/315", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", + "https://seclists.org/bugtraq/2019/Apr/25", + "https://security.netapp.com/advisory/ntap-20190327-0005/", + "https://www.debian.org/security/2019/dsa-4431", + "https://www.libssh2.org/CVE-2019-3856.html" + ], + "PublishedDate": "2019-03-25T19:29:00Z", + "LastModifiedDate": "2019-05-14T21:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3857", + "PkgName": "libssh2", + "InstalledVersion": "1.4.3-12.el7", + "FixedVersion": "1.4.3-12.el7_6.2", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3857", + "Title": "libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write", + "Description": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-3857.html", + "http://linux.oracle.com/errata/ELSA-2019-1652.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", + "https://access.redhat.com/errata/RHSA-2019:0679", + "https://access.redhat.com/errata/RHSA-2019:1175", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3857", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3857", + "https://github.com/libssh2/libssh2/pull/315", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", + "https://seclists.org/bugtraq/2019/Apr/25", + "https://security.netapp.com/advisory/ntap-20190327-0005/", + "https://www.debian.org/security/2019/dsa-4431", + "https://www.libssh2.org/CVE-2019-3857.html" + ], + "PublishedDate": "2019-03-25T19:29:00Z", + "LastModifiedDate": "2019-05-14T21:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3863", + "PkgName": "libssh2", + "InstalledVersion": "1.4.3-12.el7", + "FixedVersion": "1.4.3-12.el7_6.2", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3863", + "Title": "libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes", + "Description": "A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-3863.html", + "http://linux.oracle.com/errata/ELSA-2019-1652.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", + "https://access.redhat.com/errata/RHSA-2019:0679", + "https://access.redhat.com/errata/RHSA-2019:1175", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3863", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3863", + "https://github.com/libssh2/libssh2/pull/315", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", + "https://seclists.org/bugtraq/2019/Apr/25", + "https://security.netapp.com/advisory/ntap-20190327-0005/", + "https://www.debian.org/security/2019/dsa-4431", + "https://www.libssh2.org/CVE-2019-3863.html" + ], + "PublishedDate": "2019-03-25T18:29:00Z", + "LastModifiedDate": "2019-05-14T21:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-13115", + "PkgName": "libssh2", + "InstalledVersion": "1.4.3-12.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13115", + "Title": "libssh2: integer overflow in kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c leads to out-of-bounds write", + "Description": "In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in 1.8.1, such as CVE-2019-3855.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "V2Score": 5.8, + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H", + "V3Score": 6.8 + } + }, + "References": [ + "https://blog.semmle.com/libssh2-integer-overflow/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13115", + "https://github.com/libssh2/libssh2/compare/02ecf17...42d37aa", + "https://github.com/libssh2/libssh2/pull/350", + "https://libssh2.org/changes.html", + "https://lists.debian.org/debian-lts-announce/2019/07/msg00024.html" + ], + "PublishedDate": "2019-07-16T18:15:00Z", + "LastModifiedDate": "2019-07-25T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17498", + "PkgName": "libssh2", + "InstalledVersion": "1.4.3-12.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17498", + "Title": "libssh2: integer overflow in SSH_MSG_DISCONNECT logic in packet.c", + "Description": "In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V2Score": 5.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html", + "https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17498", + "https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498", + "https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480", + "https://github.com/libssh2/libssh2/pull/402/commits/1c6fa92b77e34d089493fe6d3e2c6c8775858b94", + "https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/" + ], + "PublishedDate": "2019-10-21T22:15:00Z", + "LastModifiedDate": "2019-11-07T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3858", + "PkgName": "libssh2", + "InstalledVersion": "1.4.3-12.el7", + "FixedVersion": "1.8.0-3.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3858", + "Title": "libssh2: Zero-byte allocation with a specially crafted SFTP packed leading to an out-of-bounds read", + "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-3858.html", + "http://linux.oracle.com/errata/ELSA-2019-2136.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", + "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", + "http://www.openwall.com/lists/oss-security/2019/03/18/3", + "http://www.securityfocus.com/bid/107485", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3858", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3858", + "https://github.com/libssh2/libssh2/pull/316", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", + "https://seclists.org/bugtraq/2019/Apr/25", + "https://seclists.org/bugtraq/2019/Mar/25", + "https://security.netapp.com/advisory/ntap-20190327-0005/", + "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", + "https://www.debian.org/security/2019/dsa-4431", + "https://www.libssh2.org/CVE-2019-3858.html" + ], + "PublishedDate": "2019-03-21T21:29:00Z", + "LastModifiedDate": "2019-04-15T12:31:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3859", + "PkgName": "libssh2", + "InstalledVersion": "1.4.3-12.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3859", + "Title": "libssh2: Unchecked use of _libssh2_packet_require and _libssh2_packet_requirev resulting in out-of-bounds read", + "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00102.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00103.html", + "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", + "http://www.openwall.com/lists/oss-security/2019/03/18/3", + "http://www.securityfocus.com/bid/107485", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3859", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3859", + "https://github.com/libssh2/libssh2/pull/315", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", + "https://lists.debian.org/debian-lts-announce/2019/04/msg00006.html", + "https://lists.debian.org/debian-lts-announce/2019/07/msg00024.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", + "https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00102.html", + "https://seclists.org/bugtraq/2019/Apr/25", + "https://seclists.org/bugtraq/2019/Mar/25", + "https://security.netapp.com/advisory/ntap-20190327-0005/", + "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", + "https://www.debian.org/security/2019/dsa-4431", + "https://www.libssh2.org/CVE-2019-3859.html" + ], + "PublishedDate": "2019-03-21T16:01:00Z", + "LastModifiedDate": "2019-07-25T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3860", + "PkgName": "libssh2", + "InstalledVersion": "1.4.3-12.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3860", + "Title": "libssh2: Out-of-bounds reads with specially crafted SFTP packets", + "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3860", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3860", + "https://github.com/libssh2/libssh2/pull/316", + "https://libssh2.org/CVE-2019-3860.html", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", + "https://seclists.org/bugtraq/2019/Apr/25", + "https://security.netapp.com/advisory/ntap-20190327-0005/", + "https://www.debian.org/security/2019/dsa-4431", + "https://www.libssh2.org/CVE-2019-3860.html" + ], + "PublishedDate": "2019-03-25T19:29:00Z", + "LastModifiedDate": "2019-04-15T12:31:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3861", + "PkgName": "libssh2", + "InstalledVersion": "1.4.3-12.el7", + "FixedVersion": "1.8.0-3.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3861", + "Title": "libssh2: Out-of-bounds reads with specially crafted SSH packets", + "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-3861.html", + "http://linux.oracle.com/errata/ELSA-2019-2136.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3861", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3861", + "https://github.com/libssh2/libssh2/pull/316", + "https://libssh2.org/CVE-2019-3861.html", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", + "https://seclists.org/bugtraq/2019/Apr/25", + "https://security.netapp.com/advisory/ntap-20190327-0005/", + "https://www.debian.org/security/2019/dsa-4431", + "https://www.libssh2.org/CVE-2019-3861.html" + ], + "PublishedDate": "2019-03-25T19:29:00Z", + "LastModifiedDate": "2019-04-15T12:31:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3862", + "PkgName": "libssh2", + "InstalledVersion": "1.4.3-12.el7", + "FixedVersion": "1.4.3-12.el7_6.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3862", + "Title": "libssh2: Out-of-bounds memory comparison with specially crafted message channel request", + "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-3862.html", + "http://linux.oracle.com/errata/ELSA-2019-4693.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", + "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", + "http://www.openwall.com/lists/oss-security/2019/03/18/3", + "http://www.securityfocus.com/bid/107485", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3862", + "https://github.com/libssh2/libssh2/pull/316", + "https://libssh2.org/CVE-2019-3862.html", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", + "https://seclists.org/bugtraq/2019/Apr/25", + "https://seclists.org/bugtraq/2019/Mar/25", + "https://security.netapp.com/advisory/ntap-20190327-0005/", + "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", + "https://www.debian.org/security/2019/dsa-4431", + "https://www.libssh2.org/CVE-2019-3862.html" + ], + "PublishedDate": "2019-03-21T16:01:00Z", + "LastModifiedDate": "2019-04-15T12:31:00Z" + }, + { + "VulnerabilityID": "CVE-2014-5044", + "PkgName": "libstdc++", + "InstalledVersion": "4.8.5-36.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-5044", + "Title": "gcc: integer overflow flaws in libgfortran", + "Description": "Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2014/07/23/7", + "http://www.openwall.com/lists/oss-security/2014/07/24/1", + "http://www.openwall.com/lists/oss-security/2014/07/31/6", + "https://bugzilla.redhat.com/show_bug.cgi?id=1122812", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5044", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/94849", + "https://gcc.gnu.org/viewcvs/gcc/trunk/libgfortran/ChangeLog?limit_changes=0\u0026view=markup\u0026pathrev=211721", + "https://gcc.gnu.org/viewcvs/gcc?limit_changes=0\u0026view=revision\u0026revision=211721" + ], + "PublishedDate": "2018-03-07T15:29:00Z", + "LastModifiedDate": "2018-03-27T23:48:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20673", + "PkgName": "libstdc++", + "InstalledVersion": "4.8.5-36.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20673", + "Title": "libiberty: Integer overflow in demangle_template() function", + "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106454", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24039" + ], + "PublishedDate": "2019-01-04T18:29:00Z", + "LastModifiedDate": "2019-01-15T14:36:00Z" + }, + { + "VulnerabilityID": "CVE-2015-5276", + "PkgName": "libstdc++", + "InstalledVersion": "4.8.5-36.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5276", + "Title": "gcc: Predictable randomness from std::random_device", + "Description": "The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "V2Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-updates/2015-11/msg00054.html", + "http://lists.opensuse.org/opensuse-updates/2016-04/msg00052.html", + "http://www.securitytracker.com/id/1034375", + "https://bugzilla.redhat.com/show_bug.cgi?id=1262846", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5276", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65142", + "https://gcc.gnu.org/ml/gcc-patches/2015-09/msg01050.html" + ], + "PublishedDate": "2015-11-17T15:59:00Z", + "LastModifiedDate": "2019-02-12T19:05:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2226", + "PkgName": "libstdc++", + "InstalledVersion": "4.8.5-36.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2226", + "Title": "gcc: Exploitable buffer overflow", + "Description": "Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190", + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V2Score": 6.8, + "V3Score": 3.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90103", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1", + "https://www.exploit-db.com/exploits/42386/" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-08-12T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4487", + "PkgName": "libstdc++", + "InstalledVersion": "4.8.5-36.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4487", + "Title": "gcc: Invalid write due to a use-after-free to array btypevec", + "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"btypevec.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V2Score": 2.6, + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90025", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", + "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4488", + "PkgName": "libstdc++", + "InstalledVersion": "4.8.5-36.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4488", + "Title": "gcc: Invalid write due to a use-after-free to array ktypevec", + "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"ktypevec.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V2Score": 5.1, + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90025", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", + "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4489", + "PkgName": "libstdc++", + "InstalledVersion": "4.8.5-36.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4489", + "Title": "gcc: Invalid write due to integer overflow", + "Description": "Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the \"demangling of virtual tables.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 4, + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90017", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4490", + "PkgName": "libstdc++", + "InstalledVersion": "4.8.5-36.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4490", + "Title": "gcc: Write access violation", + "Description": "Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 4, + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90019", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4491", + "PkgName": "libstdc++", + "InstalledVersion": "4.8.5-36.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4491", + "Title": "gcc: Stack overflow due to infinite recursion in d_print_comp", + "Description": "The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90016", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909", + "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4492", + "PkgName": "libstdc++", + "InstalledVersion": "4.8.5-36.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4492", + "Title": "gcc: Read access violations", + "Description": "Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 4.4 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 2.6, + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90014", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", + "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4493", + "PkgName": "libstdc++", + "InstalledVersion": "4.8.5-36.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4493", + "Title": "gcc: Read access violations", + "Description": "The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 2.6, + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90014", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", + "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20657", + "PkgName": "libstdc++", + "InstalledVersion": "4.8.5-36.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20657", + "Title": "libiberty: Memory leak in demangle_template function resulting in a denial of service", + "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", + "Severity": "LOW", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-20657.html", + "http://linux.oracle.com/errata/ELSA-2019-3352.html", + "http://www.securityfocus.com/bid/106444", + "https://access.redhat.com/errata/RHSA-2019:3352", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539", + "https://support.f5.com/csp/article/K62602089" + ], + "PublishedDate": "2019-01-02T14:29:00Z", + "LastModifiedDate": "2019-11-06T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-14250", + "PkgName": "libstdc++", + "InstalledVersion": "4.8.5-36.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14250", + "Title": "binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow", + "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/109354", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90924", + "https://gcc.gnu.org/ml/gcc-patches/2019-07/msg01003.html", + "https://security.netapp.com/advisory/ntap-20190822-0002/" + ], + "PublishedDate": "2019-07-24T04:15:00Z", + "LastModifiedDate": "2019-08-22T07:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4008", + "PkgName": "libtasn1", + "InstalledVersion": "4.10-1.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4008", + "Title": "libtasn1: infinite loop while parsing DER certificates", + "Description": "The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=a6e0a0b58f5cdaf4e9beca5bce69c09808cbb625", + "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=f435825c0f527a8e52e6ffbc3ad0bc60531d537e", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182299.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182907.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183221.html", + "http://lists.opensuse.org/opensuse-updates/2016-06/msg00047.html", + "http://lists.opensuse.org/opensuse-updates/2016-06/msg00097.html", + "http://www.debian.org/security/2016/dsa-3568", + "http://www.openwall.com/lists/oss-security/2016/04/11/3", + "http://www.ubuntu.com/usn/USN-2957-1", + "http://www.ubuntu.com/usn/USN-2957-2", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4008", + "https://lists.gnu.org/archive/html/help-libtasn1/2016-04/msg00009.html", + "https://security.gentoo.org/glsa/201703-05", + "https://usn.ubuntu.com/usn/usn-2957-1", + "https://usn.ubuntu.com/usn/usn-2957-2" + ], + "PublishedDate": "2016-05-05T18:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2018-6003", + "PkgName": "libtasn1", + "InstalledVersion": "4.10-1.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6003", + "Title": "libtasn1: Stack exhaustion due to indefinite recursion during BER decoding", + "Description": "An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-674" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=c593ae84cfcde8fea45787e53950e0ac71e9ca97", + "https://bugzilla.redhat.com/show_bug.cgi?id=1535926", + "https://bugzilla.suse.com/show_bug.cgi?id=1076832", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6003", + "https://gitlab.com/gnutls/libtasn1/commit/946565d8eb05fbf7970ea366e817581bb5a90910", + "https://usn.ubuntu.com/usn/usn-3547-1", + "https://www.debian.org/security/2018/dsa-4106" + ], + "PublishedDate": "2018-01-22T20:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-10790", + "PkgName": "libtasn1", + "InstalledVersion": "4.10-1.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10790", + "Title": "libtasn1: NULL pointer dereference in the _asn1_check_identifier function", + "Description": "The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464141", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10790", + "https://security.gentoo.org/glsa/201710-11", + "https://usn.ubuntu.com/3547-1/", + "https://usn.ubuntu.com/usn/usn-3547-1", + "https://www.debian.org/security/2018/dsa-4106" + ], + "PublishedDate": "2017-07-02T03:29:00Z", + "LastModifiedDate": "2018-03-16T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-6891", + "PkgName": "libtasn1", + "InstalledVersion": "4.10-1.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6891", + "Title": "libtasn1: Stack-based buffer overflow in asn1_find_node()", + "Description": "Two errors in the \"asn1_find_node()\" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=5520704d075802df25ce4ffccc010ba1641bd484", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html", + "http://www.debian.org/security/2017/dsa-3861", + "http://www.securityfocus.com/bid/98641", + "http://www.securitytracker.com/id/1038619", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6891", + "https://secuniaresearch.flexerasoftware.com/advisories/76125/", + "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/", + "https://security.gentoo.org/glsa/201710-11", + "https://usn.ubuntu.com/usn/usn-3309-1", + "https://usn.ubuntu.com/usn/usn-3309-2" + ], + "PublishedDate": "2017-05-22T19:29:00Z", + "LastModifiedDate": "2019-06-05T15:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1000654", + "PkgName": "libtasn1", + "InstalledVersion": "4.10-1.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000654", + "Title": "libtasn1: Infinite loop in _asn1_expand_object_id(ptree) leads to memory exhaustion", + "Description": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", + "Severity": "LOW", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 7.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html", + "http://www.securityfocus.com/bid/105151", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000654", + "https://gitlab.com/gnutls/libtasn1/issues/4" + ], + "PublishedDate": "2018-08-20T19:31:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2014-9114", + "PkgName": "libuuid", + "InstalledVersion": "2.23.2-59.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9114", + "Title": "util-linux: command injection flaw in blkid", + "Description": "Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-77" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V2Score": 6.2 + } + }, + "References": [ + "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146229.html", + "http://lists.opensuse.org/opensuse-updates/2015-01/msg00035.html", + "http://www.openwall.com/lists/oss-security/2014/11/26/21", + "http://www.securityfocus.com/bid/71327", + "https://bugzilla.redhat.com/show_bug.cgi?id=1168485", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9114", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/98993", + "https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc", + "https://security.gentoo.org/glsa/201612-14" + ], + "PublishedDate": "2017-03-31T16:59:00Z", + "LastModifiedDate": "2019-01-04T14:14:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2779", + "PkgName": "libuuid", + "InstalledVersion": "2.23.2-59.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", + "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", + "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "V2Score": 6.2, + "V3Score": 8.6 + } + }, + "References": [ + "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", + "http://www.openwall.com/lists/oss-security/2016/02/27/1", + "http://www.openwall.com/lists/oss-security/2016/02/27/2", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" + ], + "PublishedDate": "2017-02-07T15:59:00Z", + "LastModifiedDate": "2019-01-04T14:14:00Z" + }, + { + "VulnerabilityID": "CVE-2015-5218", + "PkgName": "libuuid", + "InstalledVersion": "2.23.2-59.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5218", + "Title": "colcrt: global-buffer-overflow", + "Description": "Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", + "V2Score": 3.7 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-updates/2015-11/msg00035.html", + "http://www.spinics.net/lists/util-linux-ng/msg11873.html", + "https://bugzilla.redhat.com/show_bug.cgi?id=1259322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5218", + "https://github.com/kerolasa/lelux-utiliteetit/commit/70e3fcf293c1827a2655a86584ab13075124a8a8", + "https://github.com/kerolasa/lelux-utiliteetit/commit/d883d64d96ab9bef510745d064a351145b9babec", + "https://www.kernel.org/pub/linux/utils/util-linux/v2.27/v2.27-ReleaseNotes" + ], + "PublishedDate": "2015-11-09T16:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2016-5131", + "PkgName": "libxml2", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5131", + "Title": "libxml2: use after free triggered by XPointer paths beginning with range-to", + "Description": "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + } + }, + "References": [ + "http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html", + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html", + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html", + "http://rhn.redhat.com/errata/RHSA-2016-1485.html", + "http://www.debian.org/security/2016/dsa-3637", + "http://www.securityfocus.com/bid/92053", + "http://www.securitytracker.com/id/1036428", + "http://www.securitytracker.com/id/1038623", + "http://www.ubuntu.com/usn/USN-3041-1", + "https://bugzilla.redhat.com/show_bug.cgi?id=1358641", + "https://codereview.chromium.org/2127493002", + "https://crbug.com/623378", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131", + "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", + "https://security.gentoo.org/glsa/201610-09", + "https://security.gentoo.org/glsa/201701-37", + "https://source.android.com/security/bulletin/2017-05-01", + "https://support.apple.com/HT207141", + "https://support.apple.com/HT207142", + "https://support.apple.com/HT207143", + "https://support.apple.com/HT207170", + "https://usn.ubuntu.com/usn/usn-3041-1", + "https://usn.ubuntu.com/usn/usn-3235-1" + ], + "PublishedDate": "2016-07-23T19:59:00Z", + "LastModifiedDate": "2019-03-26T17:14:00Z" + }, + { + "VulnerabilityID": "CVE-2017-15412", + "PkgName": "libxml2", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15412", + "Title": "chromium-browser: use after free in libxml", + "Description": "Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + } + }, + "References": [ + "http://www.securitytracker.com/id/1040348", + "https://access.redhat.com/errata/RHSA-2017:3401", + "https://access.redhat.com/errata/RHSA-2018:0287", + "https://bugzilla.gnome.org/show_bug.cgi?id=783160", + "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html", + "https://crbug.com/727039", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412", + "https://github.com/sparklemotion/nokogiri/issues/1714", + "https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html", + "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15412.html", + "https://security.gentoo.org/glsa/201801-03", + "https://usn.ubuntu.com/usn/usn-3513-1", + "https://usn.ubuntu.com/usn/usn-3513-1/", + "https://usn.ubuntu.com/usn/usn-3513-2", + "https://www.debian.org/security/2018/dsa-4086" + ], + "PublishedDate": "2018-08-28T19:29:00Z", + "LastModifiedDate": "2018-10-25T11:35:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8035", + "PkgName": "libxml2", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8035", + "Title": "libxml2: DoS when parsing specially crafted XML document if XZ support is enabled", + "Description": "The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V2Score": 2.6 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html", + "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html", + "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html", + "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html", + "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html", + "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html", + "http://rhn.redhat.com/errata/RHSA-2016-1089.html", + "http://www.debian.org/security/2015/dsa-3430", + "http://www.openwall.com/lists/oss-security/2015/11/02/2", + "http://www.openwall.com/lists/oss-security/2015/11/02/4", + "http://www.openwall.com/lists/oss-security/2015/11/03/1", + "http://www.securityfocus.com/bid/77390", + "http://www.securitytracker.com/id/1034243", + "http://www.ubuntu.com/usn/USN-2812-1", + "http://xmlsoft.org/news.html", + "https://bugzilla.gnome.org/show_bug.cgi?id=757466", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", + "https://security.gentoo.org/glsa/201701-37", + "https://support.apple.com/HT206166", + "https://support.apple.com/HT206167", + "https://support.apple.com/HT206168", + "https://support.apple.com/HT206169", + "https://usn.ubuntu.com/usn/usn-2812-1" + ], + "PublishedDate": "2015-11-18T16:59:00Z", + "LastModifiedDate": "2019-03-08T16:06:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4483", + "PkgName": "libxml2", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4483", + "Title": "libxml2: out-of-bounds read", + "Description": "The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://rhn.redhat.com/errata/RHSA-2016-2957.html", + "http://www.debian.org/security/2016/dsa-3593", + "http://www.openwall.com/lists/oss-security/2016/05/03/8", + "http://www.openwall.com/lists/oss-security/2016/05/04/7", + "http://www.openwall.com/lists/oss-security/2016/06/07/4", + "http://www.openwall.com/lists/oss-security/2016/06/07/5", + "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", + "http://www.securityfocus.com/bid/90013", + "http://www.securitytracker.com/id/1036348", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483", + "https://git.gnome.org/browse/libxml2/commit/?id=c97750d11bb8b6f3303e7131fe526a61ac65bcfd", + "https://security.gentoo.org/glsa/201701-37", + "https://usn.ubuntu.com/usn/usn-2994-1", + "https://www.tenable.com/security/tns-2016-18" + ], + "PublishedDate": "2017-04-11T16:59:00Z", + "LastModifiedDate": "2018-01-05T02:30:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4658", + "PkgName": "libxml2", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4658", + "Title": "libxml2: Use after free via namespace node in XPointer ranges", + "Description": "xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 10, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.3 + } + }, + "References": [ + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html", + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html", + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html", + "http://www.securityfocus.com/bid/93054", + "http://www.securitytracker.com/id/1036858", + "http://www.securitytracker.com/id/1038623", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658", + "https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b", + "https://github.com/sparklemotion/nokogiri/issues/1615", + "https://nvd.nist.gov/vuln/detail/CVE-2016-4658", + "https://security.gentoo.org/glsa/201701-37", + "https://support.apple.com/HT207141", + "https://support.apple.com/HT207142", + "https://support.apple.com/HT207143", + "https://support.apple.com/HT207170", + "https://usn.ubuntu.com/usn/usn-3235-1" + ], + "PublishedDate": "2016-09-25T10:59:00Z", + "LastModifiedDate": "2019-03-13T14:05:00Z" + }, + { + "VulnerabilityID": "CVE-2016-9318", + "PkgName": "libxml2", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9318", + "Title": "libxml2: XML External Entity vulnerability", + "Description": "libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-611" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L", + "V2Score": 5.8, + "V3Score": 6.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/94347", + "https://bugzilla.gnome.org/show_bug.cgi?id=772726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9318", + "https://github.com/lsh123/xmlsec/issues/43", + "https://security.gentoo.org/glsa/201711-01", + "https://usn.ubuntu.com/3739-1/", + "https://usn.ubuntu.com/3739-2/", + "https://usn.ubuntu.com/usn/usn-3739-1", + "https://usn.ubuntu.com/usn/usn-3739-2" + ], + "PublishedDate": "2016-11-16T00:59:00Z", + "LastModifiedDate": "2018-08-15T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-0663", + "PkgName": "libxml2", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-0663", + "Title": "libxml2: Heap buffer overflow in xmlAddID", + "Description": "A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://www.debian.org/security/2017/dsa-3952", + "http://www.securityfocus.com/bid/98877", + "http://www.securitytracker.com/id/1038623", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663", + "https://security.gentoo.org/glsa/201711-01", + "https://source.android.com/security/bulletin/2017-06-01", + "https://usn.ubuntu.com/usn/usn-3424-1", + "https://usn.ubuntu.com/usn/usn-3424-2" + ], + "PublishedDate": "2017-06-14T13:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16931", + "PkgName": "libxml2", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16931", + "Title": "libxml2: Mishandling parameter-entity references", + "Description": "parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://xmlsoft.org/news.html", + "https://bugzilla.gnome.org/show_bug.cgi?id=766956", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16931", + "https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3", + "https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html" + ], + "PublishedDate": "2017-11-23T21:29:00Z", + "LastModifiedDate": "2018-02-04T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16932", + "PkgName": "libxml2", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16932", + "Title": "libxml2: Infinite recursion in parameter entities", + "Description": "parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://xmlsoft.org/news.html", + "https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html", + "https://bugzilla.gnome.org/show_bug.cgi?id=759579", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932", + "https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961", + "https://github.com/sparklemotion/nokogiri/issues/1714", + "https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html", + "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16932.html", + "https://usn.ubuntu.com/3739-1/", + "https://usn.ubuntu.com/usn/usn-3504-1", + "https://usn.ubuntu.com/usn/usn-3504-1/", + "https://usn.ubuntu.com/usn/usn-3504-2", + "https://usn.ubuntu.com/usn/usn-3739-1" + ], + "PublishedDate": "2017-11-23T21:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7375", + "PkgName": "libxml2", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7375", + "Title": "libxml2: Missing validation for external entities in xmlParsePEReference", + "Description": "A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-611" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/98877", + "http://www.securitytracker.com/id/1038623", + "https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa", + "https://bugzilla.redhat.com/show_bug.cgi?id=1462203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375", + "https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e", + "https://security.gentoo.org/glsa/201711-01", + "https://source.android.com/security/bulletin/2017-06-01", + "https://usn.ubuntu.com/usn/usn-3424-1", + "https://usn.ubuntu.com/usn/usn-3424-2", + "https://www.debian.org/security/2017/dsa-3952" + ], + "PublishedDate": "2018-02-19T19:29:00Z", + "LastModifiedDate": "2018-03-18T14:17:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9047", + "PkgName": "libxml2", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9047", + "Title": "libxml2: Buffer overflow in function xmlSnprintfElementContent", + "Description": "A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content-\u003etype is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content-\u003eprefix is appended to buf (if it actually fits) whereupon (ii) content-\u003ename is written to the buffer. However, the check for whether the content-\u003ename actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about \"size\" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.debian.org/security/2017/dsa-3952", + "http://www.openwall.com/lists/oss-security/2017/05/15/1", + "http://www.securityfocus.com/bid/98599", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047", + "https://security.gentoo.org/glsa/201711-01", + "https://usn.ubuntu.com/usn/usn-3424-1", + "https://usn.ubuntu.com/usn/usn-3424-2" + ], + "PublishedDate": "2017-05-18T06:29:00Z", + "LastModifiedDate": "2017-11-11T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9049", + "PkgName": "libxml2", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9049", + "Title": "libxml2: Heap-based buffer over-read in function xmlDictComputeFastKey", + "Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.debian.org/security/2017/dsa-3952", + "http://www.openwall.com/lists/oss-security/2017/05/15/1", + "http://www.securityfocus.com/bid/98601", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049", + "https://security.gentoo.org/glsa/201711-01", + "https://usn.ubuntu.com/usn/usn-3424-1", + "https://usn.ubuntu.com/usn/usn-3424-2" + ], + "PublishedDate": "2017-05-18T06:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9050", + "PkgName": "libxml2", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9050", + "Title": "libxml2: Heap-based buffer over-read in function xmlDictAddString", + "Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.debian.org/security/2017/dsa-3952", + "http://www.openwall.com/lists/oss-security/2017/05/15/1", + "http://www.securityfocus.com/bid/98568", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050", + "https://github.com/sparklemotion/nokogiri/issues/1673", + "https://nvd.nist.gov/vuln/detail/CVE-2017-9050", + "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0663.html", + "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7375.html", + "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7376.html", + "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9047.html", + "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9048.html", + "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9049.html", + "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9050.html", + "https://security.gentoo.org/glsa/201711-01", + "https://usn.ubuntu.com/usn/usn-3424-1", + "https://usn.ubuntu.com/usn/usn-3424-1/", + "https://usn.ubuntu.com/usn/usn-3424-2" + ], + "PublishedDate": "2017-05-18T06:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-14404", + "PkgName": "libxml2", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14404", + "Title": "libxml2: NULL pointer dereference in xpath.c:xmlXPathCompOpEval() can allow attackers to cause a denial of service", + "Description": "A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817", + "https://bugzilla.redhat.com/show_bug.cgi?id=1595985", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14404", + "https://github.com/sparklemotion/nokogiri/issues/1785", + "https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74", + "https://gitlab.gnome.org/GNOME/libxml2/commit/a436374994c47b12d5de1b8b1d191a098fa23594", + "https://gitlab.gnome.org/GNOME/libxml2/issues/10", + "https://groups.google.com/forum/#!msg/ruby-security-ann/uVrmO2HjqQw/Fw3ocLI0BQAJ", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2018-14404", + "https://usn.ubuntu.com/3739-1/", + "https://usn.ubuntu.com/3739-2/", + "https://usn.ubuntu.com/usn/usn-3739-1", + "https://usn.ubuntu.com/usn/usn-3739-2" + ], + "PublishedDate": "2018-07-19T13:29:00Z", + "LastModifiedDate": "2018-09-28T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19956", + "PkgName": "libxml2", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19956", + "Title": "libxml2: There's a memory leak in xmlParseBalancedChunkMemoryRecover in parser.c that could result in a crash", + "Description": "xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc-\u003eoldNs.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19956", + "https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549", + "https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html", + "https://security.netapp.com/advisory/ntap-20200114-0002/", + "https://usn.ubuntu.com/usn/usn-4274-1" + ], + "PublishedDate": "2019-12-24T16:15:00Z", + "LastModifiedDate": "2020-01-14T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2017-18258", + "PkgName": "libxml2", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18258", + "Title": "libxml2: denial of service in xz_head function in xzlib.c", + "Description": "The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18258", + "https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10284", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2017-18258", + "https://security.netapp.com/advisory/ntap-20190719-0001/", + "https://usn.ubuntu.com/3739-1/", + "https://usn.ubuntu.com/usn/usn-3739-1" + ], + "PublishedDate": "2018-04-08T17:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-5969", + "PkgName": "libxml2", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-5969", + "Title": "libxml2: Null pointer dereference in xmlSaveDoc implementation", + "Description": "** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states \"I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 2.6, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/11/05/3", + "http://www.openwall.com/lists/oss-security/2017/02/13/1", + "http://www.securityfocus.com/bid/96188", + "https://bugzilla.gnome.org/show_bug.cgi?id=778519", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5969", + "https://security.gentoo.org/glsa/201711-01" + ], + "PublishedDate": "2017-04-11T16:59:00Z", + "LastModifiedDate": "2017-11-11T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-8872", + "PkgName": "libxml2", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8872", + "Title": "libxml2: Out-of-bounds read in htmlParseTryOrFinish", + "Description": "The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "V3Score": 5.4 + } + }, + "References": [ + "https://bugzilla.gnome.org/show_bug.cgi?id=775200", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8872" + ], + "PublishedDate": "2017-05-10T05:29:00Z", + "LastModifiedDate": "2017-05-15T18:37:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9048", + "PkgName": "libxml2", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9048", + "Title": "libxml2: Stack-based buffer overflow in function xmlSnprintfElementContent", + "Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 \u003c size. This vulnerability causes programs that use libxml2, such as PHP, to crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", + "V3Score": 4.8 + } + }, + "References": [ + "http://www.debian.org/security/2017/dsa-3952", + "http://www.openwall.com/lists/oss-security/2017/05/15/1", + "http://www.securityfocus.com/bid/98556", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048", + "https://security.gentoo.org/glsa/201711-01", + "https://usn.ubuntu.com/usn/usn-3424-1", + "https://usn.ubuntu.com/usn/usn-3424-2" + ], + "PublishedDate": "2017-05-18T06:29:00Z", + "LastModifiedDate": "2017-11-11T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-14567", + "PkgName": "libxml2", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14567", + "Title": "libxml2: Infinite loop when --with-lzma is used allows for denial of service via crafted XML file", + "Description": "libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.", + "Severity": "LOW", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/105198", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14567", + "https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", + "https://usn.ubuntu.com/3739-1/", + "https://usn.ubuntu.com/usn/usn-3739-1" + ], + "PublishedDate": "2018-08-16T20:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2016-5131", + "PkgName": "libxml2-python", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5131", + "Title": "libxml2: use after free triggered by XPointer paths beginning with range-to", + "Description": "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + } + }, + "References": [ + "http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html", + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html", + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html", + "http://rhn.redhat.com/errata/RHSA-2016-1485.html", + "http://www.debian.org/security/2016/dsa-3637", + "http://www.securityfocus.com/bid/92053", + "http://www.securitytracker.com/id/1036428", + "http://www.securitytracker.com/id/1038623", + "http://www.ubuntu.com/usn/USN-3041-1", + "https://bugzilla.redhat.com/show_bug.cgi?id=1358641", + "https://codereview.chromium.org/2127493002", + "https://crbug.com/623378", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131", + "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", + "https://security.gentoo.org/glsa/201610-09", + "https://security.gentoo.org/glsa/201701-37", + "https://source.android.com/security/bulletin/2017-05-01", + "https://support.apple.com/HT207141", + "https://support.apple.com/HT207142", + "https://support.apple.com/HT207143", + "https://support.apple.com/HT207170", + "https://usn.ubuntu.com/usn/usn-3041-1", + "https://usn.ubuntu.com/usn/usn-3235-1" + ], + "PublishedDate": "2016-07-23T19:59:00Z", + "LastModifiedDate": "2019-03-26T17:14:00Z" + }, + { + "VulnerabilityID": "CVE-2017-15412", + "PkgName": "libxml2-python", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15412", + "Title": "chromium-browser: use after free in libxml", + "Description": "Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + } + }, + "References": [ + "http://www.securitytracker.com/id/1040348", + "https://access.redhat.com/errata/RHSA-2017:3401", + "https://access.redhat.com/errata/RHSA-2018:0287", + "https://bugzilla.gnome.org/show_bug.cgi?id=783160", + "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html", + "https://crbug.com/727039", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412", + "https://github.com/sparklemotion/nokogiri/issues/1714", + "https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html", + "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15412.html", + "https://security.gentoo.org/glsa/201801-03", + "https://usn.ubuntu.com/usn/usn-3513-1", + "https://usn.ubuntu.com/usn/usn-3513-1/", + "https://usn.ubuntu.com/usn/usn-3513-2", + "https://www.debian.org/security/2018/dsa-4086" + ], + "PublishedDate": "2018-08-28T19:29:00Z", + "LastModifiedDate": "2018-10-25T11:35:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8035", + "PkgName": "libxml2-python", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8035", + "Title": "libxml2: DoS when parsing specially crafted XML document if XZ support is enabled", + "Description": "The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V2Score": 2.6 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html", + "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html", + "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html", + "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html", + "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html", + "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html", + "http://rhn.redhat.com/errata/RHSA-2016-1089.html", + "http://www.debian.org/security/2015/dsa-3430", + "http://www.openwall.com/lists/oss-security/2015/11/02/2", + "http://www.openwall.com/lists/oss-security/2015/11/02/4", + "http://www.openwall.com/lists/oss-security/2015/11/03/1", + "http://www.securityfocus.com/bid/77390", + "http://www.securitytracker.com/id/1034243", + "http://www.ubuntu.com/usn/USN-2812-1", + "http://xmlsoft.org/news.html", + "https://bugzilla.gnome.org/show_bug.cgi?id=757466", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", + "https://security.gentoo.org/glsa/201701-37", + "https://support.apple.com/HT206166", + "https://support.apple.com/HT206167", + "https://support.apple.com/HT206168", + "https://support.apple.com/HT206169", + "https://usn.ubuntu.com/usn/usn-2812-1" + ], + "PublishedDate": "2015-11-18T16:59:00Z", + "LastModifiedDate": "2019-03-08T16:06:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4483", + "PkgName": "libxml2-python", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4483", + "Title": "libxml2: out-of-bounds read", + "Description": "The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://rhn.redhat.com/errata/RHSA-2016-2957.html", + "http://www.debian.org/security/2016/dsa-3593", + "http://www.openwall.com/lists/oss-security/2016/05/03/8", + "http://www.openwall.com/lists/oss-security/2016/05/04/7", + "http://www.openwall.com/lists/oss-security/2016/06/07/4", + "http://www.openwall.com/lists/oss-security/2016/06/07/5", + "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", + "http://www.securityfocus.com/bid/90013", + "http://www.securitytracker.com/id/1036348", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483", + "https://git.gnome.org/browse/libxml2/commit/?id=c97750d11bb8b6f3303e7131fe526a61ac65bcfd", + "https://security.gentoo.org/glsa/201701-37", + "https://usn.ubuntu.com/usn/usn-2994-1", + "https://www.tenable.com/security/tns-2016-18" + ], + "PublishedDate": "2017-04-11T16:59:00Z", + "LastModifiedDate": "2018-01-05T02:30:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4658", + "PkgName": "libxml2-python", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4658", + "Title": "libxml2: Use after free via namespace node in XPointer ranges", + "Description": "xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 10, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.3 + } + }, + "References": [ + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html", + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html", + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html", + "http://www.securityfocus.com/bid/93054", + "http://www.securitytracker.com/id/1036858", + "http://www.securitytracker.com/id/1038623", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658", + "https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b", + "https://github.com/sparklemotion/nokogiri/issues/1615", + "https://nvd.nist.gov/vuln/detail/CVE-2016-4658", + "https://security.gentoo.org/glsa/201701-37", + "https://support.apple.com/HT207141", + "https://support.apple.com/HT207142", + "https://support.apple.com/HT207143", + "https://support.apple.com/HT207170", + "https://usn.ubuntu.com/usn/usn-3235-1" + ], + "PublishedDate": "2016-09-25T10:59:00Z", + "LastModifiedDate": "2019-03-13T14:05:00Z" + }, + { + "VulnerabilityID": "CVE-2016-9318", + "PkgName": "libxml2-python", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9318", + "Title": "libxml2: XML External Entity vulnerability", + "Description": "libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-611" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L", + "V2Score": 5.8, + "V3Score": 6.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/94347", + "https://bugzilla.gnome.org/show_bug.cgi?id=772726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9318", + "https://github.com/lsh123/xmlsec/issues/43", + "https://security.gentoo.org/glsa/201711-01", + "https://usn.ubuntu.com/3739-1/", + "https://usn.ubuntu.com/3739-2/", + "https://usn.ubuntu.com/usn/usn-3739-1", + "https://usn.ubuntu.com/usn/usn-3739-2" + ], + "PublishedDate": "2016-11-16T00:59:00Z", + "LastModifiedDate": "2018-08-15T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-0663", + "PkgName": "libxml2-python", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-0663", + "Title": "libxml2: Heap buffer overflow in xmlAddID", + "Description": "A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://www.debian.org/security/2017/dsa-3952", + "http://www.securityfocus.com/bid/98877", + "http://www.securitytracker.com/id/1038623", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663", + "https://security.gentoo.org/glsa/201711-01", + "https://source.android.com/security/bulletin/2017-06-01", + "https://usn.ubuntu.com/usn/usn-3424-1", + "https://usn.ubuntu.com/usn/usn-3424-2" + ], + "PublishedDate": "2017-06-14T13:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16931", + "PkgName": "libxml2-python", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16931", + "Title": "libxml2: Mishandling parameter-entity references", + "Description": "parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://xmlsoft.org/news.html", + "https://bugzilla.gnome.org/show_bug.cgi?id=766956", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16931", + "https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3", + "https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html" + ], + "PublishedDate": "2017-11-23T21:29:00Z", + "LastModifiedDate": "2018-02-04T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16932", + "PkgName": "libxml2-python", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16932", + "Title": "libxml2: Infinite recursion in parameter entities", + "Description": "parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://xmlsoft.org/news.html", + "https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html", + "https://bugzilla.gnome.org/show_bug.cgi?id=759579", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932", + "https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961", + "https://github.com/sparklemotion/nokogiri/issues/1714", + "https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html", + "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16932.html", + "https://usn.ubuntu.com/3739-1/", + "https://usn.ubuntu.com/usn/usn-3504-1", + "https://usn.ubuntu.com/usn/usn-3504-1/", + "https://usn.ubuntu.com/usn/usn-3504-2", + "https://usn.ubuntu.com/usn/usn-3739-1" + ], + "PublishedDate": "2017-11-23T21:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7375", + "PkgName": "libxml2-python", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7375", + "Title": "libxml2: Missing validation for external entities in xmlParsePEReference", + "Description": "A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-611" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/98877", + "http://www.securitytracker.com/id/1038623", + "https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa", + "https://bugzilla.redhat.com/show_bug.cgi?id=1462203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375", + "https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e", + "https://security.gentoo.org/glsa/201711-01", + "https://source.android.com/security/bulletin/2017-06-01", + "https://usn.ubuntu.com/usn/usn-3424-1", + "https://usn.ubuntu.com/usn/usn-3424-2", + "https://www.debian.org/security/2017/dsa-3952" + ], + "PublishedDate": "2018-02-19T19:29:00Z", + "LastModifiedDate": "2018-03-18T14:17:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9047", + "PkgName": "libxml2-python", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9047", + "Title": "libxml2: Buffer overflow in function xmlSnprintfElementContent", + "Description": "A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content-\u003etype is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content-\u003eprefix is appended to buf (if it actually fits) whereupon (ii) content-\u003ename is written to the buffer. However, the check for whether the content-\u003ename actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about \"size\" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.debian.org/security/2017/dsa-3952", + "http://www.openwall.com/lists/oss-security/2017/05/15/1", + "http://www.securityfocus.com/bid/98599", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047", + "https://security.gentoo.org/glsa/201711-01", + "https://usn.ubuntu.com/usn/usn-3424-1", + "https://usn.ubuntu.com/usn/usn-3424-2" + ], + "PublishedDate": "2017-05-18T06:29:00Z", + "LastModifiedDate": "2017-11-11T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9049", + "PkgName": "libxml2-python", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9049", + "Title": "libxml2: Heap-based buffer over-read in function xmlDictComputeFastKey", + "Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.debian.org/security/2017/dsa-3952", + "http://www.openwall.com/lists/oss-security/2017/05/15/1", + "http://www.securityfocus.com/bid/98601", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049", + "https://security.gentoo.org/glsa/201711-01", + "https://usn.ubuntu.com/usn/usn-3424-1", + "https://usn.ubuntu.com/usn/usn-3424-2" + ], + "PublishedDate": "2017-05-18T06:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9050", + "PkgName": "libxml2-python", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9050", + "Title": "libxml2: Heap-based buffer over-read in function xmlDictAddString", + "Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.debian.org/security/2017/dsa-3952", + "http://www.openwall.com/lists/oss-security/2017/05/15/1", + "http://www.securityfocus.com/bid/98568", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050", + "https://github.com/sparklemotion/nokogiri/issues/1673", + "https://nvd.nist.gov/vuln/detail/CVE-2017-9050", + "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0663.html", + "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7375.html", + "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7376.html", + "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9047.html", + "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9048.html", + "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9049.html", + "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9050.html", + "https://security.gentoo.org/glsa/201711-01", + "https://usn.ubuntu.com/usn/usn-3424-1", + "https://usn.ubuntu.com/usn/usn-3424-1/", + "https://usn.ubuntu.com/usn/usn-3424-2" + ], + "PublishedDate": "2017-05-18T06:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-14404", + "PkgName": "libxml2-python", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14404", + "Title": "libxml2: NULL pointer dereference in xpath.c:xmlXPathCompOpEval() can allow attackers to cause a denial of service", + "Description": "A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817", + "https://bugzilla.redhat.com/show_bug.cgi?id=1595985", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14404", + "https://github.com/sparklemotion/nokogiri/issues/1785", + "https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74", + "https://gitlab.gnome.org/GNOME/libxml2/commit/a436374994c47b12d5de1b8b1d191a098fa23594", + "https://gitlab.gnome.org/GNOME/libxml2/issues/10", + "https://groups.google.com/forum/#!msg/ruby-security-ann/uVrmO2HjqQw/Fw3ocLI0BQAJ", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2018-14404", + "https://usn.ubuntu.com/3739-1/", + "https://usn.ubuntu.com/3739-2/", + "https://usn.ubuntu.com/usn/usn-3739-1", + "https://usn.ubuntu.com/usn/usn-3739-2" + ], + "PublishedDate": "2018-07-19T13:29:00Z", + "LastModifiedDate": "2018-09-28T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19956", + "PkgName": "libxml2-python", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19956", + "Title": "libxml2: There's a memory leak in xmlParseBalancedChunkMemoryRecover in parser.c that could result in a crash", + "Description": "xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc-\u003eoldNs.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19956", + "https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549", + "https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html", + "https://security.netapp.com/advisory/ntap-20200114-0002/", + "https://usn.ubuntu.com/usn/usn-4274-1" + ], + "PublishedDate": "2019-12-24T16:15:00Z", + "LastModifiedDate": "2020-01-14T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2017-18258", + "PkgName": "libxml2-python", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18258", + "Title": "libxml2: denial of service in xz_head function in xzlib.c", + "Description": "The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18258", + "https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10284", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2017-18258", + "https://security.netapp.com/advisory/ntap-20190719-0001/", + "https://usn.ubuntu.com/3739-1/", + "https://usn.ubuntu.com/usn/usn-3739-1" + ], + "PublishedDate": "2018-04-08T17:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-5969", + "PkgName": "libxml2-python", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-5969", + "Title": "libxml2: Null pointer dereference in xmlSaveDoc implementation", + "Description": "** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states \"I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 2.6, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/11/05/3", + "http://www.openwall.com/lists/oss-security/2017/02/13/1", + "http://www.securityfocus.com/bid/96188", + "https://bugzilla.gnome.org/show_bug.cgi?id=778519", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5969", + "https://security.gentoo.org/glsa/201711-01" + ], + "PublishedDate": "2017-04-11T16:59:00Z", + "LastModifiedDate": "2017-11-11T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-8872", + "PkgName": "libxml2-python", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8872", + "Title": "libxml2: Out-of-bounds read in htmlParseTryOrFinish", + "Description": "The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "V3Score": 5.4 + } + }, + "References": [ + "https://bugzilla.gnome.org/show_bug.cgi?id=775200", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8872" + ], + "PublishedDate": "2017-05-10T05:29:00Z", + "LastModifiedDate": "2017-05-15T18:37:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9048", + "PkgName": "libxml2-python", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9048", + "Title": "libxml2: Stack-based buffer overflow in function xmlSnprintfElementContent", + "Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 \u003c size. This vulnerability causes programs that use libxml2, such as PHP, to crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", + "V3Score": 4.8 + } + }, + "References": [ + "http://www.debian.org/security/2017/dsa-3952", + "http://www.openwall.com/lists/oss-security/2017/05/15/1", + "http://www.securityfocus.com/bid/98556", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048", + "https://security.gentoo.org/glsa/201711-01", + "https://usn.ubuntu.com/usn/usn-3424-1", + "https://usn.ubuntu.com/usn/usn-3424-2" + ], + "PublishedDate": "2017-05-18T06:29:00Z", + "LastModifiedDate": "2017-11-11T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-14567", + "PkgName": "libxml2-python", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14567", + "Title": "libxml2: Infinite loop when --with-lzma is used allows for denial of service via crafted XML file", + "Description": "libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.", + "Severity": "LOW", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/105198", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14567", + "https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", + "https://usn.ubuntu.com/3739-1/", + "https://usn.ubuntu.com/usn/usn-3739-1" + ], + "PublishedDate": "2018-08-16T20:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2014-5461", + "PkgName": "lua", + "InstalledVersion": "5.1.4-15.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-5461", + "Title": "lua: overflow flaw in vararg functions", + "Description": "Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 4.4 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2014-0414.html", + "http://lists.opensuse.org/opensuse-updates/2014-09/msg00030.html", + "http://secunia.com/advisories/59890", + "http://secunia.com/advisories/60869", + "http://secunia.com/advisories/61411", + "http://www.debian.org/security/2014/dsa-3015", + "http://www.debian.org/security/2014/dsa-3016", + "http://www.lua.org/bugs.html#5.2.2-1", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:144", + "http://www.openwall.com/lists/oss-security/2014/08/21/1", + "http://www.openwall.com/lists/oss-security/2014/08/21/4", + "http://www.openwall.com/lists/oss-security/2014/08/27/2", + "http://www.securityfocus.com/bid/69342", + "http://www.ubuntu.com/usn/USN-2338-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5461", + "https://security.gentoo.org/glsa/201701-53", + "https://usn.ubuntu.com/usn/usn-2338-1" + ], + "PublishedDate": "2014-09-04T17:55:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17543", + "PkgName": "lz4", + "InstalledVersion": "1.7.5-2.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17543", + "Title": "lz4: heap-based buffer overflow in LZ4_write32", + "Description": "LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states \"only a few specific / uncommon usages of the API are at risk.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-120" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00069.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00070.html", + "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15941", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17543", + "https://github.com/lz4/lz4/compare/v1.9.1...v1.9.2", + "https://github.com/lz4/lz4/issues/801", + "https://github.com/lz4/lz4/pull/756", + "https://github.com/lz4/lz4/pull/760", + "https://lists.apache.org/thread.html/25015588b770d67470b7ba7ea49a305d6735dd7f00eabe7d50ec1e17@%3Cissues.arrow.apache.org%3E", + "https://lists.apache.org/thread.html/793012683dc0fa6819b7c2560e6cf990811014c40c7d75412099c357@%3Cissues.arrow.apache.org%3E", + "https://lists.apache.org/thread.html/9ff0606d16be2ab6a81619e1c9e23c3e251756638e36272c8c8b7fa3@%3Cissues.arrow.apache.org%3E", + "https://lists.apache.org/thread.html/f0038c4fab2ee25aee849ebeff6b33b3aa89e07ccfb06b5c87b36316@%3Cissues.arrow.apache.org%3E", + "https://lists.apache.org/thread.html/f506bc371d4a068d5d84d7361293568f61167d3a1c3e91f0def2d7d3@%3Cdev.arrow.apache.org%3E" + ], + "PublishedDate": "2019-10-14T02:15:00Z", + "LastModifiedDate": "2019-10-24T15:15:00Z" + }, + { + "VulnerabilityID": "CVE-2017-10684", + "PkgName": "ncurses", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10684", + "Title": "ncurses: Stack-based buffer overflow in fmt_entry function in dump_entry.c", + "Description": "In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", + "V3Score": 5.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464687", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10684", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-06-29T23:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-10685", + "PkgName": "ncurses", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10685", + "Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function", + "Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-134" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464692", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-06-29T23:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17594", + "PkgName": "ncurses", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", + "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-26T15:35:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17595", + "PkgName": "ncurses", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", + "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V2Score": 5.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 5.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-23T19:26:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11112", + "PkgName": "ncurses", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11112", + "Title": "ncurses: Illegal address access in append_acs function", + "Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464686", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-07-08T17:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11113", + "PkgName": "ncurses", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11113", + "Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function", + "Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464691", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-07-08T17:29:00Z", + "LastModifiedDate": "2019-05-06T15:00:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13728", + "PkgName": "ncurses", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13728", + "Title": "ncurses: Infinite loop in the next_char function", + "Description": "There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484274", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13729", + "PkgName": "ncurses", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13729", + "Title": "ncurses: Illegal address access in the _nc_save_str function", + "Description": "There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484276", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13729", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13730", + "PkgName": "ncurses", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13730", + "Title": "ncurses: Illegal address access in the function _nc_read_entry_source()", + "Description": "There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484284", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13730", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13731", + "PkgName": "ncurses", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13731", + "Title": "ncurses: Illegal address access in the function postprocess_termcap()", + "Description": "There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484285", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13731", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13732", + "PkgName": "ncurses", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13732", + "Title": "ncurses: Illegal address access in the function dump_uses()", + "Description": "There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484287", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13732", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13733", + "PkgName": "ncurses", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13733", + "Title": "ncurses: Illegal address access in the function fmt_entry", + "Description": "There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13733", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13734", + "PkgName": "ncurses", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13734", + "Title": "ncurses: Illegal address access in the function _nc_safe_strcat", + "Description": "There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484291", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13734", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16879", + "PkgName": "ncurses", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16879", + "Title": "ncurses: Stack-based buffer overflow in the _nc_write_entry function", + "Description": "Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 2.5 + } + }, + "References": [ + "http://invisible-island.net/ncurses/NEWS.html#t20171125", + "http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16879", + "https://security.gentoo.org/glsa/201804-13", + "https://tools.cisco.com/security/center/viewAlert.x?alertId=57695" + ], + "PublishedDate": "2017-11-22T22:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-19211", + "PkgName": "ncurses", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19211", + "Title": "ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c", + "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1643754", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19211" + ], + "PublishedDate": "2018-11-12T19:29:00Z", + "LastModifiedDate": "2019-04-23T13:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-19217", + "PkgName": "ncurses", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19217", + "Title": "ncurses: Null pointer dereference at function _nc_name_match", + "Description": "** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1643753", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19217" + ], + "PublishedDate": "2018-11-12T19:29:00Z", + "LastModifiedDate": "2019-04-18T16:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-10684", + "PkgName": "ncurses-base", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10684", + "Title": "ncurses: Stack-based buffer overflow in fmt_entry function in dump_entry.c", + "Description": "In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", + "V3Score": 5.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464687", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10684", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-06-29T23:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-10685", + "PkgName": "ncurses-base", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10685", + "Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function", + "Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-134" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464692", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-06-29T23:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17594", + "PkgName": "ncurses-base", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", + "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-26T15:35:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17595", + "PkgName": "ncurses-base", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", + "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V2Score": 5.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 5.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-23T19:26:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11112", + "PkgName": "ncurses-base", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11112", + "Title": "ncurses: Illegal address access in append_acs function", + "Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464686", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-07-08T17:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11113", + "PkgName": "ncurses-base", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11113", + "Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function", + "Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464691", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-07-08T17:29:00Z", + "LastModifiedDate": "2019-05-06T15:00:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13728", + "PkgName": "ncurses-base", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13728", + "Title": "ncurses: Infinite loop in the next_char function", + "Description": "There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484274", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13729", + "PkgName": "ncurses-base", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13729", + "Title": "ncurses: Illegal address access in the _nc_save_str function", + "Description": "There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484276", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13729", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13730", + "PkgName": "ncurses-base", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13730", + "Title": "ncurses: Illegal address access in the function _nc_read_entry_source()", + "Description": "There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484284", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13730", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13731", + "PkgName": "ncurses-base", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13731", + "Title": "ncurses: Illegal address access in the function postprocess_termcap()", + "Description": "There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484285", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13731", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13732", + "PkgName": "ncurses-base", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13732", + "Title": "ncurses: Illegal address access in the function dump_uses()", + "Description": "There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484287", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13732", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13733", + "PkgName": "ncurses-base", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13733", + "Title": "ncurses: Illegal address access in the function fmt_entry", + "Description": "There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13733", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13734", + "PkgName": "ncurses-base", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13734", + "Title": "ncurses: Illegal address access in the function _nc_safe_strcat", + "Description": "There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484291", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13734", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16879", + "PkgName": "ncurses-base", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16879", + "Title": "ncurses: Stack-based buffer overflow in the _nc_write_entry function", + "Description": "Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 2.5 + } + }, + "References": [ + "http://invisible-island.net/ncurses/NEWS.html#t20171125", + "http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16879", + "https://security.gentoo.org/glsa/201804-13", + "https://tools.cisco.com/security/center/viewAlert.x?alertId=57695" + ], + "PublishedDate": "2017-11-22T22:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-19211", + "PkgName": "ncurses-base", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19211", + "Title": "ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c", + "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1643754", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19211" + ], + "PublishedDate": "2018-11-12T19:29:00Z", + "LastModifiedDate": "2019-04-23T13:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-19217", + "PkgName": "ncurses-base", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19217", + "Title": "ncurses: Null pointer dereference at function _nc_name_match", + "Description": "** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1643753", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19217" + ], + "PublishedDate": "2018-11-12T19:29:00Z", + "LastModifiedDate": "2019-04-18T16:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-10684", + "PkgName": "ncurses-libs", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10684", + "Title": "ncurses: Stack-based buffer overflow in fmt_entry function in dump_entry.c", + "Description": "In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", + "V3Score": 5.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464687", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10684", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-06-29T23:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-10685", + "PkgName": "ncurses-libs", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10685", + "Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function", + "Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-134" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464692", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-06-29T23:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17594", + "PkgName": "ncurses-libs", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", + "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-26T15:35:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17595", + "PkgName": "ncurses-libs", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", + "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V2Score": 5.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 5.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-23T19:26:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11112", + "PkgName": "ncurses-libs", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11112", + "Title": "ncurses: Illegal address access in append_acs function", + "Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464686", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-07-08T17:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11113", + "PkgName": "ncurses-libs", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11113", + "Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function", + "Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464691", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-07-08T17:29:00Z", + "LastModifiedDate": "2019-05-06T15:00:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13728", + "PkgName": "ncurses-libs", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13728", + "Title": "ncurses: Infinite loop in the next_char function", + "Description": "There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484274", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13729", + "PkgName": "ncurses-libs", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13729", + "Title": "ncurses: Illegal address access in the _nc_save_str function", + "Description": "There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484276", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13729", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13730", + "PkgName": "ncurses-libs", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13730", + "Title": "ncurses: Illegal address access in the function _nc_read_entry_source()", + "Description": "There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484284", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13730", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13731", + "PkgName": "ncurses-libs", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13731", + "Title": "ncurses: Illegal address access in the function postprocess_termcap()", + "Description": "There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484285", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13731", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13732", + "PkgName": "ncurses-libs", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13732", + "Title": "ncurses: Illegal address access in the function dump_uses()", + "Description": "There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484287", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13732", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13733", + "PkgName": "ncurses-libs", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13733", + "Title": "ncurses: Illegal address access in the function fmt_entry", + "Description": "There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13733", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13734", + "PkgName": "ncurses-libs", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13734", + "Title": "ncurses: Illegal address access in the function _nc_safe_strcat", + "Description": "There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484291", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13734", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16879", + "PkgName": "ncurses-libs", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16879", + "Title": "ncurses: Stack-based buffer overflow in the _nc_write_entry function", + "Description": "Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 2.5 + } + }, + "References": [ + "http://invisible-island.net/ncurses/NEWS.html#t20171125", + "http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16879", + "https://security.gentoo.org/glsa/201804-13", + "https://tools.cisco.com/security/center/viewAlert.x?alertId=57695" + ], + "PublishedDate": "2017-11-22T22:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-19211", + "PkgName": "ncurses-libs", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19211", + "Title": "ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c", + "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1643754", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19211" + ], + "PublishedDate": "2018-11-12T19:29:00Z", + "LastModifiedDate": "2019-04-23T13:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-19217", + "PkgName": "ncurses-libs", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19217", + "Title": "ncurses: Null pointer dereference at function _nc_name_match", + "Description": "** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1643753", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19217" + ], + "PublishedDate": "2018-11-12T19:29:00Z", + "LastModifiedDate": "2019-04-18T16:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-1951", + "PkgName": "nspr", + "InstalledVersion": "4.19.0-1.el7_5", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1951", + "Title": "nspr: Memory allocation issue related to PR_*printf functions", + "Description": "Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before 4.12 allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long string to a PR_*printf function.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", + "V2Score": 7.5, + "V3Score": 8.6 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + } + }, + "References": [ + "http://www.securityfocus.com/bid/92385", + "http://www.securitytracker.com/id/1036590", + "http://www.ubuntu.com/usn/USN-3023-1", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1174015", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1951", + "https://groups.google.com/forum/#!topic/mozilla.dev.tech.nspr/dV4MyMsg6jw", + "https://groups.google.com/forum/message/raw?msg=mozilla.dev.tech.nspr/dV4MyMsg6jw/hhWcXOgJDQAJ", + "https://hg.mozilla.org/projects/nspr/rev/96381e3aaae2", + "https://usn.ubuntu.com/usn/usn-3023-1", + "https://usn.ubuntu.com/usn/usn-3028-1" + ], + "PublishedDate": "2016-08-07T19:59:00Z", + "LastModifiedDate": "2016-11-28T20:02:00Z" + }, + { + "VulnerabilityID": "CVE-2018-0495", + "PkgName": "nspr", + "InstalledVersion": "4.19.0-1.el7_5", + "FixedVersion": "4.21.0-1.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", + "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", + "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-0495.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://www.securitytracker.com/id/1041144", + "http://www.securitytracker.com/id/1041147", + "https://access.redhat.com/errata/RHSA-2018:3221", + "https://access.redhat.com/errata/RHSA-2018:3505", + "https://access.redhat.com/errata/RHSA-2019:1296", + "https://access.redhat.com/errata/RHSA-2019:1297", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", + "https://dev.gnupg.org/T4011", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", + "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", + "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", + "https://usn.ubuntu.com/3689-1/", + "https://usn.ubuntu.com/3689-2/", + "https://usn.ubuntu.com/3692-1/", + "https://usn.ubuntu.com/3692-2/", + "https://usn.ubuntu.com/3850-1/", + "https://usn.ubuntu.com/3850-2/", + "https://usn.ubuntu.com/usn/usn-3689-1", + "https://usn.ubuntu.com/usn/usn-3689-2", + "https://usn.ubuntu.com/usn/usn-3692-1", + "https://usn.ubuntu.com/usn/usn-3692-2", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2", + "https://www.debian.org/security/2018/dsa-4231", + "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-06-13T23:29:00Z", + "LastModifiedDate": "2019-05-30T18:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12404", + "PkgName": "nspr", + "InstalledVersion": "4.19.0-1.el7_5", + "FixedVersion": "4.21.0-1.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", + "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", + "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://cat.eyalro.net/", + "http://linux.oracle.com/cve/CVE-2018-12404.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", + "http://www.securityfocus.com/bid/107260", + "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2" + ], + "PublishedDate": "2019-05-02T17:29:00Z", + "LastModifiedDate": "2019-07-20T12:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11745", + "PkgName": "nss", + "InstalledVersion": "3.36.0-7.1.el7_6", + "FixedVersion": "3.44.0-7.el7_7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", + "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", + "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11745.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", + "https://usn.ubuntu.com/4241-1/", + "https://usn.ubuntu.com/usn/usn-4203-1", + "https://usn.ubuntu.com/usn/usn-4203-2", + "https://usn.ubuntu.com/usn/usn-4216-1", + "https://usn.ubuntu.com/usn/usn-4216-2", + "https://usn.ubuntu.com/usn/usn-4241-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", + "https://www.mozilla.org/security/advisories/mfsa2019-36/", + "https://www.mozilla.org/security/advisories/mfsa2019-37/", + "https://www.mozilla.org/security/advisories/mfsa2019-38/" + ], + "PublishedDate": "2020-01-08T20:15:00Z", + "LastModifiedDate": "2020-01-16T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2015-2808", + "PkgName": "nss", + "InstalledVersion": "3.36.0-7.1.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2808", + "Title": "SSL/TLS: \"Invariance Weakness\" vulnerability in RC4 stream cipher", + "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + } + }, + "References": [ + "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", + "http://linux.oracle.com/cve/CVE-2015-2808.html", + "http://linux.oracle.com/errata/ELSA-2015-1526.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html", + "http://marc.info/?l=bugtraq\u0026m=143456209711959\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143629696317098\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144059660127919\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144059703728085\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144104565600964\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2", + "http://rhn.redhat.com/errata/RHSA-2015-1006.html", + "http://rhn.redhat.com/errata/RHSA-2015-1007.html", + "http://rhn.redhat.com/errata/RHSA-2015-1020.html", + "http://rhn.redhat.com/errata/RHSA-2015-1021.html", + "http://rhn.redhat.com/errata/RHSA-2015-1091.html", + "http://rhn.redhat.com/errata/RHSA-2015-1228.html", + "http://rhn.redhat.com/errata/RHSA-2015-1229.html", + "http://rhn.redhat.com/errata/RHSA-2015-1230.html", + "http://rhn.redhat.com/errata/RHSA-2015-1241.html", + "http://rhn.redhat.com/errata/RHSA-2015-1242.html", + "http://rhn.redhat.com/errata/RHSA-2015-1243.html", + "http://rhn.redhat.com/errata/RHSA-2015-1526.html", + "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888", + "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892", + "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", + "http://www-304.ibm.com/support/docview.wss?uid=swg21903565", + "http://www-304.ibm.com/support/docview.wss?uid=swg21960015", + "http://www-304.ibm.com/support/docview.wss?uid=swg21960769", + "http://www.debian.org/security/2015/dsa-3316", + "http://www.debian.org/security/2015/dsa-3339", + "http://www.huawei.com/en/psirt/security-advisories/hw-454055", + "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", + "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", + "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "http://www.securityfocus.com/bid/73684", + "http://www.securityfocus.com/bid/91787", + "http://www.securitytracker.com/id/1032599", + "http://www.securitytracker.com/id/1032600", + "http://www.securitytracker.com/id/1032707", + "http://www.securitytracker.com/id/1032708", + "http://www.securitytracker.com/id/1032734", + "http://www.securitytracker.com/id/1032788", + "http://www.securitytracker.com/id/1032858", + "http://www.securitytracker.com/id/1032868", + "http://www.securitytracker.com/id/1032910", + "http://www.securitytracker.com/id/1032990", + "http://www.securitytracker.com/id/1033071", + "http://www.securitytracker.com/id/1033072", + "http://www.securitytracker.com/id/1033386", + "http://www.securitytracker.com/id/1033415", + "http://www.securitytracker.com/id/1033431", + "http://www.securitytracker.com/id/1033432", + "http://www.securitytracker.com/id/1033737", + "http://www.securitytracker.com/id/1033769", + "http://www.securitytracker.com/id/1036222", + "http://www.ubuntu.com/usn/USN-2696-1", + "http://www.ubuntu.com/usn/USN-2706-1", + "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808", + "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789", + "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650", + "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", + "https://kb.juniper.net/JSA10783", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163", + "https://security.gentoo.org/glsa/201512-10", + "https://usn.ubuntu.com/usn/usn-2696-1", + "https://usn.ubuntu.com/usn/usn-2706-1", + "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709", + "https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf" + ], + "PublishedDate": "2015-04-01T02:00:00Z", + "LastModifiedDate": "2018-01-18T18:18:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2183", + "PkgName": "nss", + "InstalledVersion": "3.36.0-7.1.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2183", + "Title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)", + "Description": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 4.3, + "V3Score": 3.7 + } + }, + "References": [ + "http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/5d2bb853ae31", + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759", + "http://linux.oracle.com/cve/CVE-2016-2183.html", + "http://linux.oracle.com/errata/ELSA-2018-2123.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", + "http://rhn.redhat.com/errata/RHSA-2017-0336.html", + "http://rhn.redhat.com/errata/RHSA-2017-0337.html", + "http://rhn.redhat.com/errata/RHSA-2017-0338.html", + "http://rhn.redhat.com/errata/RHSA-2017-0462.html", + "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697", + "http://www-01.ibm.com/support/docview.wss?uid=swg21991482", + "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", + "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", + "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", + "http://www.securityfocus.com/bid/92630", + "http://www.securityfocus.com/bid/95568", + "http://www.securitytracker.com/id/1036696", + "http://www.splunk.com/view/SP-CAAAPSV", + "http://www.splunk.com/view/SP-CAAAPUE", + "https://access.redhat.com/articles/2548661", + "https://access.redhat.com/errata/RHSA-2016:1940", + "https://access.redhat.com/errata/RHSA-2017:1216", + "https://access.redhat.com/errata/RHSA-2017:2708", + "https://access.redhat.com/errata/RHSA-2017:2709", + "https://access.redhat.com/errata/RHSA-2017:2710", + "https://access.redhat.com/errata/RHSA-2017:3113", + "https://access.redhat.com/errata/RHSA-2017:3114", + "https://access.redhat.com/errata/RHSA-2017:3239", + "https://access.redhat.com/errata/RHSA-2017:3240", + "https://access.redhat.com/errata/RHSA-2018:2123", + "https://access.redhat.com/errata/RHSA-2019:1245", + "https://access.redhat.com/errata/RHSA-2019:2859", + "https://access.redhat.com/security/cve/cve-2016-2183", + "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/", + "https://bto.bluecoat.com/security-advisory/sa133", + "https://bugzilla.redhat.com/show_bug.cgi?id=1369383", + "https://community.qualys.com/thread/16555", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183", + "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633", + "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03765en_us", + "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849", + "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", + "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171", + "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/", + "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", + "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvb05575", + "https://security-tracker.debian.org/tracker/CVE-2016-2183", + "https://security.gentoo.org/glsa/201612-16", + "https://security.gentoo.org/glsa/201701-65", + "https://security.gentoo.org/glsa/201707-01", + "https://security.netapp.com/advisory/ntap-20160915-0001/", + "https://security.netapp.com/advisory/ntap-20170119-0001/", + "https://sweet32.info/", + "https://twitter.com/symantec/status/768786631159603200", + "https://usn.ubuntu.com/usn/usn-3087-1", + "https://usn.ubuntu.com/usn/usn-3179-1", + "https://usn.ubuntu.com/usn/usn-3194-1", + "https://usn.ubuntu.com/usn/usn-3198-1", + "https://usn.ubuntu.com/usn/usn-3270-1", + "https://usn.ubuntu.com/usn/usn-3372-1", + "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html", + "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008", + "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/", + "https://www.openssl.org/blog/blog/2016/08/24/sweet32/", + "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "https://www.sigsac.org/ccs/CCS2016/accepted-papers/", + "https://www.suse.com/security/cve/CVE-2016-2183.html", + "https://www.tenable.com/security/tns-2016-16", + "https://www.tenable.com/security/tns-2016-20", + "https://www.tenable.com/security/tns-2016-21", + "https://www.tenable.com/security/tns-2017-09", + "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue" + ], + "PublishedDate": "2016-09-01T00:59:00Z", + "LastModifiedDate": "2019-10-25T11:53:00Z" + }, + { + "VulnerabilityID": "CVE-2016-9074", + "PkgName": "nss", + "InstalledVersion": "3.36.0-7.1.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9074", + "Title": "nss: Insufficient timing side-channel resistance in divSpoiler", + "Description": "An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 4.3, + "V3Score": 3.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/94341", + "http://www.securitytracker.com/id/1037298", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1293334", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", + "https://security.gentoo.org/glsa/201701-15", + "https://security.gentoo.org/glsa/201701-46", + "https://usn.ubuntu.com/usn/usn-3163-1", + "https://www.debian.org/security/2016/dsa-3730", + "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9074", + "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/", + "https://www.mozilla.org/security/advisories/mfsa2016-89/", + "https://www.mozilla.org/security/advisories/mfsa2016-90/", + "https://www.mozilla.org/security/advisories/mfsa2016-93/" + ], + "PublishedDate": "2018-06-11T21:29:00Z", + "LastModifiedDate": "2018-08-09T15:12:00Z" + }, + { + "VulnerabilityID": "CVE-2016-9574", + "PkgName": "nss", + "InstalledVersion": "3.36.0-7.1.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9574", + "Title": "nss: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA", + "Description": "nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-384" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + } + }, + "References": [ + "https://bugzilla.mozilla.org/show_bug.cgi?id=1320695", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9574", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9574" + ], + "PublishedDate": "2018-07-19T13:29:00Z", + "LastModifiedDate": "2019-10-09T23:20:00Z" + }, + { + "VulnerabilityID": "CVE-2018-0495", + "PkgName": "nss", + "InstalledVersion": "3.36.0-7.1.el7_6", + "FixedVersion": "3.44.0-4.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", + "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", + "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-0495.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://www.securitytracker.com/id/1041144", + "http://www.securitytracker.com/id/1041147", + "https://access.redhat.com/errata/RHSA-2018:3221", + "https://access.redhat.com/errata/RHSA-2018:3505", + "https://access.redhat.com/errata/RHSA-2019:1296", + "https://access.redhat.com/errata/RHSA-2019:1297", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", + "https://dev.gnupg.org/T4011", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", + "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", + "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", + "https://usn.ubuntu.com/3689-1/", + "https://usn.ubuntu.com/3689-2/", + "https://usn.ubuntu.com/3692-1/", + "https://usn.ubuntu.com/3692-2/", + "https://usn.ubuntu.com/3850-1/", + "https://usn.ubuntu.com/3850-2/", + "https://usn.ubuntu.com/usn/usn-3689-1", + "https://usn.ubuntu.com/usn/usn-3689-2", + "https://usn.ubuntu.com/usn/usn-3692-1", + "https://usn.ubuntu.com/usn/usn-3692-2", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2", + "https://www.debian.org/security/2018/dsa-4231", + "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-06-13T23:29:00Z", + "LastModifiedDate": "2019-05-30T18:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12404", + "PkgName": "nss", + "InstalledVersion": "3.36.0-7.1.el7_6", + "FixedVersion": "3.44.0-4.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", + "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", + "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://cat.eyalro.net/", + "http://linux.oracle.com/cve/CVE-2018-12404.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", + "http://www.securityfocus.com/bid/107260", + "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2" + ], + "PublishedDate": "2019-05-02T17:29:00Z", + "LastModifiedDate": "2019-07-20T12:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18508", + "PkgName": "nss", + "InstalledVersion": "3.36.0-7.1.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18508", + "Title": "nss: NULL pointer dereference in several CMS functions resulting in a denial of service", + "Description": "No description is available for this CVE.", + "Severity": "MEDIUM", + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-18508.html", + "http://linux.oracle.com/errata/ELSA-2019-1951.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.42.1_release_notes", + "https://usn.ubuntu.com/usn/usn-3898-1", + "https://usn.ubuntu.com/usn/usn-3898-2" + ] + }, + { + "VulnerabilityID": "CVE-2019-11719", + "PkgName": "nss", + "InstalledVersion": "3.36.0-7.1.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11719", + "Title": "nss: Out-of-bounds read when importing curve25519 private key", + "Description": "When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11719.html", + "http://linux.oracle.com/errata/ELSA-2019-1951.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", + "https://access.redhat.com/errata/RHSA-2019:1951", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1540541", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11719", + "https://usn.ubuntu.com/usn/usn-4054-1", + "https://usn.ubuntu.com/usn/usn-4060-1", + "https://usn.ubuntu.com/usn/usn-4060-2", + "https://usn.ubuntu.com/usn/usn-4064-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11719", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11719", + "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "https://www.mozilla.org/security/advisories/mfsa2019-22/", + "https://www.mozilla.org/security/advisories/mfsa2019-23/" + ], + "PublishedDate": "2019-07-23T14:15:00Z", + "LastModifiedDate": "2019-07-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11729", + "PkgName": "nss", + "InstalledVersion": "3.36.0-7.1.el7_6", + "FixedVersion": "3.44.0-7.el7_7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", + "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", + "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11729.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", + "https://access.redhat.com/errata/RHSA-2019:1951", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", + "https://usn.ubuntu.com/usn/usn-4054-1", + "https://usn.ubuntu.com/usn/usn-4060-1", + "https://usn.ubuntu.com/usn/usn-4060-2", + "https://usn.ubuntu.com/usn/usn-4064-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", + "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "https://www.mozilla.org/security/advisories/mfsa2019-22/", + "https://www.mozilla.org/security/advisories/mfsa2019-23/" + ], + "PublishedDate": "2019-07-23T14:15:00Z", + "LastModifiedDate": "2019-07-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11756", + "PkgName": "nss", + "InstalledVersion": "3.36.0-7.1.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11756", + "Title": "nss: UAF in sftk_FreeSession due to improper refcounting", + "Description": "Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox \u003c 71.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.1 + } + }, + "References": [ + "https://bugzilla.mozilla.org/show_bug.cgi?id=1508776", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11756", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47_release_notes", + "https://usn.ubuntu.com/usn/usn-4216-1", + "https://usn.ubuntu.com/usn/usn-4216-2", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-11756", + "https://www.mozilla.org/security/advisories/mfsa2019-36/" + ], + "PublishedDate": "2020-01-08T20:15:00Z", + "LastModifiedDate": "2020-01-13T18:02:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17006", + "PkgName": "nss", + "InstalledVersion": "3.36.0-7.1.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17006", + "Title": "nss: Check length of inputs for cryptographic primitives", + "Description": "A vulnerability was discovered in nss where input text length was not checked when using certain cryptographic primitives. This could lead to a heap-buffer overflow resulting in a crash and data leak. The highest threat is to confidentiality and integrity of data as well as system availability.", + "Severity": "MEDIUM", + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes", + "https://hg.mozilla.org/projects/nss/rev/9d1f5e71773d4e3146524096d74cb96c8df51abe", + "https://hg.mozilla.org/projects/nss/rev/dfd6996fe7425eb0437346d11a01082f16fcfe34", + "https://usn.ubuntu.com/usn/usn-4231-1" + ] + }, + { + "VulnerabilityID": "CVE-2019-11727", + "PkgName": "nss", + "InstalledVersion": "3.36.0-7.1.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11727", + "Title": "nss: PKCS#1 v1.5 signatures can be used for TLS 1.3", + "Description": "A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox \u003c 68.", + "Severity": "LOW", + "CweIDs": [ + "CWE-295" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "V3Score": 3.4 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11727.html", + "http://linux.oracle.com/errata/ELSA-2019-1951.html", + "https://access.redhat.com/errata/RHSA-2019:1951", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1552208", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11727", + "https://usn.ubuntu.com/usn/usn-4054-1", + "https://usn.ubuntu.com/usn/usn-4060-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11727", + "https://www.mozilla.org/security/advisories/mfsa2019-21/" + ], + "PublishedDate": "2019-07-23T14:15:00Z", + "LastModifiedDate": "2019-07-30T23:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17023", + "PkgName": "nss", + "InstalledVersion": "3.36.0-7.1.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17023", + "Title": "nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state", + "Description": "After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox \u003c 72.", + "Severity": "LOW", + "CweIDs": [ + "CWE-287" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://bugzilla.mozilla.org/show_bug.cgi?id=1590001", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.49_release_notes", + "https://usn.ubuntu.com/4234-1/", + "https://usn.ubuntu.com/usn/usn-4234-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17023", + "https://www.mozilla.org/security/advisories/mfsa2020-01/" + ], + "PublishedDate": "2020-01-08T22:15:00Z", + "LastModifiedDate": "2020-01-13T19:43:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11745", + "PkgName": "nss-softokn", + "InstalledVersion": "3.36.0-5.el7_5", + "FixedVersion": "3.44.0-8.el7_7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", + "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", + "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11745.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", + "https://usn.ubuntu.com/4241-1/", + "https://usn.ubuntu.com/usn/usn-4203-1", + "https://usn.ubuntu.com/usn/usn-4203-2", + "https://usn.ubuntu.com/usn/usn-4216-1", + "https://usn.ubuntu.com/usn/usn-4216-2", + "https://usn.ubuntu.com/usn/usn-4241-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", + "https://www.mozilla.org/security/advisories/mfsa2019-36/", + "https://www.mozilla.org/security/advisories/mfsa2019-37/", + "https://www.mozilla.org/security/advisories/mfsa2019-38/" + ], + "PublishedDate": "2020-01-08T20:15:00Z", + "LastModifiedDate": "2020-01-16T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2015-2613", + "PkgName": "nss-softokn", + "InstalledVersion": "3.36.0-5.el7_5", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2613", + "Title": "NSS / JCE: missing EC parameter validation in ECDH_Derive() (OpenJDK JCE, 8075833)", + "Description": "Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + } + }, + "References": [ + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", + "http://rhn.redhat.com/errata/RHSA-2015-1241.html", + "http://rhn.redhat.com/errata/RHSA-2015-1242.html", + "http://rhn.redhat.com/errata/RHSA-2015-1485.html", + "http://rhn.redhat.com/errata/RHSA-2015-1488.html", + "http://www.debian.org/security/2015/dsa-3316", + "http://www.debian.org/security/2015/dsa-3339", + "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA", + "http://www.securityfocus.com/bid/75871", + "http://www.securitytracker.com/id/1032910", + "http://www.ubuntu.com/usn/USN-2696-1", + "http://www.ubuntu.com/usn/USN-2706-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10139", + "https://security.gentoo.org/glsa/201603-11", + "https://security.gentoo.org/glsa/201603-14", + "https://usn.ubuntu.com/usn/usn-2696-1" + ], + "PublishedDate": "2015-07-16T10:59:00Z", + "LastModifiedDate": "2018-01-05T02:30:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7781", + "PkgName": "nss-softokn", + "InstalledVersion": "3.36.0-5.el7_5", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7781", + "Title": "Mozilla: Elliptic curve point addition error when using mixed Jacobian-affine coordinates (MFSA 2017-18)", + "Description": "An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result \"POINT_AT_INFINITY\" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret. This vulnerability affects Firefox \u003c 55.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "http://www.securityfocus.com/bid/100383", + "http://www.securitytracker.com/id/1039124", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1352039", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7781", + "https://usn.ubuntu.com/usn/usn-3391-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7781", + "https://www.mozilla.org/security/advisories/mfsa2017-18/" + ], + "PublishedDate": "2018-06-11T21:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-0495", + "PkgName": "nss-softokn", + "InstalledVersion": "3.36.0-5.el7_5", + "FixedVersion": "3.44.0-5.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", + "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", + "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-0495.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://www.securitytracker.com/id/1041144", + "http://www.securitytracker.com/id/1041147", + "https://access.redhat.com/errata/RHSA-2018:3221", + "https://access.redhat.com/errata/RHSA-2018:3505", + "https://access.redhat.com/errata/RHSA-2019:1296", + "https://access.redhat.com/errata/RHSA-2019:1297", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", + "https://dev.gnupg.org/T4011", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", + "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", + "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", + "https://usn.ubuntu.com/3689-1/", + "https://usn.ubuntu.com/3689-2/", + "https://usn.ubuntu.com/3692-1/", + "https://usn.ubuntu.com/3692-2/", + "https://usn.ubuntu.com/3850-1/", + "https://usn.ubuntu.com/3850-2/", + "https://usn.ubuntu.com/usn/usn-3689-1", + "https://usn.ubuntu.com/usn/usn-3689-2", + "https://usn.ubuntu.com/usn/usn-3692-1", + "https://usn.ubuntu.com/usn/usn-3692-2", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2", + "https://www.debian.org/security/2018/dsa-4231", + "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-06-13T23:29:00Z", + "LastModifiedDate": "2019-05-30T18:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12404", + "PkgName": "nss-softokn", + "InstalledVersion": "3.36.0-5.el7_5", + "FixedVersion": "3.44.0-5.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", + "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", + "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://cat.eyalro.net/", + "http://linux.oracle.com/cve/CVE-2018-12404.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", + "http://www.securityfocus.com/bid/107260", + "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2" + ], + "PublishedDate": "2019-05-02T17:29:00Z", + "LastModifiedDate": "2019-07-20T12:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11729", + "PkgName": "nss-softokn", + "InstalledVersion": "3.36.0-5.el7_5", + "FixedVersion": "3.44.0-8.el7_7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", + "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", + "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11729.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", + "https://access.redhat.com/errata/RHSA-2019:1951", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", + "https://usn.ubuntu.com/usn/usn-4054-1", + "https://usn.ubuntu.com/usn/usn-4060-1", + "https://usn.ubuntu.com/usn/usn-4060-2", + "https://usn.ubuntu.com/usn/usn-4064-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", + "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "https://www.mozilla.org/security/advisories/mfsa2019-22/", + "https://www.mozilla.org/security/advisories/mfsa2019-23/" + ], + "PublishedDate": "2019-07-23T14:15:00Z", + "LastModifiedDate": "2019-07-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-1938", + "PkgName": "nss-softokn", + "InstalledVersion": "3.36.0-5.el7_5", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1938", + "Title": "Mozilla NSS: Errors in mp_div and mp_exptmod cryptographic functions", + "Description": "The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.", + "Severity": "LOW", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V2Score": 6.4, + "V3Score": 6.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", + "V2Score": 2.6 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html", + "http://www.debian.org/security/2016/dsa-3688", + "http://www.mozilla.org/security/announce/2016/mfsa2016-07.html", + "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "http://www.securityfocus.com/bid/81955", + "http://www.securityfocus.com/bid/91787", + "http://www.securitytracker.com/id/1034825", + "http://www.ubuntu.com/usn/USN-2880-1", + "http://www.ubuntu.com/usn/USN-2880-2", + "http://www.ubuntu.com/usn/USN-2903-1", + "http://www.ubuntu.com/usn/USN-2903-2", + "http://www.ubuntu.com/usn/USN-2973-1", + "https://blog.fuzzing-project.org/37-Mozilla-NSS-Wrong-calculation-results-in-mp_div-and-mp_exptmod.html", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1190248", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1194947", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1938", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes", + "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_div.c", + "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_exptmod.c", + "https://hg.mozilla.org/projects/nss/diff/a555bf0fc23a/lib/freebl/mpi/mpi.c", + "https://security.gentoo.org/glsa/201605-06", + "https://security.gentoo.org/glsa/201701-46", + "https://usn.ubuntu.com/usn/usn-2880-1", + "https://usn.ubuntu.com/usn/usn-2903-1", + "https://usn.ubuntu.com/usn/usn-2973-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2016-07/" + ], + "PublishedDate": "2016-01-31T18:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11745", + "PkgName": "nss-softokn-freebl", + "InstalledVersion": "3.36.0-5.el7_5", + "FixedVersion": "3.44.0-8.el7_7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", + "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", + "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11745.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", + "https://usn.ubuntu.com/4241-1/", + "https://usn.ubuntu.com/usn/usn-4203-1", + "https://usn.ubuntu.com/usn/usn-4203-2", + "https://usn.ubuntu.com/usn/usn-4216-1", + "https://usn.ubuntu.com/usn/usn-4216-2", + "https://usn.ubuntu.com/usn/usn-4241-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", + "https://www.mozilla.org/security/advisories/mfsa2019-36/", + "https://www.mozilla.org/security/advisories/mfsa2019-37/", + "https://www.mozilla.org/security/advisories/mfsa2019-38/" + ], + "PublishedDate": "2020-01-08T20:15:00Z", + "LastModifiedDate": "2020-01-16T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2015-2613", + "PkgName": "nss-softokn-freebl", + "InstalledVersion": "3.36.0-5.el7_5", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2613", + "Title": "NSS / JCE: missing EC parameter validation in ECDH_Derive() (OpenJDK JCE, 8075833)", + "Description": "Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + } + }, + "References": [ + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", + "http://rhn.redhat.com/errata/RHSA-2015-1241.html", + "http://rhn.redhat.com/errata/RHSA-2015-1242.html", + "http://rhn.redhat.com/errata/RHSA-2015-1485.html", + "http://rhn.redhat.com/errata/RHSA-2015-1488.html", + "http://www.debian.org/security/2015/dsa-3316", + "http://www.debian.org/security/2015/dsa-3339", + "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA", + "http://www.securityfocus.com/bid/75871", + "http://www.securitytracker.com/id/1032910", + "http://www.ubuntu.com/usn/USN-2696-1", + "http://www.ubuntu.com/usn/USN-2706-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10139", + "https://security.gentoo.org/glsa/201603-11", + "https://security.gentoo.org/glsa/201603-14", + "https://usn.ubuntu.com/usn/usn-2696-1" + ], + "PublishedDate": "2015-07-16T10:59:00Z", + "LastModifiedDate": "2018-01-05T02:30:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7781", + "PkgName": "nss-softokn-freebl", + "InstalledVersion": "3.36.0-5.el7_5", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7781", + "Title": "Mozilla: Elliptic curve point addition error when using mixed Jacobian-affine coordinates (MFSA 2017-18)", + "Description": "An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result \"POINT_AT_INFINITY\" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret. This vulnerability affects Firefox \u003c 55.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "http://www.securityfocus.com/bid/100383", + "http://www.securitytracker.com/id/1039124", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1352039", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7781", + "https://usn.ubuntu.com/usn/usn-3391-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7781", + "https://www.mozilla.org/security/advisories/mfsa2017-18/" + ], + "PublishedDate": "2018-06-11T21:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-0495", + "PkgName": "nss-softokn-freebl", + "InstalledVersion": "3.36.0-5.el7_5", + "FixedVersion": "3.44.0-5.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", + "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", + "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-0495.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://www.securitytracker.com/id/1041144", + "http://www.securitytracker.com/id/1041147", + "https://access.redhat.com/errata/RHSA-2018:3221", + "https://access.redhat.com/errata/RHSA-2018:3505", + "https://access.redhat.com/errata/RHSA-2019:1296", + "https://access.redhat.com/errata/RHSA-2019:1297", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", + "https://dev.gnupg.org/T4011", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", + "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", + "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", + "https://usn.ubuntu.com/3689-1/", + "https://usn.ubuntu.com/3689-2/", + "https://usn.ubuntu.com/3692-1/", + "https://usn.ubuntu.com/3692-2/", + "https://usn.ubuntu.com/3850-1/", + "https://usn.ubuntu.com/3850-2/", + "https://usn.ubuntu.com/usn/usn-3689-1", + "https://usn.ubuntu.com/usn/usn-3689-2", + "https://usn.ubuntu.com/usn/usn-3692-1", + "https://usn.ubuntu.com/usn/usn-3692-2", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2", + "https://www.debian.org/security/2018/dsa-4231", + "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-06-13T23:29:00Z", + "LastModifiedDate": "2019-05-30T18:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12404", + "PkgName": "nss-softokn-freebl", + "InstalledVersion": "3.36.0-5.el7_5", + "FixedVersion": "3.44.0-5.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", + "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", + "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://cat.eyalro.net/", + "http://linux.oracle.com/cve/CVE-2018-12404.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", + "http://www.securityfocus.com/bid/107260", + "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2" + ], + "PublishedDate": "2019-05-02T17:29:00Z", + "LastModifiedDate": "2019-07-20T12:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11729", + "PkgName": "nss-softokn-freebl", + "InstalledVersion": "3.36.0-5.el7_5", + "FixedVersion": "3.44.0-8.el7_7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", + "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", + "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11729.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", + "https://access.redhat.com/errata/RHSA-2019:1951", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", + "https://usn.ubuntu.com/usn/usn-4054-1", + "https://usn.ubuntu.com/usn/usn-4060-1", + "https://usn.ubuntu.com/usn/usn-4060-2", + "https://usn.ubuntu.com/usn/usn-4064-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", + "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "https://www.mozilla.org/security/advisories/mfsa2019-22/", + "https://www.mozilla.org/security/advisories/mfsa2019-23/" + ], + "PublishedDate": "2019-07-23T14:15:00Z", + "LastModifiedDate": "2019-07-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-1938", + "PkgName": "nss-softokn-freebl", + "InstalledVersion": "3.36.0-5.el7_5", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1938", + "Title": "Mozilla NSS: Errors in mp_div and mp_exptmod cryptographic functions", + "Description": "The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.", + "Severity": "LOW", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V2Score": 6.4, + "V3Score": 6.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", + "V2Score": 2.6 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html", + "http://www.debian.org/security/2016/dsa-3688", + "http://www.mozilla.org/security/announce/2016/mfsa2016-07.html", + "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "http://www.securityfocus.com/bid/81955", + "http://www.securityfocus.com/bid/91787", + "http://www.securitytracker.com/id/1034825", + "http://www.ubuntu.com/usn/USN-2880-1", + "http://www.ubuntu.com/usn/USN-2880-2", + "http://www.ubuntu.com/usn/USN-2903-1", + "http://www.ubuntu.com/usn/USN-2903-2", + "http://www.ubuntu.com/usn/USN-2973-1", + "https://blog.fuzzing-project.org/37-Mozilla-NSS-Wrong-calculation-results-in-mp_div-and-mp_exptmod.html", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1190248", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1194947", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1938", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes", + "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_div.c", + "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_exptmod.c", + "https://hg.mozilla.org/projects/nss/diff/a555bf0fc23a/lib/freebl/mpi/mpi.c", + "https://security.gentoo.org/glsa/201605-06", + "https://security.gentoo.org/glsa/201701-46", + "https://usn.ubuntu.com/usn/usn-2880-1", + "https://usn.ubuntu.com/usn/usn-2903-1", + "https://usn.ubuntu.com/usn/usn-2973-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2016-07/" + ], + "PublishedDate": "2016-01-31T18:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11745", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.36.0-7.1.el7_6", + "FixedVersion": "3.44.0-7.el7_7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", + "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", + "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11745.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", + "https://usn.ubuntu.com/4241-1/", + "https://usn.ubuntu.com/usn/usn-4203-1", + "https://usn.ubuntu.com/usn/usn-4203-2", + "https://usn.ubuntu.com/usn/usn-4216-1", + "https://usn.ubuntu.com/usn/usn-4216-2", + "https://usn.ubuntu.com/usn/usn-4241-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", + "https://www.mozilla.org/security/advisories/mfsa2019-36/", + "https://www.mozilla.org/security/advisories/mfsa2019-37/", + "https://www.mozilla.org/security/advisories/mfsa2019-38/" + ], + "PublishedDate": "2020-01-08T20:15:00Z", + "LastModifiedDate": "2020-01-16T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2015-2808", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.36.0-7.1.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2808", + "Title": "SSL/TLS: \"Invariance Weakness\" vulnerability in RC4 stream cipher", + "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + } + }, + "References": [ + "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", + "http://linux.oracle.com/cve/CVE-2015-2808.html", + "http://linux.oracle.com/errata/ELSA-2015-1526.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html", + "http://marc.info/?l=bugtraq\u0026m=143456209711959\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143629696317098\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144059660127919\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144059703728085\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144104565600964\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2", + "http://rhn.redhat.com/errata/RHSA-2015-1006.html", + "http://rhn.redhat.com/errata/RHSA-2015-1007.html", + "http://rhn.redhat.com/errata/RHSA-2015-1020.html", + "http://rhn.redhat.com/errata/RHSA-2015-1021.html", + "http://rhn.redhat.com/errata/RHSA-2015-1091.html", + "http://rhn.redhat.com/errata/RHSA-2015-1228.html", + "http://rhn.redhat.com/errata/RHSA-2015-1229.html", + "http://rhn.redhat.com/errata/RHSA-2015-1230.html", + "http://rhn.redhat.com/errata/RHSA-2015-1241.html", + "http://rhn.redhat.com/errata/RHSA-2015-1242.html", + "http://rhn.redhat.com/errata/RHSA-2015-1243.html", + "http://rhn.redhat.com/errata/RHSA-2015-1526.html", + "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888", + "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892", + "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", + "http://www-304.ibm.com/support/docview.wss?uid=swg21903565", + "http://www-304.ibm.com/support/docview.wss?uid=swg21960015", + "http://www-304.ibm.com/support/docview.wss?uid=swg21960769", + "http://www.debian.org/security/2015/dsa-3316", + "http://www.debian.org/security/2015/dsa-3339", + "http://www.huawei.com/en/psirt/security-advisories/hw-454055", + "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", + "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", + "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "http://www.securityfocus.com/bid/73684", + "http://www.securityfocus.com/bid/91787", + "http://www.securitytracker.com/id/1032599", + "http://www.securitytracker.com/id/1032600", + "http://www.securitytracker.com/id/1032707", + "http://www.securitytracker.com/id/1032708", + "http://www.securitytracker.com/id/1032734", + "http://www.securitytracker.com/id/1032788", + "http://www.securitytracker.com/id/1032858", + "http://www.securitytracker.com/id/1032868", + "http://www.securitytracker.com/id/1032910", + "http://www.securitytracker.com/id/1032990", + "http://www.securitytracker.com/id/1033071", + "http://www.securitytracker.com/id/1033072", + "http://www.securitytracker.com/id/1033386", + "http://www.securitytracker.com/id/1033415", + "http://www.securitytracker.com/id/1033431", + "http://www.securitytracker.com/id/1033432", + "http://www.securitytracker.com/id/1033737", + "http://www.securitytracker.com/id/1033769", + "http://www.securitytracker.com/id/1036222", + "http://www.ubuntu.com/usn/USN-2696-1", + "http://www.ubuntu.com/usn/USN-2706-1", + "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808", + "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789", + "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650", + "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", + "https://kb.juniper.net/JSA10783", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163", + "https://security.gentoo.org/glsa/201512-10", + "https://usn.ubuntu.com/usn/usn-2696-1", + "https://usn.ubuntu.com/usn/usn-2706-1", + "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709", + "https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf" + ], + "PublishedDate": "2015-04-01T02:00:00Z", + "LastModifiedDate": "2018-01-18T18:18:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2183", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.36.0-7.1.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2183", + "Title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)", + "Description": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 4.3, + "V3Score": 3.7 + } + }, + "References": [ + "http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/5d2bb853ae31", + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759", + "http://linux.oracle.com/cve/CVE-2016-2183.html", + "http://linux.oracle.com/errata/ELSA-2018-2123.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", + "http://rhn.redhat.com/errata/RHSA-2017-0336.html", + "http://rhn.redhat.com/errata/RHSA-2017-0337.html", + "http://rhn.redhat.com/errata/RHSA-2017-0338.html", + "http://rhn.redhat.com/errata/RHSA-2017-0462.html", + "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697", + "http://www-01.ibm.com/support/docview.wss?uid=swg21991482", + "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", + "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", + "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", + "http://www.securityfocus.com/bid/92630", + "http://www.securityfocus.com/bid/95568", + "http://www.securitytracker.com/id/1036696", + "http://www.splunk.com/view/SP-CAAAPSV", + "http://www.splunk.com/view/SP-CAAAPUE", + "https://access.redhat.com/articles/2548661", + "https://access.redhat.com/errata/RHSA-2016:1940", + "https://access.redhat.com/errata/RHSA-2017:1216", + "https://access.redhat.com/errata/RHSA-2017:2708", + "https://access.redhat.com/errata/RHSA-2017:2709", + "https://access.redhat.com/errata/RHSA-2017:2710", + "https://access.redhat.com/errata/RHSA-2017:3113", + "https://access.redhat.com/errata/RHSA-2017:3114", + "https://access.redhat.com/errata/RHSA-2017:3239", + "https://access.redhat.com/errata/RHSA-2017:3240", + "https://access.redhat.com/errata/RHSA-2018:2123", + "https://access.redhat.com/errata/RHSA-2019:1245", + "https://access.redhat.com/errata/RHSA-2019:2859", + "https://access.redhat.com/security/cve/cve-2016-2183", + "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/", + "https://bto.bluecoat.com/security-advisory/sa133", + "https://bugzilla.redhat.com/show_bug.cgi?id=1369383", + "https://community.qualys.com/thread/16555", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183", + "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633", + "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03765en_us", + "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849", + "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", + "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171", + "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/", + "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", + "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvb05575", + "https://security-tracker.debian.org/tracker/CVE-2016-2183", + "https://security.gentoo.org/glsa/201612-16", + "https://security.gentoo.org/glsa/201701-65", + "https://security.gentoo.org/glsa/201707-01", + "https://security.netapp.com/advisory/ntap-20160915-0001/", + "https://security.netapp.com/advisory/ntap-20170119-0001/", + "https://sweet32.info/", + "https://twitter.com/symantec/status/768786631159603200", + "https://usn.ubuntu.com/usn/usn-3087-1", + "https://usn.ubuntu.com/usn/usn-3179-1", + "https://usn.ubuntu.com/usn/usn-3194-1", + "https://usn.ubuntu.com/usn/usn-3198-1", + "https://usn.ubuntu.com/usn/usn-3270-1", + "https://usn.ubuntu.com/usn/usn-3372-1", + "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html", + "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008", + "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/", + "https://www.openssl.org/blog/blog/2016/08/24/sweet32/", + "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "https://www.sigsac.org/ccs/CCS2016/accepted-papers/", + "https://www.suse.com/security/cve/CVE-2016-2183.html", + "https://www.tenable.com/security/tns-2016-16", + "https://www.tenable.com/security/tns-2016-20", + "https://www.tenable.com/security/tns-2016-21", + "https://www.tenable.com/security/tns-2017-09", + "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue" + ], + "PublishedDate": "2016-09-01T00:59:00Z", + "LastModifiedDate": "2019-10-25T11:53:00Z" + }, + { + "VulnerabilityID": "CVE-2016-9074", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.36.0-7.1.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9074", + "Title": "nss: Insufficient timing side-channel resistance in divSpoiler", + "Description": "An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 4.3, + "V3Score": 3.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/94341", + "http://www.securitytracker.com/id/1037298", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1293334", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", + "https://security.gentoo.org/glsa/201701-15", + "https://security.gentoo.org/glsa/201701-46", + "https://usn.ubuntu.com/usn/usn-3163-1", + "https://www.debian.org/security/2016/dsa-3730", + "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9074", + "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/", + "https://www.mozilla.org/security/advisories/mfsa2016-89/", + "https://www.mozilla.org/security/advisories/mfsa2016-90/", + "https://www.mozilla.org/security/advisories/mfsa2016-93/" + ], + "PublishedDate": "2018-06-11T21:29:00Z", + "LastModifiedDate": "2018-08-09T15:12:00Z" + }, + { + "VulnerabilityID": "CVE-2016-9574", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.36.0-7.1.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9574", + "Title": "nss: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA", + "Description": "nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-384" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + } + }, + "References": [ + "https://bugzilla.mozilla.org/show_bug.cgi?id=1320695", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9574", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9574" + ], + "PublishedDate": "2018-07-19T13:29:00Z", + "LastModifiedDate": "2019-10-09T23:20:00Z" + }, + { + "VulnerabilityID": "CVE-2018-0495", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.36.0-7.1.el7_6", + "FixedVersion": "3.44.0-4.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", + "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", + "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-0495.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://www.securitytracker.com/id/1041144", + "http://www.securitytracker.com/id/1041147", + "https://access.redhat.com/errata/RHSA-2018:3221", + "https://access.redhat.com/errata/RHSA-2018:3505", + "https://access.redhat.com/errata/RHSA-2019:1296", + "https://access.redhat.com/errata/RHSA-2019:1297", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", + "https://dev.gnupg.org/T4011", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", + "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", + "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", + "https://usn.ubuntu.com/3689-1/", + "https://usn.ubuntu.com/3689-2/", + "https://usn.ubuntu.com/3692-1/", + "https://usn.ubuntu.com/3692-2/", + "https://usn.ubuntu.com/3850-1/", + "https://usn.ubuntu.com/3850-2/", + "https://usn.ubuntu.com/usn/usn-3689-1", + "https://usn.ubuntu.com/usn/usn-3689-2", + "https://usn.ubuntu.com/usn/usn-3692-1", + "https://usn.ubuntu.com/usn/usn-3692-2", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2", + "https://www.debian.org/security/2018/dsa-4231", + "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-06-13T23:29:00Z", + "LastModifiedDate": "2019-05-30T18:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12404", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.36.0-7.1.el7_6", + "FixedVersion": "3.44.0-4.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", + "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", + "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://cat.eyalro.net/", + "http://linux.oracle.com/cve/CVE-2018-12404.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", + "http://www.securityfocus.com/bid/107260", + "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2" + ], + "PublishedDate": "2019-05-02T17:29:00Z", + "LastModifiedDate": "2019-07-20T12:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18508", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.36.0-7.1.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18508", + "Title": "nss: NULL pointer dereference in several CMS functions resulting in a denial of service", + "Description": "No description is available for this CVE.", + "Severity": "MEDIUM", + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-18508.html", + "http://linux.oracle.com/errata/ELSA-2019-1951.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.42.1_release_notes", + "https://usn.ubuntu.com/usn/usn-3898-1", + "https://usn.ubuntu.com/usn/usn-3898-2" + ] + }, + { + "VulnerabilityID": "CVE-2019-11719", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.36.0-7.1.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11719", + "Title": "nss: Out-of-bounds read when importing curve25519 private key", + "Description": "When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11719.html", + "http://linux.oracle.com/errata/ELSA-2019-1951.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", + "https://access.redhat.com/errata/RHSA-2019:1951", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1540541", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11719", + "https://usn.ubuntu.com/usn/usn-4054-1", + "https://usn.ubuntu.com/usn/usn-4060-1", + "https://usn.ubuntu.com/usn/usn-4060-2", + "https://usn.ubuntu.com/usn/usn-4064-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11719", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11719", + "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "https://www.mozilla.org/security/advisories/mfsa2019-22/", + "https://www.mozilla.org/security/advisories/mfsa2019-23/" + ], + "PublishedDate": "2019-07-23T14:15:00Z", + "LastModifiedDate": "2019-07-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11729", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.36.0-7.1.el7_6", + "FixedVersion": "3.44.0-7.el7_7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", + "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", + "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11729.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", + "https://access.redhat.com/errata/RHSA-2019:1951", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", + "https://usn.ubuntu.com/usn/usn-4054-1", + "https://usn.ubuntu.com/usn/usn-4060-1", + "https://usn.ubuntu.com/usn/usn-4060-2", + "https://usn.ubuntu.com/usn/usn-4064-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", + "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "https://www.mozilla.org/security/advisories/mfsa2019-22/", + "https://www.mozilla.org/security/advisories/mfsa2019-23/" + ], + "PublishedDate": "2019-07-23T14:15:00Z", + "LastModifiedDate": "2019-07-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11756", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.36.0-7.1.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11756", + "Title": "nss: UAF in sftk_FreeSession due to improper refcounting", + "Description": "Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox \u003c 71.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.1 + } + }, + "References": [ + "https://bugzilla.mozilla.org/show_bug.cgi?id=1508776", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11756", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47_release_notes", + "https://usn.ubuntu.com/usn/usn-4216-1", + "https://usn.ubuntu.com/usn/usn-4216-2", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-11756", + "https://www.mozilla.org/security/advisories/mfsa2019-36/" + ], + "PublishedDate": "2020-01-08T20:15:00Z", + "LastModifiedDate": "2020-01-13T18:02:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17006", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.36.0-7.1.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17006", + "Title": "nss: Check length of inputs for cryptographic primitives", + "Description": "A vulnerability was discovered in nss where input text length was not checked when using certain cryptographic primitives. This could lead to a heap-buffer overflow resulting in a crash and data leak. The highest threat is to confidentiality and integrity of data as well as system availability.", + "Severity": "MEDIUM", + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes", + "https://hg.mozilla.org/projects/nss/rev/9d1f5e71773d4e3146524096d74cb96c8df51abe", + "https://hg.mozilla.org/projects/nss/rev/dfd6996fe7425eb0437346d11a01082f16fcfe34", + "https://usn.ubuntu.com/usn/usn-4231-1" + ] + }, + { + "VulnerabilityID": "CVE-2019-11727", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.36.0-7.1.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11727", + "Title": "nss: PKCS#1 v1.5 signatures can be used for TLS 1.3", + "Description": "A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox \u003c 68.", + "Severity": "LOW", + "CweIDs": [ + "CWE-295" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "V3Score": 3.4 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11727.html", + "http://linux.oracle.com/errata/ELSA-2019-1951.html", + "https://access.redhat.com/errata/RHSA-2019:1951", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1552208", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11727", + "https://usn.ubuntu.com/usn/usn-4054-1", + "https://usn.ubuntu.com/usn/usn-4060-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11727", + "https://www.mozilla.org/security/advisories/mfsa2019-21/" + ], + "PublishedDate": "2019-07-23T14:15:00Z", + "LastModifiedDate": "2019-07-30T23:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17023", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.36.0-7.1.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17023", + "Title": "nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state", + "Description": "After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox \u003c 72.", + "Severity": "LOW", + "CweIDs": [ + "CWE-287" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://bugzilla.mozilla.org/show_bug.cgi?id=1590001", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.49_release_notes", + "https://usn.ubuntu.com/4234-1/", + "https://usn.ubuntu.com/usn/usn-4234-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17023", + "https://www.mozilla.org/security/advisories/mfsa2020-01/" + ], + "PublishedDate": "2020-01-08T22:15:00Z", + "LastModifiedDate": "2020-01-13T19:43:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11745", + "PkgName": "nss-tools", + "InstalledVersion": "3.36.0-7.1.el7_6", + "FixedVersion": "3.44.0-7.el7_7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", + "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", + "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11745.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", + "https://usn.ubuntu.com/4241-1/", + "https://usn.ubuntu.com/usn/usn-4203-1", + "https://usn.ubuntu.com/usn/usn-4203-2", + "https://usn.ubuntu.com/usn/usn-4216-1", + "https://usn.ubuntu.com/usn/usn-4216-2", + "https://usn.ubuntu.com/usn/usn-4241-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", + "https://www.mozilla.org/security/advisories/mfsa2019-36/", + "https://www.mozilla.org/security/advisories/mfsa2019-37/", + "https://www.mozilla.org/security/advisories/mfsa2019-38/" + ], + "PublishedDate": "2020-01-08T20:15:00Z", + "LastModifiedDate": "2020-01-16T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2015-2808", + "PkgName": "nss-tools", + "InstalledVersion": "3.36.0-7.1.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2808", + "Title": "SSL/TLS: \"Invariance Weakness\" vulnerability in RC4 stream cipher", + "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + } + }, + "References": [ + "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", + "http://linux.oracle.com/cve/CVE-2015-2808.html", + "http://linux.oracle.com/errata/ELSA-2015-1526.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html", + "http://marc.info/?l=bugtraq\u0026m=143456209711959\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143629696317098\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144059660127919\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144059703728085\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144104565600964\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2", + "http://rhn.redhat.com/errata/RHSA-2015-1006.html", + "http://rhn.redhat.com/errata/RHSA-2015-1007.html", + "http://rhn.redhat.com/errata/RHSA-2015-1020.html", + "http://rhn.redhat.com/errata/RHSA-2015-1021.html", + "http://rhn.redhat.com/errata/RHSA-2015-1091.html", + "http://rhn.redhat.com/errata/RHSA-2015-1228.html", + "http://rhn.redhat.com/errata/RHSA-2015-1229.html", + "http://rhn.redhat.com/errata/RHSA-2015-1230.html", + "http://rhn.redhat.com/errata/RHSA-2015-1241.html", + "http://rhn.redhat.com/errata/RHSA-2015-1242.html", + "http://rhn.redhat.com/errata/RHSA-2015-1243.html", + "http://rhn.redhat.com/errata/RHSA-2015-1526.html", + "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888", + "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892", + "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", + "http://www-304.ibm.com/support/docview.wss?uid=swg21903565", + "http://www-304.ibm.com/support/docview.wss?uid=swg21960015", + "http://www-304.ibm.com/support/docview.wss?uid=swg21960769", + "http://www.debian.org/security/2015/dsa-3316", + "http://www.debian.org/security/2015/dsa-3339", + "http://www.huawei.com/en/psirt/security-advisories/hw-454055", + "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", + "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", + "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "http://www.securityfocus.com/bid/73684", + "http://www.securityfocus.com/bid/91787", + "http://www.securitytracker.com/id/1032599", + "http://www.securitytracker.com/id/1032600", + "http://www.securitytracker.com/id/1032707", + "http://www.securitytracker.com/id/1032708", + "http://www.securitytracker.com/id/1032734", + "http://www.securitytracker.com/id/1032788", + "http://www.securitytracker.com/id/1032858", + "http://www.securitytracker.com/id/1032868", + "http://www.securitytracker.com/id/1032910", + "http://www.securitytracker.com/id/1032990", + "http://www.securitytracker.com/id/1033071", + "http://www.securitytracker.com/id/1033072", + "http://www.securitytracker.com/id/1033386", + "http://www.securitytracker.com/id/1033415", + "http://www.securitytracker.com/id/1033431", + "http://www.securitytracker.com/id/1033432", + "http://www.securitytracker.com/id/1033737", + "http://www.securitytracker.com/id/1033769", + "http://www.securitytracker.com/id/1036222", + "http://www.ubuntu.com/usn/USN-2696-1", + "http://www.ubuntu.com/usn/USN-2706-1", + "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808", + "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789", + "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650", + "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", + "https://kb.juniper.net/JSA10783", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163", + "https://security.gentoo.org/glsa/201512-10", + "https://usn.ubuntu.com/usn/usn-2696-1", + "https://usn.ubuntu.com/usn/usn-2706-1", + "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709", + "https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf" + ], + "PublishedDate": "2015-04-01T02:00:00Z", + "LastModifiedDate": "2018-01-18T18:18:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2183", + "PkgName": "nss-tools", + "InstalledVersion": "3.36.0-7.1.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2183", + "Title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)", + "Description": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 4.3, + "V3Score": 3.7 + } + }, + "References": [ + "http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/5d2bb853ae31", + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759", + "http://linux.oracle.com/cve/CVE-2016-2183.html", + "http://linux.oracle.com/errata/ELSA-2018-2123.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", + "http://rhn.redhat.com/errata/RHSA-2017-0336.html", + "http://rhn.redhat.com/errata/RHSA-2017-0337.html", + "http://rhn.redhat.com/errata/RHSA-2017-0338.html", + "http://rhn.redhat.com/errata/RHSA-2017-0462.html", + "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697", + "http://www-01.ibm.com/support/docview.wss?uid=swg21991482", + "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", + "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", + "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", + "http://www.securityfocus.com/bid/92630", + "http://www.securityfocus.com/bid/95568", + "http://www.securitytracker.com/id/1036696", + "http://www.splunk.com/view/SP-CAAAPSV", + "http://www.splunk.com/view/SP-CAAAPUE", + "https://access.redhat.com/articles/2548661", + "https://access.redhat.com/errata/RHSA-2016:1940", + "https://access.redhat.com/errata/RHSA-2017:1216", + "https://access.redhat.com/errata/RHSA-2017:2708", + "https://access.redhat.com/errata/RHSA-2017:2709", + "https://access.redhat.com/errata/RHSA-2017:2710", + "https://access.redhat.com/errata/RHSA-2017:3113", + "https://access.redhat.com/errata/RHSA-2017:3114", + "https://access.redhat.com/errata/RHSA-2017:3239", + "https://access.redhat.com/errata/RHSA-2017:3240", + "https://access.redhat.com/errata/RHSA-2018:2123", + "https://access.redhat.com/errata/RHSA-2019:1245", + "https://access.redhat.com/errata/RHSA-2019:2859", + "https://access.redhat.com/security/cve/cve-2016-2183", + "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/", + "https://bto.bluecoat.com/security-advisory/sa133", + "https://bugzilla.redhat.com/show_bug.cgi?id=1369383", + "https://community.qualys.com/thread/16555", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183", + "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633", + "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03765en_us", + "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849", + "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", + "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171", + "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/", + "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", + "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvb05575", + "https://security-tracker.debian.org/tracker/CVE-2016-2183", + "https://security.gentoo.org/glsa/201612-16", + "https://security.gentoo.org/glsa/201701-65", + "https://security.gentoo.org/glsa/201707-01", + "https://security.netapp.com/advisory/ntap-20160915-0001/", + "https://security.netapp.com/advisory/ntap-20170119-0001/", + "https://sweet32.info/", + "https://twitter.com/symantec/status/768786631159603200", + "https://usn.ubuntu.com/usn/usn-3087-1", + "https://usn.ubuntu.com/usn/usn-3179-1", + "https://usn.ubuntu.com/usn/usn-3194-1", + "https://usn.ubuntu.com/usn/usn-3198-1", + "https://usn.ubuntu.com/usn/usn-3270-1", + "https://usn.ubuntu.com/usn/usn-3372-1", + "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html", + "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008", + "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/", + "https://www.openssl.org/blog/blog/2016/08/24/sweet32/", + "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "https://www.sigsac.org/ccs/CCS2016/accepted-papers/", + "https://www.suse.com/security/cve/CVE-2016-2183.html", + "https://www.tenable.com/security/tns-2016-16", + "https://www.tenable.com/security/tns-2016-20", + "https://www.tenable.com/security/tns-2016-21", + "https://www.tenable.com/security/tns-2017-09", + "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue" + ], + "PublishedDate": "2016-09-01T00:59:00Z", + "LastModifiedDate": "2019-10-25T11:53:00Z" + }, + { + "VulnerabilityID": "CVE-2016-9074", + "PkgName": "nss-tools", + "InstalledVersion": "3.36.0-7.1.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9074", + "Title": "nss: Insufficient timing side-channel resistance in divSpoiler", + "Description": "An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 4.3, + "V3Score": 3.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/94341", + "http://www.securitytracker.com/id/1037298", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1293334", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", + "https://security.gentoo.org/glsa/201701-15", + "https://security.gentoo.org/glsa/201701-46", + "https://usn.ubuntu.com/usn/usn-3163-1", + "https://www.debian.org/security/2016/dsa-3730", + "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9074", + "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/", + "https://www.mozilla.org/security/advisories/mfsa2016-89/", + "https://www.mozilla.org/security/advisories/mfsa2016-90/", + "https://www.mozilla.org/security/advisories/mfsa2016-93/" + ], + "PublishedDate": "2018-06-11T21:29:00Z", + "LastModifiedDate": "2018-08-09T15:12:00Z" + }, + { + "VulnerabilityID": "CVE-2016-9574", + "PkgName": "nss-tools", + "InstalledVersion": "3.36.0-7.1.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9574", + "Title": "nss: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA", + "Description": "nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-384" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + } + }, + "References": [ + "https://bugzilla.mozilla.org/show_bug.cgi?id=1320695", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9574", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9574" + ], + "PublishedDate": "2018-07-19T13:29:00Z", + "LastModifiedDate": "2019-10-09T23:20:00Z" + }, + { + "VulnerabilityID": "CVE-2018-0495", + "PkgName": "nss-tools", + "InstalledVersion": "3.36.0-7.1.el7_6", + "FixedVersion": "3.44.0-4.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", + "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", + "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-0495.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://www.securitytracker.com/id/1041144", + "http://www.securitytracker.com/id/1041147", + "https://access.redhat.com/errata/RHSA-2018:3221", + "https://access.redhat.com/errata/RHSA-2018:3505", + "https://access.redhat.com/errata/RHSA-2019:1296", + "https://access.redhat.com/errata/RHSA-2019:1297", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", + "https://dev.gnupg.org/T4011", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", + "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", + "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", + "https://usn.ubuntu.com/3689-1/", + "https://usn.ubuntu.com/3689-2/", + "https://usn.ubuntu.com/3692-1/", + "https://usn.ubuntu.com/3692-2/", + "https://usn.ubuntu.com/3850-1/", + "https://usn.ubuntu.com/3850-2/", + "https://usn.ubuntu.com/usn/usn-3689-1", + "https://usn.ubuntu.com/usn/usn-3689-2", + "https://usn.ubuntu.com/usn/usn-3692-1", + "https://usn.ubuntu.com/usn/usn-3692-2", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2", + "https://www.debian.org/security/2018/dsa-4231", + "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-06-13T23:29:00Z", + "LastModifiedDate": "2019-05-30T18:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12404", + "PkgName": "nss-tools", + "InstalledVersion": "3.36.0-7.1.el7_6", + "FixedVersion": "3.44.0-4.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", + "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", + "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://cat.eyalro.net/", + "http://linux.oracle.com/cve/CVE-2018-12404.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", + "http://www.securityfocus.com/bid/107260", + "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2" + ], + "PublishedDate": "2019-05-02T17:29:00Z", + "LastModifiedDate": "2019-07-20T12:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18508", + "PkgName": "nss-tools", + "InstalledVersion": "3.36.0-7.1.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18508", + "Title": "nss: NULL pointer dereference in several CMS functions resulting in a denial of service", + "Description": "No description is available for this CVE.", + "Severity": "MEDIUM", + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-18508.html", + "http://linux.oracle.com/errata/ELSA-2019-1951.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.42.1_release_notes", + "https://usn.ubuntu.com/usn/usn-3898-1", + "https://usn.ubuntu.com/usn/usn-3898-2" + ] + }, + { + "VulnerabilityID": "CVE-2019-11719", + "PkgName": "nss-tools", + "InstalledVersion": "3.36.0-7.1.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11719", + "Title": "nss: Out-of-bounds read when importing curve25519 private key", + "Description": "When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11719.html", + "http://linux.oracle.com/errata/ELSA-2019-1951.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", + "https://access.redhat.com/errata/RHSA-2019:1951", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1540541", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11719", + "https://usn.ubuntu.com/usn/usn-4054-1", + "https://usn.ubuntu.com/usn/usn-4060-1", + "https://usn.ubuntu.com/usn/usn-4060-2", + "https://usn.ubuntu.com/usn/usn-4064-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11719", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11719", + "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "https://www.mozilla.org/security/advisories/mfsa2019-22/", + "https://www.mozilla.org/security/advisories/mfsa2019-23/" + ], + "PublishedDate": "2019-07-23T14:15:00Z", + "LastModifiedDate": "2019-07-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11729", + "PkgName": "nss-tools", + "InstalledVersion": "3.36.0-7.1.el7_6", + "FixedVersion": "3.44.0-7.el7_7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", + "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", + "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11729.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", + "https://access.redhat.com/errata/RHSA-2019:1951", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", + "https://usn.ubuntu.com/usn/usn-4054-1", + "https://usn.ubuntu.com/usn/usn-4060-1", + "https://usn.ubuntu.com/usn/usn-4060-2", + "https://usn.ubuntu.com/usn/usn-4064-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", + "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "https://www.mozilla.org/security/advisories/mfsa2019-22/", + "https://www.mozilla.org/security/advisories/mfsa2019-23/" + ], + "PublishedDate": "2019-07-23T14:15:00Z", + "LastModifiedDate": "2019-07-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11756", + "PkgName": "nss-tools", + "InstalledVersion": "3.36.0-7.1.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11756", + "Title": "nss: UAF in sftk_FreeSession due to improper refcounting", + "Description": "Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox \u003c 71.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.1 + } + }, + "References": [ + "https://bugzilla.mozilla.org/show_bug.cgi?id=1508776", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11756", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47_release_notes", + "https://usn.ubuntu.com/usn/usn-4216-1", + "https://usn.ubuntu.com/usn/usn-4216-2", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-11756", + "https://www.mozilla.org/security/advisories/mfsa2019-36/" + ], + "PublishedDate": "2020-01-08T20:15:00Z", + "LastModifiedDate": "2020-01-13T18:02:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17006", + "PkgName": "nss-tools", + "InstalledVersion": "3.36.0-7.1.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17006", + "Title": "nss: Check length of inputs for cryptographic primitives", + "Description": "A vulnerability was discovered in nss where input text length was not checked when using certain cryptographic primitives. This could lead to a heap-buffer overflow resulting in a crash and data leak. The highest threat is to confidentiality and integrity of data as well as system availability.", + "Severity": "MEDIUM", + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes", + "https://hg.mozilla.org/projects/nss/rev/9d1f5e71773d4e3146524096d74cb96c8df51abe", + "https://hg.mozilla.org/projects/nss/rev/dfd6996fe7425eb0437346d11a01082f16fcfe34", + "https://usn.ubuntu.com/usn/usn-4231-1" + ] + }, + { + "VulnerabilityID": "CVE-2019-11727", + "PkgName": "nss-tools", + "InstalledVersion": "3.36.0-7.1.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11727", + "Title": "nss: PKCS#1 v1.5 signatures can be used for TLS 1.3", + "Description": "A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox \u003c 68.", + "Severity": "LOW", + "CweIDs": [ + "CWE-295" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "V3Score": 3.4 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11727.html", + "http://linux.oracle.com/errata/ELSA-2019-1951.html", + "https://access.redhat.com/errata/RHSA-2019:1951", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1552208", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11727", + "https://usn.ubuntu.com/usn/usn-4054-1", + "https://usn.ubuntu.com/usn/usn-4060-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11727", + "https://www.mozilla.org/security/advisories/mfsa2019-21/" + ], + "PublishedDate": "2019-07-23T14:15:00Z", + "LastModifiedDate": "2019-07-30T23:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17023", + "PkgName": "nss-tools", + "InstalledVersion": "3.36.0-7.1.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17023", + "Title": "nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state", + "Description": "After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox \u003c 72.", + "Severity": "LOW", + "CweIDs": [ + "CWE-287" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://bugzilla.mozilla.org/show_bug.cgi?id=1590001", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.49_release_notes", + "https://usn.ubuntu.com/4234-1/", + "https://usn.ubuntu.com/usn/usn-4234-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17023", + "https://www.mozilla.org/security/advisories/mfsa2020-01/" + ], + "PublishedDate": "2020-01-08T22:15:00Z", + "LastModifiedDate": "2020-01-13T19:43:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11745", + "PkgName": "nss-util", + "InstalledVersion": "3.36.0-1.1.el7_6", + "FixedVersion": "3.44.0-4.el7_7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", + "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", + "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11745.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", + "https://usn.ubuntu.com/4241-1/", + "https://usn.ubuntu.com/usn/usn-4203-1", + "https://usn.ubuntu.com/usn/usn-4203-2", + "https://usn.ubuntu.com/usn/usn-4216-1", + "https://usn.ubuntu.com/usn/usn-4216-2", + "https://usn.ubuntu.com/usn/usn-4241-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", + "https://www.mozilla.org/security/advisories/mfsa2019-36/", + "https://www.mozilla.org/security/advisories/mfsa2019-37/", + "https://www.mozilla.org/security/advisories/mfsa2019-38/" + ], + "PublishedDate": "2020-01-08T20:15:00Z", + "LastModifiedDate": "2020-01-16T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-0495", + "PkgName": "nss-util", + "InstalledVersion": "3.36.0-1.1.el7_6", + "FixedVersion": "3.44.0-3.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", + "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", + "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-0495.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://www.securitytracker.com/id/1041144", + "http://www.securitytracker.com/id/1041147", + "https://access.redhat.com/errata/RHSA-2018:3221", + "https://access.redhat.com/errata/RHSA-2018:3505", + "https://access.redhat.com/errata/RHSA-2019:1296", + "https://access.redhat.com/errata/RHSA-2019:1297", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", + "https://dev.gnupg.org/T4011", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", + "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", + "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", + "https://usn.ubuntu.com/3689-1/", + "https://usn.ubuntu.com/3689-2/", + "https://usn.ubuntu.com/3692-1/", + "https://usn.ubuntu.com/3692-2/", + "https://usn.ubuntu.com/3850-1/", + "https://usn.ubuntu.com/3850-2/", + "https://usn.ubuntu.com/usn/usn-3689-1", + "https://usn.ubuntu.com/usn/usn-3689-2", + "https://usn.ubuntu.com/usn/usn-3692-1", + "https://usn.ubuntu.com/usn/usn-3692-2", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2", + "https://www.debian.org/security/2018/dsa-4231", + "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-06-13T23:29:00Z", + "LastModifiedDate": "2019-05-30T18:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12404", + "PkgName": "nss-util", + "InstalledVersion": "3.36.0-1.1.el7_6", + "FixedVersion": "3.44.0-3.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", + "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", + "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://cat.eyalro.net/", + "http://linux.oracle.com/cve/CVE-2018-12404.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", + "http://www.securityfocus.com/bid/107260", + "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2" + ], + "PublishedDate": "2019-05-02T17:29:00Z", + "LastModifiedDate": "2019-07-20T12:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11729", + "PkgName": "nss-util", + "InstalledVersion": "3.36.0-1.1.el7_6", + "FixedVersion": "3.44.0-4.el7_7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", + "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", + "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11729.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", + "https://access.redhat.com/errata/RHSA-2019:1951", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", + "https://usn.ubuntu.com/usn/usn-4054-1", + "https://usn.ubuntu.com/usn/usn-4060-1", + "https://usn.ubuntu.com/usn/usn-4060-2", + "https://usn.ubuntu.com/usn/usn-4064-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", + "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "https://www.mozilla.org/security/advisories/mfsa2019-22/", + "https://www.mozilla.org/security/advisories/mfsa2019-23/" + ], + "PublishedDate": "2019-07-23T14:15:00Z", + "LastModifiedDate": "2019-07-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2015-1546", + "PkgName": "openldap", + "InstalledVersion": "2.4.44-21.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1546", + "Title": "openldap: slapd crash in valueReturnFilter cleanup", + "Description": "Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matched values control.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + } + }, + "References": [ + "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html", + "http://lists.opensuse.org/opensuse-updates/2015-07/msg00069.html", + "http://secunia.com/advisories/62787", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:073", + "http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=2f1a2dd329b91afe561cd06b872d09630d4edb6a", + "http://www.openldap.org/its/?findid=8046", + "http://www.openwall.com/lists/oss-security/2015/02/07/3", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776991", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1546", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/100938", + "https://support.apple.com/HT204659" + ], + "PublishedDate": "2015-02-12T16:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2019-13057", + "PkgName": "openldap", + "InstalledVersion": "2.4.44-21.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13057", + "Title": "openldap: Information disclosure issue in slapd component", + "Description": "An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.)", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-287" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 3.5, + "V3Score": 4.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openldap.org/lists/openldap-announce/201907/msg00001.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13057", + "https://lists.debian.org/debian-lts-announce/2019/08/msg00024.html", + "https://openldap.org/its/?findid=9038", + "https://security.netapp.com/advisory/ntap-20190822-0004/", + "https://usn.ubuntu.com/4078-1/", + "https://usn.ubuntu.com/4078-2/", + "https://usn.ubuntu.com/usn/usn-4078-1", + "https://usn.ubuntu.com/usn/usn-4078-2", + "https://www.openldap.org/its/?findid=9038", + "https://www.openldap.org/lists/openldap-announce/201907/msg00001.html" + ], + "PublishedDate": "2019-07-26T13:15:00Z", + "LastModifiedDate": "2019-08-19T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-13565", + "PkgName": "openldap", + "InstalledVersion": "2.4.44-21.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13565", + "Title": "openldap: ACL restrictions bypass due to sasl_ssf value being set permanently", + "Description": "An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, etc.). In other words, a successful authorization step completed by one user affects the authorization requirement for a different user.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-287" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", + "http://www.openldap.org/lists/openldap-announce/201907/msg00001.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13565", + "https://lists.debian.org/debian-lts-announce/2019/08/msg00024.html", + "https://openldap.org/its/?findid=9052", + "https://usn.ubuntu.com/4078-1/", + "https://usn.ubuntu.com/4078-2/", + "https://usn.ubuntu.com/usn/usn-4078-1", + "https://usn.ubuntu.com/usn/usn-4078-2", + "https://www.openldap.org/its/index.cgi/?findid=9052", + "https://www.openldap.org/lists/openldap-announce/201907/msg00001.html" + ], + "PublishedDate": "2019-07-26T13:15:00Z", + "LastModifiedDate": "2019-09-24T00:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4984", + "PkgName": "openldap", + "InstalledVersion": "2.4.44-21.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4984", + "Title": "openldap-servers: /usr/libexec/openldap/generate-server-cert.sh create world readable password file", + "Description": "/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it.", + "Severity": "LOW", + "CweIDs": [ + "CWE-362" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "V2Score": 1.9, + "V3Score": 2.7 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1346120" + ], + "PublishedDate": "2017-07-17T13:18:00Z", + "LastModifiedDate": "2019-04-22T17:48:00Z" + }, + { + "VulnerabilityID": "CVE-2015-2808", + "PkgName": "openssl-libs", + "InstalledVersion": "1:1.0.2k-16.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2808", + "Title": "SSL/TLS: \"Invariance Weakness\" vulnerability in RC4 stream cipher", + "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + } + }, + "References": [ + "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", + "http://linux.oracle.com/cve/CVE-2015-2808.html", + "http://linux.oracle.com/errata/ELSA-2015-1526.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html", + "http://marc.info/?l=bugtraq\u0026m=143456209711959\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143629696317098\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144059660127919\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144059703728085\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144104565600964\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2", + "http://rhn.redhat.com/errata/RHSA-2015-1006.html", + "http://rhn.redhat.com/errata/RHSA-2015-1007.html", + "http://rhn.redhat.com/errata/RHSA-2015-1020.html", + "http://rhn.redhat.com/errata/RHSA-2015-1021.html", + "http://rhn.redhat.com/errata/RHSA-2015-1091.html", + "http://rhn.redhat.com/errata/RHSA-2015-1228.html", + "http://rhn.redhat.com/errata/RHSA-2015-1229.html", + "http://rhn.redhat.com/errata/RHSA-2015-1230.html", + "http://rhn.redhat.com/errata/RHSA-2015-1241.html", + "http://rhn.redhat.com/errata/RHSA-2015-1242.html", + "http://rhn.redhat.com/errata/RHSA-2015-1243.html", + "http://rhn.redhat.com/errata/RHSA-2015-1526.html", + "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888", + "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892", + "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", + "http://www-304.ibm.com/support/docview.wss?uid=swg21903565", + "http://www-304.ibm.com/support/docview.wss?uid=swg21960015", + "http://www-304.ibm.com/support/docview.wss?uid=swg21960769", + "http://www.debian.org/security/2015/dsa-3316", + "http://www.debian.org/security/2015/dsa-3339", + "http://www.huawei.com/en/psirt/security-advisories/hw-454055", + "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", + "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", + "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "http://www.securityfocus.com/bid/73684", + "http://www.securityfocus.com/bid/91787", + "http://www.securitytracker.com/id/1032599", + "http://www.securitytracker.com/id/1032600", + "http://www.securitytracker.com/id/1032707", + "http://www.securitytracker.com/id/1032708", + "http://www.securitytracker.com/id/1032734", + "http://www.securitytracker.com/id/1032788", + "http://www.securitytracker.com/id/1032858", + "http://www.securitytracker.com/id/1032868", + "http://www.securitytracker.com/id/1032910", + "http://www.securitytracker.com/id/1032990", + "http://www.securitytracker.com/id/1033071", + "http://www.securitytracker.com/id/1033072", + "http://www.securitytracker.com/id/1033386", + "http://www.securitytracker.com/id/1033415", + "http://www.securitytracker.com/id/1033431", + "http://www.securitytracker.com/id/1033432", + "http://www.securitytracker.com/id/1033737", + "http://www.securitytracker.com/id/1033769", + "http://www.securitytracker.com/id/1036222", + "http://www.ubuntu.com/usn/USN-2696-1", + "http://www.ubuntu.com/usn/USN-2706-1", + "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808", + "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789", + "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650", + "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", + "https://kb.juniper.net/JSA10783", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163", + "https://security.gentoo.org/glsa/201512-10", + "https://usn.ubuntu.com/usn/usn-2696-1", + "https://usn.ubuntu.com/usn/usn-2706-1", + "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709", + "https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf" + ], + "PublishedDate": "2015-04-01T02:00:00Z", + "LastModifiedDate": "2018-01-18T18:18:00Z" + }, + { + "VulnerabilityID": "CVE-2018-5407", + "PkgName": "openssl-libs", + "InstalledVersion": "1:1.0.2k-16.el7", + "FixedVersion": "1:1.0.2k-16.el7_6.1", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5407", + "Title": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)", + "Description": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-5407.html", + "http://linux.oracle.com/errata/ELSA-2019-2125.html", + "http://www.securityfocus.com/bid/105897", + "https://access.redhat.com/errata/RHSA-2019:0483", + "https://access.redhat.com/errata/RHSA-2019:0651", + "https://access.redhat.com/errata/RHSA-2019:0652", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407", + "https://eprint.iacr.org/2018/1060.pdf", + "https://github.com/bbbrumley/portsmash", + "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html", + "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", + "https://security.gentoo.org/glsa/201903-10", + "https://security.netapp.com/advisory/ntap-20181126-0001/", + "https://usn.ubuntu.com/3840-1/", + "https://usn.ubuntu.com/usn/usn-3840-1", + "https://www.debian.org/security/2018/dsa-4348", + "https://www.debian.org/security/2018/dsa-4355", + "https://www.exploit-db.com/exploits/45785/", + "https://www.openssl.org/news/secadv/20181112.txt", + "https://www.openwall.com/lists/oss-security/2018/11/01/4", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "https://www.tenable.com/security/tns-2018-16", + "https://www.tenable.com/security/tns-2018-17" + ], + "PublishedDate": "2018-11-15T21:29:00Z", + "LastModifiedDate": "2019-07-23T23:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1547", + "PkgName": "openssl-libs", + "InstalledVersion": "1:1.0.2k-16.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1547", + "Title": "openssl: side-channel weak encryption vulnerability", + "Description": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-311" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 1.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", + "https://arxiv.org/abs/1909.01785", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a", + "https://seclists.org/bugtraq/2019/Sep/25", + "https://security.netapp.com/advisory/ntap-20190919-0002/", + "https://www.openssl.org/news/secadv/20190910.txt" + ], + "PublishedDate": "2019-09-10T17:15:00Z", + "LastModifiedDate": "2019-09-12T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1559", + "PkgName": "openssl-libs", + "InstalledVersion": "1:1.0.2k-16.el7", + "FixedVersion": "1:1.0.2k-19.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1559", + "Title": "openssl: 0-byte record padding oracle", + "Description": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 6.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-1559.html", + "http://linux.oracle.com/errata/ELSA-2019-2471.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html", + "http://www.securityfocus.com/bid/107174", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e", + "https://github.com/RUB-NDS/TLS-Padding-Oracles", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html", + "https://security.gentoo.org/glsa/201903-10", + "https://security.netapp.com/advisory/ntap-20190301-0001/", + "https://security.netapp.com/advisory/ntap-20190301-0002/", + "https://security.netapp.com/advisory/ntap-20190423-0002/", + "https://support.f5.com/csp/article/K18549143", + "https://usn.ubuntu.com/3899-1/", + "https://usn.ubuntu.com/usn/usn-3899-1", + "https://www.debian.org/security/2019/dsa-4400", + "https://www.openssl.org/news/secadv/20190226.txt", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "https://www.tenable.com/security/tns-2019-02", + "https://www.tenable.com/security/tns-2019-03" + ], + "PublishedDate": "2019-02-27T23:29:00Z", + "LastModifiedDate": "2019-05-22T00:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-0734", + "PkgName": "openssl-libs", + "InstalledVersion": "1:1.0.2k-16.el7", + "FixedVersion": "1:1.0.2k-19.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0734", + "Title": "openssl: timing side channel attack in the DSA signature algorithm", + "Description": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).", + "Severity": "LOW", + "CweIDs": [ + "CWE-320" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-0734.html", + "http://linux.oracle.com/errata/ELSA-2019-3700.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html", + "http://www.securityfocus.com/bid/105758", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7", + "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", + "https://security.netapp.com/advisory/ntap-20181105-0002/", + "https://security.netapp.com/advisory/ntap-20190118-0002/", + "https://security.netapp.com/advisory/ntap-20190423-0002/", + "https://usn.ubuntu.com/3840-1/", + "https://usn.ubuntu.com/usn/usn-3840-1", + "https://www.debian.org/security/2018/dsa-4348", + "https://www.debian.org/security/2018/dsa-4355", + "https://www.openssl.org/news/secadv/20181030.txt", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "https://www.tenable.com/security/tns-2018-16", + "https://www.tenable.com/security/tns-2018-17" + ], + "PublishedDate": "2018-10-30T12:29:00Z", + "LastModifiedDate": "2019-06-11T22:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-0735", + "PkgName": "openssl-libs", + "InstalledVersion": "1:1.0.2k-16.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0735", + "Title": "openssl: timing side channel attack in the ECDSA signature generation", + "Description": "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).", + "Severity": "LOW", + "CweIDs": [ + "CWE-320" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-0735.html", + "http://linux.oracle.com/errata/ELSA-2019-3700.html", + "http://www.securityfocus.com/bid/105750", + "http://www.securitytracker.com/id/1041986", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0735", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56fb454d281a023b3f950d969693553d3f3ceea1", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4", + "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html", + "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", + "https://security.netapp.com/advisory/ntap-20181105-0002/", + "https://usn.ubuntu.com/3840-1/", + "https://usn.ubuntu.com/usn/usn-3840-1", + "https://www.debian.org/security/2018/dsa-4348", + "https://www.openssl.org/news/secadv/20181029.txt", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + ], + "PublishedDate": "2018-10-29T13:29:00Z", + "LastModifiedDate": "2019-07-23T23:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1551", + "PkgName": "openssl-libs", + "InstalledVersion": "1:1.0.2k-16.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", + "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64", + "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98", + "https://github.com/openssl/openssl/pull/10575", + "https://seclists.org/bugtraq/2019/Dec/39", + "https://seclists.org/bugtraq/2019/Dec/46", + "https://security.netapp.com/advisory/ntap-20191210-0001/", + "https://www.debian.org/security/2019/dsa-4594", + "https://www.openssl.org/news/secadv/20191206.txt", + "https://www.tenable.com/security/tns-2019-09" + ], + "PublishedDate": "2019-12-06T18:15:00Z", + "LastModifiedDate": "2019-12-25T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1563", + "PkgName": "openssl-libs", + "InstalledVersion": "1:1.0.2k-16.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", + "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey", + "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", + "Severity": "LOW", + "CweIDs": [ + "CWE-311" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", + "https://seclists.org/bugtraq/2019/Sep/25", + "https://security.netapp.com/advisory/ntap-20190919-0002/", + "https://www.openssl.org/news/secadv/20190910.txt" + ], + "PublishedDate": "2019-09-10T17:15:00Z", + "LastModifiedDate": "2019-09-12T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8380", + "PkgName": "pcre", + "InstalledVersion": "8.32-17.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8380", + "Title": "pcre: OOB write when pcre_exec() is called with ovecsize of 1 (8.38/10)", + "Description": "The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \\01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + } + }, + "References": [ + "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173700.html", + "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", + "http://www.openwall.com/lists/oss-security/2015/11/29/1", + "http://www.securityfocus.com/bid/77695", + "https://blog.fuzzing-project.org/29-Heap-Overflow-in-PCRE.html", + "https://bto.bluecoat.com/security-advisory/sa128", + "https://bugs.exim.org/show_bug.cgi?id=1637", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8380", + "https://security.gentoo.org/glsa/201607-02", + "https://usn.ubuntu.com/usn/usn-2943-1" + ], + "PublishedDate": "2015-12-02T01:59:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8387", + "PkgName": "pcre", + "InstalledVersion": "8.32-17.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8387", + "Title": "pcre: Integer overflow in subroutine calls (8.38/8)", + "Description": "PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-189" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", + "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", + "http://www.openwall.com/lists/oss-security/2015/11/29/1", + "http://www.securityfocus.com/bid/82990", + "https://bto.bluecoat.com/security-advisory/sa128", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8387", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", + "https://security.gentoo.org/glsa/201607-02", + "https://usn.ubuntu.com/usn/usn-2943-1" + ], + "PublishedDate": "2015-12-02T01:59:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8390", + "PkgName": "pcre", + "InstalledVersion": "8.32-17.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8390", + "Title": "pcre: uninitialized memory read triggered by malformed posix character class (8.38/22)", + "Description": "PCRE before 8.38 mishandles the [: and \\\\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", + "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", + "http://www.openwall.com/lists/oss-security/2015/11/29/1", + "http://www.securityfocus.com/bid/82990", + "https://bto.bluecoat.com/security-advisory/sa128", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8390", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", + "https://security.gentoo.org/glsa/201607-02", + "https://usn.ubuntu.com/usn/usn-2943-1" + ], + "PublishedDate": "2015-12-02T01:59:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8393", + "PkgName": "pcre", + "InstalledVersion": "8.32-17.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8393", + "Title": "pcre: pcregrep -q is not always quiet (8.38/28)", + "Description": "pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + } + }, + "References": [ + "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", + "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", + "http://www.openwall.com/lists/oss-security/2015/11/29/1", + "http://www.securityfocus.com/bid/82990", + "https://bto.bluecoat.com/security-advisory/sa128", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8393", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", + "https://security.gentoo.org/glsa/201607-02", + "https://usn.ubuntu.com/usn/usn-2943-1" + ], + "PublishedDate": "2015-12-02T01:59:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8394", + "PkgName": "pcre", + "InstalledVersion": "8.32-17.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8394", + "Title": "pcre: Integer overflow caused by missing check for certain conditions (8.38/31)", + "Description": "PCRE before 8.38 mishandles the (?(\u003cdigits\u003e) and (?(R\u003cdigits\u003e) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-189" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", + "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", + "http://www.openwall.com/lists/oss-security/2015/11/29/1", + "http://www.securityfocus.com/bid/82990", + "https://bto.bluecoat.com/security-advisory/sa128", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8394", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", + "https://security.gentoo.org/glsa/201607-02", + "https://usn.ubuntu.com/usn/usn-2943-1" + ], + "PublishedDate": "2015-12-02T01:59:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-6004", + "PkgName": "pcre", + "InstalledVersion": "8.32-17.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6004", + "Title": "pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3)", + "Description": "The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/96295", + "http://www.securitytracker.com/id/1037850", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://bugs.exim.org/show_bug.cgi?id=2035", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6004", + "https://security.gentoo.org/glsa/201706-11", + "https://vcs.pcre.org/pcre/code/trunk/pcre_jit_compile.c?r1=1676\u0026r2=1680\u0026view=patch" + ], + "PublishedDate": "2017-02-16T11:59:00Z", + "LastModifiedDate": "2018-08-17T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7186", + "PkgName": "pcre", + "InstalledVersion": "8.32-17.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7186", + "Title": "pcre: Invalid Unicode property lookup (8.41/7, 10.24/2)", + "Description": "libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97030", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/", + "https://bugs.exim.org/show_bug.cgi?id=2052", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7186", + "https://security.gentoo.org/glsa/201710-09", + "https://security.gentoo.org/glsa/201710-25", + "https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649\u0026r2=1688\u0026sortby=date", + "https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490\u0026r2=1688\u0026sortby=date", + "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600\u0026r2=670\u0026sortby=date", + "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316\u0026r2=670\u0026sortby=date" + ], + "PublishedDate": "2017-03-20T00:59:00Z", + "LastModifiedDate": "2018-08-17T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8382", + "PkgName": "pcre", + "InstalledVersion": "8.32-17.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8382", + "Title": "php: Regular Expression Uninitialized Pointer Information Disclosure Vulnerability (ZDI-CAN-2547)", + "Description": "The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V2Score": 6.4 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 1.9 + } + }, + "References": [ + "http://git.php.net/?p=php-src.git;a=commit;h=c351b47ce85a3a147cfa801fa9f0149ab4160834", + "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", + "http://vcs.pcre.org/pcre/code/trunk/pcre_exec.c?r1=1502\u0026r2=1510", + "http://www.openwall.com/lists/oss-security/2015/08/04/2", + "http://www.openwall.com/lists/oss-security/2015/08/04/3", + "http://www.openwall.com/lists/oss-security/2015/11/29/1", + "http://www.securityfocus.com/bid/76157", + "https://bto.bluecoat.com/security-advisory/sa128", + "https://bugs.exim.org/show_bug.cgi?id=1537", + "https://bugzilla.redhat.com/show_bug.cgi?id=1187225", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8382", + "https://usn.ubuntu.com/usn/usn-2943-1" + ], + "PublishedDate": "2015-12-02T01:59:00Z", + "LastModifiedDate": "2016-12-28T02:59:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11164", + "PkgName": "pcre", + "InstalledVersion": "8.32-17.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11164", + "Title": "pcre: OP_KETRMAX feature in the match function in pcre_exec.c", + "Description": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 7.8, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2017/07/11/3", + "http://www.securityfocus.com/bid/99575", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164" + ], + "PublishedDate": "2017-07-11T03:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7244", + "PkgName": "pcre", + "InstalledVersion": "8.32-17.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7244", + "Title": "pcre: invalid memory read in _pcre32_xclass (pcre_xclass.c)", + "Description": "The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97067", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7244", + "https://security.gentoo.org/glsa/201710-25" + ], + "PublishedDate": "2017-03-23T21:59:00Z", + "LastModifiedDate": "2018-08-17T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7245", + "PkgName": "pcre", + "InstalledVersion": "8.32-17.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7245", + "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", + "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97067", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7245", + "https://security.gentoo.org/glsa/201710-25" + ], + "PublishedDate": "2017-03-23T21:59:00Z", + "LastModifiedDate": "2018-08-17T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7246", + "PkgName": "pcre", + "InstalledVersion": "8.32-17.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7246", + "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", + "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97067", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7246", + "https://security.gentoo.org/glsa/201710-25" + ], + "PublishedDate": "2017-03-23T21:59:00Z", + "LastModifiedDate": "2018-08-17T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1122", + "PkgName": "procps-ng", + "InstalledVersion": "3.3.10-23.el7", + "FixedVersion": "3.3.10-26.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1122", + "Title": "procps-ng, procps: Local privilege escalation in top", + "Description": "procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.4, + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 6.7 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-1122.html", + "http://linux.oracle.com/errata/ELSA-2019-2189.html", + "http://seclists.org/oss-sec/2018/q2/122", + "http://www.securityfocus.com/bid/104214", + "https://access.redhat.com/errata/RHSA-2019:2189", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1122", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1122", + "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html", + "https://security.gentoo.org/glsa/201805-14", + "https://usn.ubuntu.com/3658-1/", + "https://usn.ubuntu.com/3658-3/", + "https://usn.ubuntu.com/usn/usn-3658-1", + "https://usn.ubuntu.com/usn/usn-3658-3", + "https://www.debian.org/security/2018/dsa-4208", + "https://www.exploit-db.com/exploits/44806/", + "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" + ], + "PublishedDate": "2018-05-23T14:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1121", + "PkgName": "procps-ng", + "InstalledVersion": "3.3.10-23.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1121", + "Title": "procps-ng, procps: process hiding through race condition enumerating /proc", + "Description": "procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.", + "Severity": "LOW", + "CweIDs": [ + "CWE-362" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "V3Score": 3.9 + } + }, + "References": [ + "http://seclists.org/oss-sec/2018/q2/122", + "http://www.securityfocus.com/bid/104214", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1121", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1121", + "https://security.gentoo.org/glsa/201805-14", + "https://www.exploit-db.com/exploits/44806/", + "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" + ], + "PublishedDate": "2018-06-13T20:29:00Z", + "LastModifiedDate": "2019-10-09T23:38:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1123", + "PkgName": "procps-ng", + "InstalledVersion": "3.3.10-23.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1123", + "Title": "procps-ng, procps: denial of service in ps via mmap buffer overflow", + "Description": "procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "V3Score": 3.9 + } + }, + "References": [ + "http://seclists.org/oss-sec/2018/q2/122", + "http://www.securityfocus.com/bid/104214", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1123", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1123", + "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html", + "https://security.gentoo.org/glsa/201805-14", + "https://usn.ubuntu.com/3658-1/", + "https://usn.ubuntu.com/3658-3/", + "https://usn.ubuntu.com/usn/usn-3658-1", + "https://usn.ubuntu.com/usn/usn-3658-3", + "https://www.debian.org/security/2018/dsa-4208", + "https://www.exploit-db.com/exploits/44806/", + "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" + ], + "PublishedDate": "2018-05-23T14:29:00Z", + "LastModifiedDate": "2019-10-09T23:38:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1125", + "PkgName": "procps-ng", + "InstalledVersion": "3.3.10-23.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1125", + "Title": "procps-ng, procps: stack buffer overflow in pgrep", + "Description": "procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "V3Score": 4.4 + } + }, + "References": [ + "http://seclists.org/oss-sec/2018/q2/122", + "http://www.securityfocus.com/bid/104214", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1125", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1125", + "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html", + "https://usn.ubuntu.com/3658-1/", + "https://usn.ubuntu.com/3658-3/", + "https://usn.ubuntu.com/usn/usn-3658-1", + "https://usn.ubuntu.com/usn/usn-3658-3", + "https://www.debian.org/security/2018/dsa-4208", + "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" + ], + "PublishedDate": "2018-05-23T14:29:00Z", + "LastModifiedDate": "2019-10-09T23:38:00Z" + }, + { + "VulnerabilityID": "CVE-2019-10160", + "PkgName": "python", + "InstalledVersion": "2.7.5-76.el7", + "FixedVersion": "2.7.5-80.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-10160", + "Title": "python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc", + "Description": "A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-255" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-10160.html", + "http://linux.oracle.com/errata/ELSA-2019-1587.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html", + "https://access.redhat.com/errata/RHSA-2019:1587", + "https://access.redhat.com/errata/RHSA-2019:1700", + "https://access.redhat.com/errata/RHSA-2019:2437", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10160", + "https://github.com/python/cpython/commit/250b62acc59921d399f0db47db3b462cd6037e09", + "https://github.com/python/cpython/commit/8d0ef0b5edeae52960c7ed05ae8a12388324f87e", + "https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de", + "https://github.com/python/cpython/commit/fd1771dbdd28709716bd531580c40ae5ed814468", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/", + "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html", + "https://security.netapp.com/advisory/ntap-20190617-0003/", + "https://usn.ubuntu.com/4127-1/", + "https://usn.ubuntu.com/4127-2/", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-06-07T18:29:00Z", + "LastModifiedDate": "2019-10-25T11:53:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9636", + "PkgName": "python", + "InstalledVersion": "2.7.5-76.el7", + "FixedVersion": "2.7.5-77.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9636", + "Title": "python: Information Disclosure due to urlsplit improper NFKC normalization", + "Description": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-255" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9636.html", + "http://linux.oracle.com/errata/ELSA-2019-1467.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", + "http://www.securityfocus.com/bid/107400", + "https://access.redhat.com/errata/RHBA-2019:0959", + "https://access.redhat.com/errata/RHSA-2019:0710", + "https://access.redhat.com/errata/RHSA-2019:0765", + "https://access.redhat.com/errata/RHSA-2019:0806", + "https://access.redhat.com/errata/RHSA-2019:0902", + "https://access.redhat.com/errata/RHSA-2019:0981", + "https://access.redhat.com/errata/RHSA-2019:0997", + "https://access.redhat.com/errata/RHSA-2019:1467", + "https://bugs.python.org/issue36216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636", + "https://github.com/python/cpython/pull/12201", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/", + "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html", + "https://security.netapp.com/advisory/ntap-20190517-0001/", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-03-08T21:29:00Z", + "LastModifiedDate": "2019-06-13T16:29:00Z" + }, + { + "VulnerabilityID": "CVE-2013-1664", + "PkgName": "python", + "InstalledVersion": "2.7.5-76.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-1664", + "Title": "Python xml bindings: Internal entity expansion in Python XML libraries inflicts DoS vulnerabilities", + "Description": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html", + "http://bugs.python.org/issue17239", + "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html", + "http://rhn.redhat.com/errata/RHSA-2013-0657.html", + "http://rhn.redhat.com/errata/RHSA-2013-0658.html", + "http://rhn.redhat.com/errata/RHSA-2013-0670.html", + "http://ubuntu.com/usn/usn-1757-1", + "http://www.openwall.com/lists/oss-security/2013/02/19/2", + "http://www.openwall.com/lists/oss-security/2013/02/19/4", + "https://bugs.launchpad.net/nova/+bug/1100282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1664", + "https://usn.ubuntu.com/usn/usn-1730-1", + "https://usn.ubuntu.com/usn/usn-1731-1", + "https://usn.ubuntu.com/usn/usn-1734-1", + "https://usn.ubuntu.com/usn/usn-1757-1", + "https://www.djangoproject.com/weblog/2013/feb/19/security/" + ], + "PublishedDate": "2013-04-03T00:55:00Z", + "LastModifiedDate": "2013-05-15T03:35:00Z" + }, + { + "VulnerabilityID": "CVE-2013-1665", + "PkgName": "python", + "InstalledVersion": "2.7.5-76.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-1665", + "Title": "Python xml bindings: External entity expansion in Python XML libraries inflicts potential security flaws and DoS vulnerabilities", + "Description": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V2Score": 5.8 + } + }, + "References": [ + "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html", + "http://bugs.python.org/issue17239", + "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html", + "http://rhn.redhat.com/errata/RHSA-2013-0657.html", + "http://rhn.redhat.com/errata/RHSA-2013-0658.html", + "http://rhn.redhat.com/errata/RHSA-2013-0670.html", + "http://ubuntu.com/usn/usn-1757-1", + "http://www.debian.org/security/2013/dsa-2634", + "http://www.openwall.com/lists/oss-security/2013/02/19/2", + "http://www.openwall.com/lists/oss-security/2013/02/19/4", + "https://bugs.launchpad.net/keystone/+bug/1100279", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1665", + "https://usn.ubuntu.com/usn/usn-1730-1", + "https://usn.ubuntu.com/usn/usn-1757-1", + "https://www.djangoproject.com/weblog/2013/feb/19/security/" + ], + "PublishedDate": "2013-04-03T00:55:00Z", + "LastModifiedDate": "2013-05-15T03:35:00Z" + }, + { + "VulnerabilityID": "CVE-2013-7040", + "PkgName": "python", + "InstalledVersion": "2.7.5-76.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-7040", + "Title": "python: hash secret can be recovered remotely", + "Description": "Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + } + }, + "References": [ + "http://bugs.python.org/issue14621", + "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", + "http://www.openwall.com/lists/oss-security/2013/12/09/13", + "http://www.openwall.com/lists/oss-security/2013/12/09/3", + "http://www.securityfocus.com/bid/64194", + "https://support.apple.com/kb/HT205031" + ], + "PublishedDate": "2014-05-19T14:55:00Z", + "LastModifiedDate": "2019-10-25T11:53:00Z" + }, + { + "VulnerabilityID": "CVE-2017-1000158", + "PkgName": "python", + "InstalledVersion": "2.7.5-76.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000158", + "Title": "python: Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow", + "Description": "CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://python-security.readthedocs.io/vuln/cve-2017-1000158_pystring_decodeescape_integer_overflow.html", + "http://www.securitytracker.com/id/1039890", + "https://bugs.python.org/issue30657", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000158", + "https://github.com/python/cpython/commit/c3c9db89273fabc62ea1b48389d9a3000c1c03ae", + "https://lists.debian.org/debian-lts-announce/2017/11/msg00035.html", + "https://lists.debian.org/debian-lts-announce/2017/11/msg00036.html", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html", + "https://security.gentoo.org/glsa/201805-02", + "https://usn.ubuntu.com/usn/usn-3496-1", + "https://usn.ubuntu.com/usn/usn-3496-2", + "https://usn.ubuntu.com/usn/usn-3496-3", + "https://www.debian.org/security/2018/dsa-4307" + ], + "PublishedDate": "2017-11-17T05:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-14647", + "PkgName": "python", + "InstalledVersion": "2.7.5-76.el7", + "FixedVersion": "2.7.5-86.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14647", + "Title": "python: Missing salt initialization in _elementtree.c module", + "Description": "Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. Python 3.8, 3.7, 3.6, 3.5, 3.4, 2.7 are believed to be vulnerable.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-909" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-14647.html", + "http://linux.oracle.com/errata/ELSA-2019-2030.html", + "http://www.securityfocus.com/bid/105396", + "http://www.securitytracker.com/id/1041740", + "https://access.redhat.com/errata/RHSA-2019:1260", + "https://access.redhat.com/errata/RHSA-2019:2030", + "https://bugs.python.org/issue34623", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14647", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14647", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBJCB2HWOJLP3L7CUQHJHNBHLSVOXJE5/", + "https://usn.ubuntu.com/3817-1/", + "https://usn.ubuntu.com/3817-2/", + "https://usn.ubuntu.com/usn/usn-3817-1", + "https://usn.ubuntu.com/usn/usn-3817-2", + "https://www.debian.org/security/2018/dsa-4306", + "https://www.debian.org/security/2018/dsa-4307" + ], + "PublishedDate": "2018-09-25T00:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20852", + "PkgName": "python", + "InstalledVersion": "2.7.5-76.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20852", + "Title": "python: Cookie domain check returns incorrect results", + "Description": "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-20852.html", + "http://linux.oracle.com/errata/ELSA-2019-4884.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00071.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00074.html", + "https://bugs.python.org/issue35121", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20852", + "https://lists.debian.org/debian-lts-announce/2019/08/msg00022.html", + "https://python-security.readthedocs.io/vuln/cookie-domain-check.html", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-07-13T21:15:00Z", + "LastModifiedDate": "2019-08-17T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-16056", + "PkgName": "python", + "InstalledVersion": "2.7.5-76.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16056", + "Title": "python: email.utils.parseaddr wrongly parses email addresses", + "Description": "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + } + }, + "References": [ + "https://bugs.python.org/issue34155", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16056", + "https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00018.html", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00019.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K4KZEFP6E4YPYB52AF4WXCUDSGQOTF37/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/", + "https://usn.ubuntu.com/usn/usn-4151-1", + "https://usn.ubuntu.com/usn/usn-4151-2" + ], + "PublishedDate": "2019-09-06T18:15:00Z", + "LastModifiedDate": "2019-09-11T05:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-16935", + "PkgName": "python", + "InstalledVersion": "2.7.5-76.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16935", + "Title": "python: XSS vulnerability in the documentation XML-RPC server in server_title field", + "Description": "The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://bugs.python.org/issue38243", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16935", + "https://github.com/python/cpython/blob/35c0809158be7feae4c4f877a08b93baea2d8291/Lib/xmlrpc/server.py#L897", + "https://github.com/python/cpython/blob/e007860b8b3609ce0bc62b1780efaa06241520bd/Lib/DocXMLRPCServer.py#L213", + "https://github.com/python/cpython/pull/16373", + "https://security.netapp.com/advisory/ntap-20191017-0004/", + "https://usn.ubuntu.com/4151-1/", + "https://usn.ubuntu.com/4151-2/", + "https://usn.ubuntu.com/usn/usn-4151-1", + "https://usn.ubuntu.com/usn/usn-4151-2" + ], + "PublishedDate": "2019-09-28T02:15:00Z", + "LastModifiedDate": "2019-10-09T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-18348", + "PkgName": "python", + "InstalledVersion": "2.7.5-76.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18348", + "Title": "python: CRLF injection via the host part of the url passed to urlopen()", + "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.)", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-74" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://bugs.python.org/issue30458#msg347282", + "https://bugzilla.redhat.com/show_bug.cgi?id=1727276", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18348", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/", + "https://security.netapp.com/advisory/ntap-20191107-0004/" + ], + "PublishedDate": "2019-10-23T17:15:00Z", + "LastModifiedDate": "2019-11-07T10:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5010", + "PkgName": "python", + "InstalledVersion": "2.7.5-76.el7", + "FixedVersion": "2.7.5-86.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5010", + "Title": "python: NULL pointer dereference using a specially crafted X509 certificate", + "Description": "An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-5010.html", + "http://linux.oracle.com/errata/ELSA-2019-3520.html", + "https://access.redhat.com/errata/RHSA-2019:3520", + "https://access.redhat.com/errata/RHSA-2019:3725", + "https://blog.talosintelligence.com/2019/01/vulnerability-spotlight-pythonorg.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010", + "https://github.com/python/cpython/pull/11569", + "https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0758", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-10-31T21:15:00Z", + "LastModifiedDate": "2019-11-06T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9740", + "PkgName": "python", + "InstalledVersion": "2.7.5-76.el7", + "FixedVersion": "2.7.5-86.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9740", + "Title": "python: CRLF injection via the query part of the url passed to urlopen()", + "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-93" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V2Score": 4.3, + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9740.html", + "http://linux.oracle.com/errata/ELSA-2019-3520.html", + "http://www.securityfocus.com/bid/107466", + "https://access.redhat.com/errata/RHSA-2019:1260", + "https://bugs.python.org/issue36276", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", + "https://python-security.readthedocs.io/vuln/http-header-injection2.html", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-03-13T03:29:00Z", + "LastModifiedDate": "2019-05-28T18:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9947", + "PkgName": "python", + "InstalledVersion": "2.7.5-76.el7", + "FixedVersion": "2.7.5-86.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9947", + "Title": "python: CRLF injection via the path part of the url passed to urlopen()", + "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-93" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V2Score": 4.3, + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9947.html", + "http://linux.oracle.com/errata/ELSA-2019-3520.html", + "https://access.redhat.com/errata/RHSA-2019:1260", + "https://bugs.python.org/issue35906", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9947", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", + "https://python-security.readthedocs.io/vuln/http-header-injection2.html", + "https://security.netapp.com/advisory/ntap-20190404-0004/", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-03-23T18:29:00Z", + "LastModifiedDate": "2019-05-28T19:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9948", + "PkgName": "python", + "InstalledVersion": "2.7.5-76.el7", + "FixedVersion": "2.7.5-86.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9948", + "Title": "python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms", + "Description": "urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-254" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9948.html", + "http://linux.oracle.com/errata/ELSA-2019-3520.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", + "http://www.securityfocus.com/bid/107549", + "https://bugs.python.org/issue35907", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948", + "https://github.com/python/cpython/pull/11842", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", + "https://security.netapp.com/advisory/ntap-20190404-0004/", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-03-23T18:29:00Z", + "LastModifiedDate": "2019-06-19T02:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1000030", + "PkgName": "python", + "InstalledVersion": "2.7.5-76.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000030", + "Title": "python: Heap-Buffer-Overflow and Heap-Use-After-Free in Objects/fileobject.c", + "Description": "Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3-\u003eMalloc-\u003eThread1-\u003eFree's-\u003eThread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119", + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 3.6 + } + }, + "References": [ + "https://bugs.python.org/issue31530", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000030", + "https://drive.google.com/file/d/1oyR9DAZjZK_SCn3mor6NRAYLJS6ueXaY/view", + "https://security.gentoo.org/glsa/201811-02", + "https://usn.ubuntu.com/3817-1/", + "https://usn.ubuntu.com/3817-2/", + "https://usn.ubuntu.com/usn/usn-3817-1", + "https://usn.ubuntu.com/usn/usn-3817-2", + "https://www.dropbox.com/sh/sj3ee7xv55j36k7/AADwP-YfOYikBMuy32e0uvPFa?dl=0" + ], + "PublishedDate": "2018-02-08T17:29:00Z", + "LastModifiedDate": "2019-10-09T23:32:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9674", + "PkgName": "python", + "InstalledVersion": "2.7.5-76.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9674", + "Title": "python: Nested zip file (Zip bomb) vulnerability in Lib/zipfile.py", + "Description": "Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.", + "Severity": "LOW", + "CweIDs": [ + "CWE-400" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://bugs.python.org/issue36260", + "https://bugs.python.org/issue36462", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9674", + "https://github.com/python/cpython/blob/master/Lib/zipfile.py", + "https://github.com/python/cpython/commit/3ba51d587f6897a45301ce9126300c14fcd4eba2", + "https://python-security.readthedocs.io/security.html#archives-and-zip-bomb", + "https://security.netapp.com/advisory/ntap-20200221-0003/", + "https://www.python.org/news/security/" + ], + "PublishedDate": "2020-02-04T15:15:00Z", + "LastModifiedDate": "2020-02-24T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-10160", + "PkgName": "python-libs", + "InstalledVersion": "2.7.5-76.el7", + "FixedVersion": "2.7.5-80.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-10160", + "Title": "python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc", + "Description": "A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-255" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-10160.html", + "http://linux.oracle.com/errata/ELSA-2019-1587.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html", + "https://access.redhat.com/errata/RHSA-2019:1587", + "https://access.redhat.com/errata/RHSA-2019:1700", + "https://access.redhat.com/errata/RHSA-2019:2437", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10160", + "https://github.com/python/cpython/commit/250b62acc59921d399f0db47db3b462cd6037e09", + "https://github.com/python/cpython/commit/8d0ef0b5edeae52960c7ed05ae8a12388324f87e", + "https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de", + "https://github.com/python/cpython/commit/fd1771dbdd28709716bd531580c40ae5ed814468", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/", + "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html", + "https://security.netapp.com/advisory/ntap-20190617-0003/", + "https://usn.ubuntu.com/4127-1/", + "https://usn.ubuntu.com/4127-2/", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-06-07T18:29:00Z", + "LastModifiedDate": "2019-10-25T11:53:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9636", + "PkgName": "python-libs", + "InstalledVersion": "2.7.5-76.el7", + "FixedVersion": "2.7.5-77.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9636", + "Title": "python: Information Disclosure due to urlsplit improper NFKC normalization", + "Description": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-255" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9636.html", + "http://linux.oracle.com/errata/ELSA-2019-1467.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", + "http://www.securityfocus.com/bid/107400", + "https://access.redhat.com/errata/RHBA-2019:0959", + "https://access.redhat.com/errata/RHSA-2019:0710", + "https://access.redhat.com/errata/RHSA-2019:0765", + "https://access.redhat.com/errata/RHSA-2019:0806", + "https://access.redhat.com/errata/RHSA-2019:0902", + "https://access.redhat.com/errata/RHSA-2019:0981", + "https://access.redhat.com/errata/RHSA-2019:0997", + "https://access.redhat.com/errata/RHSA-2019:1467", + "https://bugs.python.org/issue36216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636", + "https://github.com/python/cpython/pull/12201", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/", + "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html", + "https://security.netapp.com/advisory/ntap-20190517-0001/", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-03-08T21:29:00Z", + "LastModifiedDate": "2019-06-13T16:29:00Z" + }, + { + "VulnerabilityID": "CVE-2013-1664", + "PkgName": "python-libs", + "InstalledVersion": "2.7.5-76.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-1664", + "Title": "Python xml bindings: Internal entity expansion in Python XML libraries inflicts DoS vulnerabilities", + "Description": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html", + "http://bugs.python.org/issue17239", + "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html", + "http://rhn.redhat.com/errata/RHSA-2013-0657.html", + "http://rhn.redhat.com/errata/RHSA-2013-0658.html", + "http://rhn.redhat.com/errata/RHSA-2013-0670.html", + "http://ubuntu.com/usn/usn-1757-1", + "http://www.openwall.com/lists/oss-security/2013/02/19/2", + "http://www.openwall.com/lists/oss-security/2013/02/19/4", + "https://bugs.launchpad.net/nova/+bug/1100282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1664", + "https://usn.ubuntu.com/usn/usn-1730-1", + "https://usn.ubuntu.com/usn/usn-1731-1", + "https://usn.ubuntu.com/usn/usn-1734-1", + "https://usn.ubuntu.com/usn/usn-1757-1", + "https://www.djangoproject.com/weblog/2013/feb/19/security/" + ], + "PublishedDate": "2013-04-03T00:55:00Z", + "LastModifiedDate": "2013-05-15T03:35:00Z" + }, + { + "VulnerabilityID": "CVE-2013-1665", + "PkgName": "python-libs", + "InstalledVersion": "2.7.5-76.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-1665", + "Title": "Python xml bindings: External entity expansion in Python XML libraries inflicts potential security flaws and DoS vulnerabilities", + "Description": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V2Score": 5.8 + } + }, + "References": [ + "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html", + "http://bugs.python.org/issue17239", + "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html", + "http://rhn.redhat.com/errata/RHSA-2013-0657.html", + "http://rhn.redhat.com/errata/RHSA-2013-0658.html", + "http://rhn.redhat.com/errata/RHSA-2013-0670.html", + "http://ubuntu.com/usn/usn-1757-1", + "http://www.debian.org/security/2013/dsa-2634", + "http://www.openwall.com/lists/oss-security/2013/02/19/2", + "http://www.openwall.com/lists/oss-security/2013/02/19/4", + "https://bugs.launchpad.net/keystone/+bug/1100279", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1665", + "https://usn.ubuntu.com/usn/usn-1730-1", + "https://usn.ubuntu.com/usn/usn-1757-1", + "https://www.djangoproject.com/weblog/2013/feb/19/security/" + ], + "PublishedDate": "2013-04-03T00:55:00Z", + "LastModifiedDate": "2013-05-15T03:35:00Z" + }, + { + "VulnerabilityID": "CVE-2013-7040", + "PkgName": "python-libs", + "InstalledVersion": "2.7.5-76.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-7040", + "Title": "python: hash secret can be recovered remotely", + "Description": "Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + } + }, + "References": [ + "http://bugs.python.org/issue14621", + "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", + "http://www.openwall.com/lists/oss-security/2013/12/09/13", + "http://www.openwall.com/lists/oss-security/2013/12/09/3", + "http://www.securityfocus.com/bid/64194", + "https://support.apple.com/kb/HT205031" + ], + "PublishedDate": "2014-05-19T14:55:00Z", + "LastModifiedDate": "2019-10-25T11:53:00Z" + }, + { + "VulnerabilityID": "CVE-2017-1000158", + "PkgName": "python-libs", + "InstalledVersion": "2.7.5-76.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000158", + "Title": "python: Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow", + "Description": "CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://python-security.readthedocs.io/vuln/cve-2017-1000158_pystring_decodeescape_integer_overflow.html", + "http://www.securitytracker.com/id/1039890", + "https://bugs.python.org/issue30657", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000158", + "https://github.com/python/cpython/commit/c3c9db89273fabc62ea1b48389d9a3000c1c03ae", + "https://lists.debian.org/debian-lts-announce/2017/11/msg00035.html", + "https://lists.debian.org/debian-lts-announce/2017/11/msg00036.html", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html", + "https://security.gentoo.org/glsa/201805-02", + "https://usn.ubuntu.com/usn/usn-3496-1", + "https://usn.ubuntu.com/usn/usn-3496-2", + "https://usn.ubuntu.com/usn/usn-3496-3", + "https://www.debian.org/security/2018/dsa-4307" + ], + "PublishedDate": "2017-11-17T05:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-14647", + "PkgName": "python-libs", + "InstalledVersion": "2.7.5-76.el7", + "FixedVersion": "2.7.5-86.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14647", + "Title": "python: Missing salt initialization in _elementtree.c module", + "Description": "Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. Python 3.8, 3.7, 3.6, 3.5, 3.4, 2.7 are believed to be vulnerable.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-909" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-14647.html", + "http://linux.oracle.com/errata/ELSA-2019-2030.html", + "http://www.securityfocus.com/bid/105396", + "http://www.securitytracker.com/id/1041740", + "https://access.redhat.com/errata/RHSA-2019:1260", + "https://access.redhat.com/errata/RHSA-2019:2030", + "https://bugs.python.org/issue34623", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14647", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14647", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBJCB2HWOJLP3L7CUQHJHNBHLSVOXJE5/", + "https://usn.ubuntu.com/3817-1/", + "https://usn.ubuntu.com/3817-2/", + "https://usn.ubuntu.com/usn/usn-3817-1", + "https://usn.ubuntu.com/usn/usn-3817-2", + "https://www.debian.org/security/2018/dsa-4306", + "https://www.debian.org/security/2018/dsa-4307" + ], + "PublishedDate": "2018-09-25T00:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20852", + "PkgName": "python-libs", + "InstalledVersion": "2.7.5-76.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20852", + "Title": "python: Cookie domain check returns incorrect results", + "Description": "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-20852.html", + "http://linux.oracle.com/errata/ELSA-2019-4884.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00071.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00074.html", + "https://bugs.python.org/issue35121", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20852", + "https://lists.debian.org/debian-lts-announce/2019/08/msg00022.html", + "https://python-security.readthedocs.io/vuln/cookie-domain-check.html", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-07-13T21:15:00Z", + "LastModifiedDate": "2019-08-17T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-16056", + "PkgName": "python-libs", + "InstalledVersion": "2.7.5-76.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16056", + "Title": "python: email.utils.parseaddr wrongly parses email addresses", + "Description": "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + } + }, + "References": [ + "https://bugs.python.org/issue34155", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16056", + "https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00018.html", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00019.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K4KZEFP6E4YPYB52AF4WXCUDSGQOTF37/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/", + "https://usn.ubuntu.com/usn/usn-4151-1", + "https://usn.ubuntu.com/usn/usn-4151-2" + ], + "PublishedDate": "2019-09-06T18:15:00Z", + "LastModifiedDate": "2019-09-11T05:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-16935", + "PkgName": "python-libs", + "InstalledVersion": "2.7.5-76.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16935", + "Title": "python: XSS vulnerability in the documentation XML-RPC server in server_title field", + "Description": "The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://bugs.python.org/issue38243", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16935", + "https://github.com/python/cpython/blob/35c0809158be7feae4c4f877a08b93baea2d8291/Lib/xmlrpc/server.py#L897", + "https://github.com/python/cpython/blob/e007860b8b3609ce0bc62b1780efaa06241520bd/Lib/DocXMLRPCServer.py#L213", + "https://github.com/python/cpython/pull/16373", + "https://security.netapp.com/advisory/ntap-20191017-0004/", + "https://usn.ubuntu.com/4151-1/", + "https://usn.ubuntu.com/4151-2/", + "https://usn.ubuntu.com/usn/usn-4151-1", + "https://usn.ubuntu.com/usn/usn-4151-2" + ], + "PublishedDate": "2019-09-28T02:15:00Z", + "LastModifiedDate": "2019-10-09T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-18348", + "PkgName": "python-libs", + "InstalledVersion": "2.7.5-76.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18348", + "Title": "python: CRLF injection via the host part of the url passed to urlopen()", + "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.)", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-74" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://bugs.python.org/issue30458#msg347282", + "https://bugzilla.redhat.com/show_bug.cgi?id=1727276", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18348", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/", + "https://security.netapp.com/advisory/ntap-20191107-0004/" + ], + "PublishedDate": "2019-10-23T17:15:00Z", + "LastModifiedDate": "2019-11-07T10:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5010", + "PkgName": "python-libs", + "InstalledVersion": "2.7.5-76.el7", + "FixedVersion": "2.7.5-86.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5010", + "Title": "python: NULL pointer dereference using a specially crafted X509 certificate", + "Description": "An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-5010.html", + "http://linux.oracle.com/errata/ELSA-2019-3520.html", + "https://access.redhat.com/errata/RHSA-2019:3520", + "https://access.redhat.com/errata/RHSA-2019:3725", + "https://blog.talosintelligence.com/2019/01/vulnerability-spotlight-pythonorg.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010", + "https://github.com/python/cpython/pull/11569", + "https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0758", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-10-31T21:15:00Z", + "LastModifiedDate": "2019-11-06T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9740", + "PkgName": "python-libs", + "InstalledVersion": "2.7.5-76.el7", + "FixedVersion": "2.7.5-86.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9740", + "Title": "python: CRLF injection via the query part of the url passed to urlopen()", + "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-93" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V2Score": 4.3, + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9740.html", + "http://linux.oracle.com/errata/ELSA-2019-3520.html", + "http://www.securityfocus.com/bid/107466", + "https://access.redhat.com/errata/RHSA-2019:1260", + "https://bugs.python.org/issue36276", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", + "https://python-security.readthedocs.io/vuln/http-header-injection2.html", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-03-13T03:29:00Z", + "LastModifiedDate": "2019-05-28T18:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9947", + "PkgName": "python-libs", + "InstalledVersion": "2.7.5-76.el7", + "FixedVersion": "2.7.5-86.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9947", + "Title": "python: CRLF injection via the path part of the url passed to urlopen()", + "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-93" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V2Score": 4.3, + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9947.html", + "http://linux.oracle.com/errata/ELSA-2019-3520.html", + "https://access.redhat.com/errata/RHSA-2019:1260", + "https://bugs.python.org/issue35906", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9947", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", + "https://python-security.readthedocs.io/vuln/http-header-injection2.html", + "https://security.netapp.com/advisory/ntap-20190404-0004/", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-03-23T18:29:00Z", + "LastModifiedDate": "2019-05-28T19:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9948", + "PkgName": "python-libs", + "InstalledVersion": "2.7.5-76.el7", + "FixedVersion": "2.7.5-86.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9948", + "Title": "python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms", + "Description": "urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-254" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9948.html", + "http://linux.oracle.com/errata/ELSA-2019-3520.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", + "http://www.securityfocus.com/bid/107549", + "https://bugs.python.org/issue35907", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948", + "https://github.com/python/cpython/pull/11842", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", + "https://security.netapp.com/advisory/ntap-20190404-0004/", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-03-23T18:29:00Z", + "LastModifiedDate": "2019-06-19T02:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1000030", + "PkgName": "python-libs", + "InstalledVersion": "2.7.5-76.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000030", + "Title": "python: Heap-Buffer-Overflow and Heap-Use-After-Free in Objects/fileobject.c", + "Description": "Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3-\u003eMalloc-\u003eThread1-\u003eFree's-\u003eThread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119", + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 3.6 + } + }, + "References": [ + "https://bugs.python.org/issue31530", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000030", + "https://drive.google.com/file/d/1oyR9DAZjZK_SCn3mor6NRAYLJS6ueXaY/view", + "https://security.gentoo.org/glsa/201811-02", + "https://usn.ubuntu.com/3817-1/", + "https://usn.ubuntu.com/3817-2/", + "https://usn.ubuntu.com/usn/usn-3817-1", + "https://usn.ubuntu.com/usn/usn-3817-2", + "https://www.dropbox.com/sh/sj3ee7xv55j36k7/AADwP-YfOYikBMuy32e0uvPFa?dl=0" + ], + "PublishedDate": "2018-02-08T17:29:00Z", + "LastModifiedDate": "2019-10-09T23:32:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9674", + "PkgName": "python-libs", + "InstalledVersion": "2.7.5-76.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9674", + "Title": "python: Nested zip file (Zip bomb) vulnerability in Lib/zipfile.py", + "Description": "Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.", + "Severity": "LOW", + "CweIDs": [ + "CWE-400" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://bugs.python.org/issue36260", + "https://bugs.python.org/issue36462", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9674", + "https://github.com/python/cpython/blob/master/Lib/zipfile.py", + "https://github.com/python/cpython/commit/3ba51d587f6897a45301ce9126300c14fcd4eba2", + "https://python-security.readthedocs.io/security.html#archives-and-zip-bomb", + "https://security.netapp.com/advisory/ntap-20200221-0003/", + "https://www.python.org/news/security/" + ], + "PublishedDate": "2020-02-04T15:15:00Z", + "LastModifiedDate": "2020-02-24T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-7091", + "PkgName": "readline", + "InstalledVersion": "6.2-10.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-7091", + "Title": "sudo: Possible info leak via INPUTRC", + "Description": "sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.9, + "V3Score": 4.4 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N", + "V2Score": 3.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-7091.html", + "http://linux.oracle.com/errata/ELSA-2016-2593.html", + "http://www.securityfocus.com/bid/92615", + "https://lists.gnu.org/archive/html/bug-readline/2016-05/msg00009.html", + "https://rhn.redhat.com/errata/RHSA-2016-2593.html" + ], + "PublishedDate": "2016-12-22T21:59:00Z", + "LastModifiedDate": "2016-12-23T18:17:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7500", + "PkgName": "rpm", + "InstalledVersion": "4.11.3-35.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7500", + "Title": "rpm: Following symlinks to directories when installing packages allows privilege escalation", + "Description": "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1450369", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7500", + "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9", + "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79" + ], + "PublishedDate": "2018-08-13T17:29:00Z", + "LastModifiedDate": "2019-10-09T23:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7501", + "PkgName": "rpm", + "InstalledVersion": "4.11.3-35.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7501", + "Title": "rpm: Following symlinks to files when installing packages allows privilege escalation", + "Description": "It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1452133", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7501", + "https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc", + "https://security.gentoo.org/glsa/201811-22" + ], + "PublishedDate": "2017-11-22T22:29:00Z", + "LastModifiedDate": "2018-11-29T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7500", + "PkgName": "rpm-build-libs", + "InstalledVersion": "4.11.3-35.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7500", + "Title": "rpm: Following symlinks to directories when installing packages allows privilege escalation", + "Description": "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1450369", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7500", + "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9", + "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79" + ], + "PublishedDate": "2018-08-13T17:29:00Z", + "LastModifiedDate": "2019-10-09T23:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7501", + "PkgName": "rpm-build-libs", + "InstalledVersion": "4.11.3-35.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7501", + "Title": "rpm: Following symlinks to files when installing packages allows privilege escalation", + "Description": "It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1452133", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7501", + "https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc", + "https://security.gentoo.org/glsa/201811-22" + ], + "PublishedDate": "2017-11-22T22:29:00Z", + "LastModifiedDate": "2018-11-29T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7500", + "PkgName": "rpm-libs", + "InstalledVersion": "4.11.3-35.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7500", + "Title": "rpm: Following symlinks to directories when installing packages allows privilege escalation", + "Description": "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1450369", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7500", + "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9", + "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79" + ], + "PublishedDate": "2018-08-13T17:29:00Z", + "LastModifiedDate": "2019-10-09T23:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7501", + "PkgName": "rpm-libs", + "InstalledVersion": "4.11.3-35.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7501", + "Title": "rpm: Following symlinks to files when installing packages allows privilege escalation", + "Description": "It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1452133", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7501", + "https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc", + "https://security.gentoo.org/glsa/201811-22" + ], + "PublishedDate": "2017-11-22T22:29:00Z", + "LastModifiedDate": "2018-11-29T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7500", + "PkgName": "rpm-python", + "InstalledVersion": "4.11.3-35.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7500", + "Title": "rpm: Following symlinks to directories when installing packages allows privilege escalation", + "Description": "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1450369", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7500", + "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9", + "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79" + ], + "PublishedDate": "2018-08-13T17:29:00Z", + "LastModifiedDate": "2019-10-09T23:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7501", + "PkgName": "rpm-python", + "InstalledVersion": "4.11.3-35.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7501", + "Title": "rpm: Following symlinks to files when installing packages allows privilege escalation", + "Description": "It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1452133", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7501", + "https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc", + "https://security.gentoo.org/glsa/201811-22" + ], + "PublishedDate": "2017-11-22T22:29:00Z", + "LastModifiedDate": "2018-11-29T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-13734", + "PkgName": "sqlite", + "InstalledVersion": "3.7.17-8.el7", + "FixedVersion": "3.7.17-8.el7_7.1", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13734", + "Title": "sqlite: fts3: improve shadow table corruption detection", + "Description": "Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-13734.html", + "http://linux.oracle.com/errata/ELSA-2020-0273.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html", + "https://access.redhat.com/errata/RHSA-2019:4238", + "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", + "https://crbug.com/1025466", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13734", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/" + ], + "PublishedDate": "2019-12-10T22:15:00Z", + "LastModifiedDate": "2019-12-16T12:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5827", + "PkgName": "sqlite", + "InstalledVersion": "3.7.17-8.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5827", + "Title": "chromium-browser: out-of-bounds access in SQLite", + "Description": "Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html", + "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html", + "https://crbug.com/952406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5827", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/", + "https://usn.ubuntu.com/usn/usn-4205-1" + ], + "PublishedDate": "2019-06-27T17:15:00Z", + "LastModifiedDate": "2019-07-25T04:15:00Z" + }, + { + "VulnerabilityID": "CVE-2015-7036", + "PkgName": "sqlite", + "InstalledVersion": "3.7.17-8.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-7036", + "Title": "sqlite: arbitrary code execution on databases with malformed schema", + "Description": "The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API call with a crafted pointer value in the second argument.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", + "V2Score": 5.1 + } + }, + "References": [ + "http://support.apple.com/kb/HT204941", + "http://support.apple.com/kb/HT204942", + "http://zerodayinitiative.com/advisories/ZDI-15-570/", + "https://security.gentoo.org/glsa/201612-21" + ], + "PublishedDate": "2015-11-22T03:59:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7000", + "PkgName": "sqlite", + "InstalledVersion": "3.7.17-8.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7000", + "Title": "chromium-browser: pointer disclosure in sqlite", + "Description": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the \"SQLite\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/98767", + "http://www.securityfocus.com/bid/99950", + "https://access.redhat.com/errata/RHSA-2017:1833", + "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7000", + "https://security.gentoo.org/glsa/201709-15", + "https://support.apple.com/HT207797", + "https://support.apple.com/HT207798", + "https://www.debian.org/security/2017/dsa-3926", + "https://www.sqlite.org/bindptr.html" + ], + "PublishedDate": "2018-04-03T06:29:00Z", + "LastModifiedDate": "2018-04-27T18:00:00Z" + }, + { + "VulnerabilityID": "CVE-2019-13751", + "PkgName": "sqlite", + "InstalledVersion": "3.7.17-8.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13751", + "Title": "sqlite: fts3: improve detection of corrupted records", + "Description": "Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html", + "https://access.redhat.com/errata/RHSA-2019:4238", + "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", + "https://crbug.com/1025465", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13751", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/" + ], + "PublishedDate": "2019-12-10T22:15:00Z", + "LastModifiedDate": "2019-12-16T12:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-13752", + "PkgName": "sqlite", + "InstalledVersion": "3.7.17-8.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13752", + "Title": "sqlite: fts3: improve shadow table corruption detection", + "Description": "Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html", + "https://access.redhat.com/errata/RHSA-2019:4238", + "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", + "https://crbug.com/1025470", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13752", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/" + ], + "PublishedDate": "2019-12-10T22:15:00Z", + "LastModifiedDate": "2019-12-16T12:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-13753", + "PkgName": "sqlite", + "InstalledVersion": "3.7.17-8.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13753", + "Title": "sqlite: fts3: incorrectly removed corruption check", + "Description": "Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html", + "https://access.redhat.com/errata/RHSA-2019:4238", + "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", + "https://crbug.com/1025471", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13753", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/" + ], + "PublishedDate": "2019-12-10T22:15:00Z", + "LastModifiedDate": "2019-12-16T12:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19603", + "PkgName": "sqlite", + "InstalledVersion": "3.7.17-8.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19603", + "Title": "sqlite: mishandles certain SELECT statements with a nonexistent VIEW, leading to DoS", + "Description": "SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19603", + "https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13", + "https://security.netapp.com/advisory/ntap-20191223-0001/", + "https://www.sqlite.org/" + ], + "PublishedDate": "2019-12-09T19:15:00Z", + "LastModifiedDate": "2020-02-03T14:22:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19645", + "PkgName": "sqlite", + "InstalledVersion": "3.7.17-8.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19645", + "Title": "sqlite: infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements", + "Description": "alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-674" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19645", + "https://github.com/sqlite/sqlite/commit/38096961c7cd109110ac21d3ed7dad7e0cb0ae06", + "https://security.netapp.com/advisory/ntap-20191223-0001/" + ], + "PublishedDate": "2019-12-09T16:15:00Z", + "LastModifiedDate": "2019-12-23T05:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19880", + "PkgName": "sqlite", + "InstalledVersion": "3.7.17-8.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19880", + "Title": "sqlite: invalid pointer dereference in exprListAppendList in window.c", + "Description": "exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19880", + "https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54", + "https://security.netapp.com/advisory/ntap-20200114-0001/" + ], + "PublishedDate": "2019-12-18T06:15:00Z", + "LastModifiedDate": "2020-01-14T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19924", + "PkgName": "sqlite", + "InstalledVersion": "3.7.17-8.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19924", + "Title": "sqlite: incorrect sqlite3WindowRewrite() error handling leads to mishandling certain parser-tree rewriting", + "Description": "SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-755" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19924", + "https://github.com/sqlite/sqlite/commit/8654186b0236d556aa85528c2573ee0b6ab71be3", + "https://security.netapp.com/advisory/ntap-20200114-0003/" + ], + "PublishedDate": "2019-12-24T16:15:00Z", + "LastModifiedDate": "2020-01-14T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-20218", + "PkgName": "sqlite", + "InstalledVersion": "3.7.17-8.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20218", + "Title": "sqlite: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error", + "Description": "selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-755" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20218", + "https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387" + ], + "PublishedDate": "2020-01-02T14:16:00Z", + "LastModifiedDate": "2020-01-16T20:35:00Z" + }, + { + "VulnerabilityID": "CVE-2019-8457", + "PkgName": "sqlite", + "InstalledVersion": "3.7.17-8.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-8457", + "Title": "sqlite: heap out-of-bound read in function rtreenode()", + "Description": "SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00074.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8457", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPKYSWCOM3CL66RI76TYVIG6TJ263RXH/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJPFGA45DI4F5MCF2OAACGH3HQOF4G3M/", + "https://security.netapp.com/advisory/ntap-20190606-0002/", + "https://usn.ubuntu.com/4004-1/", + "https://usn.ubuntu.com/4004-2/", + "https://usn.ubuntu.com/4019-1/", + "https://usn.ubuntu.com/4019-2/", + "https://usn.ubuntu.com/usn/usn-4004-1", + "https://usn.ubuntu.com/usn/usn-4004-2", + "https://usn.ubuntu.com/usn/usn-4019-1", + "https://usn.ubuntu.com/usn/usn-4019-2", + "https://www.oracle.com/security-alerts/cpujan2020.html", + "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "https://www.sqlite.org/releaselog/3_28_0.html", + "https://www.sqlite.org/src/info/90acdbfce9c08858" + ], + "PublishedDate": "2019-05-30T16:29:00Z", + "LastModifiedDate": "2020-01-15T20:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-6153", + "PkgName": "sqlite", + "InstalledVersion": "3.7.17-8.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6153", + "Title": "sqlite: Tempdir selection vulnerability", + "Description": "os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 4.6, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", + "V2Score": 1.2, + "V3Score": 2.2 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-updates/2016-08/msg00053.html", + "http://www.openwall.com/lists/oss-security/2016/07/01/1", + "http://www.openwall.com/lists/oss-security/2016/07/01/2", + "http://www.securityfocus.com/bid/91546", + "http://www.sqlite.org/cgi/src/info/67985761aa93fb61", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6153", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IGQTH7V45QVHFDXJAEECHEO3HHD644WZ/", + "https://usn.ubuntu.com/usn/usn-4019-1", + "https://usn.ubuntu.com/usn/usn-4019-2", + "https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt", + "https://www.sqlite.org/releaselog/3_13_0.html", + "https://www.tenable.com/security/tns-2016-20" + ], + "PublishedDate": "2016-09-26T16:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2017-10989", + "PkgName": "sqlite", + "InstalledVersion": "3.7.17-8.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10989", + "Title": "sqlite: Heap-buffer overflow in the getNodeSize function", + "Description": "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 3.6 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html", + "http://marc.info/?l=sqlite-users\u0026m=149933696214713\u0026w=2", + "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "http://www.securityfocus.com/bid/99502", + "http://www.securitytracker.com/id/1039427", + "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405", + "https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10989", + "https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html", + "https://sqlite.org/src/info/66de6f4a", + "https://sqlite.org/src/vpatch?from=0db20efe201736b3\u0026to=66de6f4a9504ec26", + "https://support.apple.com/HT208112", + "https://support.apple.com/HT208113", + "https://support.apple.com/HT208115", + "https://support.apple.com/HT208144", + "https://usn.ubuntu.com/4019-1/", + "https://usn.ubuntu.com/4019-2/", + "https://usn.ubuntu.com/usn/usn-4019-1", + "https://usn.ubuntu.com/usn/usn-4019-2" + ], + "PublishedDate": "2017-07-07T12:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13685", + "PkgName": "sqlite", + "InstalledVersion": "3.7.17-8.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13685", + "Title": "sqlite: Local DoS via dump_callback function", + "Description": "The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html", + "http://www.securityfocus.com/bid/100521", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13685", + "https://usn.ubuntu.com/usn/usn-4019-1", + "https://usn.ubuntu.com/usn/usn-4019-2" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2017-08-31T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-15286", + "PkgName": "sqlite", + "InstalledVersion": "3.7.17-8.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15286", + "Title": "sqlite: NULL pointer dereference in tableColumnList", + "Description": "SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never initialized.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/101285", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15286", + "https://github.com/Ha0Team/crash-of-sqlite3/blob/master/poc.md" + ], + "PublishedDate": "2017-10-12T08:29:00Z", + "LastModifiedDate": "2017-10-27T14:18:00Z" + }, + { + "VulnerabilityID": "CVE-2018-8740", + "PkgName": "sqlite", + "InstalledVersion": "3.7.17-8.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-8740", + "Title": "sqlite: NULL pointer dereference with databases with schema corrupted with CREATE TABLE AS allows for denial of service", + "Description": "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html", + "http://www.securityfocus.com/bid/103466", + "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964", + "https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8740", + "https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html", + "https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema", + "https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d\u0026to=d75e67654aa9620b" + ], + "PublishedDate": "2018-03-17T00:29:00Z", + "LastModifiedDate": "2019-05-22T03:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19244", + "PkgName": "sqlite", + "InstalledVersion": "3.7.17-8.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19244", + "Title": "sqlite: allows a crash if a sub-select uses both DISTINCT and window functions and also has certain ORDER BY usage", + "Description": "sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19244", + "https://github.com/sqlite/sqlite/commit/e59c562b3f6894f84c715772c4b116d7b5c01348", + "https://usn.ubuntu.com/4205-1/", + "https://usn.ubuntu.com/usn/usn-4205-1" + ], + "PublishedDate": "2019-11-25T20:15:00Z", + "LastModifiedDate": "2019-12-04T16:11:00Z" + }, + { + "VulnerabilityID": "CVE-2013-4392", + "PkgName": "systemd", + "InstalledVersion": "219-62.el7_6.5", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4392", + "Title": "systemd: TOCTOU race condition when updating file permissions and SELinux security contexts", + "Description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "V2Score": 3.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "V2Score": 3.3 + } + }, + "References": [ + "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", + "http://www.openwall.com/lists/oss-security/2013/10/01/9", + "https://bugzilla.redhat.com/show_bug.cgi?id=859060" + ], + "PublishedDate": "2013-10-28T22:55:00Z", + "LastModifiedDate": "2013-12-08T06:00:00Z" + }, + { + "VulnerabilityID": "CVE-2017-18078", + "PkgName": "systemd", + "InstalledVersion": "219-62.el7_6.5", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18078", + "Title": "systemd: Unsafe handling of hard links allowing privilege escalation", + "Description": "systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 6.7 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-updates/2018-02/msg00109.html", + "http://packetstormsecurity.com/files/146184/systemd-Local-Privilege-Escalation.html", + "http://www.openwall.com/lists/oss-security/2018/01/29/3", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18078", + "https://github.com/systemd/systemd/issues/7736", + "https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html", + "https://www.exploit-db.com/exploits/43935/", + "https://www.openwall.com/lists/oss-security/2018/01/29/4" + ], + "PublishedDate": "2018-01-29T05:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-15686", + "PkgName": "systemd", + "InstalledVersion": "219-62.el7_6.5", + "FixedVersion": "219-67.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-15686", + "Title": "systemd: line splitting via fgets() allows for state injection during daemon-reexec", + "Description": "A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-502" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 10, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", + "V3Score": 3.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-15686.html", + "http://linux.oracle.com/errata/ELSA-2019-2091.html", + "http://www.securityfocus.com/bid/105747", + "https://access.redhat.com/errata/RHSA-2019:2091", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15686", + "https://github.com/systemd/systemd/pull/10519", + "https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html", + "https://security.gentoo.org/glsa/201810-10", + "https://usn.ubuntu.com/3816-1/", + "https://usn.ubuntu.com/usn/usn-3816-1", + "https://www.exploit-db.com/exploits/45714/" + ], + "PublishedDate": "2018-10-26T14:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16866", + "PkgName": "systemd", + "InstalledVersion": "219-62.el7_6.5", + "FixedVersion": "219-67.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16866", + "Title": "systemd: out-of-bounds read when parsing a crafted syslog message", + "Description": "An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 2.1, + "V3Score": 3.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 4.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16866.html", + "http://linux.oracle.com/errata/ELSA-2019-2091.html", + "http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html", + "http://seclists.org/fulldisclosure/2019/May/21", + "http://www.openwall.com/lists/oss-security/2019/05/10/4", + "http://www.securityfocus.com/bid/106527", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16866", + "https://seclists.org/bugtraq/2019/May/25", + "https://security.gentoo.org/glsa/201903-07", + "https://security.netapp.com/advisory/ntap-20190117-0001/", + "https://usn.ubuntu.com/3855-1/", + "https://usn.ubuntu.com/usn/usn-3855-1", + "https://www.debian.org/security/2019/dsa-4367", + "https://www.qualys.com/2019/01/09/system-down/system-down.txt" + ], + "PublishedDate": "2019-01-11T19:29:00Z", + "LastModifiedDate": "2019-05-13T20:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-6954", + "PkgName": "systemd", + "InstalledVersion": "219-62.el7_6.5", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6954", + "Title": "systemd: Mishandled symlinks in systemd-tmpfiles allows local users to obtain ownership of arbitrary files", + "Description": "systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6954", + "https://github.com/systemd/systemd/issues/7986", + "https://usn.ubuntu.com/3816-1/", + "https://usn.ubuntu.com/3816-2/", + "https://usn.ubuntu.com/usn/usn-3816-1", + "https://usn.ubuntu.com/usn/usn-3816-2" + ], + "PublishedDate": "2018-02-13T20:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3842", + "PkgName": "systemd", + "InstalledVersion": "219-62.el7_6.5", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3842", + "Title": "systemd: Spoofing of XDG_SEAT allows for actions to be checked against \"allow_active\" instead of \"allow_any\"", + "Description": "In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the \"allow_active\" element rather than \"allow_any\".", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.4, + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 4.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html", + "http://packetstormsecurity.com/files/152610/systemd-Seat-Verification-Active-Session-Spoofing.html", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3842", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3842", + "https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STR36RJE4ZZIORMDXRERVBHMPRNRTHAC/", + "https://usn.ubuntu.com/usn/usn-3938-1", + "https://www.exploit-db.com/exploits/46743/" + ], + "PublishedDate": "2019-04-09T21:29:00Z", + "LastModifiedDate": "2019-05-28T00:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-6349", + "PkgName": "systemd", + "InstalledVersion": "219-62.el7_6.5", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6349", + "Title": "oci-register-machine: information exposure for docker containers", + "Description": "The machinectl command in oci-register-machine allows local users to list running containers and possibly obtain sensitive information by running that command.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 2.1, + "V3Score": 3.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 1.9, + "V3Score": 4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/07/26/9", + "http://www.openwall.com/lists/oss-security/2016/10/13/7", + "http://www.securityfocus.com/bid/92143", + "https://bugzilla.redhat.com/show_bug.cgi?id=1360634", + "https://github.com/projectatomic/oci-register-machine/pull/22" + ], + "PublishedDate": "2017-03-29T20:59:00Z", + "LastModifiedDate": "2017-04-06T13:33:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16888", + "PkgName": "systemd", + "InstalledVersion": "219-62.el7_6.5", + "FixedVersion": "219-67.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16888", + "Title": "systemd: kills privileged process if unprivileged PIDFile was tampered", + "Description": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20", + "CWE-732" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.4 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16888.html", + "http://linux.oracle.com/errata/ELSA-2019-2091.html", + "https://access.redhat.com/errata/RHSA-2019:2091", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16888", + "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74@%3Cuser.cassandra.apache.org%3E", + "https://security.netapp.com/advisory/ntap-20190307-0007/", + "https://usn.ubuntu.com/usn/usn-4269-1" + ], + "PublishedDate": "2019-01-14T22:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-20386", + "PkgName": "systemd", + "InstalledVersion": "219-62.el7_6.5", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20386", + "Title": "systemd: a memory leak was discovered in button_open in login/logind-button.c when udev events are received", + "Description": "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.", + "Severity": "LOW", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 2.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20386", + "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad", + "https://security.netapp.com/advisory/ntap-20200210-0002/", + "https://usn.ubuntu.com/4269-1/", + "https://usn.ubuntu.com/usn/usn-4269-1" + ], + "PublishedDate": "2020-01-21T06:15:00Z", + "LastModifiedDate": "2020-02-10T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2013-4392", + "PkgName": "systemd-libs", + "InstalledVersion": "219-62.el7_6.5", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4392", + "Title": "systemd: TOCTOU race condition when updating file permissions and SELinux security contexts", + "Description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "V2Score": 3.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "V2Score": 3.3 + } + }, + "References": [ + "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", + "http://www.openwall.com/lists/oss-security/2013/10/01/9", + "https://bugzilla.redhat.com/show_bug.cgi?id=859060" + ], + "PublishedDate": "2013-10-28T22:55:00Z", + "LastModifiedDate": "2013-12-08T06:00:00Z" + }, + { + "VulnerabilityID": "CVE-2017-18078", + "PkgName": "systemd-libs", + "InstalledVersion": "219-62.el7_6.5", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18078", + "Title": "systemd: Unsafe handling of hard links allowing privilege escalation", + "Description": "systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 6.7 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-updates/2018-02/msg00109.html", + "http://packetstormsecurity.com/files/146184/systemd-Local-Privilege-Escalation.html", + "http://www.openwall.com/lists/oss-security/2018/01/29/3", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18078", + "https://github.com/systemd/systemd/issues/7736", + "https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html", + "https://www.exploit-db.com/exploits/43935/", + "https://www.openwall.com/lists/oss-security/2018/01/29/4" + ], + "PublishedDate": "2018-01-29T05:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-15686", + "PkgName": "systemd-libs", + "InstalledVersion": "219-62.el7_6.5", + "FixedVersion": "219-67.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-15686", + "Title": "systemd: line splitting via fgets() allows for state injection during daemon-reexec", + "Description": "A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-502" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 10, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", + "V3Score": 3.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-15686.html", + "http://linux.oracle.com/errata/ELSA-2019-2091.html", + "http://www.securityfocus.com/bid/105747", + "https://access.redhat.com/errata/RHSA-2019:2091", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15686", + "https://github.com/systemd/systemd/pull/10519", + "https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html", + "https://security.gentoo.org/glsa/201810-10", + "https://usn.ubuntu.com/3816-1/", + "https://usn.ubuntu.com/usn/usn-3816-1", + "https://www.exploit-db.com/exploits/45714/" + ], + "PublishedDate": "2018-10-26T14:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16866", + "PkgName": "systemd-libs", + "InstalledVersion": "219-62.el7_6.5", + "FixedVersion": "219-67.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16866", + "Title": "systemd: out-of-bounds read when parsing a crafted syslog message", + "Description": "An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 2.1, + "V3Score": 3.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 4.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16866.html", + "http://linux.oracle.com/errata/ELSA-2019-2091.html", + "http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html", + "http://seclists.org/fulldisclosure/2019/May/21", + "http://www.openwall.com/lists/oss-security/2019/05/10/4", + "http://www.securityfocus.com/bid/106527", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16866", + "https://seclists.org/bugtraq/2019/May/25", + "https://security.gentoo.org/glsa/201903-07", + "https://security.netapp.com/advisory/ntap-20190117-0001/", + "https://usn.ubuntu.com/3855-1/", + "https://usn.ubuntu.com/usn/usn-3855-1", + "https://www.debian.org/security/2019/dsa-4367", + "https://www.qualys.com/2019/01/09/system-down/system-down.txt" + ], + "PublishedDate": "2019-01-11T19:29:00Z", + "LastModifiedDate": "2019-05-13T20:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-6954", + "PkgName": "systemd-libs", + "InstalledVersion": "219-62.el7_6.5", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6954", + "Title": "systemd: Mishandled symlinks in systemd-tmpfiles allows local users to obtain ownership of arbitrary files", + "Description": "systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6954", + "https://github.com/systemd/systemd/issues/7986", + "https://usn.ubuntu.com/3816-1/", + "https://usn.ubuntu.com/3816-2/", + "https://usn.ubuntu.com/usn/usn-3816-1", + "https://usn.ubuntu.com/usn/usn-3816-2" + ], + "PublishedDate": "2018-02-13T20:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3842", + "PkgName": "systemd-libs", + "InstalledVersion": "219-62.el7_6.5", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3842", + "Title": "systemd: Spoofing of XDG_SEAT allows for actions to be checked against \"allow_active\" instead of \"allow_any\"", + "Description": "In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the \"allow_active\" element rather than \"allow_any\".", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.4, + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 4.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html", + "http://packetstormsecurity.com/files/152610/systemd-Seat-Verification-Active-Session-Spoofing.html", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3842", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3842", + "https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STR36RJE4ZZIORMDXRERVBHMPRNRTHAC/", + "https://usn.ubuntu.com/usn/usn-3938-1", + "https://www.exploit-db.com/exploits/46743/" + ], + "PublishedDate": "2019-04-09T21:29:00Z", + "LastModifiedDate": "2019-05-28T00:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-6349", + "PkgName": "systemd-libs", + "InstalledVersion": "219-62.el7_6.5", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6349", + "Title": "oci-register-machine: information exposure for docker containers", + "Description": "The machinectl command in oci-register-machine allows local users to list running containers and possibly obtain sensitive information by running that command.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 2.1, + "V3Score": 3.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 1.9, + "V3Score": 4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/07/26/9", + "http://www.openwall.com/lists/oss-security/2016/10/13/7", + "http://www.securityfocus.com/bid/92143", + "https://bugzilla.redhat.com/show_bug.cgi?id=1360634", + "https://github.com/projectatomic/oci-register-machine/pull/22" + ], + "PublishedDate": "2017-03-29T20:59:00Z", + "LastModifiedDate": "2017-04-06T13:33:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16888", + "PkgName": "systemd-libs", + "InstalledVersion": "219-62.el7_6.5", + "FixedVersion": "219-67.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16888", + "Title": "systemd: kills privileged process if unprivileged PIDFile was tampered", + "Description": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20", + "CWE-732" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.4 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16888.html", + "http://linux.oracle.com/errata/ELSA-2019-2091.html", + "https://access.redhat.com/errata/RHSA-2019:2091", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16888", + "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74@%3Cuser.cassandra.apache.org%3E", + "https://security.netapp.com/advisory/ntap-20190307-0007/", + "https://usn.ubuntu.com/usn/usn-4269-1" + ], + "PublishedDate": "2019-01-14T22:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-20386", + "PkgName": "systemd-libs", + "InstalledVersion": "219-62.el7_6.5", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20386", + "Title": "systemd: a memory leak was discovered in button_open in login/logind-button.c when udev events are received", + "Description": "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.", + "Severity": "LOW", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 2.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20386", + "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad", + "https://security.netapp.com/advisory/ntap-20200210-0002/", + "https://usn.ubuntu.com/4269-1/", + "https://usn.ubuntu.com/usn/usn-4269-1" + ], + "PublishedDate": "2020-01-21T06:15:00Z", + "LastModifiedDate": "2020-02-10T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-6321", + "PkgName": "tar", + "InstalledVersion": "2:1.26-35.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6321", + "Title": "tar: Bypassing the extract path name", + "Description": "Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-22" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", + "V2Score": 5.1 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d", + "http://lists.gnu.org/archive/html/bug-tar/2016-10/msg00016.html", + "http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html", + "http://seclists.org/fulldisclosure/2016/Oct/102", + "http://seclists.org/fulldisclosure/2016/Oct/96", + "http://www.debian.org/security/2016/dsa-3702", + "http://www.securityfocus.com/bid/93937", + "http://www.ubuntu.com/usn/USN-3132-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6321", + "https://security.gentoo.org/glsa/201611-19", + "https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt", + "https://sintonen.fi/advisories/tar-extract-pathname-bypass.txt", + "https://usn.ubuntu.com/usn/usn-3132-1" + ], + "PublishedDate": "2016-12-09T22:59:00Z", + "LastModifiedDate": "2017-07-01T01:30:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20482", + "PkgName": "tar", + "InstalledVersion": "2:1.26-35.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20482", + "Title": "tar: Infinite read loop in sparse_dump_region function in sparse.c", + "Description": "GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).", + "Severity": "LOW", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42ccd1e2377945fd0414eca1a49294bff454", + "http://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html", + "http://www.securityfocus.com/bid/106354", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20482", + "https://lists.debian.org/debian-lts-announce/2018/12/msg00023.html", + "https://news.ycombinator.com/item?id=18745431", + "https://security.gentoo.org/glsa/201903-05", + "https://twitter.com/thatcks/status/1076166645708668928", + "https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug" + ], + "PublishedDate": "2018-12-26T18:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9923", + "PkgName": "tar", + "InstalledVersion": "2:1.26-35.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9923", + "Title": "tar: null-pointer dereference in pax_decode_header in sparse.c", + "Description": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html", + "http://savannah.gnu.org/bugs/?55369", + "https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241" + ], + "PublishedDate": "2019-03-22T08:29:00Z", + "LastModifiedDate": "2019-04-24T19:02:00Z" + }, + { + "VulnerabilityID": "CVE-2014-9114", + "PkgName": "util-linux", + "InstalledVersion": "2.23.2-59.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9114", + "Title": "util-linux: command injection flaw in blkid", + "Description": "Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-77" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V2Score": 6.2 + } + }, + "References": [ + "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146229.html", + "http://lists.opensuse.org/opensuse-updates/2015-01/msg00035.html", + "http://www.openwall.com/lists/oss-security/2014/11/26/21", + "http://www.securityfocus.com/bid/71327", + "https://bugzilla.redhat.com/show_bug.cgi?id=1168485", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9114", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/98993", + "https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc", + "https://security.gentoo.org/glsa/201612-14" + ], + "PublishedDate": "2017-03-31T16:59:00Z", + "LastModifiedDate": "2019-01-04T14:14:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2779", + "PkgName": "util-linux", + "InstalledVersion": "2.23.2-59.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", + "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", + "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "V2Score": 6.2, + "V3Score": 8.6 + } + }, + "References": [ + "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", + "http://www.openwall.com/lists/oss-security/2016/02/27/1", + "http://www.openwall.com/lists/oss-security/2016/02/27/2", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" + ], + "PublishedDate": "2017-02-07T15:59:00Z", + "LastModifiedDate": "2019-01-04T14:14:00Z" + }, + { + "VulnerabilityID": "CVE-2015-5218", + "PkgName": "util-linux", + "InstalledVersion": "2.23.2-59.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5218", + "Title": "colcrt: global-buffer-overflow", + "Description": "Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", + "V2Score": 3.7 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-updates/2015-11/msg00035.html", + "http://www.spinics.net/lists/util-linux-ng/msg11873.html", + "https://bugzilla.redhat.com/show_bug.cgi?id=1259322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5218", + "https://github.com/kerolasa/lelux-utiliteetit/commit/70e3fcf293c1827a2655a86584ab13075124a8a8", + "https://github.com/kerolasa/lelux-utiliteetit/commit/d883d64d96ab9bef510745d064a351145b9babec", + "https://www.kernel.org/pub/linux/utils/util-linux/v2.27/v2.27-ReleaseNotes" + ], + "PublishedDate": "2015-11-09T16:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2019-12735", + "PkgName": "vim-minimal", + "InstalledVersion": "2:7.4.160-5.el7", + "FixedVersion": "2:7.4.160-6.el7_6", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12735", + "Title": "vim/neovim: ':source!' command allows arbitrary command execution via modelines", + "Description": "getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-78" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "V2Score": 9.3, + "V3Score": 8.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 6.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-12735.html", + "http://linux.oracle.com/errata/ELSA-2019-1774.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00031.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00036.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00037.html", + "http://www.securityfocus.com/bid/108724", + "https://bugs.debian.org/930020", + "https://bugs.debian.org/930024", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12735", + "https://github.com/neovim/neovim/pull/10082", + "https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md", + "https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2BMDSHTF754TITC6AQJPCS5IRIDMMIM7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRIRBC2YRGKPAWVRMZS4SZTGGCVRVZPR/", + "https://usn.ubuntu.com/4016-1/", + "https://usn.ubuntu.com/4016-2/", + "https://usn.ubuntu.com/usn/usn-4016-1", + "https://usn.ubuntu.com/usn/usn-4016-2", + "https://www.debian.org/security/2019/dsa-4467" + ], + "PublishedDate": "2019-06-05T14:29:00Z", + "LastModifiedDate": "2019-06-13T21:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-1000382", + "PkgName": "vim-minimal", + "InstalledVersion": "2:7.4.160-5.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000382", + "Title": "vim: Ignores umask when creating a swap file", + "Description": "VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file (\"[ORIGINAL_FILENAME].swp\") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 2.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "http://security.cucumberlinux.com/security/details.php?id=120", + "http://www.openwall.com/lists/oss-security/2017/10/31/1" + ], + "PublishedDate": "2017-10-31T20:29:00Z", + "LastModifiedDate": "2017-11-27T16:24:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11109", + "PkgName": "vim-minimal", + "InstalledVersion": "2:7.4.160-5.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11109", + "Title": "vim: Use-after-free via crafted file", + "Description": "Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. NOTE: there might be a limited number of scenarios in which this has security relevance.", + "Severity": "LOW", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1468492", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11109", + "https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html", + "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11109.html", + "https://www.mail-archive.com/vim_dev@googlegroups.com/msg45274.html" + ], + "PublishedDate": "2017-07-08T17:29:00Z", + "LastModifiedDate": "2019-08-03T13:15:00Z" + }, + { + "VulnerabilityID": "CVE-2017-17087", + "PkgName": "vim-minimal", + "InstalledVersion": "2:7.4.160-5.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17087", + "Title": "vim: Sets the group ownership of a .swp file to the editor's primary group", + "Description": "fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 2.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2017/11/27/2", + "http://security.cucumberlinux.com/security/details.php?id=166", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17087", + "https://github.com/vim/vim/commit/5a73e0ca54c77e067c3b12ea6f35e3e8681e8cf8", + "https://groups.google.com/d/msg/vim_dev/sRT9BtjLWMk/BRtSXNU4BwAJ", + "https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html" + ], + "PublishedDate": "2017-12-01T08:29:00Z", + "LastModifiedDate": "2019-08-03T13:15:00Z" + }, + { + "VulnerabilityID": "CVE-2017-5953", + "PkgName": "vim-minimal", + "InstalledVersion": "2:7.4.160-5.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-5953", + "Title": "vim: Tree length values not validated properly when handling a spell file", + "Description": "vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 2.5 + } + }, + "References": [ + "http://www.debian.org/security/2017/dsa-3786", + "http://www.securityfocus.com/bid/96217", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5953", + "https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d", + "https://groups.google.com/forum/#!topic/vim_dev/t-3RSdEnrHY", + "https://security.gentoo.org/glsa/201706-26", + "https://usn.ubuntu.com/4016-1/", + "https://usn.ubuntu.com/usn/usn-4016-1" + ], + "PublishedDate": "2017-02-10T07:59:00Z", + "LastModifiedDate": "2019-06-11T20:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-6350", + "PkgName": "vim-minimal", + "InstalledVersion": "2:7.4.160-5.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6350", + "Title": "vim: Integer overflow at an unserialize_uep memory allocation site", + "Description": "An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 2.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/96448", + "http://www.securitytracker.com/id/1037949", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6350", + "https://github.com/vim/vim/commit/0c8485f0e4931463c0f7986e1ea84a7d79f10c75", + "https://groups.google.com/forum/#!topic/vim_dev/L_dOHOOiQ5Q", + "https://groups.google.com/forum/#!topic/vim_dev/QPZc0CY9j3Y", + "https://security.gentoo.org/glsa/201706-26" + ], + "PublishedDate": "2017-02-27T07:59:00Z", + "LastModifiedDate": "2018-08-13T21:47:00Z" + } + ] + } + ] +} \ No newline at end of file diff --git a/integration/testdata/debian-buster-ignore-unfixed.json.golden b/integration/testdata/debian-buster-ignore-unfixed.json.golden index 489a0d47ff..b67c6bee0d 100644 --- a/integration/testdata/debian-buster-ignore-unfixed.json.golden +++ b/integration/testdata/debian-buster-ignore-unfixed.json.golden @@ -1,728 +1,777 @@ -[ - { - "Target": "testdata/fixtures/images/debian-buster.tar.gz (debian 10.1)", - "Class": "os-pkgs", - "Type": "debian", - "Vulnerabilities": [ - { - "VulnerabilityID": "CVE-2019-5094", - "PkgName": "e2fsprogs", - "InstalledVersion": "1.44.5-1+deb10u1", - "FixedVersion": "1.44.5-1+deb10u2", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" +{ + "SchemaVersion": 2, + "ArtifactName": "testdata/fixtures/images/debian-buster.tar.gz", + "ArtifactType": "container_image", + "Metadata": { + "OS": { + "Family": "debian", + "Name": "10.1" + }, + "ImageID": "sha256:c2c03a296d2329a4f3ab72a7bf38b78a8a80108204d326b0139d6af700e152d1", + "DiffIDs": [ + "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + ], + "ImageConfig": { + "architecture": "amd64", + "container": "cbb6a20ddb7dedfeee41aeb21e9780f14afbb0f47a6b1ffa514a1822f45d0a51", + "created": "2019-09-11T23:21:51.562946709Z", + "docker_version": "18.06.1-ce", + "history": [ + { + "created": "2019-09-11T23:21:51.123609274Z", + "created_by": "/bin/sh -c #(nop) ADD file:770e381defc5e4a0ba5df52265a96494b9f5d94309234cb3f7bc6b00e1d18f9a in / " }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", - "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", - "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 6.4 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", - "https://seclists.org/bugtraq/2019/Sep/58", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", - "https://usn.ubuntu.com/4142-2/", - "https://usn.ubuntu.com/usn/usn-4142-1", - "https://usn.ubuntu.com/usn/usn-4142-2", - "https://www.debian.org/security/2019/dsa-4535" - ], - "PublishedDate": "2019-09-24T22:15:00Z", - "LastModifiedDate": "2019-09-28T03:15:00Z" + { + "created": "2019-09-11T23:21:51.562946709Z", + "created_by": "/bin/sh -c #(nop) CMD [\"bash\"]", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + ] }, - { - "VulnerabilityID": "CVE-2019-5188", - "PkgName": "e2fsprogs", - "InstalledVersion": "1.44.5-1+deb10u1", - "FixedVersion": "1.44.5-1+deb10u3", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", - "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", - "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" + "config": { + "Cmd": [ + "bash" ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", - "https://usn.ubuntu.com/4249-1/", - "https://usn.ubuntu.com/usn/usn-4249-1" + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ], - "PublishedDate": "2020-01-08T16:15:00Z", - "LastModifiedDate": "2020-01-28T06:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5094", - "PkgName": "libcom-err2", - "InstalledVersion": "1.44.5-1+deb10u1", - "FixedVersion": "1.44.5-1+deb10u2", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", - "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", - "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 6.4 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", - "https://seclists.org/bugtraq/2019/Sep/58", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", - "https://usn.ubuntu.com/4142-2/", - "https://usn.ubuntu.com/usn/usn-4142-1", - "https://usn.ubuntu.com/usn/usn-4142-2", - "https://www.debian.org/security/2019/dsa-4535" - ], - "PublishedDate": "2019-09-24T22:15:00Z", - "LastModifiedDate": "2019-09-28T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5188", - "PkgName": "libcom-err2", - "InstalledVersion": "1.44.5-1+deb10u1", - "FixedVersion": "1.44.5-1+deb10u3", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", - "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", - "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", - "https://usn.ubuntu.com/4249-1/", - "https://usn.ubuntu.com/usn/usn-4249-1" - ], - "PublishedDate": "2020-01-08T16:15:00Z", - "LastModifiedDate": "2020-01-28T06:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5094", - "PkgName": "libext2fs2", - "InstalledVersion": "1.44.5-1+deb10u1", - "FixedVersion": "1.44.5-1+deb10u2", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", - "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", - "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 6.4 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", - "https://seclists.org/bugtraq/2019/Sep/58", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", - "https://usn.ubuntu.com/4142-2/", - "https://usn.ubuntu.com/usn/usn-4142-1", - "https://usn.ubuntu.com/usn/usn-4142-2", - "https://www.debian.org/security/2019/dsa-4535" - ], - "PublishedDate": "2019-09-24T22:15:00Z", - "LastModifiedDate": "2019-09-28T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5188", - "PkgName": "libext2fs2", - "InstalledVersion": "1.44.5-1+deb10u1", - "FixedVersion": "1.44.5-1+deb10u3", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", - "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", - "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", - "https://usn.ubuntu.com/4249-1/", - "https://usn.ubuntu.com/usn/usn-4249-1" - ], - "PublishedDate": "2020-01-08T16:15:00Z", - "LastModifiedDate": "2020-01-28T06:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-18224", - "PkgName": "libidn2-0", - "InstalledVersion": "2.0.5-1", - "FixedVersion": "2.0.5-1+deb10u1", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18224", - "Title": "libidn2: heap-based buffer overflow in idn2_to_ascii_4i in lib/lookup.c", - "Description": "idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.6 - } - }, - "References": [ - "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12420", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18224", - "https://github.com/libidn/libidn2/commit/e4d1558aa2c1c04a05066ee8600f37603890ba8c", - "https://github.com/libidn/libidn2/compare/libidn2-2.1.0...libidn2-2.1.1", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDQVQ2XPV5BTZUFINT7AFJSKNNBVURNJ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MINU5RKDFE6TKAFY5DRFN3WSFDS4DYVS/", - "https://usn.ubuntu.com/4168-1/", - "https://usn.ubuntu.com/usn/usn-4168-1" - ], - "PublishedDate": "2019-10-21T17:15:00Z", - "LastModifiedDate": "2019-10-29T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17594", - "PkgName": "libncursesw6", - "InstalledVersion": "6.1+20181013-2+deb10u1", - "FixedVersion": "6.1+20181013-2+deb10u2", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", - "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-26T15:35:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17595", - "PkgName": "libncursesw6", - "InstalledVersion": "6.1+20181013-2+deb10u1", - "FixedVersion": "6.1+20181013-2+deb10u2", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", - "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-23T19:26:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5094", - "PkgName": "libss2", - "InstalledVersion": "1.44.5-1+deb10u1", - "FixedVersion": "1.44.5-1+deb10u2", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", - "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", - "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 6.4 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", - "https://seclists.org/bugtraq/2019/Sep/58", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", - "https://usn.ubuntu.com/4142-2/", - "https://usn.ubuntu.com/usn/usn-4142-1", - "https://usn.ubuntu.com/usn/usn-4142-2", - "https://www.debian.org/security/2019/dsa-4535" - ], - "PublishedDate": "2019-09-24T22:15:00Z", - "LastModifiedDate": "2019-09-28T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5188", - "PkgName": "libss2", - "InstalledVersion": "1.44.5-1+deb10u1", - "FixedVersion": "1.44.5-1+deb10u3", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", - "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", - "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", - "https://usn.ubuntu.com/4249-1/", - "https://usn.ubuntu.com/usn/usn-4249-1" - ], - "PublishedDate": "2020-01-08T16:15:00Z", - "LastModifiedDate": "2020-01-28T06:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-15718", - "PkgName": "libsystemd0", - "InstalledVersion": "241-7~deb10u1", - "FixedVersion": "241-7~deb10u2", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-15718", - "Title": "systemd: systemd-resolved allows unprivileged users to configure DNS", - "Description": "In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-284" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 2.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-15718.html", - "http://linux.oracle.com/errata/ELSA-2019-3592.html", - "http://www.openwall.com/lists/oss-security/2019/09/03/1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1746057", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15718", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRE5IS24XTF5WNZGH2L7GSQJKARBOEGL/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIKGKXZ5OEGOEYURHLJHEMFYNLEGAW5B/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2WNHRJW4XI6H5YMDG4BUFGPAXWUMUVG/", - "https://usn.ubuntu.com/usn/usn-4120-1" - ], - "PublishedDate": "2019-09-04T12:15:00Z", - "LastModifiedDate": "2019-09-19T04:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17594", - "PkgName": "libtinfo6", - "InstalledVersion": "6.1+20181013-2+deb10u1", - "FixedVersion": "6.1+20181013-2+deb10u2", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", - "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-26T15:35:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17595", - "PkgName": "libtinfo6", - "InstalledVersion": "6.1+20181013-2+deb10u1", - "FixedVersion": "6.1+20181013-2+deb10u2", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", - "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-23T19:26:00Z" - }, - { - "VulnerabilityID": "CVE-2019-15718", - "PkgName": "libudev1", - "InstalledVersion": "241-7~deb10u1", - "FixedVersion": "241-7~deb10u2", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-15718", - "Title": "systemd: systemd-resolved allows unprivileged users to configure DNS", - "Description": "In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-284" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 2.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-15718.html", - "http://linux.oracle.com/errata/ELSA-2019-3592.html", - "http://www.openwall.com/lists/oss-security/2019/09/03/1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1746057", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15718", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRE5IS24XTF5WNZGH2L7GSQJKARBOEGL/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIKGKXZ5OEGOEYURHLJHEMFYNLEGAW5B/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2WNHRJW4XI6H5YMDG4BUFGPAXWUMUVG/", - "https://usn.ubuntu.com/usn/usn-4120-1" - ], - "PublishedDate": "2019-09-04T12:15:00Z", - "LastModifiedDate": "2019-09-19T04:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17594", - "PkgName": "ncurses-base", - "InstalledVersion": "6.1+20181013-2+deb10u1", - "FixedVersion": "6.1+20181013-2+deb10u2", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", - "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-26T15:35:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17595", - "PkgName": "ncurses-base", - "InstalledVersion": "6.1+20181013-2+deb10u1", - "FixedVersion": "6.1+20181013-2+deb10u2", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", - "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-23T19:26:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17594", - "PkgName": "ncurses-bin", - "InstalledVersion": "6.1+20181013-2+deb10u1", - "FixedVersion": "6.1+20181013-2+deb10u2", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", - "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-26T15:35:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17595", - "PkgName": "ncurses-bin", - "InstalledVersion": "6.1+20181013-2+deb10u1", - "FixedVersion": "6.1+20181013-2+deb10u2", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", - "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-23T19:26:00Z" + "Image": "sha256:5519bb349f72eef81944da56843c995b1b81ed67c8e7e48ac29dd6c543c1dd2d", + "ArgsEscaped": true } - ] - } -] \ No newline at end of file + } + }, + "Results": [ + { + "Target": "testdata/fixtures/images/debian-buster.tar.gz (debian 10.1)", + "Class": "os-pkgs", + "Type": "debian", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2019-5094", + "PkgName": "e2fsprogs", + "InstalledVersion": "1.44.5-1+deb10u1", + "FixedVersion": "1.44.5-1+deb10u2", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", + "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", + "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", + "https://seclists.org/bugtraq/2019/Sep/58", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", + "https://usn.ubuntu.com/4142-2/", + "https://usn.ubuntu.com/usn/usn-4142-1", + "https://usn.ubuntu.com/usn/usn-4142-2", + "https://www.debian.org/security/2019/dsa-4535" + ], + "PublishedDate": "2019-09-24T22:15:00Z", + "LastModifiedDate": "2019-09-28T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5188", + "PkgName": "e2fsprogs", + "InstalledVersion": "1.44.5-1+deb10u1", + "FixedVersion": "1.44.5-1+deb10u3", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", + "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", + "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", + "https://usn.ubuntu.com/4249-1/", + "https://usn.ubuntu.com/usn/usn-4249-1" + ], + "PublishedDate": "2020-01-08T16:15:00Z", + "LastModifiedDate": "2020-01-28T06:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5094", + "PkgName": "libcom-err2", + "InstalledVersion": "1.44.5-1+deb10u1", + "FixedVersion": "1.44.5-1+deb10u2", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", + "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", + "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", + "https://seclists.org/bugtraq/2019/Sep/58", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", + "https://usn.ubuntu.com/4142-2/", + "https://usn.ubuntu.com/usn/usn-4142-1", + "https://usn.ubuntu.com/usn/usn-4142-2", + "https://www.debian.org/security/2019/dsa-4535" + ], + "PublishedDate": "2019-09-24T22:15:00Z", + "LastModifiedDate": "2019-09-28T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5188", + "PkgName": "libcom-err2", + "InstalledVersion": "1.44.5-1+deb10u1", + "FixedVersion": "1.44.5-1+deb10u3", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", + "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", + "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", + "https://usn.ubuntu.com/4249-1/", + "https://usn.ubuntu.com/usn/usn-4249-1" + ], + "PublishedDate": "2020-01-08T16:15:00Z", + "LastModifiedDate": "2020-01-28T06:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5094", + "PkgName": "libext2fs2", + "InstalledVersion": "1.44.5-1+deb10u1", + "FixedVersion": "1.44.5-1+deb10u2", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", + "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", + "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", + "https://seclists.org/bugtraq/2019/Sep/58", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", + "https://usn.ubuntu.com/4142-2/", + "https://usn.ubuntu.com/usn/usn-4142-1", + "https://usn.ubuntu.com/usn/usn-4142-2", + "https://www.debian.org/security/2019/dsa-4535" + ], + "PublishedDate": "2019-09-24T22:15:00Z", + "LastModifiedDate": "2019-09-28T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5188", + "PkgName": "libext2fs2", + "InstalledVersion": "1.44.5-1+deb10u1", + "FixedVersion": "1.44.5-1+deb10u3", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", + "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", + "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", + "https://usn.ubuntu.com/4249-1/", + "https://usn.ubuntu.com/usn/usn-4249-1" + ], + "PublishedDate": "2020-01-08T16:15:00Z", + "LastModifiedDate": "2020-01-28T06:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-18224", + "PkgName": "libidn2-0", + "InstalledVersion": "2.0.5-1", + "FixedVersion": "2.0.5-1+deb10u1", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18224", + "Title": "libidn2: heap-based buffer overflow in idn2_to_ascii_4i in lib/lookup.c", + "Description": "idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.6 + } + }, + "References": [ + "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18224", + "https://github.com/libidn/libidn2/commit/e4d1558aa2c1c04a05066ee8600f37603890ba8c", + "https://github.com/libidn/libidn2/compare/libidn2-2.1.0...libidn2-2.1.1", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDQVQ2XPV5BTZUFINT7AFJSKNNBVURNJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MINU5RKDFE6TKAFY5DRFN3WSFDS4DYVS/", + "https://usn.ubuntu.com/4168-1/", + "https://usn.ubuntu.com/usn/usn-4168-1" + ], + "PublishedDate": "2019-10-21T17:15:00Z", + "LastModifiedDate": "2019-10-29T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17594", + "PkgName": "libncursesw6", + "InstalledVersion": "6.1+20181013-2+deb10u1", + "FixedVersion": "6.1+20181013-2+deb10u2", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", + "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-26T15:35:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17595", + "PkgName": "libncursesw6", + "InstalledVersion": "6.1+20181013-2+deb10u1", + "FixedVersion": "6.1+20181013-2+deb10u2", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", + "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V2Score": 5.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 5.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-23T19:26:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5094", + "PkgName": "libss2", + "InstalledVersion": "1.44.5-1+deb10u1", + "FixedVersion": "1.44.5-1+deb10u2", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", + "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", + "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", + "https://seclists.org/bugtraq/2019/Sep/58", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", + "https://usn.ubuntu.com/4142-2/", + "https://usn.ubuntu.com/usn/usn-4142-1", + "https://usn.ubuntu.com/usn/usn-4142-2", + "https://www.debian.org/security/2019/dsa-4535" + ], + "PublishedDate": "2019-09-24T22:15:00Z", + "LastModifiedDate": "2019-09-28T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5188", + "PkgName": "libss2", + "InstalledVersion": "1.44.5-1+deb10u1", + "FixedVersion": "1.44.5-1+deb10u3", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", + "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", + "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", + "https://usn.ubuntu.com/4249-1/", + "https://usn.ubuntu.com/usn/usn-4249-1" + ], + "PublishedDate": "2020-01-08T16:15:00Z", + "LastModifiedDate": "2020-01-28T06:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-15718", + "PkgName": "libsystemd0", + "InstalledVersion": "241-7~deb10u1", + "FixedVersion": "241-7~deb10u2", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-15718", + "Title": "systemd: systemd-resolved allows unprivileged users to configure DNS", + "Description": "In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-284" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 2.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-15718.html", + "http://linux.oracle.com/errata/ELSA-2019-3592.html", + "http://www.openwall.com/lists/oss-security/2019/09/03/1", + "https://bugzilla.redhat.com/show_bug.cgi?id=1746057", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15718", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRE5IS24XTF5WNZGH2L7GSQJKARBOEGL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIKGKXZ5OEGOEYURHLJHEMFYNLEGAW5B/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2WNHRJW4XI6H5YMDG4BUFGPAXWUMUVG/", + "https://usn.ubuntu.com/usn/usn-4120-1" + ], + "PublishedDate": "2019-09-04T12:15:00Z", + "LastModifiedDate": "2019-09-19T04:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17594", + "PkgName": "libtinfo6", + "InstalledVersion": "6.1+20181013-2+deb10u1", + "FixedVersion": "6.1+20181013-2+deb10u2", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", + "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-26T15:35:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17595", + "PkgName": "libtinfo6", + "InstalledVersion": "6.1+20181013-2+deb10u1", + "FixedVersion": "6.1+20181013-2+deb10u2", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", + "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V2Score": 5.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 5.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-23T19:26:00Z" + }, + { + "VulnerabilityID": "CVE-2019-15718", + "PkgName": "libudev1", + "InstalledVersion": "241-7~deb10u1", + "FixedVersion": "241-7~deb10u2", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-15718", + "Title": "systemd: systemd-resolved allows unprivileged users to configure DNS", + "Description": "In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-284" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 2.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-15718.html", + "http://linux.oracle.com/errata/ELSA-2019-3592.html", + "http://www.openwall.com/lists/oss-security/2019/09/03/1", + "https://bugzilla.redhat.com/show_bug.cgi?id=1746057", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15718", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRE5IS24XTF5WNZGH2L7GSQJKARBOEGL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIKGKXZ5OEGOEYURHLJHEMFYNLEGAW5B/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2WNHRJW4XI6H5YMDG4BUFGPAXWUMUVG/", + "https://usn.ubuntu.com/usn/usn-4120-1" + ], + "PublishedDate": "2019-09-04T12:15:00Z", + "LastModifiedDate": "2019-09-19T04:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17594", + "PkgName": "ncurses-base", + "InstalledVersion": "6.1+20181013-2+deb10u1", + "FixedVersion": "6.1+20181013-2+deb10u2", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", + "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-26T15:35:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17595", + "PkgName": "ncurses-base", + "InstalledVersion": "6.1+20181013-2+deb10u1", + "FixedVersion": "6.1+20181013-2+deb10u2", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", + "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V2Score": 5.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 5.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-23T19:26:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17594", + "PkgName": "ncurses-bin", + "InstalledVersion": "6.1+20181013-2+deb10u1", + "FixedVersion": "6.1+20181013-2+deb10u2", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", + "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-26T15:35:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17595", + "PkgName": "ncurses-bin", + "InstalledVersion": "6.1+20181013-2+deb10u1", + "FixedVersion": "6.1+20181013-2+deb10u2", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", + "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V2Score": 5.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 5.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-23T19:26:00Z" + } + ] + } + ] +} \ No newline at end of file diff --git a/integration/testdata/debian-buster.json.golden b/integration/testdata/debian-buster.json.golden index 3b7bcfc552..d9423ca494 100644 --- a/integration/testdata/debian-buster.json.golden +++ b/integration/testdata/debian-buster.json.golden @@ -1,3260 +1,3309 @@ -[ - { - "Target": "testdata/fixtures/images/debian-buster.tar.gz (debian 10.1)", - "Class": "os-pkgs", - "Type": "debian", - "Vulnerabilities": [ - { - "VulnerabilityID": "CVE-2011-3374", - "PkgName": "apt", - "InstalledVersion": "1.8.2", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" +{ + "SchemaVersion": 2, + "ArtifactName": "testdata/fixtures/images/debian-buster.tar.gz", + "ArtifactType": "container_image", + "Metadata": { + "OS": { + "Family": "debian", + "Name": "10.1" + }, + "ImageID": "sha256:c2c03a296d2329a4f3ab72a7bf38b78a8a80108204d326b0139d6af700e152d1", + "DiffIDs": [ + "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + ], + "ImageConfig": { + "architecture": "amd64", + "container": "cbb6a20ddb7dedfeee41aeb21e9780f14afbb0f47a6b1ffa514a1822f45d0a51", + "created": "2019-09-11T23:21:51.562946709Z", + "docker_version": "18.06.1-ce", + "history": [ + { + "created": "2019-09-11T23:21:51.123609274Z", + "created_by": "/bin/sh -c #(nop) ADD file:770e381defc5e4a0ba5df52265a96494b9f5d94309234cb3f7bc6b00e1d18f9a in / " }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-3374", - "Description": "It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-347" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "https://access.redhat.com/security/cve/cve-2011-3374", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480", - "https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html", - "https://security-tracker.debian.org/tracker/CVE-2011-3374", - "https://snyk.io/vuln/SNYK-LINUX-APT-116518" - ], - "PublishedDate": "2019-11-26T00:15:00Z", - "LastModifiedDate": "2019-12-04T15:35:00Z" - }, - { - "VulnerabilityID": "CVE-2019-18276", - "PkgName": "bash", - "InstalledVersion": "5.0-4", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18276", - "Title": "bash: when effective UID is not equal to its real UID the saved UID is not dropped", - "Description": "An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support \"saved UID\" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use \"enable -f\" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.", - "Severity": "LOW", - "CweIDs": [ - "CWE-273" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V2Score": 7.2 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276", - "https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff", - "https://www.youtube.com/watch?v=-wGtxJ8opa8" - ], - "PublishedDate": "2019-11-28T01:15:00Z", - "LastModifiedDate": "2020-01-22T14:27:00Z" - }, - { - "VulnerabilityID": "TEMP-0841856-B18BAF", - "PkgName": "bash", - "InstalledVersion": "5.0-4", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://security-tracker.debian.org/tracker/TEMP-0841856-B18BAF", - "Severity": "LOW" - }, - { - "VulnerabilityID": "CVE-2016-2781", - "PkgName": "coreutils", - "InstalledVersion": "8.30-3", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2781", - "Title": "coreutils: Non-privileged session can escape to the parent session in chroot", - "Description": "chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", - "V2Score": 2.1, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 6.2, - "V3Score": 8.6 - } - }, - "References": [ - "http://seclists.org/oss-sec/2016/q1/452", - "http://www.openwall.com/lists/oss-security/2016/02/28/2", - "http://www.openwall.com/lists/oss-security/2016/02/28/3", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2781" - ], - "PublishedDate": "2017-02-07T15:59:00Z", - "LastModifiedDate": "2017-02-27T19:32:00Z" - }, - { - "VulnerabilityID": "CVE-2017-18018", - "PkgName": "coreutils", - "InstalledVersion": "8.30-3", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18018", - "Title": "coreutils: race condition vulnerability in chown and chgrp", - "Description": "In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX \"-R -L\" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.", - "Severity": "LOW", - "CweIDs": [ - "CWE-362" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 4.2 - } - }, - "References": [ - "http://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html" - ], - "PublishedDate": "2018-01-04T04:29:00Z", - "LastModifiedDate": "2018-01-19T15:46:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5094", - "PkgName": "e2fsprogs", - "InstalledVersion": "1.44.5-1+deb10u1", - "FixedVersion": "1.44.5-1+deb10u2", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", - "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", - "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 6.4 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", - "https://seclists.org/bugtraq/2019/Sep/58", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", - "https://usn.ubuntu.com/4142-2/", - "https://usn.ubuntu.com/usn/usn-4142-1", - "https://usn.ubuntu.com/usn/usn-4142-2", - "https://www.debian.org/security/2019/dsa-4535" - ], - "PublishedDate": "2019-09-24T22:15:00Z", - "LastModifiedDate": "2019-09-28T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5188", - "PkgName": "e2fsprogs", - "InstalledVersion": "1.44.5-1+deb10u1", - "FixedVersion": "1.44.5-1+deb10u3", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", - "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", - "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", - "https://usn.ubuntu.com/4249-1/", - "https://usn.ubuntu.com/usn/usn-4249-1" - ], - "PublishedDate": "2020-01-08T16:15:00Z", - "LastModifiedDate": "2020-01-28T06:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12886", - "PkgName": "gcc-8-base", - "InstalledVersion": "8.3.0-6", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12886", - "Title": "gcc: spilling of stack protection address in cfgexpand.c and function.c leads to stack-overflow protection bypass", - "Description": "stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", - "V3Score": 6.8 - } - }, - "References": [ - "https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=266379\u0026view=markup", - "https://www.gnu.org/software/gcc/gcc-8/changes.html" - ], - "PublishedDate": "2019-05-22T19:29:00Z", - "LastModifiedDate": "2019-05-23T13:50:00Z" - }, - { - "VulnerabilityID": "CVE-2019-15847", - "PkgName": "gcc-8-base", - "InstalledVersion": "8.3.0-6", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-15847", - "Title": "gcc: POWER9 \"DARN\" RNG intrinsic produces repeated output", - "Description": "The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-331" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 7.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00056.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00057.html", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91481" - ], - "PublishedDate": "2019-09-02T23:15:00Z", - "LastModifiedDate": "2019-10-22T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-14855", - "PkgName": "gpgv", - "InstalledVersion": "2.2.12-1+deb10u1", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14855", - "Description": "Web of Trust forgeries using collisions in SHA-1 signatures.", - "Severity": "LOW", - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14855", - "https://eprint.iacr.org/2020/014.pdf" + { + "created": "2019-09-11T23:21:51.562946709Z", + "created_by": "/bin/sh -c #(nop) CMD [\"bash\"]", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" ] }, - { - "VulnerabilityID": "CVE-2011-3374", - "PkgName": "libapt-pkg5.0", - "InstalledVersion": "1.8.2", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-3374", - "Description": "It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-347" + "config": { + "Cmd": [ + "bash" ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "https://access.redhat.com/security/cve/cve-2011-3374", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480", - "https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html", - "https://security-tracker.debian.org/tracker/CVE-2011-3374", - "https://snyk.io/vuln/SNYK-LINUX-APT-116518" + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ], - "PublishedDate": "2019-11-26T00:15:00Z", - "LastModifiedDate": "2019-12-04T15:35:00Z" - }, - { - "VulnerabilityID": "CVE-2010-4051", - "PkgName": "libc-bin", - "InstalledVersion": "2.28-10", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4051", - "Title": "CVE-2010-4052 glibc: De-recursivise regular expression engine", - "Description": "The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a \"RE_DUP_MAX overflow.\"", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://cxib.net/stuff/proftpd.gnu.c", - "http://seclists.org/fulldisclosure/2011/Jan/78", - "http://secunia.com/advisories/42547", - "http://securityreason.com/achievement_securityalert/93", - "http://securityreason.com/securityalert/8003", - "http://securitytracker.com/id?1024832", - "http://www.exploit-db.com/exploits/15935", - "http://www.kb.cert.org/vuls/id/912279", - "http://www.securityfocus.com/archive/1/515589/100/0/threaded", - "http://www.securityfocus.com/bid/45233", - "https://bugzilla.redhat.com/show_bug.cgi?id=645859" - ], - "PublishedDate": "2011-01-13T19:00:00Z", - "LastModifiedDate": "2018-10-10T20:06:00Z" - }, - { - "VulnerabilityID": "CVE-2010-4052", - "PkgName": "libc-bin", - "InstalledVersion": "2.28-10", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4052", - "Title": "CVE-2010-4051 CVE-2010-4052 glibc: De-recursivise regular expression engine", - "Description": "Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://cxib.net/stuff/proftpd.gnu.c", - "http://seclists.org/fulldisclosure/2011/Jan/78", - "http://secunia.com/advisories/42547", - "http://securityreason.com/achievement_securityalert/93", - "http://securityreason.com/securityalert/8003", - "http://securitytracker.com/id?1024832", - "http://www.exploit-db.com/exploits/15935", - "http://www.kb.cert.org/vuls/id/912279", - "http://www.securityfocus.com/archive/1/515589/100/0/threaded", - "http://www.securityfocus.com/bid/45233", - "https://bugzilla.redhat.com/show_bug.cgi?id=645859" - ], - "PublishedDate": "2011-01-13T19:00:00Z", - "LastModifiedDate": "2018-10-10T20:06:00Z" - }, - { - "VulnerabilityID": "CVE-2010-4756", - "PkgName": "libc-bin", - "InstalledVersion": "2.28-10", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4756", - "Title": "glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions", - "Description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "V2Score": 4 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223" - ], - "PublishedDate": "2011-03-02T20:00:00Z", - "LastModifiedDate": "2011-03-04T05:00:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10228", - "PkgName": "libc-bin", - "InstalledVersion": "2.28-10", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228", - "Title": "glibc: iconv program can hang when invoked with the -c option", - "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2017/03/01/10", - "http://www.securityfocus.com/bid/96525", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228", - "https://sourceware.org/bugzilla/show_bug.cgi?id=19519" - ], - "PublishedDate": "2017-03-02T01:59:00Z", - "LastModifiedDate": "2017-03-04T02:59:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20796", - "PkgName": "libc-bin", - "InstalledVersion": "2.28-10", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20796", - "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", - "Severity": "LOW", - "CweIDs": [ - "CWE-674" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", - "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-11-05T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010022", - "PkgName": "libc-bin", - "InstalledVersion": "2.28-10", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010022", - "Title": "glibc: stack guard protection bypass", - "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850" - ], - "PublishedDate": "2019-07-15T04:15:00Z", - "LastModifiedDate": "2019-07-18T15:44:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010023", - "PkgName": "libc-bin", - "InstalledVersion": "2.28-10", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010023", - "Title": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", - "Description": "GNU Libc current is affected by: Re-mapping current loaded libray with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://www.securityfocus.com/bid/109167", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", - "https://support.f5.com/csp/article/K11932200?utm_source=f5support\u0026amp;utm_medium=RSS" - ], - "PublishedDate": "2019-07-15T04:15:00Z", - "LastModifiedDate": "2019-10-09T20:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010024", - "PkgName": "libc-bin", - "InstalledVersion": "2.28-10", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010024", - "Title": "glibc: ASLR bypass using cache of thread stack and heap", - "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/109162", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", - "https://support.f5.com/csp/article/K06046097" - ], - "PublishedDate": "2019-07-15T04:15:00Z", - "LastModifiedDate": "2019-09-20T07:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010025", - "PkgName": "libc-bin", - "InstalledVersion": "2.28-10", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010025", - "Title": "glibc: information disclosure of heap addresses of pthread_created thread", - "Description": "** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 2.9 - } - }, - "References": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=22853" - ], - "PublishedDate": "2019-07-15T04:15:00Z", - "LastModifiedDate": "2019-08-05T22:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19126", - "PkgName": "libc-bin", - "InstalledVersion": "2.28-10", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19126", - "Title": "glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries", - "Description": "On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 2.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 2.9 - } - }, - "References": [ - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFJ5E7NWOL6ROE5QVICHKIOUGCPFJVUH/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=25204" - ], - "PublishedDate": "2019-11-19T22:15:00Z", - "LastModifiedDate": "2020-01-21T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9192", - "PkgName": "libc-bin", - "InstalledVersion": "2.28-10", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9192", - "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", - "Description": "** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.8 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" - ], - "PublishedDate": "2019-02-26T18:29:00Z", - "LastModifiedDate": "2019-11-05T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2010-4051", - "PkgName": "libc6", - "InstalledVersion": "2.28-10", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4051", - "Title": "CVE-2010-4052 glibc: De-recursivise regular expression engine", - "Description": "The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a \"RE_DUP_MAX overflow.\"", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://cxib.net/stuff/proftpd.gnu.c", - "http://seclists.org/fulldisclosure/2011/Jan/78", - "http://secunia.com/advisories/42547", - "http://securityreason.com/achievement_securityalert/93", - "http://securityreason.com/securityalert/8003", - "http://securitytracker.com/id?1024832", - "http://www.exploit-db.com/exploits/15935", - "http://www.kb.cert.org/vuls/id/912279", - "http://www.securityfocus.com/archive/1/515589/100/0/threaded", - "http://www.securityfocus.com/bid/45233", - "https://bugzilla.redhat.com/show_bug.cgi?id=645859" - ], - "PublishedDate": "2011-01-13T19:00:00Z", - "LastModifiedDate": "2018-10-10T20:06:00Z" - }, - { - "VulnerabilityID": "CVE-2010-4052", - "PkgName": "libc6", - "InstalledVersion": "2.28-10", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4052", - "Title": "CVE-2010-4051 CVE-2010-4052 glibc: De-recursivise regular expression engine", - "Description": "Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://cxib.net/stuff/proftpd.gnu.c", - "http://seclists.org/fulldisclosure/2011/Jan/78", - "http://secunia.com/advisories/42547", - "http://securityreason.com/achievement_securityalert/93", - "http://securityreason.com/securityalert/8003", - "http://securitytracker.com/id?1024832", - "http://www.exploit-db.com/exploits/15935", - "http://www.kb.cert.org/vuls/id/912279", - "http://www.securityfocus.com/archive/1/515589/100/0/threaded", - "http://www.securityfocus.com/bid/45233", - "https://bugzilla.redhat.com/show_bug.cgi?id=645859" - ], - "PublishedDate": "2011-01-13T19:00:00Z", - "LastModifiedDate": "2018-10-10T20:06:00Z" - }, - { - "VulnerabilityID": "CVE-2010-4756", - "PkgName": "libc6", - "InstalledVersion": "2.28-10", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4756", - "Title": "glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions", - "Description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "V2Score": 4 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223" - ], - "PublishedDate": "2011-03-02T20:00:00Z", - "LastModifiedDate": "2011-03-04T05:00:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10228", - "PkgName": "libc6", - "InstalledVersion": "2.28-10", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228", - "Title": "glibc: iconv program can hang when invoked with the -c option", - "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2017/03/01/10", - "http://www.securityfocus.com/bid/96525", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228", - "https://sourceware.org/bugzilla/show_bug.cgi?id=19519" - ], - "PublishedDate": "2017-03-02T01:59:00Z", - "LastModifiedDate": "2017-03-04T02:59:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20796", - "PkgName": "libc6", - "InstalledVersion": "2.28-10", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20796", - "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", - "Severity": "LOW", - "CweIDs": [ - "CWE-674" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", - "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-11-05T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010022", - "PkgName": "libc6", - "InstalledVersion": "2.28-10", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010022", - "Title": "glibc: stack guard protection bypass", - "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850" - ], - "PublishedDate": "2019-07-15T04:15:00Z", - "LastModifiedDate": "2019-07-18T15:44:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010023", - "PkgName": "libc6", - "InstalledVersion": "2.28-10", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010023", - "Title": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", - "Description": "GNU Libc current is affected by: Re-mapping current loaded libray with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://www.securityfocus.com/bid/109167", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", - "https://support.f5.com/csp/article/K11932200?utm_source=f5support\u0026amp;utm_medium=RSS" - ], - "PublishedDate": "2019-07-15T04:15:00Z", - "LastModifiedDate": "2019-10-09T20:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010024", - "PkgName": "libc6", - "InstalledVersion": "2.28-10", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010024", - "Title": "glibc: ASLR bypass using cache of thread stack and heap", - "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/109162", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", - "https://support.f5.com/csp/article/K06046097" - ], - "PublishedDate": "2019-07-15T04:15:00Z", - "LastModifiedDate": "2019-09-20T07:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010025", - "PkgName": "libc6", - "InstalledVersion": "2.28-10", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010025", - "Title": "glibc: information disclosure of heap addresses of pthread_created thread", - "Description": "** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 2.9 - } - }, - "References": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=22853" - ], - "PublishedDate": "2019-07-15T04:15:00Z", - "LastModifiedDate": "2019-08-05T22:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19126", - "PkgName": "libc6", - "InstalledVersion": "2.28-10", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19126", - "Title": "glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries", - "Description": "On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 2.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 2.9 - } - }, - "References": [ - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFJ5E7NWOL6ROE5QVICHKIOUGCPFJVUH/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=25204" - ], - "PublishedDate": "2019-11-19T22:15:00Z", - "LastModifiedDate": "2020-01-21T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9192", - "PkgName": "libc6", - "InstalledVersion": "2.28-10", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9192", - "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", - "Description": "** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.8 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" - ], - "PublishedDate": "2019-02-26T18:29:00Z", - "LastModifiedDate": "2019-11-05T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5094", - "PkgName": "libcom-err2", - "InstalledVersion": "1.44.5-1+deb10u1", - "FixedVersion": "1.44.5-1+deb10u2", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", - "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", - "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 6.4 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", - "https://seclists.org/bugtraq/2019/Sep/58", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", - "https://usn.ubuntu.com/4142-2/", - "https://usn.ubuntu.com/usn/usn-4142-1", - "https://usn.ubuntu.com/usn/usn-4142-2", - "https://www.debian.org/security/2019/dsa-4535" - ], - "PublishedDate": "2019-09-24T22:15:00Z", - "LastModifiedDate": "2019-09-28T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5188", - "PkgName": "libcom-err2", - "InstalledVersion": "1.44.5-1+deb10u1", - "FixedVersion": "1.44.5-1+deb10u3", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", - "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", - "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", - "https://usn.ubuntu.com/4249-1/", - "https://usn.ubuntu.com/usn/usn-4249-1" - ], - "PublishedDate": "2020-01-08T16:15:00Z", - "LastModifiedDate": "2020-01-28T06:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5094", - "PkgName": "libext2fs2", - "InstalledVersion": "1.44.5-1+deb10u1", - "FixedVersion": "1.44.5-1+deb10u2", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", - "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", - "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 6.4 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", - "https://seclists.org/bugtraq/2019/Sep/58", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", - "https://usn.ubuntu.com/4142-2/", - "https://usn.ubuntu.com/usn/usn-4142-1", - "https://usn.ubuntu.com/usn/usn-4142-2", - "https://www.debian.org/security/2019/dsa-4535" - ], - "PublishedDate": "2019-09-24T22:15:00Z", - "LastModifiedDate": "2019-09-28T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5188", - "PkgName": "libext2fs2", - "InstalledVersion": "1.44.5-1+deb10u1", - "FixedVersion": "1.44.5-1+deb10u3", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", - "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", - "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", - "https://usn.ubuntu.com/4249-1/", - "https://usn.ubuntu.com/usn/usn-4249-1" - ], - "PublishedDate": "2020-01-08T16:15:00Z", - "LastModifiedDate": "2020-01-28T06:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12886", - "PkgName": "libgcc1", - "InstalledVersion": "8.3.0-6", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12886", - "Title": "gcc: spilling of stack protection address in cfgexpand.c and function.c leads to stack-overflow protection bypass", - "Description": "stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", - "V3Score": 6.8 - } - }, - "References": [ - "https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=266379\u0026view=markup", - "https://www.gnu.org/software/gcc/gcc-8/changes.html" - ], - "PublishedDate": "2019-05-22T19:29:00Z", - "LastModifiedDate": "2019-05-23T13:50:00Z" - }, - { - "VulnerabilityID": "CVE-2019-15847", - "PkgName": "libgcc1", - "InstalledVersion": "8.3.0-6", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-15847", - "Title": "gcc: POWER9 \"DARN\" RNG intrinsic produces repeated output", - "Description": "The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-331" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 7.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00056.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00057.html", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91481" - ], - "PublishedDate": "2019-09-02T23:15:00Z", - "LastModifiedDate": "2019-10-22T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-12904", - "PkgName": "libgcrypt20", - "InstalledVersion": "1.8.4-5", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12904", - "Title": "Libgcrypt: physical addresses being available to other processes leads to a flush-and-reload side-channel attack", - "Description": "In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.)", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00049.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12904", - "https://dev.gnupg.org/T4541", - "https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020", - "https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762", - "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html" - ], - "PublishedDate": "2019-06-20T00:15:00Z", - "LastModifiedDate": "2019-07-23T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13627", - "PkgName": "libgcrypt20", - "InstalledVersion": "1.8.4-5", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13627", - "Title": "libgcrypt: ECDSA timing attack in the libgcrypt20 cryptographic library", - "Description": "It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-362" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", - "V3Score": 6.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00060.html", - "http://www.openwall.com/lists/oss-security/2019/10/02/2", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13627", - "https://dev.gnupg.org/T4683", - "https://github.com/gpg/libgcrypt/releases/tag/libgcrypt-1.8.5", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00024.html", - "https://minerva.crocs.fi.muni.cz/", - "https://security-tracker.debian.org/tracker/CVE-2019-13627", - "https://usn.ubuntu.com/usn/usn-4236-1", - "https://usn.ubuntu.com/usn/usn-4236-2", - "https://usn.ubuntu.com/usn/usn-4236-3" - ], - "PublishedDate": "2019-09-25T15:15:00Z", - "LastModifiedDate": "2019-10-03T00:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6829", - "PkgName": "libgcrypt20", - "InstalledVersion": "1.8.4-5", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6829", - "Title": "libgcrypt: ElGamal implementation doesn't have semantic security due to incorrectly encoded plaintexts possibly allowing to obtain sensitive information", - "Description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", - "Severity": "LOW", - "CweIDs": [ - "CWE-327" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 5.3 - } - }, - "References": [ - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", - "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", - "https://www.oracle.com/security-alerts/cpujan2020.html" - ], - "PublishedDate": "2018-02-07T23:29:00Z", - "LastModifiedDate": "2020-01-15T20:15:00Z" - }, - { - "VulnerabilityID": "CVE-2011-3389", - "PkgName": "libgnutls30", - "InstalledVersion": "3.6.7-4", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-3389", - "Title": "HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)", - "Description": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://arcticdog.wordpress.com/2012/08/29/beast-openssl-and-apache/", - "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/", - "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx", - "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx", - "http://curl.haxx.se/docs/adv_20120124B.html", - "http://downloads.asterisk.org/pub/security/AST-2016-001.html", - "http://ekoparty.org/2011/juliano-rizzo.php", - "http://eprint.iacr.org/2004/111", - "http://eprint.iacr.org/2006/136", - "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html", - "http://isc.sans.edu/diary/SSL+TLS+part+3+/11635", - "http://linux.oracle.com/cve/CVE-2011-3389.html", - "http://linux.oracle.com/errata/ELSA-2011-1380.html", - "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html", - "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html", - "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html", - "http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html", - "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html", - "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html", - "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html", - "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html", - "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html", - "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html", - "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2", - "http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue", - "http://osvdb.org/74829", - "http://rhn.redhat.com/errata/RHSA-2012-0508.html", - "http://rhn.redhat.com/errata/RHSA-2013-1455.html", - "http://secunia.com/advisories/45791", - "http://secunia.com/advisories/47998", - "http://secunia.com/advisories/48256", - "http://secunia.com/advisories/48692", - "http://secunia.com/advisories/48915", - "http://secunia.com/advisories/48948", - "http://secunia.com/advisories/49198", - "http://secunia.com/advisories/55322", - "http://secunia.com/advisories/55350", - "http://secunia.com/advisories/55351", - "http://security.gentoo.org/glsa/glsa-201203-02.xml", - "http://security.gentoo.org/glsa/glsa-201406-32.xml", - "http://support.apple.com/kb/HT4999", - "http://support.apple.com/kb/HT5001", - "http://support.apple.com/kb/HT5130", - "http://support.apple.com/kb/HT5281", - "http://support.apple.com/kb/HT5501", - "http://support.apple.com/kb/HT6150", - "http://technet.microsoft.com/security/advisory/2588513", - "http://vnhacker.blogspot.com/2011/09/beast.html", - "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf", - "http://www.debian.org/security/2012/dsa-2398", - "http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html", - "http://www.ibm.com/developerworks/java/jdk/alerts/", - "http://www.imperialviolet.org/2011/09/23/chromeandbeast.html", - "http://www.insecure.cl/Beast-SSL.rar", - "http://www.kb.cert.org/vuls/id/864643", - "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058", - "http://www.opera.com/docs/changelogs/mac/1151/", - "http://www.opera.com/docs/changelogs/mac/1160/", - "http://www.opera.com/docs/changelogs/unix/1151/", - "http://www.opera.com/docs/changelogs/unix/1160/", - "http://www.opera.com/docs/changelogs/windows/1151/", - "http://www.opera.com/docs/changelogs/windows/1160/", - "http://www.opera.com/support/kb/view/1004/", - "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", - "http://www.redhat.com/support/errata/RHSA-2011-1384.html", - "http://www.redhat.com/support/errata/RHSA-2012-0006.html", - "http://www.securityfocus.com/bid/49388", - "http://www.securityfocus.com/bid/49778", - "http://www.securitytracker.com/id/1029190", - "http://www.securitytracker.com/id?1025997", - "http://www.securitytracker.com/id?1026103", - "http://www.securitytracker.com/id?1026704", - "http://www.ubuntu.com/usn/USN-1263-1", - "http://www.us-cert.gov/cas/techalerts/TA12-010A.html", - "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail", - "https://bugzilla.novell.com/show_bug.cgi?id=719047", - "https://bugzilla.redhat.com/show_bug.cgi?id=737506", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389", - "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006", - "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862", - "https://hermes.opensuse.org/messages/13154861", - "https://hermes.opensuse.org/messages/13155432", - "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", - "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752", - "https://usn.ubuntu.com/usn/usn-1263-1" - ], - "PublishedDate": "2011-09-06T19:55:00Z", - "LastModifiedDate": "2018-10-12T22:01:00Z" - }, - { - "VulnerabilityID": "CVE-2019-18224", - "PkgName": "libidn2-0", - "InstalledVersion": "2.0.5-1", - "FixedVersion": "2.0.5-1+deb10u1", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18224", - "Title": "libidn2: heap-based buffer overflow in idn2_to_ascii_4i in lib/lookup.c", - "Description": "idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.6 - } - }, - "References": [ - "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12420", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18224", - "https://github.com/libidn/libidn2/commit/e4d1558aa2c1c04a05066ee8600f37603890ba8c", - "https://github.com/libidn/libidn2/compare/libidn2-2.1.0...libidn2-2.1.1", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDQVQ2XPV5BTZUFINT7AFJSKNNBVURNJ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MINU5RKDFE6TKAFY5DRFN3WSFDS4DYVS/", - "https://usn.ubuntu.com/4168-1/", - "https://usn.ubuntu.com/usn/usn-4168-1" - ], - "PublishedDate": "2019-10-21T17:15:00Z", - "LastModifiedDate": "2019-10-29T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-12290", - "PkgName": "libidn2-0", - "InstalledVersion": "2.0.5-1", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12290", - "Description": "GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V2Score": 5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12290", - "https://gitlab.com/libidn/libidn2/commit/241e8f486134793cb0f4a5b0e5817a97883401f5", - "https://gitlab.com/libidn/libidn2/commit/614117ef6e4c60e1950d742e3edf0a0ef8d389de", - "https://gitlab.com/libidn/libidn2/merge_requests/71", - "https://usn.ubuntu.com/4168-1/", - "https://usn.ubuntu.com/usn/usn-4168-1" - ], - "PublishedDate": "2019-10-22T16:15:00Z", - "LastModifiedDate": "2019-10-29T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17543", - "PkgName": "liblz4-1", - "InstalledVersion": "1.8.3-1", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17543", - "Title": "lz4: heap-based buffer overflow in LZ4_write32", - "Description": "LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states \"only a few specific / uncommon usages of the API are at risk.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-120" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00069.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00070.html", - "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15941", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17543", - "https://github.com/lz4/lz4/compare/v1.9.1...v1.9.2", - "https://github.com/lz4/lz4/issues/801", - "https://github.com/lz4/lz4/pull/756", - "https://github.com/lz4/lz4/pull/760", - "https://lists.apache.org/thread.html/25015588b770d67470b7ba7ea49a305d6735dd7f00eabe7d50ec1e17@%3Cissues.arrow.apache.org%3E", - "https://lists.apache.org/thread.html/793012683dc0fa6819b7c2560e6cf990811014c40c7d75412099c357@%3Cissues.arrow.apache.org%3E", - "https://lists.apache.org/thread.html/9ff0606d16be2ab6a81619e1c9e23c3e251756638e36272c8c8b7fa3@%3Cissues.arrow.apache.org%3E", - "https://lists.apache.org/thread.html/f0038c4fab2ee25aee849ebeff6b33b3aa89e07ccfb06b5c87b36316@%3Cissues.arrow.apache.org%3E", - "https://lists.apache.org/thread.html/f506bc371d4a068d5d84d7361293568f61167d3a1c3e91f0def2d7d3@%3Cdev.arrow.apache.org%3E" - ], - "PublishedDate": "2019-10-14T02:15:00Z", - "LastModifiedDate": "2019-10-24T15:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17594", - "PkgName": "libncursesw6", - "InstalledVersion": "6.1+20181013-2+deb10u1", - "FixedVersion": "6.1+20181013-2+deb10u2", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", - "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-26T15:35:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17595", - "PkgName": "libncursesw6", - "InstalledVersion": "6.1+20181013-2+deb10u1", - "FixedVersion": "6.1+20181013-2+deb10u2", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", - "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-23T19:26:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11164", - "PkgName": "libpcre3", - "InstalledVersion": "2:8.39-12", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11164", - "Title": "pcre: OP_KETRMAX feature in the match function in pcre_exec.c", - "Description": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.", - "Severity": "LOW", - "CweIDs": [ - "CWE-674" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 7.8, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2017/07/11/3", - "http://www.securityfocus.com/bid/99575", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164" - ], - "PublishedDate": "2017-07-11T03:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16231", - "PkgName": "libpcre3", - "InstalledVersion": "2:8.39-12", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16231", - "Title": "pcre: self-recursive call in match() in pcre_exec.c leads to denial of service", - "Description": "** DISPUTED ** In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 2.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "http://packetstormsecurity.com/files/150897/PCRE-8.41-Buffer-Overflow.html", - "http://seclists.org/fulldisclosure/2018/Dec/33", - "http://www.openwall.com/lists/oss-security/2017/11/01/11", - "http://www.openwall.com/lists/oss-security/2017/11/01/3", - "http://www.openwall.com/lists/oss-security/2017/11/01/7", - "http://www.openwall.com/lists/oss-security/2017/11/01/8", - "http://www.securityfocus.com/bid/101688", - "https://bugs.exim.org/show_bug.cgi?id=2047" - ], - "PublishedDate": "2019-03-21T15:59:00Z", - "LastModifiedDate": "2019-04-02T13:55:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7245", - "PkgName": "libpcre3", - "InstalledVersion": "2:8.39-12", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7245", - "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", - "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97067", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7245", - "https://security.gentoo.org/glsa/201710-25" - ], - "PublishedDate": "2017-03-23T21:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7246", - "PkgName": "libpcre3", - "InstalledVersion": "2:8.39-12", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7246", - "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", - "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97067", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7246", - "https://security.gentoo.org/glsa/201710-25" - ], - "PublishedDate": "2017-03-23T21:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9893", - "PkgName": "libseccomp2", - "InstalledVersion": "2.3.3-4", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9893", - "Title": "libseccomp: incorrect generation of syscall filters in libseccomp", - "Description": "libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 7.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9893.html", - "http://linux.oracle.com/errata/ELSA-2019-3624.html", - "http://www.paul-moore.com/blog/d/2019/03/libseccomp_v240.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9893", - "https://github.com/seccomp/libseccomp/issues/139", - "https://seclists.org/oss-sec/2019/q1/179", - "https://security.gentoo.org/glsa/201904-18", - "https://usn.ubuntu.com/4001-1/", - "https://usn.ubuntu.com/4001-2/", - "https://usn.ubuntu.com/usn/usn-4001-1", - "https://usn.ubuntu.com/usn/usn-4001-2", - "https://www.openwall.com/lists/oss-security/2019/03/15/1" - ], - "PublishedDate": "2019-03-21T16:01:00Z", - "LastModifiedDate": "2019-05-31T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5094", - "PkgName": "libss2", - "InstalledVersion": "1.44.5-1+deb10u1", - "FixedVersion": "1.44.5-1+deb10u2", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", - "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", - "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 6.4 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", - "https://seclists.org/bugtraq/2019/Sep/58", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", - "https://usn.ubuntu.com/4142-2/", - "https://usn.ubuntu.com/usn/usn-4142-1", - "https://usn.ubuntu.com/usn/usn-4142-2", - "https://www.debian.org/security/2019/dsa-4535" - ], - "PublishedDate": "2019-09-24T22:15:00Z", - "LastModifiedDate": "2019-09-28T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5188", - "PkgName": "libss2", - "InstalledVersion": "1.44.5-1+deb10u1", - "FixedVersion": "1.44.5-1+deb10u3", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", - "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", - "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", - "https://usn.ubuntu.com/4249-1/", - "https://usn.ubuntu.com/usn/usn-4249-1" - ], - "PublishedDate": "2020-01-08T16:15:00Z", - "LastModifiedDate": "2020-01-28T06:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12886", - "PkgName": "libstdc++6", - "InstalledVersion": "8.3.0-6", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12886", - "Title": "gcc: spilling of stack protection address in cfgexpand.c and function.c leads to stack-overflow protection bypass", - "Description": "stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", - "V3Score": 6.8 - } - }, - "References": [ - "https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=266379\u0026view=markup", - "https://www.gnu.org/software/gcc/gcc-8/changes.html" - ], - "PublishedDate": "2019-05-22T19:29:00Z", - "LastModifiedDate": "2019-05-23T13:50:00Z" - }, - { - "VulnerabilityID": "CVE-2019-15847", - "PkgName": "libstdc++6", - "InstalledVersion": "8.3.0-6", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-15847", - "Title": "gcc: POWER9 \"DARN\" RNG intrinsic produces repeated output", - "Description": "The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-331" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 7.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00056.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00057.html", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91481" - ], - "PublishedDate": "2019-09-02T23:15:00Z", - "LastModifiedDate": "2019-10-22T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3843", - "PkgName": "libsystemd0", - "InstalledVersion": "241-7~deb10u1", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3843", - "Title": "systemd: services with DynamicUser can create SUID/SGID binaries", - "Description": "It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 4.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/108116", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3843", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3843", - "https://github.com/systemd/systemd-stable/pull/54 (backport for v241-stable)", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5JXQAKSTMABZ46EVCRMW62DHWYHTTFES/", - "https://security.netapp.com/advisory/ntap-20190619-0002/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2019-04-26T21:29:00Z", - "LastModifiedDate": "2019-06-19T10:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3844", - "PkgName": "libsystemd0", - "InstalledVersion": "241-7~deb10u1", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3844", - "Title": "systemd: services with DynamicUser can get new privileges and create SGID binaries", - "Description": "It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 4.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/108096", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3844", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3844", - "https://security.netapp.com/advisory/ntap-20190619-0002/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2019-04-26T21:29:00Z", - "LastModifiedDate": "2019-06-19T10:15:00Z" - }, - { - "VulnerabilityID": "CVE-2020-1712", - "PkgName": "libsystemd0", - "InstalledVersion": "241-7~deb10u1", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-1712", - "Title": "systemd: use-after-free when asynchronous polkit queries are performed", - "Description": "A heap use-after-free vulnerability was found in systemd, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.", - "Severity": "HIGH", - "CVSS": { - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2020-1712.html", - "http://linux.oracle.com/errata/ELSA-2020-0575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1712", - "https://usn.ubuntu.com/usn/usn-4269-1" - ] - }, - { - "VulnerabilityID": "CVE-2019-15718", - "PkgName": "libsystemd0", - "InstalledVersion": "241-7~deb10u1", - "FixedVersion": "241-7~deb10u2", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-15718", - "Title": "systemd: systemd-resolved allows unprivileged users to configure DNS", - "Description": "In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-284" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 2.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-15718.html", - "http://linux.oracle.com/errata/ELSA-2019-3592.html", - "http://www.openwall.com/lists/oss-security/2019/09/03/1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1746057", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15718", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRE5IS24XTF5WNZGH2L7GSQJKARBOEGL/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIKGKXZ5OEGOEYURHLJHEMFYNLEGAW5B/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2WNHRJW4XI6H5YMDG4BUFGPAXWUMUVG/", - "https://usn.ubuntu.com/usn/usn-4120-1" - ], - "PublishedDate": "2019-09-04T12:15:00Z", - "LastModifiedDate": "2019-09-19T04:15:00Z" - }, - { - "VulnerabilityID": "CVE-2013-4392", - "PkgName": "libsystemd0", - "InstalledVersion": "241-7~deb10u1", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4392", - "Title": "systemd: TOCTOU race condition when updating file permissions and SELinux security contexts", - "Description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 3.3 - } - }, - "References": [ - "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", - "http://www.openwall.com/lists/oss-security/2013/10/01/9", - "https://bugzilla.redhat.com/show_bug.cgi?id=859060" - ], - "PublishedDate": "2013-10-28T22:55:00Z", - "LastModifiedDate": "2013-12-08T06:00:00Z" - }, - { - "VulnerabilityID": "CVE-2019-20386", - "PkgName": "libsystemd0", - "InstalledVersion": "241-7~deb10u1", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20386", - "Title": "systemd: a memory leak was discovered in button_open in login/logind-button.c when udev events are received", - "Description": "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 2.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20386", - "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad", - "https://security.netapp.com/advisory/ntap-20200210-0002/", - "https://usn.ubuntu.com/4269-1/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2020-01-21T06:15:00Z", - "LastModifiedDate": "2020-02-10T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1000654", - "PkgName": "libtasn1-6", - "InstalledVersion": "4.13-3", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000654", - "Title": "libtasn1: Infinite loop in _asn1_expand_object_id(ptree) leads to memory exhaustion", - "Description": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 7.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html", - "http://www.securityfocus.com/bid/105151", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000654", - "https://gitlab.com/gnutls/libtasn1/issues/4" - ], - "PublishedDate": "2018-08-20T19:31:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17594", - "PkgName": "libtinfo6", - "InstalledVersion": "6.1+20181013-2+deb10u1", - "FixedVersion": "6.1+20181013-2+deb10u2", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", - "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-26T15:35:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17595", - "PkgName": "libtinfo6", - "InstalledVersion": "6.1+20181013-2+deb10u1", - "FixedVersion": "6.1+20181013-2+deb10u2", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", - "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-23T19:26:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3843", - "PkgName": "libudev1", - "InstalledVersion": "241-7~deb10u1", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3843", - "Title": "systemd: services with DynamicUser can create SUID/SGID binaries", - "Description": "It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 4.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/108116", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3843", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3843", - "https://github.com/systemd/systemd-stable/pull/54 (backport for v241-stable)", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5JXQAKSTMABZ46EVCRMW62DHWYHTTFES/", - "https://security.netapp.com/advisory/ntap-20190619-0002/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2019-04-26T21:29:00Z", - "LastModifiedDate": "2019-06-19T10:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3844", - "PkgName": "libudev1", - "InstalledVersion": "241-7~deb10u1", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3844", - "Title": "systemd: services with DynamicUser can get new privileges and create SGID binaries", - "Description": "It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 4.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/108096", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3844", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3844", - "https://security.netapp.com/advisory/ntap-20190619-0002/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2019-04-26T21:29:00Z", - "LastModifiedDate": "2019-06-19T10:15:00Z" - }, - { - "VulnerabilityID": "CVE-2020-1712", - "PkgName": "libudev1", - "InstalledVersion": "241-7~deb10u1", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-1712", - "Title": "systemd: use-after-free when asynchronous polkit queries are performed", - "Description": "A heap use-after-free vulnerability was found in systemd, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.", - "Severity": "HIGH", - "CVSS": { - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2020-1712.html", - "http://linux.oracle.com/errata/ELSA-2020-0575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1712", - "https://usn.ubuntu.com/usn/usn-4269-1" - ] - }, - { - "VulnerabilityID": "CVE-2019-15718", - "PkgName": "libudev1", - "InstalledVersion": "241-7~deb10u1", - "FixedVersion": "241-7~deb10u2", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-15718", - "Title": "systemd: systemd-resolved allows unprivileged users to configure DNS", - "Description": "In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-284" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 2.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-15718.html", - "http://linux.oracle.com/errata/ELSA-2019-3592.html", - "http://www.openwall.com/lists/oss-security/2019/09/03/1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1746057", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15718", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRE5IS24XTF5WNZGH2L7GSQJKARBOEGL/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIKGKXZ5OEGOEYURHLJHEMFYNLEGAW5B/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2WNHRJW4XI6H5YMDG4BUFGPAXWUMUVG/", - "https://usn.ubuntu.com/usn/usn-4120-1" - ], - "PublishedDate": "2019-09-04T12:15:00Z", - "LastModifiedDate": "2019-09-19T04:15:00Z" - }, - { - "VulnerabilityID": "CVE-2013-4392", - "PkgName": "libudev1", - "InstalledVersion": "241-7~deb10u1", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4392", - "Title": "systemd: TOCTOU race condition when updating file permissions and SELinux security contexts", - "Description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 3.3 - } - }, - "References": [ - "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", - "http://www.openwall.com/lists/oss-security/2013/10/01/9", - "https://bugzilla.redhat.com/show_bug.cgi?id=859060" - ], - "PublishedDate": "2013-10-28T22:55:00Z", - "LastModifiedDate": "2013-12-08T06:00:00Z" - }, - { - "VulnerabilityID": "CVE-2019-20386", - "PkgName": "libudev1", - "InstalledVersion": "241-7~deb10u1", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20386", - "Title": "systemd: a memory leak was discovered in button_open in login/logind-button.c when udev events are received", - "Description": "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 2.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20386", - "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad", - "https://security.netapp.com/advisory/ntap-20200210-0002/", - "https://usn.ubuntu.com/4269-1/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2020-01-21T06:15:00Z", - "LastModifiedDate": "2020-02-10T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2012-2663", - "PkgName": "libxtables12", - "InstalledVersion": "1.8.2-4", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2012-2663", - "Title": "iptables: --syn flag bypass", - "Description": "extensions/libxt_tcp.c in iptables through 1.4.21 does not match TCP SYN+FIN packets in --syn rules, which might allow remote attackers to bypass intended firewall restrictions via crafted packets. NOTE: the CVE-2012-6638 fix makes this issue less relevant.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V2Score": 6.4 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2012/05/30/2", - "http://www.spinics.net/lists/netfilter-devel/msg21248.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=826702", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2663" - ], - "PublishedDate": "2014-02-15T14:57:00Z", - "LastModifiedDate": "2014-02-18T19:12:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11360", - "PkgName": "libxtables12", - "InstalledVersion": "1.8.2-4", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11360", - "Description": "A buffer overflow in iptables-restore in netfilter iptables 1.8.2 allows an attacker to (at least) crash the program or potentially gain code execution via a specially crafted iptables-save file. This is related to add_param_to_argv in xshared.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - } - }, - "References": [ - "https://0day.work/cve-2019-11360-bufferoverflow-in-iptables-restore-v1-8-2/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11360", - "https://git.netfilter.org/iptables/commit/iptables/xshared.c?id=2ae1099a42e6a0f06de305ca13a842ac83d4683e", - "https://git.netfilter.org/iptables/commit/iptables/xshared.c?id=2ae1099a42e6a0f06de305ca13a842ac83d4683e (1.8.3)" - ], - "PublishedDate": "2019-07-12T14:15:00Z", - "LastModifiedDate": "2019-07-15T12:33:00Z" - }, - { - "VulnerabilityID": "CVE-2007-5686", - "PkgName": "login", - "InstalledVersion": "1:4.5-1.1", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2007-5686", - "Description": "initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N", - "V2Score": 4.9 - } - }, - "References": [ - "http://secunia.com/advisories/27215", - "http://www.securityfocus.com/archive/1/482129/100/100/threaded", - "http://www.securityfocus.com/archive/1/482857/100/0/threaded", - "http://www.securityfocus.com/bid/26048", - "http://www.vupen.com/english/advisories/2007/3474", - "https://issues.rpath.com/browse/RPL-1825" - ], - "PublishedDate": "2007-10-28T17:08:00Z", - "LastModifiedDate": "2018-10-15T21:45:00Z" - }, - { - "VulnerabilityID": "CVE-2013-4235", - "PkgName": "login", - "InstalledVersion": "1:4.5-1.1", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4235", - "Title": "shadow-utils: TOCTOU race conditions by copying and removing directory trees", - "Description": "shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees", - "Severity": "LOW", - "CweIDs": [ - "CWE-367" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", - "V2Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 3.7, - "V3Score": 6.7 - } - }, - "References": [ - "https://access.redhat.com/security/cve/cve-2013-4235", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4235", - "https://security-tracker.debian.org/tracker/CVE-2013-4235" - ], - "PublishedDate": "2019-12-03T15:15:00Z", - "LastModifiedDate": "2019-12-13T15:30:00Z" - }, - { - "VulnerabilityID": "CVE-2018-7169", - "PkgName": "login", - "InstalledVersion": "1:4.5-1.1", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7169", - "Title": "shadow-utils: newgidmap allows unprivileged user to drop supplementary groups potentially allowing privilege escalation", - "Description": "An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used \"group blacklisting\" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.", - "Severity": "LOW", - "CweIDs": [ - "CWE-732" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.4 - } - }, - "References": [ - "https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7169", - "https://github.com/shadow-maint/shadow/pull/97", - "https://security.gentoo.org/glsa/201805-09" - ], - "PublishedDate": "2018-02-15T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19882", - "PkgName": "login", - "InstalledVersion": "1:4.5-1.1", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19882", - "Title": "shadow-utils: local users can obtain root access because setuid programs are misconfigured", - "Description": "shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing --disable-account-tools-setuid, and without a PAM configuration suitable for use with setuid account management tools. This combination leads to account management tools (groupadd, groupdel, groupmod, useradd, userdel, usermod) that can easily be used by unprivileged local users to escalate privileges to root in multiple ways. This issue became much more relevant in approximately December 2019 when an unrelated bug was fixed (i.e., the chmod calls to suidusbins were fixed in the upstream Makefile which is now included in the release version 4.8).", - "Severity": "LOW", - "CweIDs": [ - "CWE-269" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", - "V2Score": 6.9 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "https://bugs.archlinux.org/task/64836", - "https://bugs.gentoo.org/702252", - "https://github.com/shadow-maint/shadow/commit/edf7547ad5aa650be868cf2dac58944773c12d75", - "https://github.com/shadow-maint/shadow/pull/199", - "https://github.com/void-linux/void-packages/pull/17580" - ], - "PublishedDate": "2019-12-18T16:15:00Z", - "LastModifiedDate": "2019-12-30T19:02:00Z" - }, - { - "VulnerabilityID": "TEMP-0628843-DBAD28", - "PkgName": "login", - "InstalledVersion": "1:4.5-1.1", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://security-tracker.debian.org/tracker/TEMP-0628843-DBAD28", - "Severity": "LOW" - }, - { - "VulnerabilityID": "CVE-2019-17594", - "PkgName": "ncurses-base", - "InstalledVersion": "6.1+20181013-2+deb10u1", - "FixedVersion": "6.1+20181013-2+deb10u2", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", - "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-26T15:35:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17595", - "PkgName": "ncurses-base", - "InstalledVersion": "6.1+20181013-2+deb10u1", - "FixedVersion": "6.1+20181013-2+deb10u2", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", - "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-23T19:26:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17594", - "PkgName": "ncurses-bin", - "InstalledVersion": "6.1+20181013-2+deb10u1", - "FixedVersion": "6.1+20181013-2+deb10u2", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", - "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-26T15:35:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17595", - "PkgName": "ncurses-bin", - "InstalledVersion": "6.1+20181013-2+deb10u1", - "FixedVersion": "6.1+20181013-2+deb10u2", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", - "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-23T19:26:00Z" - }, - { - "VulnerabilityID": "CVE-2007-5686", - "PkgName": "passwd", - "InstalledVersion": "1:4.5-1.1", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2007-5686", - "Description": "initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N", - "V2Score": 4.9 - } - }, - "References": [ - "http://secunia.com/advisories/27215", - "http://www.securityfocus.com/archive/1/482129/100/100/threaded", - "http://www.securityfocus.com/archive/1/482857/100/0/threaded", - "http://www.securityfocus.com/bid/26048", - "http://www.vupen.com/english/advisories/2007/3474", - "https://issues.rpath.com/browse/RPL-1825" - ], - "PublishedDate": "2007-10-28T17:08:00Z", - "LastModifiedDate": "2018-10-15T21:45:00Z" - }, - { - "VulnerabilityID": "CVE-2013-4235", - "PkgName": "passwd", - "InstalledVersion": "1:4.5-1.1", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4235", - "Title": "shadow-utils: TOCTOU race conditions by copying and removing directory trees", - "Description": "shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees", - "Severity": "LOW", - "CweIDs": [ - "CWE-367" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", - "V2Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 3.7, - "V3Score": 6.7 - } - }, - "References": [ - "https://access.redhat.com/security/cve/cve-2013-4235", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4235", - "https://security-tracker.debian.org/tracker/CVE-2013-4235" - ], - "PublishedDate": "2019-12-03T15:15:00Z", - "LastModifiedDate": "2019-12-13T15:30:00Z" - }, - { - "VulnerabilityID": "CVE-2018-7169", - "PkgName": "passwd", - "InstalledVersion": "1:4.5-1.1", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7169", - "Title": "shadow-utils: newgidmap allows unprivileged user to drop supplementary groups potentially allowing privilege escalation", - "Description": "An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used \"group blacklisting\" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.", - "Severity": "LOW", - "CweIDs": [ - "CWE-732" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.4 - } - }, - "References": [ - "https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7169", - "https://github.com/shadow-maint/shadow/pull/97", - "https://security.gentoo.org/glsa/201805-09" - ], - "PublishedDate": "2018-02-15T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19882", - "PkgName": "passwd", - "InstalledVersion": "1:4.5-1.1", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19882", - "Title": "shadow-utils: local users can obtain root access because setuid programs are misconfigured", - "Description": "shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing --disable-account-tools-setuid, and without a PAM configuration suitable for use with setuid account management tools. This combination leads to account management tools (groupadd, groupdel, groupmod, useradd, userdel, usermod) that can easily be used by unprivileged local users to escalate privileges to root in multiple ways. This issue became much more relevant in approximately December 2019 when an unrelated bug was fixed (i.e., the chmod calls to suidusbins were fixed in the upstream Makefile which is now included in the release version 4.8).", - "Severity": "LOW", - "CweIDs": [ - "CWE-269" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", - "V2Score": 6.9 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "https://bugs.archlinux.org/task/64836", - "https://bugs.gentoo.org/702252", - "https://github.com/shadow-maint/shadow/commit/edf7547ad5aa650be868cf2dac58944773c12d75", - "https://github.com/shadow-maint/shadow/pull/199", - "https://github.com/void-linux/void-packages/pull/17580" - ], - "PublishedDate": "2019-12-18T16:15:00Z", - "LastModifiedDate": "2019-12-30T19:02:00Z" - }, - { - "VulnerabilityID": "TEMP-0628843-DBAD28", - "PkgName": "passwd", - "InstalledVersion": "1:4.5-1.1", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://security-tracker.debian.org/tracker/TEMP-0628843-DBAD28", - "Severity": "LOW" - }, - { - "VulnerabilityID": "CVE-2011-4116", - "PkgName": "perl-base", - "InstalledVersion": "5.28.1-6", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-4116", - "Title": "perl: File::Temp insecure temporary file handling", - "Description": "_is_safe in the File::Temp module for Perl does not properly handle symlinks.", - "Severity": "LOW", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 1.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2011/11/04/2", - "http://www.openwall.com/lists/oss-security/2011/11/04/4", - "https://github.com/Perl-Toolchain-Gang/File-Temp/issues/14", - "https://rt.cpan.org/Public/Bug/Display.html?id=69106", - "https://seclists.org/oss-sec/2011/q4/238" - ], - "PublishedDate": "2020-01-31T18:15:00Z", - "LastModifiedDate": "2020-02-05T22:10:00Z" - }, - { - "VulnerabilityID": "TEMP-0517018-A83CE6", - "PkgName": "sysvinit-utils", - "InstalledVersion": "2.93-8", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://security-tracker.debian.org/tracker/TEMP-0517018-A83CE6", - "Severity": "LOW" - }, - { - "VulnerabilityID": "CVE-2005-2541", - "PkgName": "tar", - "InstalledVersion": "1.30+dfsg-6", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2005-2541", - "Description": "Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "V2Score": 10 - } - }, - "References": [ - "http://marc.info/?l=bugtraq\u0026m=112327628230258\u0026w=2" - ], - "PublishedDate": "2005-08-10T04:00:00Z", - "LastModifiedDate": "2016-10-18T03:28:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9923", - "PkgName": "tar", - "InstalledVersion": "1.30+dfsg-6", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9923", - "Title": "tar: null-pointer dereference in pax_decode_header in sparse.c", - "Description": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html", - "http://savannah.gnu.org/bugs/?55369", - "https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241" - ], - "PublishedDate": "2019-03-22T08:29:00Z", - "LastModifiedDate": "2019-04-24T19:02:00Z" - }, - { - "VulnerabilityID": "TEMP-0290435-0B57B5", - "PkgName": "tar", - "InstalledVersion": "1.30+dfsg-6", - "Layer": { - "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://security-tracker.debian.org/tracker/TEMP-0290435-0B57B5", - "Severity": "LOW" + "Image": "sha256:5519bb349f72eef81944da56843c995b1b81ed67c8e7e48ac29dd6c543c1dd2d", + "ArgsEscaped": true } - ] - } -] \ No newline at end of file + } + }, + "Results": [ + { + "Target": "testdata/fixtures/images/debian-buster.tar.gz (debian 10.1)", + "Class": "os-pkgs", + "Type": "debian", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2011-3374", + "PkgName": "apt", + "InstalledVersion": "1.8.2", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-3374", + "Description": "It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-347" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V2Score": 4.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/cve-2011-3374", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480", + "https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html", + "https://security-tracker.debian.org/tracker/CVE-2011-3374", + "https://snyk.io/vuln/SNYK-LINUX-APT-116518" + ], + "PublishedDate": "2019-11-26T00:15:00Z", + "LastModifiedDate": "2019-12-04T15:35:00Z" + }, + { + "VulnerabilityID": "CVE-2019-18276", + "PkgName": "bash", + "InstalledVersion": "5.0-4", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18276", + "Title": "bash: when effective UID is not equal to its real UID the saved UID is not dropped", + "Description": "An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support \"saved UID\" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use \"enable -f\" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.", + "Severity": "LOW", + "CweIDs": [ + "CWE-273" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V2Score": 7.2 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276", + "https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff", + "https://www.youtube.com/watch?v=-wGtxJ8opa8" + ], + "PublishedDate": "2019-11-28T01:15:00Z", + "LastModifiedDate": "2020-01-22T14:27:00Z" + }, + { + "VulnerabilityID": "TEMP-0841856-B18BAF", + "PkgName": "bash", + "InstalledVersion": "5.0-4", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://security-tracker.debian.org/tracker/TEMP-0841856-B18BAF", + "Severity": "LOW" + }, + { + "VulnerabilityID": "CVE-2016-2781", + "PkgName": "coreutils", + "InstalledVersion": "8.30-3", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2781", + "Title": "coreutils: Non-privileged session can escape to the parent session in chroot", + "Description": "chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", + "V2Score": 2.1, + "V3Score": 6.5 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "V2Score": 6.2, + "V3Score": 8.6 + } + }, + "References": [ + "http://seclists.org/oss-sec/2016/q1/452", + "http://www.openwall.com/lists/oss-security/2016/02/28/2", + "http://www.openwall.com/lists/oss-security/2016/02/28/3", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2781" + ], + "PublishedDate": "2017-02-07T15:59:00Z", + "LastModifiedDate": "2017-02-27T19:32:00Z" + }, + { + "VulnerabilityID": "CVE-2017-18018", + "PkgName": "coreutils", + "InstalledVersion": "8.30-3", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18018", + "Title": "coreutils: race condition vulnerability in chown and chgrp", + "Description": "In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX \"-R -L\" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.", + "Severity": "LOW", + "CweIDs": [ + "CWE-362" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 4.2 + } + }, + "References": [ + "http://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html" + ], + "PublishedDate": "2018-01-04T04:29:00Z", + "LastModifiedDate": "2018-01-19T15:46:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5094", + "PkgName": "e2fsprogs", + "InstalledVersion": "1.44.5-1+deb10u1", + "FixedVersion": "1.44.5-1+deb10u2", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", + "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", + "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", + "https://seclists.org/bugtraq/2019/Sep/58", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", + "https://usn.ubuntu.com/4142-2/", + "https://usn.ubuntu.com/usn/usn-4142-1", + "https://usn.ubuntu.com/usn/usn-4142-2", + "https://www.debian.org/security/2019/dsa-4535" + ], + "PublishedDate": "2019-09-24T22:15:00Z", + "LastModifiedDate": "2019-09-28T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5188", + "PkgName": "e2fsprogs", + "InstalledVersion": "1.44.5-1+deb10u1", + "FixedVersion": "1.44.5-1+deb10u3", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", + "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", + "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", + "https://usn.ubuntu.com/4249-1/", + "https://usn.ubuntu.com/usn/usn-4249-1" + ], + "PublishedDate": "2020-01-08T16:15:00Z", + "LastModifiedDate": "2020-01-28T06:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12886", + "PkgName": "gcc-8-base", + "InstalledVersion": "8.3.0-6", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12886", + "Title": "gcc: spilling of stack protection address in cfgexpand.c and function.c leads to stack-overflow protection bypass", + "Description": "stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "V3Score": 6.8 + } + }, + "References": [ + "https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=266379\u0026view=markup", + "https://www.gnu.org/software/gcc/gcc-8/changes.html" + ], + "PublishedDate": "2019-05-22T19:29:00Z", + "LastModifiedDate": "2019-05-23T13:50:00Z" + }, + { + "VulnerabilityID": "CVE-2019-15847", + "PkgName": "gcc-8-base", + "InstalledVersion": "8.3.0-6", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-15847", + "Title": "gcc: POWER9 \"DARN\" RNG intrinsic produces repeated output", + "Description": "The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-331" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00056.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00057.html", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91481" + ], + "PublishedDate": "2019-09-02T23:15:00Z", + "LastModifiedDate": "2019-10-22T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-14855", + "PkgName": "gpgv", + "InstalledVersion": "2.2.12-1+deb10u1", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14855", + "Description": "Web of Trust forgeries using collisions in SHA-1 signatures.", + "Severity": "LOW", + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14855", + "https://eprint.iacr.org/2020/014.pdf" + ] + }, + { + "VulnerabilityID": "CVE-2011-3374", + "PkgName": "libapt-pkg5.0", + "InstalledVersion": "1.8.2", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-3374", + "Description": "It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-347" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V2Score": 4.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/cve-2011-3374", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480", + "https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html", + "https://security-tracker.debian.org/tracker/CVE-2011-3374", + "https://snyk.io/vuln/SNYK-LINUX-APT-116518" + ], + "PublishedDate": "2019-11-26T00:15:00Z", + "LastModifiedDate": "2019-12-04T15:35:00Z" + }, + { + "VulnerabilityID": "CVE-2010-4051", + "PkgName": "libc-bin", + "InstalledVersion": "2.28-10", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4051", + "Title": "CVE-2010-4052 glibc: De-recursivise regular expression engine", + "Description": "The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a \"RE_DUP_MAX overflow.\"", + "Severity": "LOW", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + } + }, + "References": [ + "http://cxib.net/stuff/proftpd.gnu.c", + "http://seclists.org/fulldisclosure/2011/Jan/78", + "http://secunia.com/advisories/42547", + "http://securityreason.com/achievement_securityalert/93", + "http://securityreason.com/securityalert/8003", + "http://securitytracker.com/id?1024832", + "http://www.exploit-db.com/exploits/15935", + "http://www.kb.cert.org/vuls/id/912279", + "http://www.securityfocus.com/archive/1/515589/100/0/threaded", + "http://www.securityfocus.com/bid/45233", + "https://bugzilla.redhat.com/show_bug.cgi?id=645859" + ], + "PublishedDate": "2011-01-13T19:00:00Z", + "LastModifiedDate": "2018-10-10T20:06:00Z" + }, + { + "VulnerabilityID": "CVE-2010-4052", + "PkgName": "libc-bin", + "InstalledVersion": "2.28-10", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4052", + "Title": "CVE-2010-4051 CVE-2010-4052 glibc: De-recursivise regular expression engine", + "Description": "Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + } + }, + "References": [ + "http://cxib.net/stuff/proftpd.gnu.c", + "http://seclists.org/fulldisclosure/2011/Jan/78", + "http://secunia.com/advisories/42547", + "http://securityreason.com/achievement_securityalert/93", + "http://securityreason.com/securityalert/8003", + "http://securitytracker.com/id?1024832", + "http://www.exploit-db.com/exploits/15935", + "http://www.kb.cert.org/vuls/id/912279", + "http://www.securityfocus.com/archive/1/515589/100/0/threaded", + "http://www.securityfocus.com/bid/45233", + "https://bugzilla.redhat.com/show_bug.cgi?id=645859" + ], + "PublishedDate": "2011-01-13T19:00:00Z", + "LastModifiedDate": "2018-10-10T20:06:00Z" + }, + { + "VulnerabilityID": "CVE-2010-4756", + "PkgName": "libc-bin", + "InstalledVersion": "2.28-10", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4756", + "Title": "glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions", + "Description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "V2Score": 4 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + } + }, + "References": [ + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223" + ], + "PublishedDate": "2011-03-02T20:00:00Z", + "LastModifiedDate": "2011-03-04T05:00:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10228", + "PkgName": "libc-bin", + "InstalledVersion": "2.28-10", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228", + "Title": "glibc: iconv program can hang when invoked with the -c option", + "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2017/03/01/10", + "http://www.securityfocus.com/bid/96525", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228", + "https://sourceware.org/bugzilla/show_bug.cgi?id=19519" + ], + "PublishedDate": "2017-03-02T01:59:00Z", + "LastModifiedDate": "2017-03-04T02:59:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20796", + "PkgName": "libc-bin", + "InstalledVersion": "2.28-10", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20796", + "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/107160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", + "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" + ], + "PublishedDate": "2019-02-26T02:29:00Z", + "LastModifiedDate": "2019-11-05T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1010022", + "PkgName": "libc-bin", + "InstalledVersion": "2.28-10", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010022", + "Title": "glibc: stack guard protection bypass", + "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850" + ], + "PublishedDate": "2019-07-15T04:15:00Z", + "LastModifiedDate": "2019-07-18T15:44:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1010023", + "PkgName": "libc-bin", + "InstalledVersion": "2.28-10", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010023", + "Title": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", + "Description": "GNU Libc current is affected by: Re-mapping current loaded libray with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code.", + "Severity": "LOW", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.securityfocus.com/bid/109167", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "https://support.f5.com/csp/article/K11932200?utm_source=f5support\u0026amp;utm_medium=RSS" + ], + "PublishedDate": "2019-07-15T04:15:00Z", + "LastModifiedDate": "2019-10-09T20:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1010024", + "PkgName": "libc-bin", + "InstalledVersion": "2.28-10", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010024", + "Title": "glibc: ASLR bypass using cache of thread stack and heap", + "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/109162", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", + "https://support.f5.com/csp/article/K06046097" + ], + "PublishedDate": "2019-07-15T04:15:00Z", + "LastModifiedDate": "2019-09-20T07:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1010025", + "PkgName": "libc-bin", + "InstalledVersion": "2.28-10", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010025", + "Title": "glibc: information disclosure of heap addresses of pthread_created thread", + "Description": "** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 2.9 + } + }, + "References": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=22853" + ], + "PublishedDate": "2019-07-15T04:15:00Z", + "LastModifiedDate": "2019-08-05T22:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19126", + "PkgName": "libc-bin", + "InstalledVersion": "2.28-10", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19126", + "Title": "glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries", + "Description": "On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 2.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 2.9 + } + }, + "References": [ + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFJ5E7NWOL6ROE5QVICHKIOUGCPFJVUH/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=25204" + ], + "PublishedDate": "2019-11-19T22:15:00Z", + "LastModifiedDate": "2020-01-21T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9192", + "PkgName": "libc-bin", + "InstalledVersion": "2.28-10", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9192", + "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", + "Description": "** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 2.8 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" + ], + "PublishedDate": "2019-02-26T18:29:00Z", + "LastModifiedDate": "2019-11-05T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2010-4051", + "PkgName": "libc6", + "InstalledVersion": "2.28-10", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4051", + "Title": "CVE-2010-4052 glibc: De-recursivise regular expression engine", + "Description": "The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a \"RE_DUP_MAX overflow.\"", + "Severity": "LOW", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + } + }, + "References": [ + "http://cxib.net/stuff/proftpd.gnu.c", + "http://seclists.org/fulldisclosure/2011/Jan/78", + "http://secunia.com/advisories/42547", + "http://securityreason.com/achievement_securityalert/93", + "http://securityreason.com/securityalert/8003", + "http://securitytracker.com/id?1024832", + "http://www.exploit-db.com/exploits/15935", + "http://www.kb.cert.org/vuls/id/912279", + "http://www.securityfocus.com/archive/1/515589/100/0/threaded", + "http://www.securityfocus.com/bid/45233", + "https://bugzilla.redhat.com/show_bug.cgi?id=645859" + ], + "PublishedDate": "2011-01-13T19:00:00Z", + "LastModifiedDate": "2018-10-10T20:06:00Z" + }, + { + "VulnerabilityID": "CVE-2010-4052", + "PkgName": "libc6", + "InstalledVersion": "2.28-10", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4052", + "Title": "CVE-2010-4051 CVE-2010-4052 glibc: De-recursivise regular expression engine", + "Description": "Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + } + }, + "References": [ + "http://cxib.net/stuff/proftpd.gnu.c", + "http://seclists.org/fulldisclosure/2011/Jan/78", + "http://secunia.com/advisories/42547", + "http://securityreason.com/achievement_securityalert/93", + "http://securityreason.com/securityalert/8003", + "http://securitytracker.com/id?1024832", + "http://www.exploit-db.com/exploits/15935", + "http://www.kb.cert.org/vuls/id/912279", + "http://www.securityfocus.com/archive/1/515589/100/0/threaded", + "http://www.securityfocus.com/bid/45233", + "https://bugzilla.redhat.com/show_bug.cgi?id=645859" + ], + "PublishedDate": "2011-01-13T19:00:00Z", + "LastModifiedDate": "2018-10-10T20:06:00Z" + }, + { + "VulnerabilityID": "CVE-2010-4756", + "PkgName": "libc6", + "InstalledVersion": "2.28-10", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4756", + "Title": "glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions", + "Description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "V2Score": 4 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + } + }, + "References": [ + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223" + ], + "PublishedDate": "2011-03-02T20:00:00Z", + "LastModifiedDate": "2011-03-04T05:00:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10228", + "PkgName": "libc6", + "InstalledVersion": "2.28-10", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228", + "Title": "glibc: iconv program can hang when invoked with the -c option", + "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2017/03/01/10", + "http://www.securityfocus.com/bid/96525", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228", + "https://sourceware.org/bugzilla/show_bug.cgi?id=19519" + ], + "PublishedDate": "2017-03-02T01:59:00Z", + "LastModifiedDate": "2017-03-04T02:59:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20796", + "PkgName": "libc6", + "InstalledVersion": "2.28-10", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20796", + "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/107160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", + "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" + ], + "PublishedDate": "2019-02-26T02:29:00Z", + "LastModifiedDate": "2019-11-05T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1010022", + "PkgName": "libc6", + "InstalledVersion": "2.28-10", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010022", + "Title": "glibc: stack guard protection bypass", + "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850" + ], + "PublishedDate": "2019-07-15T04:15:00Z", + "LastModifiedDate": "2019-07-18T15:44:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1010023", + "PkgName": "libc6", + "InstalledVersion": "2.28-10", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010023", + "Title": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", + "Description": "GNU Libc current is affected by: Re-mapping current loaded libray with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code.", + "Severity": "LOW", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.securityfocus.com/bid/109167", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "https://support.f5.com/csp/article/K11932200?utm_source=f5support\u0026amp;utm_medium=RSS" + ], + "PublishedDate": "2019-07-15T04:15:00Z", + "LastModifiedDate": "2019-10-09T20:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1010024", + "PkgName": "libc6", + "InstalledVersion": "2.28-10", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010024", + "Title": "glibc: ASLR bypass using cache of thread stack and heap", + "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/109162", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", + "https://support.f5.com/csp/article/K06046097" + ], + "PublishedDate": "2019-07-15T04:15:00Z", + "LastModifiedDate": "2019-09-20T07:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1010025", + "PkgName": "libc6", + "InstalledVersion": "2.28-10", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010025", + "Title": "glibc: information disclosure of heap addresses of pthread_created thread", + "Description": "** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 2.9 + } + }, + "References": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=22853" + ], + "PublishedDate": "2019-07-15T04:15:00Z", + "LastModifiedDate": "2019-08-05T22:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19126", + "PkgName": "libc6", + "InstalledVersion": "2.28-10", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19126", + "Title": "glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries", + "Description": "On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 2.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 2.9 + } + }, + "References": [ + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFJ5E7NWOL6ROE5QVICHKIOUGCPFJVUH/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=25204" + ], + "PublishedDate": "2019-11-19T22:15:00Z", + "LastModifiedDate": "2020-01-21T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9192", + "PkgName": "libc6", + "InstalledVersion": "2.28-10", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9192", + "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", + "Description": "** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 2.8 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" + ], + "PublishedDate": "2019-02-26T18:29:00Z", + "LastModifiedDate": "2019-11-05T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5094", + "PkgName": "libcom-err2", + "InstalledVersion": "1.44.5-1+deb10u1", + "FixedVersion": "1.44.5-1+deb10u2", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", + "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", + "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", + "https://seclists.org/bugtraq/2019/Sep/58", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", + "https://usn.ubuntu.com/4142-2/", + "https://usn.ubuntu.com/usn/usn-4142-1", + "https://usn.ubuntu.com/usn/usn-4142-2", + "https://www.debian.org/security/2019/dsa-4535" + ], + "PublishedDate": "2019-09-24T22:15:00Z", + "LastModifiedDate": "2019-09-28T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5188", + "PkgName": "libcom-err2", + "InstalledVersion": "1.44.5-1+deb10u1", + "FixedVersion": "1.44.5-1+deb10u3", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", + "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", + "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", + "https://usn.ubuntu.com/4249-1/", + "https://usn.ubuntu.com/usn/usn-4249-1" + ], + "PublishedDate": "2020-01-08T16:15:00Z", + "LastModifiedDate": "2020-01-28T06:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5094", + "PkgName": "libext2fs2", + "InstalledVersion": "1.44.5-1+deb10u1", + "FixedVersion": "1.44.5-1+deb10u2", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", + "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", + "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", + "https://seclists.org/bugtraq/2019/Sep/58", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", + "https://usn.ubuntu.com/4142-2/", + "https://usn.ubuntu.com/usn/usn-4142-1", + "https://usn.ubuntu.com/usn/usn-4142-2", + "https://www.debian.org/security/2019/dsa-4535" + ], + "PublishedDate": "2019-09-24T22:15:00Z", + "LastModifiedDate": "2019-09-28T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5188", + "PkgName": "libext2fs2", + "InstalledVersion": "1.44.5-1+deb10u1", + "FixedVersion": "1.44.5-1+deb10u3", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", + "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", + "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", + "https://usn.ubuntu.com/4249-1/", + "https://usn.ubuntu.com/usn/usn-4249-1" + ], + "PublishedDate": "2020-01-08T16:15:00Z", + "LastModifiedDate": "2020-01-28T06:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12886", + "PkgName": "libgcc1", + "InstalledVersion": "8.3.0-6", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12886", + "Title": "gcc: spilling of stack protection address in cfgexpand.c and function.c leads to stack-overflow protection bypass", + "Description": "stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "V3Score": 6.8 + } + }, + "References": [ + "https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=266379\u0026view=markup", + "https://www.gnu.org/software/gcc/gcc-8/changes.html" + ], + "PublishedDate": "2019-05-22T19:29:00Z", + "LastModifiedDate": "2019-05-23T13:50:00Z" + }, + { + "VulnerabilityID": "CVE-2019-15847", + "PkgName": "libgcc1", + "InstalledVersion": "8.3.0-6", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-15847", + "Title": "gcc: POWER9 \"DARN\" RNG intrinsic produces repeated output", + "Description": "The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-331" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00056.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00057.html", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91481" + ], + "PublishedDate": "2019-09-02T23:15:00Z", + "LastModifiedDate": "2019-10-22T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-12904", + "PkgName": "libgcrypt20", + "InstalledVersion": "1.8.4-5", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12904", + "Title": "Libgcrypt: physical addresses being available to other processes leads to a flush-and-reload side-channel attack", + "Description": "In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.)", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00049.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12904", + "https://dev.gnupg.org/T4541", + "https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020", + "https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762", + "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html" + ], + "PublishedDate": "2019-06-20T00:15:00Z", + "LastModifiedDate": "2019-07-23T18:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-13627", + "PkgName": "libgcrypt20", + "InstalledVersion": "1.8.4-5", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13627", + "Title": "libgcrypt: ECDSA timing attack in the libgcrypt20 cryptographic library", + "Description": "It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-362" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "V3Score": 6.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00060.html", + "http://www.openwall.com/lists/oss-security/2019/10/02/2", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13627", + "https://dev.gnupg.org/T4683", + "https://github.com/gpg/libgcrypt/releases/tag/libgcrypt-1.8.5", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00024.html", + "https://minerva.crocs.fi.muni.cz/", + "https://security-tracker.debian.org/tracker/CVE-2019-13627", + "https://usn.ubuntu.com/usn/usn-4236-1", + "https://usn.ubuntu.com/usn/usn-4236-2", + "https://usn.ubuntu.com/usn/usn-4236-3" + ], + "PublishedDate": "2019-09-25T15:15:00Z", + "LastModifiedDate": "2019-10-03T00:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-6829", + "PkgName": "libgcrypt20", + "InstalledVersion": "1.8.4-5", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6829", + "Title": "libgcrypt: ElGamal implementation doesn't have semantic security due to incorrectly encoded plaintexts possibly allowing to obtain sensitive information", + "Description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "Severity": "LOW", + "CweIDs": [ + "CWE-327" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", + "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", + "https://www.oracle.com/security-alerts/cpujan2020.html" + ], + "PublishedDate": "2018-02-07T23:29:00Z", + "LastModifiedDate": "2020-01-15T20:15:00Z" + }, + { + "VulnerabilityID": "CVE-2011-3389", + "PkgName": "libgnutls30", + "InstalledVersion": "3.6.7-4", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-3389", + "Title": "HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)", + "Description": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + } + }, + "References": [ + "http://arcticdog.wordpress.com/2012/08/29/beast-openssl-and-apache/", + "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/", + "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx", + "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx", + "http://curl.haxx.se/docs/adv_20120124B.html", + "http://downloads.asterisk.org/pub/security/AST-2016-001.html", + "http://ekoparty.org/2011/juliano-rizzo.php", + "http://eprint.iacr.org/2004/111", + "http://eprint.iacr.org/2006/136", + "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html", + "http://isc.sans.edu/diary/SSL+TLS+part+3+/11635", + "http://linux.oracle.com/cve/CVE-2011-3389.html", + "http://linux.oracle.com/errata/ELSA-2011-1380.html", + "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html", + "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html", + "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html", + "http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html", + "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html", + "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html", + "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html", + "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html", + "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html", + "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html", + "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2", + "http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue", + "http://osvdb.org/74829", + "http://rhn.redhat.com/errata/RHSA-2012-0508.html", + "http://rhn.redhat.com/errata/RHSA-2013-1455.html", + "http://secunia.com/advisories/45791", + "http://secunia.com/advisories/47998", + "http://secunia.com/advisories/48256", + "http://secunia.com/advisories/48692", + "http://secunia.com/advisories/48915", + "http://secunia.com/advisories/48948", + "http://secunia.com/advisories/49198", + "http://secunia.com/advisories/55322", + "http://secunia.com/advisories/55350", + "http://secunia.com/advisories/55351", + "http://security.gentoo.org/glsa/glsa-201203-02.xml", + "http://security.gentoo.org/glsa/glsa-201406-32.xml", + "http://support.apple.com/kb/HT4999", + "http://support.apple.com/kb/HT5001", + "http://support.apple.com/kb/HT5130", + "http://support.apple.com/kb/HT5281", + "http://support.apple.com/kb/HT5501", + "http://support.apple.com/kb/HT6150", + "http://technet.microsoft.com/security/advisory/2588513", + "http://vnhacker.blogspot.com/2011/09/beast.html", + "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf", + "http://www.debian.org/security/2012/dsa-2398", + "http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html", + "http://www.ibm.com/developerworks/java/jdk/alerts/", + "http://www.imperialviolet.org/2011/09/23/chromeandbeast.html", + "http://www.insecure.cl/Beast-SSL.rar", + "http://www.kb.cert.org/vuls/id/864643", + "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058", + "http://www.opera.com/docs/changelogs/mac/1151/", + "http://www.opera.com/docs/changelogs/mac/1160/", + "http://www.opera.com/docs/changelogs/unix/1151/", + "http://www.opera.com/docs/changelogs/unix/1160/", + "http://www.opera.com/docs/changelogs/windows/1151/", + "http://www.opera.com/docs/changelogs/windows/1160/", + "http://www.opera.com/support/kb/view/1004/", + "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", + "http://www.redhat.com/support/errata/RHSA-2011-1384.html", + "http://www.redhat.com/support/errata/RHSA-2012-0006.html", + "http://www.securityfocus.com/bid/49388", + "http://www.securityfocus.com/bid/49778", + "http://www.securitytracker.com/id/1029190", + "http://www.securitytracker.com/id?1025997", + "http://www.securitytracker.com/id?1026103", + "http://www.securitytracker.com/id?1026704", + "http://www.ubuntu.com/usn/USN-1263-1", + "http://www.us-cert.gov/cas/techalerts/TA12-010A.html", + "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail", + "https://bugzilla.novell.com/show_bug.cgi?id=719047", + "https://bugzilla.redhat.com/show_bug.cgi?id=737506", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389", + "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006", + "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862", + "https://hermes.opensuse.org/messages/13154861", + "https://hermes.opensuse.org/messages/13155432", + "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", + "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752", + "https://usn.ubuntu.com/usn/usn-1263-1" + ], + "PublishedDate": "2011-09-06T19:55:00Z", + "LastModifiedDate": "2018-10-12T22:01:00Z" + }, + { + "VulnerabilityID": "CVE-2019-18224", + "PkgName": "libidn2-0", + "InstalledVersion": "2.0.5-1", + "FixedVersion": "2.0.5-1+deb10u1", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18224", + "Title": "libidn2: heap-based buffer overflow in idn2_to_ascii_4i in lib/lookup.c", + "Description": "idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.6 + } + }, + "References": [ + "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18224", + "https://github.com/libidn/libidn2/commit/e4d1558aa2c1c04a05066ee8600f37603890ba8c", + "https://github.com/libidn/libidn2/compare/libidn2-2.1.0...libidn2-2.1.1", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDQVQ2XPV5BTZUFINT7AFJSKNNBVURNJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MINU5RKDFE6TKAFY5DRFN3WSFDS4DYVS/", + "https://usn.ubuntu.com/4168-1/", + "https://usn.ubuntu.com/usn/usn-4168-1" + ], + "PublishedDate": "2019-10-21T17:15:00Z", + "LastModifiedDate": "2019-10-29T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-12290", + "PkgName": "libidn2-0", + "InstalledVersion": "2.0.5-1", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12290", + "Description": "GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V2Score": 5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12290", + "https://gitlab.com/libidn/libidn2/commit/241e8f486134793cb0f4a5b0e5817a97883401f5", + "https://gitlab.com/libidn/libidn2/commit/614117ef6e4c60e1950d742e3edf0a0ef8d389de", + "https://gitlab.com/libidn/libidn2/merge_requests/71", + "https://usn.ubuntu.com/4168-1/", + "https://usn.ubuntu.com/usn/usn-4168-1" + ], + "PublishedDate": "2019-10-22T16:15:00Z", + "LastModifiedDate": "2019-10-29T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17543", + "PkgName": "liblz4-1", + "InstalledVersion": "1.8.3-1", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17543", + "Title": "lz4: heap-based buffer overflow in LZ4_write32", + "Description": "LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states \"only a few specific / uncommon usages of the API are at risk.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-120" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00069.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00070.html", + "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15941", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17543", + "https://github.com/lz4/lz4/compare/v1.9.1...v1.9.2", + "https://github.com/lz4/lz4/issues/801", + "https://github.com/lz4/lz4/pull/756", + "https://github.com/lz4/lz4/pull/760", + "https://lists.apache.org/thread.html/25015588b770d67470b7ba7ea49a305d6735dd7f00eabe7d50ec1e17@%3Cissues.arrow.apache.org%3E", + "https://lists.apache.org/thread.html/793012683dc0fa6819b7c2560e6cf990811014c40c7d75412099c357@%3Cissues.arrow.apache.org%3E", + "https://lists.apache.org/thread.html/9ff0606d16be2ab6a81619e1c9e23c3e251756638e36272c8c8b7fa3@%3Cissues.arrow.apache.org%3E", + "https://lists.apache.org/thread.html/f0038c4fab2ee25aee849ebeff6b33b3aa89e07ccfb06b5c87b36316@%3Cissues.arrow.apache.org%3E", + "https://lists.apache.org/thread.html/f506bc371d4a068d5d84d7361293568f61167d3a1c3e91f0def2d7d3@%3Cdev.arrow.apache.org%3E" + ], + "PublishedDate": "2019-10-14T02:15:00Z", + "LastModifiedDate": "2019-10-24T15:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17594", + "PkgName": "libncursesw6", + "InstalledVersion": "6.1+20181013-2+deb10u1", + "FixedVersion": "6.1+20181013-2+deb10u2", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", + "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-26T15:35:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17595", + "PkgName": "libncursesw6", + "InstalledVersion": "6.1+20181013-2+deb10u1", + "FixedVersion": "6.1+20181013-2+deb10u2", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", + "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V2Score": 5.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 5.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-23T19:26:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11164", + "PkgName": "libpcre3", + "InstalledVersion": "2:8.39-12", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11164", + "Title": "pcre: OP_KETRMAX feature in the match function in pcre_exec.c", + "Description": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 7.8, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2017/07/11/3", + "http://www.securityfocus.com/bid/99575", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164" + ], + "PublishedDate": "2017-07-11T03:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16231", + "PkgName": "libpcre3", + "InstalledVersion": "2:8.39-12", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16231", + "Title": "pcre: self-recursive call in match() in pcre_exec.c leads to denial of service", + "Description": "** DISPUTED ** In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 2.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://packetstormsecurity.com/files/150897/PCRE-8.41-Buffer-Overflow.html", + "http://seclists.org/fulldisclosure/2018/Dec/33", + "http://www.openwall.com/lists/oss-security/2017/11/01/11", + "http://www.openwall.com/lists/oss-security/2017/11/01/3", + "http://www.openwall.com/lists/oss-security/2017/11/01/7", + "http://www.openwall.com/lists/oss-security/2017/11/01/8", + "http://www.securityfocus.com/bid/101688", + "https://bugs.exim.org/show_bug.cgi?id=2047" + ], + "PublishedDate": "2019-03-21T15:59:00Z", + "LastModifiedDate": "2019-04-02T13:55:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7245", + "PkgName": "libpcre3", + "InstalledVersion": "2:8.39-12", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7245", + "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", + "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97067", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7245", + "https://security.gentoo.org/glsa/201710-25" + ], + "PublishedDate": "2017-03-23T21:59:00Z", + "LastModifiedDate": "2018-08-17T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7246", + "PkgName": "libpcre3", + "InstalledVersion": "2:8.39-12", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7246", + "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", + "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97067", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7246", + "https://security.gentoo.org/glsa/201710-25" + ], + "PublishedDate": "2017-03-23T21:59:00Z", + "LastModifiedDate": "2018-08-17T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9893", + "PkgName": "libseccomp2", + "InstalledVersion": "2.3.3-4", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9893", + "Title": "libseccomp: incorrect generation of syscall filters in libseccomp", + "Description": "libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations.", + "Severity": "LOW", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9893.html", + "http://linux.oracle.com/errata/ELSA-2019-3624.html", + "http://www.paul-moore.com/blog/d/2019/03/libseccomp_v240.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9893", + "https://github.com/seccomp/libseccomp/issues/139", + "https://seclists.org/oss-sec/2019/q1/179", + "https://security.gentoo.org/glsa/201904-18", + "https://usn.ubuntu.com/4001-1/", + "https://usn.ubuntu.com/4001-2/", + "https://usn.ubuntu.com/usn/usn-4001-1", + "https://usn.ubuntu.com/usn/usn-4001-2", + "https://www.openwall.com/lists/oss-security/2019/03/15/1" + ], + "PublishedDate": "2019-03-21T16:01:00Z", + "LastModifiedDate": "2019-05-31T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5094", + "PkgName": "libss2", + "InstalledVersion": "1.44.5-1+deb10u1", + "FixedVersion": "1.44.5-1+deb10u2", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", + "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", + "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", + "https://seclists.org/bugtraq/2019/Sep/58", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", + "https://usn.ubuntu.com/4142-2/", + "https://usn.ubuntu.com/usn/usn-4142-1", + "https://usn.ubuntu.com/usn/usn-4142-2", + "https://www.debian.org/security/2019/dsa-4535" + ], + "PublishedDate": "2019-09-24T22:15:00Z", + "LastModifiedDate": "2019-09-28T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5188", + "PkgName": "libss2", + "InstalledVersion": "1.44.5-1+deb10u1", + "FixedVersion": "1.44.5-1+deb10u3", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", + "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", + "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", + "https://usn.ubuntu.com/4249-1/", + "https://usn.ubuntu.com/usn/usn-4249-1" + ], + "PublishedDate": "2020-01-08T16:15:00Z", + "LastModifiedDate": "2020-01-28T06:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12886", + "PkgName": "libstdc++6", + "InstalledVersion": "8.3.0-6", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12886", + "Title": "gcc: spilling of stack protection address in cfgexpand.c and function.c leads to stack-overflow protection bypass", + "Description": "stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "V3Score": 6.8 + } + }, + "References": [ + "https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=266379\u0026view=markup", + "https://www.gnu.org/software/gcc/gcc-8/changes.html" + ], + "PublishedDate": "2019-05-22T19:29:00Z", + "LastModifiedDate": "2019-05-23T13:50:00Z" + }, + { + "VulnerabilityID": "CVE-2019-15847", + "PkgName": "libstdc++6", + "InstalledVersion": "8.3.0-6", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-15847", + "Title": "gcc: POWER9 \"DARN\" RNG intrinsic produces repeated output", + "Description": "The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-331" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00056.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00057.html", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91481" + ], + "PublishedDate": "2019-09-02T23:15:00Z", + "LastModifiedDate": "2019-10-22T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3843", + "PkgName": "libsystemd0", + "InstalledVersion": "241-7~deb10u1", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3843", + "Title": "systemd: services with DynamicUser can create SUID/SGID binaries", + "Description": "It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 4.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/108116", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3843", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3843", + "https://github.com/systemd/systemd-stable/pull/54 (backport for v241-stable)", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5JXQAKSTMABZ46EVCRMW62DHWYHTTFES/", + "https://security.netapp.com/advisory/ntap-20190619-0002/", + "https://usn.ubuntu.com/usn/usn-4269-1" + ], + "PublishedDate": "2019-04-26T21:29:00Z", + "LastModifiedDate": "2019-06-19T10:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3844", + "PkgName": "libsystemd0", + "InstalledVersion": "241-7~deb10u1", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3844", + "Title": "systemd: services with DynamicUser can get new privileges and create SGID binaries", + "Description": "It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 4.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/108096", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3844", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3844", + "https://security.netapp.com/advisory/ntap-20190619-0002/", + "https://usn.ubuntu.com/usn/usn-4269-1" + ], + "PublishedDate": "2019-04-26T21:29:00Z", + "LastModifiedDate": "2019-06-19T10:15:00Z" + }, + { + "VulnerabilityID": "CVE-2020-1712", + "PkgName": "libsystemd0", + "InstalledVersion": "241-7~deb10u1", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-1712", + "Title": "systemd: use-after-free when asynchronous polkit queries are performed", + "Description": "A heap use-after-free vulnerability was found in systemd, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.", + "Severity": "HIGH", + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2020-1712.html", + "http://linux.oracle.com/errata/ELSA-2020-0575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1712", + "https://usn.ubuntu.com/usn/usn-4269-1" + ] + }, + { + "VulnerabilityID": "CVE-2019-15718", + "PkgName": "libsystemd0", + "InstalledVersion": "241-7~deb10u1", + "FixedVersion": "241-7~deb10u2", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-15718", + "Title": "systemd: systemd-resolved allows unprivileged users to configure DNS", + "Description": "In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-284" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 2.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-15718.html", + "http://linux.oracle.com/errata/ELSA-2019-3592.html", + "http://www.openwall.com/lists/oss-security/2019/09/03/1", + "https://bugzilla.redhat.com/show_bug.cgi?id=1746057", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15718", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRE5IS24XTF5WNZGH2L7GSQJKARBOEGL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIKGKXZ5OEGOEYURHLJHEMFYNLEGAW5B/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2WNHRJW4XI6H5YMDG4BUFGPAXWUMUVG/", + "https://usn.ubuntu.com/usn/usn-4120-1" + ], + "PublishedDate": "2019-09-04T12:15:00Z", + "LastModifiedDate": "2019-09-19T04:15:00Z" + }, + { + "VulnerabilityID": "CVE-2013-4392", + "PkgName": "libsystemd0", + "InstalledVersion": "241-7~deb10u1", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4392", + "Title": "systemd: TOCTOU race condition when updating file permissions and SELinux security contexts", + "Description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", + "Severity": "LOW", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "V2Score": 3.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "V2Score": 3.3 + } + }, + "References": [ + "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", + "http://www.openwall.com/lists/oss-security/2013/10/01/9", + "https://bugzilla.redhat.com/show_bug.cgi?id=859060" + ], + "PublishedDate": "2013-10-28T22:55:00Z", + "LastModifiedDate": "2013-12-08T06:00:00Z" + }, + { + "VulnerabilityID": "CVE-2019-20386", + "PkgName": "libsystemd0", + "InstalledVersion": "241-7~deb10u1", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20386", + "Title": "systemd: a memory leak was discovered in button_open in login/logind-button.c when udev events are received", + "Description": "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.", + "Severity": "LOW", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 2.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20386", + "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad", + "https://security.netapp.com/advisory/ntap-20200210-0002/", + "https://usn.ubuntu.com/4269-1/", + "https://usn.ubuntu.com/usn/usn-4269-1" + ], + "PublishedDate": "2020-01-21T06:15:00Z", + "LastModifiedDate": "2020-02-10T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1000654", + "PkgName": "libtasn1-6", + "InstalledVersion": "4.13-3", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000654", + "Title": "libtasn1: Infinite loop in _asn1_expand_object_id(ptree) leads to memory exhaustion", + "Description": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", + "Severity": "LOW", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 7.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html", + "http://www.securityfocus.com/bid/105151", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000654", + "https://gitlab.com/gnutls/libtasn1/issues/4" + ], + "PublishedDate": "2018-08-20T19:31:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17594", + "PkgName": "libtinfo6", + "InstalledVersion": "6.1+20181013-2+deb10u1", + "FixedVersion": "6.1+20181013-2+deb10u2", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", + "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-26T15:35:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17595", + "PkgName": "libtinfo6", + "InstalledVersion": "6.1+20181013-2+deb10u1", + "FixedVersion": "6.1+20181013-2+deb10u2", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", + "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V2Score": 5.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 5.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-23T19:26:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3843", + "PkgName": "libudev1", + "InstalledVersion": "241-7~deb10u1", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3843", + "Title": "systemd: services with DynamicUser can create SUID/SGID binaries", + "Description": "It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 4.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/108116", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3843", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3843", + "https://github.com/systemd/systemd-stable/pull/54 (backport for v241-stable)", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5JXQAKSTMABZ46EVCRMW62DHWYHTTFES/", + "https://security.netapp.com/advisory/ntap-20190619-0002/", + "https://usn.ubuntu.com/usn/usn-4269-1" + ], + "PublishedDate": "2019-04-26T21:29:00Z", + "LastModifiedDate": "2019-06-19T10:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3844", + "PkgName": "libudev1", + "InstalledVersion": "241-7~deb10u1", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3844", + "Title": "systemd: services with DynamicUser can get new privileges and create SGID binaries", + "Description": "It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 4.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/108096", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3844", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3844", + "https://security.netapp.com/advisory/ntap-20190619-0002/", + "https://usn.ubuntu.com/usn/usn-4269-1" + ], + "PublishedDate": "2019-04-26T21:29:00Z", + "LastModifiedDate": "2019-06-19T10:15:00Z" + }, + { + "VulnerabilityID": "CVE-2020-1712", + "PkgName": "libudev1", + "InstalledVersion": "241-7~deb10u1", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-1712", + "Title": "systemd: use-after-free when asynchronous polkit queries are performed", + "Description": "A heap use-after-free vulnerability was found in systemd, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.", + "Severity": "HIGH", + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2020-1712.html", + "http://linux.oracle.com/errata/ELSA-2020-0575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1712", + "https://usn.ubuntu.com/usn/usn-4269-1" + ] + }, + { + "VulnerabilityID": "CVE-2019-15718", + "PkgName": "libudev1", + "InstalledVersion": "241-7~deb10u1", + "FixedVersion": "241-7~deb10u2", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-15718", + "Title": "systemd: systemd-resolved allows unprivileged users to configure DNS", + "Description": "In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-284" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 2.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-15718.html", + "http://linux.oracle.com/errata/ELSA-2019-3592.html", + "http://www.openwall.com/lists/oss-security/2019/09/03/1", + "https://bugzilla.redhat.com/show_bug.cgi?id=1746057", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15718", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRE5IS24XTF5WNZGH2L7GSQJKARBOEGL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIKGKXZ5OEGOEYURHLJHEMFYNLEGAW5B/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2WNHRJW4XI6H5YMDG4BUFGPAXWUMUVG/", + "https://usn.ubuntu.com/usn/usn-4120-1" + ], + "PublishedDate": "2019-09-04T12:15:00Z", + "LastModifiedDate": "2019-09-19T04:15:00Z" + }, + { + "VulnerabilityID": "CVE-2013-4392", + "PkgName": "libudev1", + "InstalledVersion": "241-7~deb10u1", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4392", + "Title": "systemd: TOCTOU race condition when updating file permissions and SELinux security contexts", + "Description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", + "Severity": "LOW", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "V2Score": 3.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "V2Score": 3.3 + } + }, + "References": [ + "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", + "http://www.openwall.com/lists/oss-security/2013/10/01/9", + "https://bugzilla.redhat.com/show_bug.cgi?id=859060" + ], + "PublishedDate": "2013-10-28T22:55:00Z", + "LastModifiedDate": "2013-12-08T06:00:00Z" + }, + { + "VulnerabilityID": "CVE-2019-20386", + "PkgName": "libudev1", + "InstalledVersion": "241-7~deb10u1", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20386", + "Title": "systemd: a memory leak was discovered in button_open in login/logind-button.c when udev events are received", + "Description": "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.", + "Severity": "LOW", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 2.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20386", + "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad", + "https://security.netapp.com/advisory/ntap-20200210-0002/", + "https://usn.ubuntu.com/4269-1/", + "https://usn.ubuntu.com/usn/usn-4269-1" + ], + "PublishedDate": "2020-01-21T06:15:00Z", + "LastModifiedDate": "2020-02-10T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2012-2663", + "PkgName": "libxtables12", + "InstalledVersion": "1.8.2-4", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2012-2663", + "Title": "iptables: --syn flag bypass", + "Description": "extensions/libxt_tcp.c in iptables through 1.4.21 does not match TCP SYN+FIN packets in --syn rules, which might allow remote attackers to bypass intended firewall restrictions via crafted packets. NOTE: the CVE-2012-6638 fix makes this issue less relevant.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V2Score": 6.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2012/05/30/2", + "http://www.spinics.net/lists/netfilter-devel/msg21248.html", + "https://bugzilla.redhat.com/show_bug.cgi?id=826702", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2663" + ], + "PublishedDate": "2014-02-15T14:57:00Z", + "LastModifiedDate": "2014-02-18T19:12:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11360", + "PkgName": "libxtables12", + "InstalledVersion": "1.8.2-4", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11360", + "Description": "A buffer overflow in iptables-restore in netfilter iptables 1.8.2 allows an attacker to (at least) crash the program or potentially gain code execution via a specially crafted iptables-save file. This is related to add_param_to_argv in xshared.c.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + } + }, + "References": [ + "https://0day.work/cve-2019-11360-bufferoverflow-in-iptables-restore-v1-8-2/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11360", + "https://git.netfilter.org/iptables/commit/iptables/xshared.c?id=2ae1099a42e6a0f06de305ca13a842ac83d4683e", + "https://git.netfilter.org/iptables/commit/iptables/xshared.c?id=2ae1099a42e6a0f06de305ca13a842ac83d4683e (1.8.3)" + ], + "PublishedDate": "2019-07-12T14:15:00Z", + "LastModifiedDate": "2019-07-15T12:33:00Z" + }, + { + "VulnerabilityID": "CVE-2007-5686", + "PkgName": "login", + "InstalledVersion": "1:4.5-1.1", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2007-5686", + "Description": "initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.", + "Severity": "LOW", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N", + "V2Score": 4.9 + } + }, + "References": [ + "http://secunia.com/advisories/27215", + "http://www.securityfocus.com/archive/1/482129/100/100/threaded", + "http://www.securityfocus.com/archive/1/482857/100/0/threaded", + "http://www.securityfocus.com/bid/26048", + "http://www.vupen.com/english/advisories/2007/3474", + "https://issues.rpath.com/browse/RPL-1825" + ], + "PublishedDate": "2007-10-28T17:08:00Z", + "LastModifiedDate": "2018-10-15T21:45:00Z" + }, + { + "VulnerabilityID": "CVE-2013-4235", + "PkgName": "login", + "InstalledVersion": "1:4.5-1.1", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4235", + "Title": "shadow-utils: TOCTOU race conditions by copying and removing directory trees", + "Description": "shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees", + "Severity": "LOW", + "CweIDs": [ + "CWE-367" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", + "V2Score": 3.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 3.7, + "V3Score": 6.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/cve-2013-4235", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4235", + "https://security-tracker.debian.org/tracker/CVE-2013-4235" + ], + "PublishedDate": "2019-12-03T15:15:00Z", + "LastModifiedDate": "2019-12-13T15:30:00Z" + }, + { + "VulnerabilityID": "CVE-2018-7169", + "PkgName": "login", + "InstalledVersion": "1:4.5-1.1", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7169", + "Title": "shadow-utils: newgidmap allows unprivileged user to drop supplementary groups potentially allowing privilege escalation", + "Description": "An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used \"group blacklisting\" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.", + "Severity": "LOW", + "CweIDs": [ + "CWE-732" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.4 + } + }, + "References": [ + "https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7169", + "https://github.com/shadow-maint/shadow/pull/97", + "https://security.gentoo.org/glsa/201805-09" + ], + "PublishedDate": "2018-02-15T20:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19882", + "PkgName": "login", + "InstalledVersion": "1:4.5-1.1", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19882", + "Title": "shadow-utils: local users can obtain root access because setuid programs are misconfigured", + "Description": "shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing --disable-account-tools-setuid, and without a PAM configuration suitable for use with setuid account management tools. This combination leads to account management tools (groupadd, groupdel, groupmod, useradd, userdel, usermod) that can easily be used by unprivileged local users to escalate privileges to root in multiple ways. This issue became much more relevant in approximately December 2019 when an unrelated bug was fixed (i.e., the chmod calls to suidusbins were fixed in the upstream Makefile which is now included in the release version 4.8).", + "Severity": "LOW", + "CweIDs": [ + "CWE-269" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", + "V2Score": 6.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://bugs.archlinux.org/task/64836", + "https://bugs.gentoo.org/702252", + "https://github.com/shadow-maint/shadow/commit/edf7547ad5aa650be868cf2dac58944773c12d75", + "https://github.com/shadow-maint/shadow/pull/199", + "https://github.com/void-linux/void-packages/pull/17580" + ], + "PublishedDate": "2019-12-18T16:15:00Z", + "LastModifiedDate": "2019-12-30T19:02:00Z" + }, + { + "VulnerabilityID": "TEMP-0628843-DBAD28", + "PkgName": "login", + "InstalledVersion": "1:4.5-1.1", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://security-tracker.debian.org/tracker/TEMP-0628843-DBAD28", + "Severity": "LOW" + }, + { + "VulnerabilityID": "CVE-2019-17594", + "PkgName": "ncurses-base", + "InstalledVersion": "6.1+20181013-2+deb10u1", + "FixedVersion": "6.1+20181013-2+deb10u2", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", + "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-26T15:35:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17595", + "PkgName": "ncurses-base", + "InstalledVersion": "6.1+20181013-2+deb10u1", + "FixedVersion": "6.1+20181013-2+deb10u2", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", + "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V2Score": 5.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 5.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-23T19:26:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17594", + "PkgName": "ncurses-bin", + "InstalledVersion": "6.1+20181013-2+deb10u1", + "FixedVersion": "6.1+20181013-2+deb10u2", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", + "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-26T15:35:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17595", + "PkgName": "ncurses-bin", + "InstalledVersion": "6.1+20181013-2+deb10u1", + "FixedVersion": "6.1+20181013-2+deb10u2", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", + "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V2Score": 5.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 5.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-23T19:26:00Z" + }, + { + "VulnerabilityID": "CVE-2007-5686", + "PkgName": "passwd", + "InstalledVersion": "1:4.5-1.1", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2007-5686", + "Description": "initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.", + "Severity": "LOW", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N", + "V2Score": 4.9 + } + }, + "References": [ + "http://secunia.com/advisories/27215", + "http://www.securityfocus.com/archive/1/482129/100/100/threaded", + "http://www.securityfocus.com/archive/1/482857/100/0/threaded", + "http://www.securityfocus.com/bid/26048", + "http://www.vupen.com/english/advisories/2007/3474", + "https://issues.rpath.com/browse/RPL-1825" + ], + "PublishedDate": "2007-10-28T17:08:00Z", + "LastModifiedDate": "2018-10-15T21:45:00Z" + }, + { + "VulnerabilityID": "CVE-2013-4235", + "PkgName": "passwd", + "InstalledVersion": "1:4.5-1.1", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4235", + "Title": "shadow-utils: TOCTOU race conditions by copying and removing directory trees", + "Description": "shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees", + "Severity": "LOW", + "CweIDs": [ + "CWE-367" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", + "V2Score": 3.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 3.7, + "V3Score": 6.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/cve-2013-4235", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4235", + "https://security-tracker.debian.org/tracker/CVE-2013-4235" + ], + "PublishedDate": "2019-12-03T15:15:00Z", + "LastModifiedDate": "2019-12-13T15:30:00Z" + }, + { + "VulnerabilityID": "CVE-2018-7169", + "PkgName": "passwd", + "InstalledVersion": "1:4.5-1.1", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7169", + "Title": "shadow-utils: newgidmap allows unprivileged user to drop supplementary groups potentially allowing privilege escalation", + "Description": "An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used \"group blacklisting\" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.", + "Severity": "LOW", + "CweIDs": [ + "CWE-732" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.4 + } + }, + "References": [ + "https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7169", + "https://github.com/shadow-maint/shadow/pull/97", + "https://security.gentoo.org/glsa/201805-09" + ], + "PublishedDate": "2018-02-15T20:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19882", + "PkgName": "passwd", + "InstalledVersion": "1:4.5-1.1", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19882", + "Title": "shadow-utils: local users can obtain root access because setuid programs are misconfigured", + "Description": "shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing --disable-account-tools-setuid, and without a PAM configuration suitable for use with setuid account management tools. This combination leads to account management tools (groupadd, groupdel, groupmod, useradd, userdel, usermod) that can easily be used by unprivileged local users to escalate privileges to root in multiple ways. This issue became much more relevant in approximately December 2019 when an unrelated bug was fixed (i.e., the chmod calls to suidusbins were fixed in the upstream Makefile which is now included in the release version 4.8).", + "Severity": "LOW", + "CweIDs": [ + "CWE-269" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", + "V2Score": 6.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://bugs.archlinux.org/task/64836", + "https://bugs.gentoo.org/702252", + "https://github.com/shadow-maint/shadow/commit/edf7547ad5aa650be868cf2dac58944773c12d75", + "https://github.com/shadow-maint/shadow/pull/199", + "https://github.com/void-linux/void-packages/pull/17580" + ], + "PublishedDate": "2019-12-18T16:15:00Z", + "LastModifiedDate": "2019-12-30T19:02:00Z" + }, + { + "VulnerabilityID": "TEMP-0628843-DBAD28", + "PkgName": "passwd", + "InstalledVersion": "1:4.5-1.1", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://security-tracker.debian.org/tracker/TEMP-0628843-DBAD28", + "Severity": "LOW" + }, + { + "VulnerabilityID": "CVE-2011-4116", + "PkgName": "perl-base", + "InstalledVersion": "5.28.1-6", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-4116", + "Title": "perl: File::Temp insecure temporary file handling", + "Description": "_is_safe in the File::Temp module for Perl does not properly handle symlinks.", + "Severity": "LOW", + "CweIDs": [ + "CWE-59" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", + "V2Score": 1.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2011/11/04/2", + "http://www.openwall.com/lists/oss-security/2011/11/04/4", + "https://github.com/Perl-Toolchain-Gang/File-Temp/issues/14", + "https://rt.cpan.org/Public/Bug/Display.html?id=69106", + "https://seclists.org/oss-sec/2011/q4/238" + ], + "PublishedDate": "2020-01-31T18:15:00Z", + "LastModifiedDate": "2020-02-05T22:10:00Z" + }, + { + "VulnerabilityID": "TEMP-0517018-A83CE6", + "PkgName": "sysvinit-utils", + "InstalledVersion": "2.93-8", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://security-tracker.debian.org/tracker/TEMP-0517018-A83CE6", + "Severity": "LOW" + }, + { + "VulnerabilityID": "CVE-2005-2541", + "PkgName": "tar", + "InstalledVersion": "1.30+dfsg-6", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2005-2541", + "Description": "Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.", + "Severity": "LOW", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "V2Score": 10 + } + }, + "References": [ + "http://marc.info/?l=bugtraq\u0026m=112327628230258\u0026w=2" + ], + "PublishedDate": "2005-08-10T04:00:00Z", + "LastModifiedDate": "2016-10-18T03:28:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9923", + "PkgName": "tar", + "InstalledVersion": "1.30+dfsg-6", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9923", + "Title": "tar: null-pointer dereference in pax_decode_header in sparse.c", + "Description": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html", + "http://savannah.gnu.org/bugs/?55369", + "https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241" + ], + "PublishedDate": "2019-03-22T08:29:00Z", + "LastModifiedDate": "2019-04-24T19:02:00Z" + }, + { + "VulnerabilityID": "TEMP-0290435-0B57B5", + "PkgName": "tar", + "InstalledVersion": "1.30+dfsg-6", + "Layer": { + "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://security-tracker.debian.org/tracker/TEMP-0290435-0B57B5", + "Severity": "LOW" + } + ] + } + ] +} \ No newline at end of file diff --git a/integration/testdata/debian-stretch.json.golden b/integration/testdata/debian-stretch.json.golden index 516698fd1d..d3811ae050 100644 --- a/integration/testdata/debian-stretch.json.golden +++ b/integration/testdata/debian-stretch.json.golden @@ -1,5775 +1,5824 @@ -[ - { - "Target": "testdata/fixtures/images/debian-stretch.tar.gz (debian 9.9)", - "Class": "os-pkgs", - "Type": "debian", - "Vulnerabilities": [ - { - "VulnerabilityID": "CVE-2011-3374", - "PkgName": "apt", - "InstalledVersion": "1.4.9", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" +{ + "SchemaVersion": 2, + "ArtifactName": "testdata/fixtures/images/debian-stretch.tar.gz", + "ArtifactType": "container_image", + "Metadata": { + "OS": { + "Family": "debian", + "Name": "9.9" + }, + "ImageID": "sha256:f26939cc87ef44a6fc554eedd0a976ab30b5bc2769d65d2e986b6c5f1fd4053d", + "DiffIDs": [ + "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + ], + "ImageConfig": { + "architecture": "amd64", + "container": "957bc0b73d29f0e1030fec9c63f81d3e81baa610cffcc9c574b14fee6d1821ae", + "created": "2019-08-14T00:24:45.872523599Z", + "docker_version": "18.06.1-ce", + "history": [ + { + "created": "2019-08-14T00:24:45.612796997Z", + "created_by": "/bin/sh -c #(nop) ADD file:b9b24bd862a79bf6c6e79daf6babca27245063eb52a2f72ffc4fc3494ddd3d48 in / " }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-3374", - "Description": "It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-347" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "https://access.redhat.com/security/cve/cve-2011-3374", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480", - "https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html", - "https://security-tracker.debian.org/tracker/CVE-2011-3374", - "https://snyk.io/vuln/SNYK-LINUX-APT-116518" - ], - "PublishedDate": "2019-11-26T00:15:00Z", - "LastModifiedDate": "2019-12-04T15:35:00Z" - }, - { - "VulnerabilityID": "CVE-2019-18276", - "PkgName": "bash", - "InstalledVersion": "4.4-5", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18276", - "Title": "bash: when effective UID is not equal to its real UID the saved UID is not dropped", - "Description": "An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support \"saved UID\" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use \"enable -f\" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.", - "Severity": "LOW", - "CweIDs": [ - "CWE-273" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V2Score": 7.2 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276", - "https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff", - "https://www.youtube.com/watch?v=-wGtxJ8opa8" - ], - "PublishedDate": "2019-11-28T01:15:00Z", - "LastModifiedDate": "2020-01-22T14:27:00Z" - }, - { - "VulnerabilityID": "TEMP-0841856-B18BAF", - "PkgName": "bash", - "InstalledVersion": "4.4-5", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://security-tracker.debian.org/tracker/TEMP-0841856-B18BAF", - "Severity": "LOW" - }, - { - "VulnerabilityID": "CVE-2016-2779", - "PkgName": "bsdutils", - "InstalledVersion": "2.29.2-1+deb9u1", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", - "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", - "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 6.2, - "V3Score": 8.6 - } - }, - "References": [ - "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", - "http://www.openwall.com/lists/oss-security/2016/02/27/1", - "http://www.openwall.com/lists/oss-security/2016/02/27/2", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" - ], - "PublishedDate": "2017-02-07T15:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2781", - "PkgName": "coreutils", - "InstalledVersion": "8.26-3", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2781", - "Title": "coreutils: Non-privileged session can escape to the parent session in chroot", - "Description": "chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", - "V2Score": 2.1, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 6.2, - "V3Score": 8.6 - } - }, - "References": [ - "http://seclists.org/oss-sec/2016/q1/452", - "http://www.openwall.com/lists/oss-security/2016/02/28/2", - "http://www.openwall.com/lists/oss-security/2016/02/28/3", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2781" - ], - "PublishedDate": "2017-02-07T15:59:00Z", - "LastModifiedDate": "2017-02-27T19:32:00Z" - }, - { - "VulnerabilityID": "CVE-2017-18018", - "PkgName": "coreutils", - "InstalledVersion": "8.26-3", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18018", - "Title": "coreutils: race condition vulnerability in chown and chgrp", - "Description": "In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX \"-R -L\" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.", - "Severity": "LOW", - "CweIDs": [ - "CWE-362" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 4.2 - } - }, - "References": [ - "http://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html" - ], - "PublishedDate": "2018-01-04T04:29:00Z", - "LastModifiedDate": "2018-01-19T15:46:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5094", - "PkgName": "e2fslibs", - "InstalledVersion": "1.43.4-2", - "FixedVersion": "1.43.4-2+deb9u1", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", - "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", - "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 6.4 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", - "https://seclists.org/bugtraq/2019/Sep/58", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", - "https://usn.ubuntu.com/4142-2/", - "https://usn.ubuntu.com/usn/usn-4142-1", - "https://usn.ubuntu.com/usn/usn-4142-2", - "https://www.debian.org/security/2019/dsa-4535" - ], - "PublishedDate": "2019-09-24T22:15:00Z", - "LastModifiedDate": "2019-09-28T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5188", - "PkgName": "e2fslibs", - "InstalledVersion": "1.43.4-2", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", - "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", - "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", - "https://usn.ubuntu.com/4249-1/", - "https://usn.ubuntu.com/usn/usn-4249-1" - ], - "PublishedDate": "2020-01-08T16:15:00Z", - "LastModifiedDate": "2020-01-28T06:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5094", - "PkgName": "e2fsprogs", - "InstalledVersion": "1.43.4-2", - "FixedVersion": "1.43.4-2+deb9u1", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", - "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", - "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 6.4 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", - "https://seclists.org/bugtraq/2019/Sep/58", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", - "https://usn.ubuntu.com/4142-2/", - "https://usn.ubuntu.com/usn/usn-4142-1", - "https://usn.ubuntu.com/usn/usn-4142-2", - "https://www.debian.org/security/2019/dsa-4535" - ], - "PublishedDate": "2019-09-24T22:15:00Z", - "LastModifiedDate": "2019-09-28T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5188", - "PkgName": "e2fsprogs", - "InstalledVersion": "1.43.4-2", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", - "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", - "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", - "https://usn.ubuntu.com/4249-1/", - "https://usn.ubuntu.com/usn/usn-4249-1" - ], - "PublishedDate": "2020-01-08T16:15:00Z", - "LastModifiedDate": "2020-01-28T06:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12886", - "PkgName": "gcc-6-base", - "InstalledVersion": "6.3.0-18+deb9u1", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12886", - "Title": "gcc: spilling of stack protection address in cfgexpand.c and function.c leads to stack-overflow protection bypass", - "Description": "stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", - "V3Score": 6.8 - } - }, - "References": [ - "https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=266379\u0026view=markup", - "https://www.gnu.org/software/gcc/gcc-8/changes.html" - ], - "PublishedDate": "2019-05-22T19:29:00Z", - "LastModifiedDate": "2019-05-23T13:50:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1000858", - "PkgName": "gpgv", - "InstalledVersion": "2.1.18-8~deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000858", - "Title": "gnupg2: Cross site request forgery in dirmngr resulting in an information disclosure or denial of service", - "Description": "GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window of Thunderbird/Enigmail. This vulnerability appears to have been fixed in after commit 4a4bb874f63741026bd26264c43bb32b1099f060.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-352" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000858", - "https://sektioneins.de/en/advisories/advisory-012018-gnupg-wkd.html", - "https://sektioneins.de/en/blog/18-11-23-gnupg-wkd.html", - "https://usn.ubuntu.com/3853-1/", - "https://usn.ubuntu.com/usn/usn-3853-1" - ], - "PublishedDate": "2018-12-20T17:29:00Z", - "LastModifiedDate": "2019-02-13T16:43:00Z" - }, - { - "VulnerabilityID": "CVE-2018-9234", - "PkgName": "gpgv", - "InstalledVersion": "2.1.18-8~deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-9234", - "Title": "GnuPG: Unenforced configuration allows for apparently valid certifications actually signed by signing subkeys", - "Description": "GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.", - "Severity": "LOW", - "CweIDs": [ - "CWE-320" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", - "V3Score": 2.2 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9234", - "https://dev.gnupg.org/T3844", - "https://usn.ubuntu.com/3675-1/", - "https://usn.ubuntu.com/usn/usn-3675-1" - ], - "PublishedDate": "2018-04-04T00:29:00Z", - "LastModifiedDate": "2019-02-27T19:37:00Z" - }, - { - "VulnerabilityID": "CVE-2019-14855", - "PkgName": "gpgv", - "InstalledVersion": "2.1.18-8~deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14855", - "Description": "Web of Trust forgeries using collisions in SHA-1 signatures.", - "Severity": "LOW", - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14855", - "https://eprint.iacr.org/2020/014.pdf" + { + "created": "2019-08-14T00:24:45.872523599Z", + "created_by": "/bin/sh -c #(nop) CMD [\"bash\"]", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" ] }, - { - "VulnerabilityID": "CVE-2011-3374", - "PkgName": "libapt-pkg5.0", - "InstalledVersion": "1.4.9", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-3374", - "Description": "It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-347" + "config": { + "Cmd": [ + "bash" ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "https://access.redhat.com/security/cve/cve-2011-3374", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480", - "https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html", - "https://security-tracker.debian.org/tracker/CVE-2011-3374", - "https://snyk.io/vuln/SNYK-LINUX-APT-116518" + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ], - "PublishedDate": "2019-11-26T00:15:00Z", - "LastModifiedDate": "2019-12-04T15:35:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2779", - "PkgName": "libblkid1", - "InstalledVersion": "2.29.2-1+deb9u1", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", - "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", - "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 6.2, - "V3Score": 8.6 - } - }, - "References": [ - "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", - "http://www.openwall.com/lists/oss-security/2016/02/27/1", - "http://www.openwall.com/lists/oss-security/2016/02/27/2", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" - ], - "PublishedDate": "2017-02-07T15:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2019-12900", - "PkgName": "libbz2-1.0", - "InstalledVersion": "1.0.6-8.1", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12900", - "Title": "bzip2: out-of-bounds write in function BZ2_decompress", - "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 4 - } - }, - "References": [ - "https://bugs.launchpad.net/ubuntu/+source/bzip2/+bug/1834494", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12900", - "https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html", - "https://usn.ubuntu.com/4038-1/", - "https://usn.ubuntu.com/4038-2/", - "https://usn.ubuntu.com/usn/usn-4038-1", - "https://usn.ubuntu.com/usn/usn-4038-2", - "https://usn.ubuntu.com/usn/usn-4038-3", - "https://usn.ubuntu.com/usn/usn-4038-4", - "https://usn.ubuntu.com/usn/usn-4146-1", - "https://usn.ubuntu.com/usn/usn-4146-2" - ], - "PublishedDate": "2019-06-19T23:15:00Z", - "LastModifiedDate": "2019-06-24T23:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6485", - "PkgName": "libc-bin", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6485", - "Title": "glibc: Integer overflow in posix_memalign in memalign functions", - "Description": "An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://bugs.debian.org/878159", - "http://linux.oracle.com/cve/CVE-2018-6485.html", - "http://linux.oracle.com/errata/ELSA-2018-3092.html", - "http://www.securityfocus.com/bid/102912", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3092", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6485", - "https://security.netapp.com/advisory/ntap-20190404-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22343", - "https://usn.ubuntu.com/4218-1/", - "https://usn.ubuntu.com/usn/usn-4218-1", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-02-01T14:29:00Z", - "LastModifiedDate": "2019-12-10T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6551", - "PkgName": "libc-bin", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6551", - "Title": "glibc: integer overflow in malloc functions", - "Description": "The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6551", - "https://security.netapp.com/advisory/ntap-20190404-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22774", - "https://sourceware.org/git/?p=glibc.git;a=commit;h=8e448310d74b283c5cd02b9ed7fb997b47bf9b22" - ], - "PublishedDate": "2018-02-02T14:29:00Z", - "LastModifiedDate": "2019-04-04T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9169", - "PkgName": "libc-bin", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9169", - "Title": "glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24114", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9", - "https://support.f5.com/csp/article/K54823184" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-04-16T05:29:00Z" - }, - { - "VulnerabilityID": "CVE-2009-5155", - "PkgName": "libc-bin", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2009-5155", - "Title": "glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result", - "Description": "In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5155", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=11053", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18986", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672", - "https://support.f5.com/csp/article/K64119434" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-03-25T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1000001", - "PkgName": "libc-bin", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000001", - "Title": "glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation", - "Description": "In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-1000001.html", - "http://linux.oracle.com/errata/ELSA-2018-0805.html", - "http://seclists.org/oss-sec/2018/q1/38", - "http://www.openwall.com/lists/oss-security/2018/01/11/5", - "http://www.securityfocus.com/bid/102525", - "http://www.securitytracker.com/id/1040162", - "https://access.redhat.com/errata/RHSA-2018:0805", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000001", - "https://lists.samba.org/archive/rsync/2018-February/031478.html", - "https://security.netapp.com/advisory/ntap-20190404-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18203", - "https://usn.ubuntu.com/3534-1/", - "https://usn.ubuntu.com/3536-1/", - "https://usn.ubuntu.com/usn/usn-3534-1", - "https://usn.ubuntu.com/usn/usn-3536-1", - "https://www.exploit-db.com/exploits/43775/", - "https://www.exploit-db.com/exploits/44889/", - "https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/" - ], - "PublishedDate": "2018-01-31T14:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10739", - "PkgName": "libc-bin", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10739", - "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4.6, - "V3Score": 5.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-10739.html", - "http://linux.oracle.com/errata/ELSA-2019-3513.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html", - "http://www.securityfocus.com/bid/106672", - "https://access.redhat.com/errata/RHSA-2019:2118", - "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20018" - ], - "PublishedDate": "2019-01-21T19:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12132", - "PkgName": "libc-bin", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12132", - "Title": "glibc: Fragmentation attacks possible when EDNS0 is enabled", - "Description": "The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", - "V3Score": 3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2017-12132.html", - "http://linux.oracle.com/errata/ELSA-2018-0805.html", - "http://www.securityfocus.com/bid/100598", - "https://access.redhat.com/errata/RHSA-2018:0805", - "https://arxiv.org/pdf/1205.4011.pdf", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12132", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21361" - ], - "PublishedDate": "2017-08-01T16:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2010-4051", - "PkgName": "libc-bin", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4051", - "Title": "CVE-2010-4052 glibc: De-recursivise regular expression engine", - "Description": "The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a \"RE_DUP_MAX overflow.\"", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://cxib.net/stuff/proftpd.gnu.c", - "http://seclists.org/fulldisclosure/2011/Jan/78", - "http://secunia.com/advisories/42547", - "http://securityreason.com/achievement_securityalert/93", - "http://securityreason.com/securityalert/8003", - "http://securitytracker.com/id?1024832", - "http://www.exploit-db.com/exploits/15935", - "http://www.kb.cert.org/vuls/id/912279", - "http://www.securityfocus.com/archive/1/515589/100/0/threaded", - "http://www.securityfocus.com/bid/45233", - "https://bugzilla.redhat.com/show_bug.cgi?id=645859" - ], - "PublishedDate": "2011-01-13T19:00:00Z", - "LastModifiedDate": "2018-10-10T20:06:00Z" - }, - { - "VulnerabilityID": "CVE-2010-4052", - "PkgName": "libc-bin", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4052", - "Title": "CVE-2010-4051 CVE-2010-4052 glibc: De-recursivise regular expression engine", - "Description": "Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://cxib.net/stuff/proftpd.gnu.c", - "http://seclists.org/fulldisclosure/2011/Jan/78", - "http://secunia.com/advisories/42547", - "http://securityreason.com/achievement_securityalert/93", - "http://securityreason.com/securityalert/8003", - "http://securitytracker.com/id?1024832", - "http://www.exploit-db.com/exploits/15935", - "http://www.kb.cert.org/vuls/id/912279", - "http://www.securityfocus.com/archive/1/515589/100/0/threaded", - "http://www.securityfocus.com/bid/45233", - "https://bugzilla.redhat.com/show_bug.cgi?id=645859" - ], - "PublishedDate": "2011-01-13T19:00:00Z", - "LastModifiedDate": "2018-10-10T20:06:00Z" - }, - { - "VulnerabilityID": "CVE-2010-4756", - "PkgName": "libc-bin", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4756", - "Title": "glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions", - "Description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "V2Score": 4 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223" - ], - "PublishedDate": "2011-03-02T20:00:00Z", - "LastModifiedDate": "2011-03-04T05:00:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8985", - "PkgName": "libc-bin", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8985", - "Title": "glibc: potential denial of service in pop_fail_stack()", - "Description": "The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.", - "Severity": "LOW", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/76916", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8985", - "https://security.gentoo.org/glsa/201908-06" - ], - "PublishedDate": "2017-03-20T16:59:00Z", - "LastModifiedDate": "2019-08-15T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10228", - "PkgName": "libc-bin", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228", - "Title": "glibc: iconv program can hang when invoked with the -c option", - "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2017/03/01/10", - "http://www.securityfocus.com/bid/96525", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228", - "https://sourceware.org/bugzilla/show_bug.cgi?id=19519" - ], - "PublishedDate": "2017-03-02T01:59:00Z", - "LastModifiedDate": "2017-03-04T02:59:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20796", - "PkgName": "libc-bin", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20796", - "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", - "Severity": "LOW", - "CweIDs": [ - "CWE-674" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", - "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-11-05T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010022", - "PkgName": "libc-bin", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010022", - "Title": "glibc: stack guard protection bypass", - "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850" - ], - "PublishedDate": "2019-07-15T04:15:00Z", - "LastModifiedDate": "2019-07-18T15:44:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010023", - "PkgName": "libc-bin", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010023", - "Title": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", - "Description": "GNU Libc current is affected by: Re-mapping current loaded libray with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://www.securityfocus.com/bid/109167", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", - "https://support.f5.com/csp/article/K11932200?utm_source=f5support\u0026amp;utm_medium=RSS" - ], - "PublishedDate": "2019-07-15T04:15:00Z", - "LastModifiedDate": "2019-10-09T20:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010024", - "PkgName": "libc-bin", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010024", - "Title": "glibc: ASLR bypass using cache of thread stack and heap", - "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/109162", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", - "https://support.f5.com/csp/article/K06046097" - ], - "PublishedDate": "2019-07-15T04:15:00Z", - "LastModifiedDate": "2019-09-20T07:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010025", - "PkgName": "libc-bin", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010025", - "Title": "glibc: information disclosure of heap addresses of pthread_created thread", - "Description": "** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 2.9 - } - }, - "References": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=22853" - ], - "PublishedDate": "2019-07-15T04:15:00Z", - "LastModifiedDate": "2019-08-05T22:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19126", - "PkgName": "libc-bin", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19126", - "Title": "glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries", - "Description": "On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 2.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 2.9 - } - }, - "References": [ - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFJ5E7NWOL6ROE5QVICHKIOUGCPFJVUH/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=25204" - ], - "PublishedDate": "2019-11-19T22:15:00Z", - "LastModifiedDate": "2020-01-21T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-6488", - "PkgName": "libc-bin", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-6488", - "Title": "glibc: Incorrect attempt to use a 64-bit register for size_t in assembly codes results in segmentation fault", - "Description": "The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in __memmove_avx_unaligned_erms in sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S during a memcpy.", - "Severity": "LOW", - "CweIDs": [ - "CWE-404" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106671", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6488", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24097" - ], - "PublishedDate": "2019-01-18T19:29:00Z", - "LastModifiedDate": "2019-02-05T17:30:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7309", - "PkgName": "libc-bin", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7309", - "Title": "glibc: memcmp function incorrectly returns zero", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 2.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106835", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7309", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24155", - "https://sourceware.org/ml/libc-alpha/2019-02/msg00041.html", - "https://sourceware.org/ml/libc-alpha/2019-02/msg00063.html" - ], - "PublishedDate": "2019-02-03T02:29:00Z", - "LastModifiedDate": "2019-02-27T18:07:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9192", - "PkgName": "libc-bin", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9192", - "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", - "Description": "** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.8 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" - ], - "PublishedDate": "2019-02-26T18:29:00Z", - "LastModifiedDate": "2019-11-05T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6485", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6485", - "Title": "glibc: Integer overflow in posix_memalign in memalign functions", - "Description": "An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://bugs.debian.org/878159", - "http://linux.oracle.com/cve/CVE-2018-6485.html", - "http://linux.oracle.com/errata/ELSA-2018-3092.html", - "http://www.securityfocus.com/bid/102912", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3092", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6485", - "https://security.netapp.com/advisory/ntap-20190404-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22343", - "https://usn.ubuntu.com/4218-1/", - "https://usn.ubuntu.com/usn/usn-4218-1", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-02-01T14:29:00Z", - "LastModifiedDate": "2019-12-10T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6551", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6551", - "Title": "glibc: integer overflow in malloc functions", - "Description": "The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6551", - "https://security.netapp.com/advisory/ntap-20190404-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22774", - "https://sourceware.org/git/?p=glibc.git;a=commit;h=8e448310d74b283c5cd02b9ed7fb997b47bf9b22" - ], - "PublishedDate": "2018-02-02T14:29:00Z", - "LastModifiedDate": "2019-04-04T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9169", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9169", - "Title": "glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24114", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9", - "https://support.f5.com/csp/article/K54823184" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-04-16T05:29:00Z" - }, - { - "VulnerabilityID": "CVE-2009-5155", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2009-5155", - "Title": "glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result", - "Description": "In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5155", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=11053", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18986", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672", - "https://support.f5.com/csp/article/K64119434" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-03-25T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1000001", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000001", - "Title": "glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation", - "Description": "In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-1000001.html", - "http://linux.oracle.com/errata/ELSA-2018-0805.html", - "http://seclists.org/oss-sec/2018/q1/38", - "http://www.openwall.com/lists/oss-security/2018/01/11/5", - "http://www.securityfocus.com/bid/102525", - "http://www.securitytracker.com/id/1040162", - "https://access.redhat.com/errata/RHSA-2018:0805", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000001", - "https://lists.samba.org/archive/rsync/2018-February/031478.html", - "https://security.netapp.com/advisory/ntap-20190404-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18203", - "https://usn.ubuntu.com/3534-1/", - "https://usn.ubuntu.com/3536-1/", - "https://usn.ubuntu.com/usn/usn-3534-1", - "https://usn.ubuntu.com/usn/usn-3536-1", - "https://www.exploit-db.com/exploits/43775/", - "https://www.exploit-db.com/exploits/44889/", - "https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/" - ], - "PublishedDate": "2018-01-31T14:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10739", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10739", - "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4.6, - "V3Score": 5.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-10739.html", - "http://linux.oracle.com/errata/ELSA-2019-3513.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html", - "http://www.securityfocus.com/bid/106672", - "https://access.redhat.com/errata/RHSA-2019:2118", - "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20018" - ], - "PublishedDate": "2019-01-21T19:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12132", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12132", - "Title": "glibc: Fragmentation attacks possible when EDNS0 is enabled", - "Description": "The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", - "V3Score": 3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2017-12132.html", - "http://linux.oracle.com/errata/ELSA-2018-0805.html", - "http://www.securityfocus.com/bid/100598", - "https://access.redhat.com/errata/RHSA-2018:0805", - "https://arxiv.org/pdf/1205.4011.pdf", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12132", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21361" - ], - "PublishedDate": "2017-08-01T16:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2010-4051", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4051", - "Title": "CVE-2010-4052 glibc: De-recursivise regular expression engine", - "Description": "The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a \"RE_DUP_MAX overflow.\"", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://cxib.net/stuff/proftpd.gnu.c", - "http://seclists.org/fulldisclosure/2011/Jan/78", - "http://secunia.com/advisories/42547", - "http://securityreason.com/achievement_securityalert/93", - "http://securityreason.com/securityalert/8003", - "http://securitytracker.com/id?1024832", - "http://www.exploit-db.com/exploits/15935", - "http://www.kb.cert.org/vuls/id/912279", - "http://www.securityfocus.com/archive/1/515589/100/0/threaded", - "http://www.securityfocus.com/bid/45233", - "https://bugzilla.redhat.com/show_bug.cgi?id=645859" - ], - "PublishedDate": "2011-01-13T19:00:00Z", - "LastModifiedDate": "2018-10-10T20:06:00Z" - }, - { - "VulnerabilityID": "CVE-2010-4052", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4052", - "Title": "CVE-2010-4051 CVE-2010-4052 glibc: De-recursivise regular expression engine", - "Description": "Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://cxib.net/stuff/proftpd.gnu.c", - "http://seclists.org/fulldisclosure/2011/Jan/78", - "http://secunia.com/advisories/42547", - "http://securityreason.com/achievement_securityalert/93", - "http://securityreason.com/securityalert/8003", - "http://securitytracker.com/id?1024832", - "http://www.exploit-db.com/exploits/15935", - "http://www.kb.cert.org/vuls/id/912279", - "http://www.securityfocus.com/archive/1/515589/100/0/threaded", - "http://www.securityfocus.com/bid/45233", - "https://bugzilla.redhat.com/show_bug.cgi?id=645859" - ], - "PublishedDate": "2011-01-13T19:00:00Z", - "LastModifiedDate": "2018-10-10T20:06:00Z" - }, - { - "VulnerabilityID": "CVE-2010-4756", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4756", - "Title": "glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions", - "Description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "V2Score": 4 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223" - ], - "PublishedDate": "2011-03-02T20:00:00Z", - "LastModifiedDate": "2011-03-04T05:00:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8985", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8985", - "Title": "glibc: potential denial of service in pop_fail_stack()", - "Description": "The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.", - "Severity": "LOW", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/76916", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8985", - "https://security.gentoo.org/glsa/201908-06" - ], - "PublishedDate": "2017-03-20T16:59:00Z", - "LastModifiedDate": "2019-08-15T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10228", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228", - "Title": "glibc: iconv program can hang when invoked with the -c option", - "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2017/03/01/10", - "http://www.securityfocus.com/bid/96525", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228", - "https://sourceware.org/bugzilla/show_bug.cgi?id=19519" - ], - "PublishedDate": "2017-03-02T01:59:00Z", - "LastModifiedDate": "2017-03-04T02:59:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20796", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20796", - "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", - "Severity": "LOW", - "CweIDs": [ - "CWE-674" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", - "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-11-05T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010022", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010022", - "Title": "glibc: stack guard protection bypass", - "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850" - ], - "PublishedDate": "2019-07-15T04:15:00Z", - "LastModifiedDate": "2019-07-18T15:44:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010023", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010023", - "Title": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", - "Description": "GNU Libc current is affected by: Re-mapping current loaded libray with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://www.securityfocus.com/bid/109167", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", - "https://support.f5.com/csp/article/K11932200?utm_source=f5support\u0026amp;utm_medium=RSS" - ], - "PublishedDate": "2019-07-15T04:15:00Z", - "LastModifiedDate": "2019-10-09T20:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010024", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010024", - "Title": "glibc: ASLR bypass using cache of thread stack and heap", - "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/109162", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", - "https://support.f5.com/csp/article/K06046097" - ], - "PublishedDate": "2019-07-15T04:15:00Z", - "LastModifiedDate": "2019-09-20T07:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010025", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010025", - "Title": "glibc: information disclosure of heap addresses of pthread_created thread", - "Description": "** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 2.9 - } - }, - "References": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=22853" - ], - "PublishedDate": "2019-07-15T04:15:00Z", - "LastModifiedDate": "2019-08-05T22:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19126", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19126", - "Title": "glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries", - "Description": "On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 2.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 2.9 - } - }, - "References": [ - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFJ5E7NWOL6ROE5QVICHKIOUGCPFJVUH/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=25204" - ], - "PublishedDate": "2019-11-19T22:15:00Z", - "LastModifiedDate": "2020-01-21T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-6488", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-6488", - "Title": "glibc: Incorrect attempt to use a 64-bit register for size_t in assembly codes results in segmentation fault", - "Description": "The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in __memmove_avx_unaligned_erms in sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S during a memcpy.", - "Severity": "LOW", - "CweIDs": [ - "CWE-404" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106671", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6488", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24097" - ], - "PublishedDate": "2019-01-18T19:29:00Z", - "LastModifiedDate": "2019-02-05T17:30:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7309", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7309", - "Title": "glibc: memcmp function incorrectly returns zero", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 2.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106835", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7309", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24155", - "https://sourceware.org/ml/libc-alpha/2019-02/msg00041.html", - "https://sourceware.org/ml/libc-alpha/2019-02/msg00063.html" - ], - "PublishedDate": "2019-02-03T02:29:00Z", - "LastModifiedDate": "2019-02-27T18:07:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9192", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9192", - "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", - "Description": "** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.8 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" - ], - "PublishedDate": "2019-02-26T18:29:00Z", - "LastModifiedDate": "2019-11-05T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5094", - "PkgName": "libcomerr2", - "InstalledVersion": "1.43.4-2", - "FixedVersion": "1.43.4-2+deb9u1", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", - "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", - "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 6.4 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", - "https://seclists.org/bugtraq/2019/Sep/58", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", - "https://usn.ubuntu.com/4142-2/", - "https://usn.ubuntu.com/usn/usn-4142-1", - "https://usn.ubuntu.com/usn/usn-4142-2", - "https://www.debian.org/security/2019/dsa-4535" - ], - "PublishedDate": "2019-09-24T22:15:00Z", - "LastModifiedDate": "2019-09-28T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5188", - "PkgName": "libcomerr2", - "InstalledVersion": "1.43.4-2", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", - "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", - "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", - "https://usn.ubuntu.com/4249-1/", - "https://usn.ubuntu.com/usn/usn-4249-1" - ], - "PublishedDate": "2020-01-08T16:15:00Z", - "LastModifiedDate": "2020-01-28T06:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16062", - "PkgName": "libelf1", - "InstalledVersion": "0.168-1", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16062", - "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file", - "Description": "dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16062.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23541", - "https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-08-29T03:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18310", - "PkgName": "libelf1", - "InstalledVersion": "0.168-1", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18310", - "Title": "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl", - "Description": "An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18310.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23752", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-15T02:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16402", - "PkgName": "libelf1", - "InstalledVersion": "0.168-1", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16402", - "Title": "elfutils: Double-free due to double decompression of sections in crafted ELF causes crash", - "Description": "libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.", - "Severity": "LOW", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16402.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16402", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23528", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-09-03T19:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16403", - "PkgName": "libelf1", - "InstalledVersion": "0.168-1", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16403", - "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash", - "Description": "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16403.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16403", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23529", - "https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-09-03T19:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18520", - "PkgName": "libelf1", - "InstalledVersion": "0.168-1", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18520", - "Title": "elfutils: eu-size cannot handle recursive ar files", - "Description": "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18520.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23787", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-19T17:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18521", - "PkgName": "libelf1", - "InstalledVersion": "0.168-1", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18521", - "Title": "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c", - "Description": "Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.", - "Severity": "LOW", - "CweIDs": [ - "CWE-369" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18521.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23786", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-19T17:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7148", - "PkgName": "libelf1", - "InstalledVersion": "0.168-1", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7148", - "Title": "elfutils: excessive memory allocation in read_long_names in elf_begin.c in libelf", - "Description": "**DISPUTED** An attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf input, which leads to an out-of-memory exception. NOTE: The maintainers believe this is not a real issue, but instead a \"warning caused by ASAN because the allocation is big. By setting ASAN_OPTIONS=allocator_may_return_null=1 and running the reproducer, nothing happens.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7148", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24085" - ], - "PublishedDate": "2019-01-29T00:29:00Z", - "LastModifiedDate": "2019-03-29T02:21:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7149", - "PkgName": "libelf1", - "InstalledVersion": "0.168-1", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7149", - "Title": "elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw", - "Description": "A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7149.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7149", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24102", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-01-29T00:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7150", - "PkgName": "libelf1", - "InstalledVersion": "0.168-1", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7150", - "Title": "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c", - "Description": "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7150.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24103", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-01-29T00:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7664", - "PkgName": "libelf1", - "InstalledVersion": "0.168-1", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7664", - "Title": "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h", - "Description": "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7664.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24084" - ], - "PublishedDate": "2019-02-09T16:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7665", - "PkgName": "libelf1", - "InstalledVersion": "0.168-1", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7665", - "Title": "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c", - "Description": "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7665.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24089", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-02-09T16:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2779", - "PkgName": "libfdisk1", - "InstalledVersion": "2.29.2-1+deb9u1", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", - "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", - "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 6.2, - "V3Score": 8.6 - } - }, - "References": [ - "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", - "http://www.openwall.com/lists/oss-security/2016/02/27/1", - "http://www.openwall.com/lists/oss-security/2016/02/27/2", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" - ], - "PublishedDate": "2017-02-07T15:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12886", - "PkgName": "libgcc1", - "InstalledVersion": "6.3.0-18+deb9u1", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12886", - "Title": "gcc: spilling of stack protection address in cfgexpand.c and function.c leads to stack-overflow protection bypass", - "Description": "stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", - "V3Score": 6.8 - } - }, - "References": [ - "https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=266379\u0026view=markup", - "https://www.gnu.org/software/gcc/gcc-8/changes.html" - ], - "PublishedDate": "2019-05-22T19:29:00Z", - "LastModifiedDate": "2019-05-23T13:50:00Z" - }, - { - "VulnerabilityID": "CVE-2019-12904", - "PkgName": "libgcrypt20", - "InstalledVersion": "1.7.6-2+deb9u3", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12904", - "Title": "Libgcrypt: physical addresses being available to other processes leads to a flush-and-reload side-channel attack", - "Description": "In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.)", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00049.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12904", - "https://dev.gnupg.org/T4541", - "https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020", - "https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762", - "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html" - ], - "PublishedDate": "2019-06-20T00:15:00Z", - "LastModifiedDate": "2019-07-23T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13627", - "PkgName": "libgcrypt20", - "InstalledVersion": "1.7.6-2+deb9u3", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13627", - "Title": "libgcrypt: ECDSA timing attack in the libgcrypt20 cryptographic library", - "Description": "It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-362" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", - "V3Score": 6.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00060.html", - "http://www.openwall.com/lists/oss-security/2019/10/02/2", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13627", - "https://dev.gnupg.org/T4683", - "https://github.com/gpg/libgcrypt/releases/tag/libgcrypt-1.8.5", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00024.html", - "https://minerva.crocs.fi.muni.cz/", - "https://security-tracker.debian.org/tracker/CVE-2019-13627", - "https://usn.ubuntu.com/usn/usn-4236-1", - "https://usn.ubuntu.com/usn/usn-4236-2", - "https://usn.ubuntu.com/usn/usn-4236-3" - ], - "PublishedDate": "2019-09-25T15:15:00Z", - "LastModifiedDate": "2019-10-03T00:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6829", - "PkgName": "libgcrypt20", - "InstalledVersion": "1.7.6-2+deb9u3", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6829", - "Title": "libgcrypt: ElGamal implementation doesn't have semantic security due to incorrectly encoded plaintexts possibly allowing to obtain sensitive information", - "Description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", - "Severity": "LOW", - "CweIDs": [ - "CWE-327" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 5.3 - } - }, - "References": [ - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", - "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", - "https://www.oracle.com/security-alerts/cpujan2020.html" - ], - "PublishedDate": "2018-02-07T23:29:00Z", - "LastModifiedDate": "2020-01-15T20:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17543", - "PkgName": "liblz4-1", - "InstalledVersion": "0.0~r131-2", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17543", - "Title": "lz4: heap-based buffer overflow in LZ4_write32", - "Description": "LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states \"only a few specific / uncommon usages of the API are at risk.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-120" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00069.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00070.html", - "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15941", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17543", - "https://github.com/lz4/lz4/compare/v1.9.1...v1.9.2", - "https://github.com/lz4/lz4/issues/801", - "https://github.com/lz4/lz4/pull/756", - "https://github.com/lz4/lz4/pull/760", - "https://lists.apache.org/thread.html/25015588b770d67470b7ba7ea49a305d6735dd7f00eabe7d50ec1e17@%3Cissues.arrow.apache.org%3E", - "https://lists.apache.org/thread.html/793012683dc0fa6819b7c2560e6cf990811014c40c7d75412099c357@%3Cissues.arrow.apache.org%3E", - "https://lists.apache.org/thread.html/9ff0606d16be2ab6a81619e1c9e23c3e251756638e36272c8c8b7fa3@%3Cissues.arrow.apache.org%3E", - "https://lists.apache.org/thread.html/f0038c4fab2ee25aee849ebeff6b33b3aa89e07ccfb06b5c87b36316@%3Cissues.arrow.apache.org%3E", - "https://lists.apache.org/thread.html/f506bc371d4a068d5d84d7361293568f61167d3a1c3e91f0def2d7d3@%3Cdev.arrow.apache.org%3E" - ], - "PublishedDate": "2019-10-14T02:15:00Z", - "LastModifiedDate": "2019-10-24T15:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2779", - "PkgName": "libmount1", - "InstalledVersion": "2.29.2-1+deb9u1", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", - "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", - "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 6.2, - "V3Score": 8.6 - } - }, - "References": [ - "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", - "http://www.openwall.com/lists/oss-security/2016/02/27/1", - "http://www.openwall.com/lists/oss-security/2016/02/27/2", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" - ], - "PublishedDate": "2017-02-07T15:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19211", - "PkgName": "libncursesw5", - "InstalledVersion": "6.0+20161126-1+deb9u2", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19211", - "Title": "ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c", - "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1643754", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19211" - ], - "PublishedDate": "2018-11-12T19:29:00Z", - "LastModifiedDate": "2019-04-23T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17594", - "PkgName": "libncursesw5", - "InstalledVersion": "6.0+20161126-1+deb9u2", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", - "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-26T15:35:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17595", - "PkgName": "libncursesw5", - "InstalledVersion": "6.0+20161126-1+deb9u2", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", - "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-23T19:26:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16869", - "PkgName": "libnettle6", - "InstalledVersion": "3.3-1", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16869", - "Title": "nettle: Leaky data conversion exposing a manager oracle", - "Description": "A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N", - "V2Score": 3.3, - "V3Score": 5.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", - "V3Score": 4.7 - } - }, - "References": [ - "http://cat.eyalro.net/", - "http://www.securityfocus.com/bid/106092", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16869", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16869", - "https://lists.debian.org/debian-lts/2019/03/msg00021.html", - "https://lists.lysator.liu.se/pipermail/nettle-bugs/2018/007363.html" - ], - "PublishedDate": "2018-12-03T14:29:00Z", - "LastModifiedDate": "2019-10-09T23:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11164", - "PkgName": "libpcre3", - "InstalledVersion": "2:8.39-3", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11164", - "Title": "pcre: OP_KETRMAX feature in the match function in pcre_exec.c", - "Description": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.", - "Severity": "LOW", - "CweIDs": [ - "CWE-674" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 7.8, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2017/07/11/3", - "http://www.securityfocus.com/bid/99575", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164" - ], - "PublishedDate": "2017-07-11T03:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16231", - "PkgName": "libpcre3", - "InstalledVersion": "2:8.39-3", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16231", - "Title": "pcre: self-recursive call in match() in pcre_exec.c leads to denial of service", - "Description": "** DISPUTED ** In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 2.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "http://packetstormsecurity.com/files/150897/PCRE-8.41-Buffer-Overflow.html", - "http://seclists.org/fulldisclosure/2018/Dec/33", - "http://www.openwall.com/lists/oss-security/2017/11/01/11", - "http://www.openwall.com/lists/oss-security/2017/11/01/3", - "http://www.openwall.com/lists/oss-security/2017/11/01/7", - "http://www.openwall.com/lists/oss-security/2017/11/01/8", - "http://www.securityfocus.com/bid/101688", - "https://bugs.exim.org/show_bug.cgi?id=2047" - ], - "PublishedDate": "2019-03-21T15:59:00Z", - "LastModifiedDate": "2019-04-02T13:55:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7245", - "PkgName": "libpcre3", - "InstalledVersion": "2:8.39-3", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7245", - "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", - "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97067", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7245", - "https://security.gentoo.org/glsa/201710-25" - ], - "PublishedDate": "2017-03-23T21:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7246", - "PkgName": "libpcre3", - "InstalledVersion": "2:8.39-3", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7246", - "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", - "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97067", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7246", - "https://security.gentoo.org/glsa/201710-25" - ], - "PublishedDate": "2017-03-23T21:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2779", - "PkgName": "libsmartcols1", - "InstalledVersion": "2.29.2-1+deb9u1", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", - "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", - "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 6.2, - "V3Score": 8.6 - } - }, - "References": [ - "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", - "http://www.openwall.com/lists/oss-security/2016/02/27/1", - "http://www.openwall.com/lists/oss-security/2016/02/27/2", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" - ], - "PublishedDate": "2017-02-07T15:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5094", - "PkgName": "libss2", - "InstalledVersion": "1.43.4-2", - "FixedVersion": "1.43.4-2+deb9u1", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", - "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", - "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 6.4 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", - "https://seclists.org/bugtraq/2019/Sep/58", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", - "https://usn.ubuntu.com/4142-2/", - "https://usn.ubuntu.com/usn/usn-4142-1", - "https://usn.ubuntu.com/usn/usn-4142-2", - "https://www.debian.org/security/2019/dsa-4535" - ], - "PublishedDate": "2019-09-24T22:15:00Z", - "LastModifiedDate": "2019-09-28T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5188", - "PkgName": "libss2", - "InstalledVersion": "1.43.4-2", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", - "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", - "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", - "https://usn.ubuntu.com/4249-1/", - "https://usn.ubuntu.com/usn/usn-4249-1" - ], - "PublishedDate": "2020-01-08T16:15:00Z", - "LastModifiedDate": "2020-01-28T06:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12886", - "PkgName": "libstdc++6", - "InstalledVersion": "6.3.0-18+deb9u1", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12886", - "Title": "gcc: spilling of stack protection address in cfgexpand.c and function.c leads to stack-overflow protection bypass", - "Description": "stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", - "V3Score": 6.8 - } - }, - "References": [ - "https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=266379\u0026view=markup", - "https://www.gnu.org/software/gcc/gcc-8/changes.html" - ], - "PublishedDate": "2019-05-22T19:29:00Z", - "LastModifiedDate": "2019-05-23T13:50:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3843", - "PkgName": "libsystemd0", - "InstalledVersion": "232-25+deb9u11", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3843", - "Title": "systemd: services with DynamicUser can create SUID/SGID binaries", - "Description": "It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 4.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/108116", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3843", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3843", - "https://github.com/systemd/systemd-stable/pull/54 (backport for v241-stable)", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5JXQAKSTMABZ46EVCRMW62DHWYHTTFES/", - "https://security.netapp.com/advisory/ntap-20190619-0002/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2019-04-26T21:29:00Z", - "LastModifiedDate": "2019-06-19T10:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3844", - "PkgName": "libsystemd0", - "InstalledVersion": "232-25+deb9u11", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3844", - "Title": "systemd: services with DynamicUser can get new privileges and create SGID binaries", - "Description": "It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 4.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/108096", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3844", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3844", - "https://security.netapp.com/advisory/ntap-20190619-0002/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2019-04-26T21:29:00Z", - "LastModifiedDate": "2019-06-19T10:15:00Z" - }, - { - "VulnerabilityID": "CVE-2020-1712", - "PkgName": "libsystemd0", - "InstalledVersion": "232-25+deb9u11", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-1712", - "Title": "systemd: use-after-free when asynchronous polkit queries are performed", - "Description": "A heap use-after-free vulnerability was found in systemd, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.", - "Severity": "HIGH", - "CVSS": { - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2020-1712.html", - "http://linux.oracle.com/errata/ELSA-2020-0575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1712", - "https://usn.ubuntu.com/usn/usn-4269-1" - ] - }, - { - "VulnerabilityID": "CVE-2013-4392", - "PkgName": "libsystemd0", - "InstalledVersion": "232-25+deb9u11", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4392", - "Title": "systemd: TOCTOU race condition when updating file permissions and SELinux security contexts", - "Description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 3.3 - } - }, - "References": [ - "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", - "http://www.openwall.com/lists/oss-security/2013/10/01/9", - "https://bugzilla.redhat.com/show_bug.cgi?id=859060" - ], - "PublishedDate": "2013-10-28T22:55:00Z", - "LastModifiedDate": "2013-12-08T06:00:00Z" - }, - { - "VulnerabilityID": "CVE-2017-1000082", - "PkgName": "libsystemd0", - "InstalledVersion": "232-25+deb9u11", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000082", - "Title": "systemd: fails to parse usernames that start with digits", - "Description": "systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. \"0day\"), running the service in question with root privileges rather than the user intended.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 10, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", - "V3Score": 7.2 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/07/02/1", - "http://www.securityfocus.com/bid/99507", - "http://www.securitytracker.com/id/1038839", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000082", - "https://github.com/systemd/systemd/issues/6237" - ], - "PublishedDate": "2017-07-07T17:29:00Z", - "LastModifiedDate": "2017-07-23T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-18078", - "PkgName": "libsystemd0", - "InstalledVersion": "232-25+deb9u11", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18078", - "Title": "systemd: Unsafe handling of hard links allowing privilege escalation", - "Description": "systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 6.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2018-02/msg00109.html", - "http://packetstormsecurity.com/files/146184/systemd-Local-Privilege-Escalation.html", - "http://www.openwall.com/lists/oss-security/2018/01/29/3", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18078", - "https://github.com/systemd/systemd/issues/7736", - "https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html", - "https://www.exploit-db.com/exploits/43935/", - "https://www.openwall.com/lists/oss-security/2018/01/29/4" - ], - "PublishedDate": "2018-01-29T05:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16888", - "PkgName": "libsystemd0", - "InstalledVersion": "232-25+deb9u11", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16888", - "Title": "systemd: kills privileged process if unprivileged PIDFile was tampered", - "Description": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20", - "CWE-732" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16888.html", - "http://linux.oracle.com/errata/ELSA-2019-2091.html", - "https://access.redhat.com/errata/RHSA-2019:2091", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16888", - "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74@%3Cuser.cassandra.apache.org%3E", - "https://security.netapp.com/advisory/ntap-20190307-0007/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2019-01-14T22:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6954", - "PkgName": "libsystemd0", - "InstalledVersion": "232-25+deb9u11", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6954", - "Title": "systemd: Mishandled symlinks in systemd-tmpfiles allows local users to obtain ownership of arbitrary files", - "Description": "systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6954", - "https://github.com/systemd/systemd/issues/7986", - "https://usn.ubuntu.com/3816-1/", - "https://usn.ubuntu.com/3816-2/", - "https://usn.ubuntu.com/usn/usn-3816-1", - "https://usn.ubuntu.com/usn/usn-3816-2" - ], - "PublishedDate": "2018-02-13T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-20386", - "PkgName": "libsystemd0", - "InstalledVersion": "232-25+deb9u11", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20386", - "Title": "systemd: a memory leak was discovered in button_open in login/logind-button.c when udev events are received", - "Description": "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 2.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20386", - "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad", - "https://security.netapp.com/advisory/ntap-20200210-0002/", - "https://usn.ubuntu.com/4269-1/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2020-01-21T06:15:00Z", - "LastModifiedDate": "2020-02-10T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19211", - "PkgName": "libtinfo5", - "InstalledVersion": "6.0+20161126-1+deb9u2", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19211", - "Title": "ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c", - "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1643754", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19211" - ], - "PublishedDate": "2018-11-12T19:29:00Z", - "LastModifiedDate": "2019-04-23T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17594", - "PkgName": "libtinfo5", - "InstalledVersion": "6.0+20161126-1+deb9u2", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", - "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-26T15:35:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17595", - "PkgName": "libtinfo5", - "InstalledVersion": "6.0+20161126-1+deb9u2", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", - "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-23T19:26:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3843", - "PkgName": "libudev1", - "InstalledVersion": "232-25+deb9u11", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3843", - "Title": "systemd: services with DynamicUser can create SUID/SGID binaries", - "Description": "It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 4.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/108116", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3843", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3843", - "https://github.com/systemd/systemd-stable/pull/54 (backport for v241-stable)", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5JXQAKSTMABZ46EVCRMW62DHWYHTTFES/", - "https://security.netapp.com/advisory/ntap-20190619-0002/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2019-04-26T21:29:00Z", - "LastModifiedDate": "2019-06-19T10:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3844", - "PkgName": "libudev1", - "InstalledVersion": "232-25+deb9u11", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3844", - "Title": "systemd: services with DynamicUser can get new privileges and create SGID binaries", - "Description": "It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 4.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/108096", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3844", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3844", - "https://security.netapp.com/advisory/ntap-20190619-0002/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2019-04-26T21:29:00Z", - "LastModifiedDate": "2019-06-19T10:15:00Z" - }, - { - "VulnerabilityID": "CVE-2020-1712", - "PkgName": "libudev1", - "InstalledVersion": "232-25+deb9u11", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-1712", - "Title": "systemd: use-after-free when asynchronous polkit queries are performed", - "Description": "A heap use-after-free vulnerability was found in systemd, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.", - "Severity": "HIGH", - "CVSS": { - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2020-1712.html", - "http://linux.oracle.com/errata/ELSA-2020-0575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1712", - "https://usn.ubuntu.com/usn/usn-4269-1" - ] - }, - { - "VulnerabilityID": "CVE-2013-4392", - "PkgName": "libudev1", - "InstalledVersion": "232-25+deb9u11", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4392", - "Title": "systemd: TOCTOU race condition when updating file permissions and SELinux security contexts", - "Description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 3.3 - } - }, - "References": [ - "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", - "http://www.openwall.com/lists/oss-security/2013/10/01/9", - "https://bugzilla.redhat.com/show_bug.cgi?id=859060" - ], - "PublishedDate": "2013-10-28T22:55:00Z", - "LastModifiedDate": "2013-12-08T06:00:00Z" - }, - { - "VulnerabilityID": "CVE-2017-1000082", - "PkgName": "libudev1", - "InstalledVersion": "232-25+deb9u11", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000082", - "Title": "systemd: fails to parse usernames that start with digits", - "Description": "systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. \"0day\"), running the service in question with root privileges rather than the user intended.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 10, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", - "V3Score": 7.2 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/07/02/1", - "http://www.securityfocus.com/bid/99507", - "http://www.securitytracker.com/id/1038839", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000082", - "https://github.com/systemd/systemd/issues/6237" - ], - "PublishedDate": "2017-07-07T17:29:00Z", - "LastModifiedDate": "2017-07-23T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-18078", - "PkgName": "libudev1", - "InstalledVersion": "232-25+deb9u11", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18078", - "Title": "systemd: Unsafe handling of hard links allowing privilege escalation", - "Description": "systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 6.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2018-02/msg00109.html", - "http://packetstormsecurity.com/files/146184/systemd-Local-Privilege-Escalation.html", - "http://www.openwall.com/lists/oss-security/2018/01/29/3", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18078", - "https://github.com/systemd/systemd/issues/7736", - "https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html", - "https://www.exploit-db.com/exploits/43935/", - "https://www.openwall.com/lists/oss-security/2018/01/29/4" - ], - "PublishedDate": "2018-01-29T05:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16888", - "PkgName": "libudev1", - "InstalledVersion": "232-25+deb9u11", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16888", - "Title": "systemd: kills privileged process if unprivileged PIDFile was tampered", - "Description": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20", - "CWE-732" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16888.html", - "http://linux.oracle.com/errata/ELSA-2019-2091.html", - "https://access.redhat.com/errata/RHSA-2019:2091", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16888", - "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74@%3Cuser.cassandra.apache.org%3E", - "https://security.netapp.com/advisory/ntap-20190307-0007/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2019-01-14T22:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6954", - "PkgName": "libudev1", - "InstalledVersion": "232-25+deb9u11", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6954", - "Title": "systemd: Mishandled symlinks in systemd-tmpfiles allows local users to obtain ownership of arbitrary files", - "Description": "systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6954", - "https://github.com/systemd/systemd/issues/7986", - "https://usn.ubuntu.com/3816-1/", - "https://usn.ubuntu.com/3816-2/", - "https://usn.ubuntu.com/usn/usn-3816-1", - "https://usn.ubuntu.com/usn/usn-3816-2" - ], - "PublishedDate": "2018-02-13T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-20386", - "PkgName": "libudev1", - "InstalledVersion": "232-25+deb9u11", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20386", - "Title": "systemd: a memory leak was discovered in button_open in login/logind-button.c when udev events are received", - "Description": "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 2.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20386", - "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad", - "https://security.netapp.com/advisory/ntap-20200210-0002/", - "https://usn.ubuntu.com/4269-1/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2020-01-21T06:15:00Z", - "LastModifiedDate": "2020-02-10T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2779", - "PkgName": "libuuid1", - "InstalledVersion": "2.29.2-1+deb9u1", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", - "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", - "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 6.2, - "V3Score": 8.6 - } - }, - "References": [ - "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", - "http://www.openwall.com/lists/oss-security/2016/02/27/1", - "http://www.openwall.com/lists/oss-security/2016/02/27/2", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" - ], - "PublishedDate": "2017-02-07T15:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12424", - "PkgName": "login", - "InstalledVersion": "1:4.4-4.1", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12424", - "Title": "shadow-utils: Buffer overflow via newusers tool", - "Description": "In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 4.5 - } - }, - "References": [ - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756630", - "https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1266675", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12424", - "https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952", - "https://security.gentoo.org/glsa/201710-16" - ], - "PublishedDate": "2017-08-04T09:29:00Z", - "LastModifiedDate": "2017-10-17T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2007-5686", - "PkgName": "login", - "InstalledVersion": "1:4.4-4.1", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2007-5686", - "Description": "initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N", - "V2Score": 4.9 - } - }, - "References": [ - "http://secunia.com/advisories/27215", - "http://www.securityfocus.com/archive/1/482129/100/100/threaded", - "http://www.securityfocus.com/archive/1/482857/100/0/threaded", - "http://www.securityfocus.com/bid/26048", - "http://www.vupen.com/english/advisories/2007/3474", - "https://issues.rpath.com/browse/RPL-1825" - ], - "PublishedDate": "2007-10-28T17:08:00Z", - "LastModifiedDate": "2018-10-15T21:45:00Z" - }, - { - "VulnerabilityID": "CVE-2013-4235", - "PkgName": "login", - "InstalledVersion": "1:4.4-4.1", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4235", - "Title": "shadow-utils: TOCTOU race conditions by copying and removing directory trees", - "Description": "shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees", - "Severity": "LOW", - "CweIDs": [ - "CWE-367" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", - "V2Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 3.7, - "V3Score": 6.7 - } - }, - "References": [ - "https://access.redhat.com/security/cve/cve-2013-4235", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4235", - "https://security-tracker.debian.org/tracker/CVE-2013-4235" - ], - "PublishedDate": "2019-12-03T15:15:00Z", - "LastModifiedDate": "2019-12-13T15:30:00Z" - }, - { - "VulnerabilityID": "CVE-2018-7169", - "PkgName": "login", - "InstalledVersion": "1:4.4-4.1", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7169", - "Title": "shadow-utils: newgidmap allows unprivileged user to drop supplementary groups potentially allowing privilege escalation", - "Description": "An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used \"group blacklisting\" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.", - "Severity": "LOW", - "CweIDs": [ - "CWE-732" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.4 - } - }, - "References": [ - "https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7169", - "https://github.com/shadow-maint/shadow/pull/97", - "https://security.gentoo.org/glsa/201805-09" - ], - "PublishedDate": "2018-02-15T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19882", - "PkgName": "login", - "InstalledVersion": "1:4.4-4.1", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19882", - "Title": "shadow-utils: local users can obtain root access because setuid programs are misconfigured", - "Description": "shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing --disable-account-tools-setuid, and without a PAM configuration suitable for use with setuid account management tools. This combination leads to account management tools (groupadd, groupdel, groupmod, useradd, userdel, usermod) that can easily be used by unprivileged local users to escalate privileges to root in multiple ways. This issue became much more relevant in approximately December 2019 when an unrelated bug was fixed (i.e., the chmod calls to suidusbins were fixed in the upstream Makefile which is now included in the release version 4.8).", - "Severity": "LOW", - "CweIDs": [ - "CWE-269" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", - "V2Score": 6.9 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "https://bugs.archlinux.org/task/64836", - "https://bugs.gentoo.org/702252", - "https://github.com/shadow-maint/shadow/commit/edf7547ad5aa650be868cf2dac58944773c12d75", - "https://github.com/shadow-maint/shadow/pull/199", - "https://github.com/void-linux/void-packages/pull/17580" - ], - "PublishedDate": "2019-12-18T16:15:00Z", - "LastModifiedDate": "2019-12-30T19:02:00Z" - }, - { - "VulnerabilityID": "TEMP-0628843-DBAD28", - "PkgName": "login", - "InstalledVersion": "1:4.4-4.1", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://security-tracker.debian.org/tracker/TEMP-0628843-DBAD28", - "Severity": "LOW" - }, - { - "VulnerabilityID": "CVE-2016-2779", - "PkgName": "mount", - "InstalledVersion": "2.29.2-1+deb9u1", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", - "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", - "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 6.2, - "V3Score": 8.6 - } - }, - "References": [ - "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", - "http://www.openwall.com/lists/oss-security/2016/02/27/1", - "http://www.openwall.com/lists/oss-security/2016/02/27/2", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" - ], - "PublishedDate": "2017-02-07T15:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6485", - "PkgName": "multiarch-support", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6485", - "Title": "glibc: Integer overflow in posix_memalign in memalign functions", - "Description": "An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://bugs.debian.org/878159", - "http://linux.oracle.com/cve/CVE-2018-6485.html", - "http://linux.oracle.com/errata/ELSA-2018-3092.html", - "http://www.securityfocus.com/bid/102912", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3092", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6485", - "https://security.netapp.com/advisory/ntap-20190404-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22343", - "https://usn.ubuntu.com/4218-1/", - "https://usn.ubuntu.com/usn/usn-4218-1", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-02-01T14:29:00Z", - "LastModifiedDate": "2019-12-10T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6551", - "PkgName": "multiarch-support", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6551", - "Title": "glibc: integer overflow in malloc functions", - "Description": "The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6551", - "https://security.netapp.com/advisory/ntap-20190404-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22774", - "https://sourceware.org/git/?p=glibc.git;a=commit;h=8e448310d74b283c5cd02b9ed7fb997b47bf9b22" - ], - "PublishedDate": "2018-02-02T14:29:00Z", - "LastModifiedDate": "2019-04-04T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9169", - "PkgName": "multiarch-support", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9169", - "Title": "glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24114", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9", - "https://support.f5.com/csp/article/K54823184" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-04-16T05:29:00Z" - }, - { - "VulnerabilityID": "CVE-2009-5155", - "PkgName": "multiarch-support", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2009-5155", - "Title": "glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result", - "Description": "In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5155", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=11053", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18986", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672", - "https://support.f5.com/csp/article/K64119434" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-03-25T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1000001", - "PkgName": "multiarch-support", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000001", - "Title": "glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation", - "Description": "In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-1000001.html", - "http://linux.oracle.com/errata/ELSA-2018-0805.html", - "http://seclists.org/oss-sec/2018/q1/38", - "http://www.openwall.com/lists/oss-security/2018/01/11/5", - "http://www.securityfocus.com/bid/102525", - "http://www.securitytracker.com/id/1040162", - "https://access.redhat.com/errata/RHSA-2018:0805", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000001", - "https://lists.samba.org/archive/rsync/2018-February/031478.html", - "https://security.netapp.com/advisory/ntap-20190404-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18203", - "https://usn.ubuntu.com/3534-1/", - "https://usn.ubuntu.com/3536-1/", - "https://usn.ubuntu.com/usn/usn-3534-1", - "https://usn.ubuntu.com/usn/usn-3536-1", - "https://www.exploit-db.com/exploits/43775/", - "https://www.exploit-db.com/exploits/44889/", - "https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/" - ], - "PublishedDate": "2018-01-31T14:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10739", - "PkgName": "multiarch-support", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10739", - "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4.6, - "V3Score": 5.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-10739.html", - "http://linux.oracle.com/errata/ELSA-2019-3513.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html", - "http://www.securityfocus.com/bid/106672", - "https://access.redhat.com/errata/RHSA-2019:2118", - "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20018" - ], - "PublishedDate": "2019-01-21T19:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12132", - "PkgName": "multiarch-support", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12132", - "Title": "glibc: Fragmentation attacks possible when EDNS0 is enabled", - "Description": "The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", - "V3Score": 3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2017-12132.html", - "http://linux.oracle.com/errata/ELSA-2018-0805.html", - "http://www.securityfocus.com/bid/100598", - "https://access.redhat.com/errata/RHSA-2018:0805", - "https://arxiv.org/pdf/1205.4011.pdf", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12132", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21361" - ], - "PublishedDate": "2017-08-01T16:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2010-4051", - "PkgName": "multiarch-support", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4051", - "Title": "CVE-2010-4052 glibc: De-recursivise regular expression engine", - "Description": "The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a \"RE_DUP_MAX overflow.\"", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://cxib.net/stuff/proftpd.gnu.c", - "http://seclists.org/fulldisclosure/2011/Jan/78", - "http://secunia.com/advisories/42547", - "http://securityreason.com/achievement_securityalert/93", - "http://securityreason.com/securityalert/8003", - "http://securitytracker.com/id?1024832", - "http://www.exploit-db.com/exploits/15935", - "http://www.kb.cert.org/vuls/id/912279", - "http://www.securityfocus.com/archive/1/515589/100/0/threaded", - "http://www.securityfocus.com/bid/45233", - "https://bugzilla.redhat.com/show_bug.cgi?id=645859" - ], - "PublishedDate": "2011-01-13T19:00:00Z", - "LastModifiedDate": "2018-10-10T20:06:00Z" - }, - { - "VulnerabilityID": "CVE-2010-4052", - "PkgName": "multiarch-support", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4052", - "Title": "CVE-2010-4051 CVE-2010-4052 glibc: De-recursivise regular expression engine", - "Description": "Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://cxib.net/stuff/proftpd.gnu.c", - "http://seclists.org/fulldisclosure/2011/Jan/78", - "http://secunia.com/advisories/42547", - "http://securityreason.com/achievement_securityalert/93", - "http://securityreason.com/securityalert/8003", - "http://securitytracker.com/id?1024832", - "http://www.exploit-db.com/exploits/15935", - "http://www.kb.cert.org/vuls/id/912279", - "http://www.securityfocus.com/archive/1/515589/100/0/threaded", - "http://www.securityfocus.com/bid/45233", - "https://bugzilla.redhat.com/show_bug.cgi?id=645859" - ], - "PublishedDate": "2011-01-13T19:00:00Z", - "LastModifiedDate": "2018-10-10T20:06:00Z" - }, - { - "VulnerabilityID": "CVE-2010-4756", - "PkgName": "multiarch-support", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4756", - "Title": "glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions", - "Description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "V2Score": 4 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223" - ], - "PublishedDate": "2011-03-02T20:00:00Z", - "LastModifiedDate": "2011-03-04T05:00:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8985", - "PkgName": "multiarch-support", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8985", - "Title": "glibc: potential denial of service in pop_fail_stack()", - "Description": "The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.", - "Severity": "LOW", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/76916", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8985", - "https://security.gentoo.org/glsa/201908-06" - ], - "PublishedDate": "2017-03-20T16:59:00Z", - "LastModifiedDate": "2019-08-15T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10228", - "PkgName": "multiarch-support", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228", - "Title": "glibc: iconv program can hang when invoked with the -c option", - "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2017/03/01/10", - "http://www.securityfocus.com/bid/96525", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228", - "https://sourceware.org/bugzilla/show_bug.cgi?id=19519" - ], - "PublishedDate": "2017-03-02T01:59:00Z", - "LastModifiedDate": "2017-03-04T02:59:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20796", - "PkgName": "multiarch-support", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20796", - "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", - "Severity": "LOW", - "CweIDs": [ - "CWE-674" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", - "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-11-05T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010022", - "PkgName": "multiarch-support", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010022", - "Title": "glibc: stack guard protection bypass", - "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850" - ], - "PublishedDate": "2019-07-15T04:15:00Z", - "LastModifiedDate": "2019-07-18T15:44:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010023", - "PkgName": "multiarch-support", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010023", - "Title": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", - "Description": "GNU Libc current is affected by: Re-mapping current loaded libray with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://www.securityfocus.com/bid/109167", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", - "https://support.f5.com/csp/article/K11932200?utm_source=f5support\u0026amp;utm_medium=RSS" - ], - "PublishedDate": "2019-07-15T04:15:00Z", - "LastModifiedDate": "2019-10-09T20:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010024", - "PkgName": "multiarch-support", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010024", - "Title": "glibc: ASLR bypass using cache of thread stack and heap", - "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/109162", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", - "https://support.f5.com/csp/article/K06046097" - ], - "PublishedDate": "2019-07-15T04:15:00Z", - "LastModifiedDate": "2019-09-20T07:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010025", - "PkgName": "multiarch-support", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010025", - "Title": "glibc: information disclosure of heap addresses of pthread_created thread", - "Description": "** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 2.9 - } - }, - "References": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=22853" - ], - "PublishedDate": "2019-07-15T04:15:00Z", - "LastModifiedDate": "2019-08-05T22:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19126", - "PkgName": "multiarch-support", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19126", - "Title": "glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries", - "Description": "On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 2.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 2.9 - } - }, - "References": [ - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFJ5E7NWOL6ROE5QVICHKIOUGCPFJVUH/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=25204" - ], - "PublishedDate": "2019-11-19T22:15:00Z", - "LastModifiedDate": "2020-01-21T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-6488", - "PkgName": "multiarch-support", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-6488", - "Title": "glibc: Incorrect attempt to use a 64-bit register for size_t in assembly codes results in segmentation fault", - "Description": "The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in __memmove_avx_unaligned_erms in sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S during a memcpy.", - "Severity": "LOW", - "CweIDs": [ - "CWE-404" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106671", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6488", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24097" - ], - "PublishedDate": "2019-01-18T19:29:00Z", - "LastModifiedDate": "2019-02-05T17:30:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7309", - "PkgName": "multiarch-support", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7309", - "Title": "glibc: memcmp function incorrectly returns zero", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 2.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106835", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7309", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24155", - "https://sourceware.org/ml/libc-alpha/2019-02/msg00041.html", - "https://sourceware.org/ml/libc-alpha/2019-02/msg00063.html" - ], - "PublishedDate": "2019-02-03T02:29:00Z", - "LastModifiedDate": "2019-02-27T18:07:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9192", - "PkgName": "multiarch-support", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9192", - "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", - "Description": "** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.8 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" - ], - "PublishedDate": "2019-02-26T18:29:00Z", - "LastModifiedDate": "2019-11-05T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19211", - "PkgName": "ncurses-base", - "InstalledVersion": "6.0+20161126-1+deb9u2", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19211", - "Title": "ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c", - "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1643754", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19211" - ], - "PublishedDate": "2018-11-12T19:29:00Z", - "LastModifiedDate": "2019-04-23T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17594", - "PkgName": "ncurses-base", - "InstalledVersion": "6.0+20161126-1+deb9u2", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", - "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-26T15:35:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17595", - "PkgName": "ncurses-base", - "InstalledVersion": "6.0+20161126-1+deb9u2", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", - "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-23T19:26:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19211", - "PkgName": "ncurses-bin", - "InstalledVersion": "6.0+20161126-1+deb9u2", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19211", - "Title": "ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c", - "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1643754", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19211" - ], - "PublishedDate": "2018-11-12T19:29:00Z", - "LastModifiedDate": "2019-04-23T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17594", - "PkgName": "ncurses-bin", - "InstalledVersion": "6.0+20161126-1+deb9u2", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", - "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-26T15:35:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17595", - "PkgName": "ncurses-bin", - "InstalledVersion": "6.0+20161126-1+deb9u2", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", - "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-23T19:26:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12424", - "PkgName": "passwd", - "InstalledVersion": "1:4.4-4.1", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12424", - "Title": "shadow-utils: Buffer overflow via newusers tool", - "Description": "In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 4.5 - } - }, - "References": [ - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756630", - "https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1266675", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12424", - "https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952", - "https://security.gentoo.org/glsa/201710-16" - ], - "PublishedDate": "2017-08-04T09:29:00Z", - "LastModifiedDate": "2017-10-17T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2007-5686", - "PkgName": "passwd", - "InstalledVersion": "1:4.4-4.1", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2007-5686", - "Description": "initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N", - "V2Score": 4.9 - } - }, - "References": [ - "http://secunia.com/advisories/27215", - "http://www.securityfocus.com/archive/1/482129/100/100/threaded", - "http://www.securityfocus.com/archive/1/482857/100/0/threaded", - "http://www.securityfocus.com/bid/26048", - "http://www.vupen.com/english/advisories/2007/3474", - "https://issues.rpath.com/browse/RPL-1825" - ], - "PublishedDate": "2007-10-28T17:08:00Z", - "LastModifiedDate": "2018-10-15T21:45:00Z" - }, - { - "VulnerabilityID": "CVE-2013-4235", - "PkgName": "passwd", - "InstalledVersion": "1:4.4-4.1", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4235", - "Title": "shadow-utils: TOCTOU race conditions by copying and removing directory trees", - "Description": "shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees", - "Severity": "LOW", - "CweIDs": [ - "CWE-367" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", - "V2Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 3.7, - "V3Score": 6.7 - } - }, - "References": [ - "https://access.redhat.com/security/cve/cve-2013-4235", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4235", - "https://security-tracker.debian.org/tracker/CVE-2013-4235" - ], - "PublishedDate": "2019-12-03T15:15:00Z", - "LastModifiedDate": "2019-12-13T15:30:00Z" - }, - { - "VulnerabilityID": "CVE-2018-7169", - "PkgName": "passwd", - "InstalledVersion": "1:4.4-4.1", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7169", - "Title": "shadow-utils: newgidmap allows unprivileged user to drop supplementary groups potentially allowing privilege escalation", - "Description": "An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used \"group blacklisting\" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.", - "Severity": "LOW", - "CweIDs": [ - "CWE-732" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.4 - } - }, - "References": [ - "https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7169", - "https://github.com/shadow-maint/shadow/pull/97", - "https://security.gentoo.org/glsa/201805-09" - ], - "PublishedDate": "2018-02-15T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19882", - "PkgName": "passwd", - "InstalledVersion": "1:4.4-4.1", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19882", - "Title": "shadow-utils: local users can obtain root access because setuid programs are misconfigured", - "Description": "shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing --disable-account-tools-setuid, and without a PAM configuration suitable for use with setuid account management tools. This combination leads to account management tools (groupadd, groupdel, groupmod, useradd, userdel, usermod) that can easily be used by unprivileged local users to escalate privileges to root in multiple ways. This issue became much more relevant in approximately December 2019 when an unrelated bug was fixed (i.e., the chmod calls to suidusbins were fixed in the upstream Makefile which is now included in the release version 4.8).", - "Severity": "LOW", - "CweIDs": [ - "CWE-269" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", - "V2Score": 6.9 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "https://bugs.archlinux.org/task/64836", - "https://bugs.gentoo.org/702252", - "https://github.com/shadow-maint/shadow/commit/edf7547ad5aa650be868cf2dac58944773c12d75", - "https://github.com/shadow-maint/shadow/pull/199", - "https://github.com/void-linux/void-packages/pull/17580" - ], - "PublishedDate": "2019-12-18T16:15:00Z", - "LastModifiedDate": "2019-12-30T19:02:00Z" - }, - { - "VulnerabilityID": "TEMP-0628843-DBAD28", - "PkgName": "passwd", - "InstalledVersion": "1:4.4-4.1", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://security-tracker.debian.org/tracker/TEMP-0628843-DBAD28", - "Severity": "LOW" - }, - { - "VulnerabilityID": "CVE-2011-4116", - "PkgName": "perl-base", - "InstalledVersion": "5.24.1-3+deb9u5", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-4116", - "Title": "perl: File::Temp insecure temporary file handling", - "Description": "_is_safe in the File::Temp module for Perl does not properly handle symlinks.", - "Severity": "LOW", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 1.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2011/11/04/2", - "http://www.openwall.com/lists/oss-security/2011/11/04/4", - "https://github.com/Perl-Toolchain-Gang/File-Temp/issues/14", - "https://rt.cpan.org/Public/Bug/Display.html?id=69106", - "https://seclists.org/oss-sec/2011/q4/238" - ], - "PublishedDate": "2020-01-31T18:15:00Z", - "LastModifiedDate": "2020-02-05T22:10:00Z" - }, - { - "VulnerabilityID": "TEMP-0517018-A83CE6", - "PkgName": "sysvinit-utils", - "InstalledVersion": "2.88dsf-59.9", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://security-tracker.debian.org/tracker/TEMP-0517018-A83CE6", - "Severity": "LOW" - }, - { - "VulnerabilityID": "CVE-2018-20482", - "PkgName": "tar", - "InstalledVersion": "1.29b-1.1", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20482", - "Title": "tar: Infinite read loop in sparse_dump_region function in sparse.c", - "Description": "GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42ccd1e2377945fd0414eca1a49294bff454", - "http://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html", - "http://www.securityfocus.com/bid/106354", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20482", - "https://lists.debian.org/debian-lts-announce/2018/12/msg00023.html", - "https://news.ycombinator.com/item?id=18745431", - "https://security.gentoo.org/glsa/201903-05", - "https://twitter.com/thatcks/status/1076166645708668928", - "https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug" - ], - "PublishedDate": "2018-12-26T18:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2005-2541", - "PkgName": "tar", - "InstalledVersion": "1.29b-1.1", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2005-2541", - "Description": "Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "V2Score": 10 - } - }, - "References": [ - "http://marc.info/?l=bugtraq\u0026m=112327628230258\u0026w=2" - ], - "PublishedDate": "2005-08-10T04:00:00Z", - "LastModifiedDate": "2016-10-18T03:28:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9923", - "PkgName": "tar", - "InstalledVersion": "1.29b-1.1", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9923", - "Title": "tar: null-pointer dereference in pax_decode_header in sparse.c", - "Description": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html", - "http://savannah.gnu.org/bugs/?55369", - "https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241" - ], - "PublishedDate": "2019-03-22T08:29:00Z", - "LastModifiedDate": "2019-04-24T19:02:00Z" - }, - { - "VulnerabilityID": "TEMP-0290435-0B57B5", - "PkgName": "tar", - "InstalledVersion": "1.29b-1.1", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://security-tracker.debian.org/tracker/TEMP-0290435-0B57B5", - "Severity": "LOW" - }, - { - "VulnerabilityID": "CVE-2016-2779", - "PkgName": "util-linux", - "InstalledVersion": "2.29.2-1+deb9u1", - "Layer": { - "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", - "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", - "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 6.2, - "V3Score": 8.6 - } - }, - "References": [ - "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", - "http://www.openwall.com/lists/oss-security/2016/02/27/1", - "http://www.openwall.com/lists/oss-security/2016/02/27/2", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" - ], - "PublishedDate": "2017-02-07T15:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" + "Image": "sha256:2ce0e924e5d43d66387e476478ce3c857b1eaae74b5c74693ed47b3502bbdc3e", + "ArgsEscaped": true } - ] - } -] \ No newline at end of file + } + }, + "Results": [ + { + "Target": "testdata/fixtures/images/debian-stretch.tar.gz (debian 9.9)", + "Class": "os-pkgs", + "Type": "debian", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2011-3374", + "PkgName": "apt", + "InstalledVersion": "1.4.9", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-3374", + "Description": "It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-347" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V2Score": 4.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/cve-2011-3374", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480", + "https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html", + "https://security-tracker.debian.org/tracker/CVE-2011-3374", + "https://snyk.io/vuln/SNYK-LINUX-APT-116518" + ], + "PublishedDate": "2019-11-26T00:15:00Z", + "LastModifiedDate": "2019-12-04T15:35:00Z" + }, + { + "VulnerabilityID": "CVE-2019-18276", + "PkgName": "bash", + "InstalledVersion": "4.4-5", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18276", + "Title": "bash: when effective UID is not equal to its real UID the saved UID is not dropped", + "Description": "An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support \"saved UID\" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use \"enable -f\" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.", + "Severity": "LOW", + "CweIDs": [ + "CWE-273" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V2Score": 7.2 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276", + "https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff", + "https://www.youtube.com/watch?v=-wGtxJ8opa8" + ], + "PublishedDate": "2019-11-28T01:15:00Z", + "LastModifiedDate": "2020-01-22T14:27:00Z" + }, + { + "VulnerabilityID": "TEMP-0841856-B18BAF", + "PkgName": "bash", + "InstalledVersion": "4.4-5", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://security-tracker.debian.org/tracker/TEMP-0841856-B18BAF", + "Severity": "LOW" + }, + { + "VulnerabilityID": "CVE-2016-2779", + "PkgName": "bsdutils", + "InstalledVersion": "2.29.2-1+deb9u1", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", + "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", + "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "V2Score": 6.2, + "V3Score": 8.6 + } + }, + "References": [ + "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", + "http://www.openwall.com/lists/oss-security/2016/02/27/1", + "http://www.openwall.com/lists/oss-security/2016/02/27/2", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" + ], + "PublishedDate": "2017-02-07T15:59:00Z", + "LastModifiedDate": "2019-01-04T14:14:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2781", + "PkgName": "coreutils", + "InstalledVersion": "8.26-3", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2781", + "Title": "coreutils: Non-privileged session can escape to the parent session in chroot", + "Description": "chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", + "V2Score": 2.1, + "V3Score": 6.5 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "V2Score": 6.2, + "V3Score": 8.6 + } + }, + "References": [ + "http://seclists.org/oss-sec/2016/q1/452", + "http://www.openwall.com/lists/oss-security/2016/02/28/2", + "http://www.openwall.com/lists/oss-security/2016/02/28/3", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2781" + ], + "PublishedDate": "2017-02-07T15:59:00Z", + "LastModifiedDate": "2017-02-27T19:32:00Z" + }, + { + "VulnerabilityID": "CVE-2017-18018", + "PkgName": "coreutils", + "InstalledVersion": "8.26-3", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18018", + "Title": "coreutils: race condition vulnerability in chown and chgrp", + "Description": "In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX \"-R -L\" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.", + "Severity": "LOW", + "CweIDs": [ + "CWE-362" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 4.2 + } + }, + "References": [ + "http://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html" + ], + "PublishedDate": "2018-01-04T04:29:00Z", + "LastModifiedDate": "2018-01-19T15:46:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5094", + "PkgName": "e2fslibs", + "InstalledVersion": "1.43.4-2", + "FixedVersion": "1.43.4-2+deb9u1", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", + "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", + "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", + "https://seclists.org/bugtraq/2019/Sep/58", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", + "https://usn.ubuntu.com/4142-2/", + "https://usn.ubuntu.com/usn/usn-4142-1", + "https://usn.ubuntu.com/usn/usn-4142-2", + "https://www.debian.org/security/2019/dsa-4535" + ], + "PublishedDate": "2019-09-24T22:15:00Z", + "LastModifiedDate": "2019-09-28T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5188", + "PkgName": "e2fslibs", + "InstalledVersion": "1.43.4-2", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", + "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", + "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", + "https://usn.ubuntu.com/4249-1/", + "https://usn.ubuntu.com/usn/usn-4249-1" + ], + "PublishedDate": "2020-01-08T16:15:00Z", + "LastModifiedDate": "2020-01-28T06:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5094", + "PkgName": "e2fsprogs", + "InstalledVersion": "1.43.4-2", + "FixedVersion": "1.43.4-2+deb9u1", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", + "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", + "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", + "https://seclists.org/bugtraq/2019/Sep/58", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", + "https://usn.ubuntu.com/4142-2/", + "https://usn.ubuntu.com/usn/usn-4142-1", + "https://usn.ubuntu.com/usn/usn-4142-2", + "https://www.debian.org/security/2019/dsa-4535" + ], + "PublishedDate": "2019-09-24T22:15:00Z", + "LastModifiedDate": "2019-09-28T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5188", + "PkgName": "e2fsprogs", + "InstalledVersion": "1.43.4-2", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", + "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", + "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", + "https://usn.ubuntu.com/4249-1/", + "https://usn.ubuntu.com/usn/usn-4249-1" + ], + "PublishedDate": "2020-01-08T16:15:00Z", + "LastModifiedDate": "2020-01-28T06:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12886", + "PkgName": "gcc-6-base", + "InstalledVersion": "6.3.0-18+deb9u1", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12886", + "Title": "gcc: spilling of stack protection address in cfgexpand.c and function.c leads to stack-overflow protection bypass", + "Description": "stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "V3Score": 6.8 + } + }, + "References": [ + "https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=266379\u0026view=markup", + "https://www.gnu.org/software/gcc/gcc-8/changes.html" + ], + "PublishedDate": "2019-05-22T19:29:00Z", + "LastModifiedDate": "2019-05-23T13:50:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1000858", + "PkgName": "gpgv", + "InstalledVersion": "2.1.18-8~deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000858", + "Title": "gnupg2: Cross site request forgery in dirmngr resulting in an information disclosure or denial of service", + "Description": "GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window of Thunderbird/Enigmail. This vulnerability appears to have been fixed in after commit 4a4bb874f63741026bd26264c43bb32b1099f060.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-352" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "V3Score": 5.4 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000858", + "https://sektioneins.de/en/advisories/advisory-012018-gnupg-wkd.html", + "https://sektioneins.de/en/blog/18-11-23-gnupg-wkd.html", + "https://usn.ubuntu.com/3853-1/", + "https://usn.ubuntu.com/usn/usn-3853-1" + ], + "PublishedDate": "2018-12-20T17:29:00Z", + "LastModifiedDate": "2019-02-13T16:43:00Z" + }, + { + "VulnerabilityID": "CVE-2018-9234", + "PkgName": "gpgv", + "InstalledVersion": "2.1.18-8~deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-9234", + "Title": "GnuPG: Unenforced configuration allows for apparently valid certifications actually signed by signing subkeys", + "Description": "GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.", + "Severity": "LOW", + "CweIDs": [ + "CWE-320" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", + "V3Score": 2.2 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9234", + "https://dev.gnupg.org/T3844", + "https://usn.ubuntu.com/3675-1/", + "https://usn.ubuntu.com/usn/usn-3675-1" + ], + "PublishedDate": "2018-04-04T00:29:00Z", + "LastModifiedDate": "2019-02-27T19:37:00Z" + }, + { + "VulnerabilityID": "CVE-2019-14855", + "PkgName": "gpgv", + "InstalledVersion": "2.1.18-8~deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14855", + "Description": "Web of Trust forgeries using collisions in SHA-1 signatures.", + "Severity": "LOW", + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14855", + "https://eprint.iacr.org/2020/014.pdf" + ] + }, + { + "VulnerabilityID": "CVE-2011-3374", + "PkgName": "libapt-pkg5.0", + "InstalledVersion": "1.4.9", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-3374", + "Description": "It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-347" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V2Score": 4.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/cve-2011-3374", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480", + "https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html", + "https://security-tracker.debian.org/tracker/CVE-2011-3374", + "https://snyk.io/vuln/SNYK-LINUX-APT-116518" + ], + "PublishedDate": "2019-11-26T00:15:00Z", + "LastModifiedDate": "2019-12-04T15:35:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2779", + "PkgName": "libblkid1", + "InstalledVersion": "2.29.2-1+deb9u1", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", + "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", + "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "V2Score": 6.2, + "V3Score": 8.6 + } + }, + "References": [ + "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", + "http://www.openwall.com/lists/oss-security/2016/02/27/1", + "http://www.openwall.com/lists/oss-security/2016/02/27/2", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" + ], + "PublishedDate": "2017-02-07T15:59:00Z", + "LastModifiedDate": "2019-01-04T14:14:00Z" + }, + { + "VulnerabilityID": "CVE-2019-12900", + "PkgName": "libbz2-1.0", + "InstalledVersion": "1.0.6-8.1", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12900", + "Title": "bzip2: out-of-bounds write in function BZ2_decompress", + "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4 + } + }, + "References": [ + "https://bugs.launchpad.net/ubuntu/+source/bzip2/+bug/1834494", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12900", + "https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html", + "https://usn.ubuntu.com/4038-1/", + "https://usn.ubuntu.com/4038-2/", + "https://usn.ubuntu.com/usn/usn-4038-1", + "https://usn.ubuntu.com/usn/usn-4038-2", + "https://usn.ubuntu.com/usn/usn-4038-3", + "https://usn.ubuntu.com/usn/usn-4038-4", + "https://usn.ubuntu.com/usn/usn-4146-1", + "https://usn.ubuntu.com/usn/usn-4146-2" + ], + "PublishedDate": "2019-06-19T23:15:00Z", + "LastModifiedDate": "2019-06-24T23:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-6485", + "PkgName": "libc-bin", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6485", + "Title": "glibc: Integer overflow in posix_memalign in memalign functions", + "Description": "An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://bugs.debian.org/878159", + "http://linux.oracle.com/cve/CVE-2018-6485.html", + "http://linux.oracle.com/errata/ELSA-2018-3092.html", + "http://www.securityfocus.com/bid/102912", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3092", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6485", + "https://security.netapp.com/advisory/ntap-20190404-0003/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22343", + "https://usn.ubuntu.com/4218-1/", + "https://usn.ubuntu.com/usn/usn-4218-1", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-02-01T14:29:00Z", + "LastModifiedDate": "2019-12-10T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-6551", + "PkgName": "libc-bin", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6551", + "Title": "glibc: integer overflow in malloc functions", + "Description": "The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6551", + "https://security.netapp.com/advisory/ntap-20190404-0003/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22774", + "https://sourceware.org/git/?p=glibc.git;a=commit;h=8e448310d74b283c5cd02b9ed7fb997b47bf9b22" + ], + "PublishedDate": "2018-02-02T14:29:00Z", + "LastModifiedDate": "2019-04-04T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9169", + "PkgName": "libc-bin", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9169", + "Title": "glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/107160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24114", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9", + "https://support.f5.com/csp/article/K54823184" + ], + "PublishedDate": "2019-02-26T02:29:00Z", + "LastModifiedDate": "2019-04-16T05:29:00Z" + }, + { + "VulnerabilityID": "CVE-2009-5155", + "PkgName": "libc-bin", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2009-5155", + "Title": "glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result", + "Description": "In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-19" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5155", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=11053", + "https://sourceware.org/bugzilla/show_bug.cgi?id=18986", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672", + "https://support.f5.com/csp/article/K64119434" + ], + "PublishedDate": "2019-02-26T02:29:00Z", + "LastModifiedDate": "2019-03-25T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1000001", + "PkgName": "libc-bin", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000001", + "Title": "glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation", + "Description": "In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-1000001.html", + "http://linux.oracle.com/errata/ELSA-2018-0805.html", + "http://seclists.org/oss-sec/2018/q1/38", + "http://www.openwall.com/lists/oss-security/2018/01/11/5", + "http://www.securityfocus.com/bid/102525", + "http://www.securitytracker.com/id/1040162", + "https://access.redhat.com/errata/RHSA-2018:0805", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000001", + "https://lists.samba.org/archive/rsync/2018-February/031478.html", + "https://security.netapp.com/advisory/ntap-20190404-0003/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=18203", + "https://usn.ubuntu.com/3534-1/", + "https://usn.ubuntu.com/3536-1/", + "https://usn.ubuntu.com/usn/usn-3534-1", + "https://usn.ubuntu.com/usn/usn-3536-1", + "https://www.exploit-db.com/exploits/43775/", + "https://www.exploit-db.com/exploits/44889/", + "https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/" + ], + "PublishedDate": "2018-01-31T14:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10739", + "PkgName": "libc-bin", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10739", + "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 4.6, + "V3Score": 5.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-10739.html", + "http://linux.oracle.com/errata/ELSA-2019-3513.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html", + "http://www.securityfocus.com/bid/106672", + "https://access.redhat.com/errata/RHSA-2019:2118", + "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20018" + ], + "PublishedDate": "2019-01-21T19:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12132", + "PkgName": "libc-bin", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12132", + "Title": "glibc: Fragmentation attacks possible when EDNS0 is enabled", + "Description": "The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", + "V3Score": 3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2017-12132.html", + "http://linux.oracle.com/errata/ELSA-2018-0805.html", + "http://www.securityfocus.com/bid/100598", + "https://access.redhat.com/errata/RHSA-2018:0805", + "https://arxiv.org/pdf/1205.4011.pdf", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12132", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21361" + ], + "PublishedDate": "2017-08-01T16:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2010-4051", + "PkgName": "libc-bin", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4051", + "Title": "CVE-2010-4052 glibc: De-recursivise regular expression engine", + "Description": "The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a \"RE_DUP_MAX overflow.\"", + "Severity": "LOW", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + } + }, + "References": [ + "http://cxib.net/stuff/proftpd.gnu.c", + "http://seclists.org/fulldisclosure/2011/Jan/78", + "http://secunia.com/advisories/42547", + "http://securityreason.com/achievement_securityalert/93", + "http://securityreason.com/securityalert/8003", + "http://securitytracker.com/id?1024832", + "http://www.exploit-db.com/exploits/15935", + "http://www.kb.cert.org/vuls/id/912279", + "http://www.securityfocus.com/archive/1/515589/100/0/threaded", + "http://www.securityfocus.com/bid/45233", + "https://bugzilla.redhat.com/show_bug.cgi?id=645859" + ], + "PublishedDate": "2011-01-13T19:00:00Z", + "LastModifiedDate": "2018-10-10T20:06:00Z" + }, + { + "VulnerabilityID": "CVE-2010-4052", + "PkgName": "libc-bin", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4052", + "Title": "CVE-2010-4051 CVE-2010-4052 glibc: De-recursivise regular expression engine", + "Description": "Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + } + }, + "References": [ + "http://cxib.net/stuff/proftpd.gnu.c", + "http://seclists.org/fulldisclosure/2011/Jan/78", + "http://secunia.com/advisories/42547", + "http://securityreason.com/achievement_securityalert/93", + "http://securityreason.com/securityalert/8003", + "http://securitytracker.com/id?1024832", + "http://www.exploit-db.com/exploits/15935", + "http://www.kb.cert.org/vuls/id/912279", + "http://www.securityfocus.com/archive/1/515589/100/0/threaded", + "http://www.securityfocus.com/bid/45233", + "https://bugzilla.redhat.com/show_bug.cgi?id=645859" + ], + "PublishedDate": "2011-01-13T19:00:00Z", + "LastModifiedDate": "2018-10-10T20:06:00Z" + }, + { + "VulnerabilityID": "CVE-2010-4756", + "PkgName": "libc-bin", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4756", + "Title": "glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions", + "Description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "V2Score": 4 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + } + }, + "References": [ + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223" + ], + "PublishedDate": "2011-03-02T20:00:00Z", + "LastModifiedDate": "2011-03-04T05:00:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8985", + "PkgName": "libc-bin", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8985", + "Title": "glibc: potential denial of service in pop_fail_stack()", + "Description": "The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.", + "Severity": "LOW", + "CweIDs": [ + "CWE-19" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 1.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2017/02/14/9", + "http://www.securityfocus.com/bid/76916", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8985", + "https://security.gentoo.org/glsa/201908-06" + ], + "PublishedDate": "2017-03-20T16:59:00Z", + "LastModifiedDate": "2019-08-15T18:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10228", + "PkgName": "libc-bin", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228", + "Title": "glibc: iconv program can hang when invoked with the -c option", + "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2017/03/01/10", + "http://www.securityfocus.com/bid/96525", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228", + "https://sourceware.org/bugzilla/show_bug.cgi?id=19519" + ], + "PublishedDate": "2017-03-02T01:59:00Z", + "LastModifiedDate": "2017-03-04T02:59:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20796", + "PkgName": "libc-bin", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20796", + "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/107160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", + "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" + ], + "PublishedDate": "2019-02-26T02:29:00Z", + "LastModifiedDate": "2019-11-05T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1010022", + "PkgName": "libc-bin", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010022", + "Title": "glibc: stack guard protection bypass", + "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850" + ], + "PublishedDate": "2019-07-15T04:15:00Z", + "LastModifiedDate": "2019-07-18T15:44:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1010023", + "PkgName": "libc-bin", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010023", + "Title": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", + "Description": "GNU Libc current is affected by: Re-mapping current loaded libray with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code.", + "Severity": "LOW", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.securityfocus.com/bid/109167", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "https://support.f5.com/csp/article/K11932200?utm_source=f5support\u0026amp;utm_medium=RSS" + ], + "PublishedDate": "2019-07-15T04:15:00Z", + "LastModifiedDate": "2019-10-09T20:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1010024", + "PkgName": "libc-bin", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010024", + "Title": "glibc: ASLR bypass using cache of thread stack and heap", + "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/109162", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", + "https://support.f5.com/csp/article/K06046097" + ], + "PublishedDate": "2019-07-15T04:15:00Z", + "LastModifiedDate": "2019-09-20T07:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1010025", + "PkgName": "libc-bin", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010025", + "Title": "glibc: information disclosure of heap addresses of pthread_created thread", + "Description": "** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 2.9 + } + }, + "References": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=22853" + ], + "PublishedDate": "2019-07-15T04:15:00Z", + "LastModifiedDate": "2019-08-05T22:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19126", + "PkgName": "libc-bin", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19126", + "Title": "glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries", + "Description": "On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 2.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 2.9 + } + }, + "References": [ + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFJ5E7NWOL6ROE5QVICHKIOUGCPFJVUH/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=25204" + ], + "PublishedDate": "2019-11-19T22:15:00Z", + "LastModifiedDate": "2020-01-21T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-6488", + "PkgName": "libc-bin", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-6488", + "Title": "glibc: Incorrect attempt to use a 64-bit register for size_t in assembly codes results in segmentation fault", + "Description": "The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in __memmove_avx_unaligned_erms in sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S during a memcpy.", + "Severity": "LOW", + "CweIDs": [ + "CWE-404" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106671", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6488", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24097" + ], + "PublishedDate": "2019-01-18T19:29:00Z", + "LastModifiedDate": "2019-02-05T17:30:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7309", + "PkgName": "libc-bin", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7309", + "Title": "glibc: memcmp function incorrectly returns zero", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 2.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106835", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7309", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24155", + "https://sourceware.org/ml/libc-alpha/2019-02/msg00041.html", + "https://sourceware.org/ml/libc-alpha/2019-02/msg00063.html" + ], + "PublishedDate": "2019-02-03T02:29:00Z", + "LastModifiedDate": "2019-02-27T18:07:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9192", + "PkgName": "libc-bin", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9192", + "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", + "Description": "** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 2.8 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" + ], + "PublishedDate": "2019-02-26T18:29:00Z", + "LastModifiedDate": "2019-11-05T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-6485", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6485", + "Title": "glibc: Integer overflow in posix_memalign in memalign functions", + "Description": "An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://bugs.debian.org/878159", + "http://linux.oracle.com/cve/CVE-2018-6485.html", + "http://linux.oracle.com/errata/ELSA-2018-3092.html", + "http://www.securityfocus.com/bid/102912", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3092", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6485", + "https://security.netapp.com/advisory/ntap-20190404-0003/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22343", + "https://usn.ubuntu.com/4218-1/", + "https://usn.ubuntu.com/usn/usn-4218-1", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-02-01T14:29:00Z", + "LastModifiedDate": "2019-12-10T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-6551", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6551", + "Title": "glibc: integer overflow in malloc functions", + "Description": "The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6551", + "https://security.netapp.com/advisory/ntap-20190404-0003/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22774", + "https://sourceware.org/git/?p=glibc.git;a=commit;h=8e448310d74b283c5cd02b9ed7fb997b47bf9b22" + ], + "PublishedDate": "2018-02-02T14:29:00Z", + "LastModifiedDate": "2019-04-04T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9169", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9169", + "Title": "glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/107160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24114", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9", + "https://support.f5.com/csp/article/K54823184" + ], + "PublishedDate": "2019-02-26T02:29:00Z", + "LastModifiedDate": "2019-04-16T05:29:00Z" + }, + { + "VulnerabilityID": "CVE-2009-5155", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2009-5155", + "Title": "glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result", + "Description": "In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-19" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5155", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=11053", + "https://sourceware.org/bugzilla/show_bug.cgi?id=18986", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672", + "https://support.f5.com/csp/article/K64119434" + ], + "PublishedDate": "2019-02-26T02:29:00Z", + "LastModifiedDate": "2019-03-25T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1000001", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000001", + "Title": "glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation", + "Description": "In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-1000001.html", + "http://linux.oracle.com/errata/ELSA-2018-0805.html", + "http://seclists.org/oss-sec/2018/q1/38", + "http://www.openwall.com/lists/oss-security/2018/01/11/5", + "http://www.securityfocus.com/bid/102525", + "http://www.securitytracker.com/id/1040162", + "https://access.redhat.com/errata/RHSA-2018:0805", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000001", + "https://lists.samba.org/archive/rsync/2018-February/031478.html", + "https://security.netapp.com/advisory/ntap-20190404-0003/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=18203", + "https://usn.ubuntu.com/3534-1/", + "https://usn.ubuntu.com/3536-1/", + "https://usn.ubuntu.com/usn/usn-3534-1", + "https://usn.ubuntu.com/usn/usn-3536-1", + "https://www.exploit-db.com/exploits/43775/", + "https://www.exploit-db.com/exploits/44889/", + "https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/" + ], + "PublishedDate": "2018-01-31T14:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10739", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10739", + "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 4.6, + "V3Score": 5.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-10739.html", + "http://linux.oracle.com/errata/ELSA-2019-3513.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html", + "http://www.securityfocus.com/bid/106672", + "https://access.redhat.com/errata/RHSA-2019:2118", + "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20018" + ], + "PublishedDate": "2019-01-21T19:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12132", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12132", + "Title": "glibc: Fragmentation attacks possible when EDNS0 is enabled", + "Description": "The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", + "V3Score": 3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2017-12132.html", + "http://linux.oracle.com/errata/ELSA-2018-0805.html", + "http://www.securityfocus.com/bid/100598", + "https://access.redhat.com/errata/RHSA-2018:0805", + "https://arxiv.org/pdf/1205.4011.pdf", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12132", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21361" + ], + "PublishedDate": "2017-08-01T16:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2010-4051", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4051", + "Title": "CVE-2010-4052 glibc: De-recursivise regular expression engine", + "Description": "The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a \"RE_DUP_MAX overflow.\"", + "Severity": "LOW", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + } + }, + "References": [ + "http://cxib.net/stuff/proftpd.gnu.c", + "http://seclists.org/fulldisclosure/2011/Jan/78", + "http://secunia.com/advisories/42547", + "http://securityreason.com/achievement_securityalert/93", + "http://securityreason.com/securityalert/8003", + "http://securitytracker.com/id?1024832", + "http://www.exploit-db.com/exploits/15935", + "http://www.kb.cert.org/vuls/id/912279", + "http://www.securityfocus.com/archive/1/515589/100/0/threaded", + "http://www.securityfocus.com/bid/45233", + "https://bugzilla.redhat.com/show_bug.cgi?id=645859" + ], + "PublishedDate": "2011-01-13T19:00:00Z", + "LastModifiedDate": "2018-10-10T20:06:00Z" + }, + { + "VulnerabilityID": "CVE-2010-4052", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4052", + "Title": "CVE-2010-4051 CVE-2010-4052 glibc: De-recursivise regular expression engine", + "Description": "Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + } + }, + "References": [ + "http://cxib.net/stuff/proftpd.gnu.c", + "http://seclists.org/fulldisclosure/2011/Jan/78", + "http://secunia.com/advisories/42547", + "http://securityreason.com/achievement_securityalert/93", + "http://securityreason.com/securityalert/8003", + "http://securitytracker.com/id?1024832", + "http://www.exploit-db.com/exploits/15935", + "http://www.kb.cert.org/vuls/id/912279", + "http://www.securityfocus.com/archive/1/515589/100/0/threaded", + "http://www.securityfocus.com/bid/45233", + "https://bugzilla.redhat.com/show_bug.cgi?id=645859" + ], + "PublishedDate": "2011-01-13T19:00:00Z", + "LastModifiedDate": "2018-10-10T20:06:00Z" + }, + { + "VulnerabilityID": "CVE-2010-4756", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4756", + "Title": "glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions", + "Description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "V2Score": 4 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + } + }, + "References": [ + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223" + ], + "PublishedDate": "2011-03-02T20:00:00Z", + "LastModifiedDate": "2011-03-04T05:00:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8985", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8985", + "Title": "glibc: potential denial of service in pop_fail_stack()", + "Description": "The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.", + "Severity": "LOW", + "CweIDs": [ + "CWE-19" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 1.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2017/02/14/9", + "http://www.securityfocus.com/bid/76916", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8985", + "https://security.gentoo.org/glsa/201908-06" + ], + "PublishedDate": "2017-03-20T16:59:00Z", + "LastModifiedDate": "2019-08-15T18:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10228", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228", + "Title": "glibc: iconv program can hang when invoked with the -c option", + "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2017/03/01/10", + "http://www.securityfocus.com/bid/96525", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228", + "https://sourceware.org/bugzilla/show_bug.cgi?id=19519" + ], + "PublishedDate": "2017-03-02T01:59:00Z", + "LastModifiedDate": "2017-03-04T02:59:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20796", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20796", + "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/107160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", + "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" + ], + "PublishedDate": "2019-02-26T02:29:00Z", + "LastModifiedDate": "2019-11-05T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1010022", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010022", + "Title": "glibc: stack guard protection bypass", + "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850" + ], + "PublishedDate": "2019-07-15T04:15:00Z", + "LastModifiedDate": "2019-07-18T15:44:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1010023", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010023", + "Title": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", + "Description": "GNU Libc current is affected by: Re-mapping current loaded libray with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code.", + "Severity": "LOW", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.securityfocus.com/bid/109167", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "https://support.f5.com/csp/article/K11932200?utm_source=f5support\u0026amp;utm_medium=RSS" + ], + "PublishedDate": "2019-07-15T04:15:00Z", + "LastModifiedDate": "2019-10-09T20:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1010024", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010024", + "Title": "glibc: ASLR bypass using cache of thread stack and heap", + "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/109162", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", + "https://support.f5.com/csp/article/K06046097" + ], + "PublishedDate": "2019-07-15T04:15:00Z", + "LastModifiedDate": "2019-09-20T07:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1010025", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010025", + "Title": "glibc: information disclosure of heap addresses of pthread_created thread", + "Description": "** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 2.9 + } + }, + "References": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=22853" + ], + "PublishedDate": "2019-07-15T04:15:00Z", + "LastModifiedDate": "2019-08-05T22:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19126", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19126", + "Title": "glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries", + "Description": "On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 2.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 2.9 + } + }, + "References": [ + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFJ5E7NWOL6ROE5QVICHKIOUGCPFJVUH/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=25204" + ], + "PublishedDate": "2019-11-19T22:15:00Z", + "LastModifiedDate": "2020-01-21T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-6488", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-6488", + "Title": "glibc: Incorrect attempt to use a 64-bit register for size_t in assembly codes results in segmentation fault", + "Description": "The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in __memmove_avx_unaligned_erms in sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S during a memcpy.", + "Severity": "LOW", + "CweIDs": [ + "CWE-404" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106671", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6488", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24097" + ], + "PublishedDate": "2019-01-18T19:29:00Z", + "LastModifiedDate": "2019-02-05T17:30:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7309", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7309", + "Title": "glibc: memcmp function incorrectly returns zero", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 2.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106835", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7309", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24155", + "https://sourceware.org/ml/libc-alpha/2019-02/msg00041.html", + "https://sourceware.org/ml/libc-alpha/2019-02/msg00063.html" + ], + "PublishedDate": "2019-02-03T02:29:00Z", + "LastModifiedDate": "2019-02-27T18:07:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9192", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9192", + "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", + "Description": "** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 2.8 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" + ], + "PublishedDate": "2019-02-26T18:29:00Z", + "LastModifiedDate": "2019-11-05T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5094", + "PkgName": "libcomerr2", + "InstalledVersion": "1.43.4-2", + "FixedVersion": "1.43.4-2+deb9u1", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", + "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", + "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", + "https://seclists.org/bugtraq/2019/Sep/58", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", + "https://usn.ubuntu.com/4142-2/", + "https://usn.ubuntu.com/usn/usn-4142-1", + "https://usn.ubuntu.com/usn/usn-4142-2", + "https://www.debian.org/security/2019/dsa-4535" + ], + "PublishedDate": "2019-09-24T22:15:00Z", + "LastModifiedDate": "2019-09-28T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5188", + "PkgName": "libcomerr2", + "InstalledVersion": "1.43.4-2", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", + "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", + "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", + "https://usn.ubuntu.com/4249-1/", + "https://usn.ubuntu.com/usn/usn-4249-1" + ], + "PublishedDate": "2020-01-08T16:15:00Z", + "LastModifiedDate": "2020-01-28T06:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16062", + "PkgName": "libelf1", + "InstalledVersion": "0.168-1", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16062", + "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file", + "Description": "dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16062.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://access.redhat.com/errata/RHSA-2019:2197", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23541", + "https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-08-29T03:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18310", + "PkgName": "libelf1", + "InstalledVersion": "0.168-1", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18310", + "Title": "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl", + "Description": "An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-18310.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23752", + "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-10-15T02:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16402", + "PkgName": "libelf1", + "InstalledVersion": "0.168-1", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16402", + "Title": "elfutils: Double-free due to double decompression of sections in crafted ELF causes crash", + "Description": "libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.", + "Severity": "LOW", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16402.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16402", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23528", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-09-03T19:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16403", + "PkgName": "libelf1", + "InstalledVersion": "0.168-1", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16403", + "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash", + "Description": "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16403.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://access.redhat.com/errata/RHSA-2019:2197", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16403", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23529", + "https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-09-03T19:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18520", + "PkgName": "libelf1", + "InstalledVersion": "0.168-1", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18520", + "Title": "elfutils: eu-size cannot handle recursive ar files", + "Description": "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-18520.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23787", + "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-10-19T17:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18521", + "PkgName": "libelf1", + "InstalledVersion": "0.168-1", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18521", + "Title": "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c", + "Description": "Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.", + "Severity": "LOW", + "CweIDs": [ + "CWE-369" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-18521.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23786", + "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-10-19T17:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7148", + "PkgName": "libelf1", + "InstalledVersion": "0.168-1", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7148", + "Title": "elfutils: excessive memory allocation in read_long_names in elf_begin.c in libelf", + "Description": "**DISPUTED** An attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf input, which leads to an out-of-memory exception. NOTE: The maintainers believe this is not a real issue, but instead a \"warning caused by ASAN because the allocation is big. By setting ASAN_OPTIONS=allocator_may_return_null=1 and running the reproducer, nothing happens.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7148", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24085" + ], + "PublishedDate": "2019-01-29T00:29:00Z", + "LastModifiedDate": "2019-03-29T02:21:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7149", + "PkgName": "libelf1", + "InstalledVersion": "0.168-1", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7149", + "Title": "elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw", + "Description": "A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7149.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7149", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24102", + "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2019-01-29T00:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7150", + "PkgName": "libelf1", + "InstalledVersion": "0.168-1", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7150", + "Title": "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c", + "Description": "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7150.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24103", + "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2019-01-29T00:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7664", + "PkgName": "libelf1", + "InstalledVersion": "0.168-1", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7664", + "Title": "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h", + "Description": "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7664.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://access.redhat.com/errata/RHSA-2019:2197", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24084" + ], + "PublishedDate": "2019-02-09T16:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7665", + "PkgName": "libelf1", + "InstalledVersion": "0.168-1", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7665", + "Title": "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c", + "Description": "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7665.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24089", + "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2019-02-09T16:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2779", + "PkgName": "libfdisk1", + "InstalledVersion": "2.29.2-1+deb9u1", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", + "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", + "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "V2Score": 6.2, + "V3Score": 8.6 + } + }, + "References": [ + "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", + "http://www.openwall.com/lists/oss-security/2016/02/27/1", + "http://www.openwall.com/lists/oss-security/2016/02/27/2", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" + ], + "PublishedDate": "2017-02-07T15:59:00Z", + "LastModifiedDate": "2019-01-04T14:14:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12886", + "PkgName": "libgcc1", + "InstalledVersion": "6.3.0-18+deb9u1", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12886", + "Title": "gcc: spilling of stack protection address in cfgexpand.c and function.c leads to stack-overflow protection bypass", + "Description": "stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "V3Score": 6.8 + } + }, + "References": [ + "https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=266379\u0026view=markup", + "https://www.gnu.org/software/gcc/gcc-8/changes.html" + ], + "PublishedDate": "2019-05-22T19:29:00Z", + "LastModifiedDate": "2019-05-23T13:50:00Z" + }, + { + "VulnerabilityID": "CVE-2019-12904", + "PkgName": "libgcrypt20", + "InstalledVersion": "1.7.6-2+deb9u3", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12904", + "Title": "Libgcrypt: physical addresses being available to other processes leads to a flush-and-reload side-channel attack", + "Description": "In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.)", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00049.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12904", + "https://dev.gnupg.org/T4541", + "https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020", + "https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762", + "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html" + ], + "PublishedDate": "2019-06-20T00:15:00Z", + "LastModifiedDate": "2019-07-23T18:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-13627", + "PkgName": "libgcrypt20", + "InstalledVersion": "1.7.6-2+deb9u3", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13627", + "Title": "libgcrypt: ECDSA timing attack in the libgcrypt20 cryptographic library", + "Description": "It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-362" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "V3Score": 6.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00060.html", + "http://www.openwall.com/lists/oss-security/2019/10/02/2", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13627", + "https://dev.gnupg.org/T4683", + "https://github.com/gpg/libgcrypt/releases/tag/libgcrypt-1.8.5", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00024.html", + "https://minerva.crocs.fi.muni.cz/", + "https://security-tracker.debian.org/tracker/CVE-2019-13627", + "https://usn.ubuntu.com/usn/usn-4236-1", + "https://usn.ubuntu.com/usn/usn-4236-2", + "https://usn.ubuntu.com/usn/usn-4236-3" + ], + "PublishedDate": "2019-09-25T15:15:00Z", + "LastModifiedDate": "2019-10-03T00:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-6829", + "PkgName": "libgcrypt20", + "InstalledVersion": "1.7.6-2+deb9u3", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6829", + "Title": "libgcrypt: ElGamal implementation doesn't have semantic security due to incorrectly encoded plaintexts possibly allowing to obtain sensitive information", + "Description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "Severity": "LOW", + "CweIDs": [ + "CWE-327" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", + "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", + "https://www.oracle.com/security-alerts/cpujan2020.html" + ], + "PublishedDate": "2018-02-07T23:29:00Z", + "LastModifiedDate": "2020-01-15T20:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17543", + "PkgName": "liblz4-1", + "InstalledVersion": "0.0~r131-2", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17543", + "Title": "lz4: heap-based buffer overflow in LZ4_write32", + "Description": "LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states \"only a few specific / uncommon usages of the API are at risk.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-120" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00069.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00070.html", + "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15941", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17543", + "https://github.com/lz4/lz4/compare/v1.9.1...v1.9.2", + "https://github.com/lz4/lz4/issues/801", + "https://github.com/lz4/lz4/pull/756", + "https://github.com/lz4/lz4/pull/760", + "https://lists.apache.org/thread.html/25015588b770d67470b7ba7ea49a305d6735dd7f00eabe7d50ec1e17@%3Cissues.arrow.apache.org%3E", + "https://lists.apache.org/thread.html/793012683dc0fa6819b7c2560e6cf990811014c40c7d75412099c357@%3Cissues.arrow.apache.org%3E", + "https://lists.apache.org/thread.html/9ff0606d16be2ab6a81619e1c9e23c3e251756638e36272c8c8b7fa3@%3Cissues.arrow.apache.org%3E", + "https://lists.apache.org/thread.html/f0038c4fab2ee25aee849ebeff6b33b3aa89e07ccfb06b5c87b36316@%3Cissues.arrow.apache.org%3E", + "https://lists.apache.org/thread.html/f506bc371d4a068d5d84d7361293568f61167d3a1c3e91f0def2d7d3@%3Cdev.arrow.apache.org%3E" + ], + "PublishedDate": "2019-10-14T02:15:00Z", + "LastModifiedDate": "2019-10-24T15:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2779", + "PkgName": "libmount1", + "InstalledVersion": "2.29.2-1+deb9u1", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", + "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", + "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "V2Score": 6.2, + "V3Score": 8.6 + } + }, + "References": [ + "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", + "http://www.openwall.com/lists/oss-security/2016/02/27/1", + "http://www.openwall.com/lists/oss-security/2016/02/27/2", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" + ], + "PublishedDate": "2017-02-07T15:59:00Z", + "LastModifiedDate": "2019-01-04T14:14:00Z" + }, + { + "VulnerabilityID": "CVE-2018-19211", + "PkgName": "libncursesw5", + "InstalledVersion": "6.0+20161126-1+deb9u2", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19211", + "Title": "ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c", + "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1643754", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19211" + ], + "PublishedDate": "2018-11-12T19:29:00Z", + "LastModifiedDate": "2019-04-23T13:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17594", + "PkgName": "libncursesw5", + "InstalledVersion": "6.0+20161126-1+deb9u2", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", + "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-26T15:35:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17595", + "PkgName": "libncursesw5", + "InstalledVersion": "6.0+20161126-1+deb9u2", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", + "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V2Score": 5.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 5.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-23T19:26:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16869", + "PkgName": "libnettle6", + "InstalledVersion": "3.3-1", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16869", + "Title": "nettle: Leaky data conversion exposing a manager oracle", + "Description": "A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N", + "V2Score": 3.3, + "V3Score": 5.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "http://cat.eyalro.net/", + "http://www.securityfocus.com/bid/106092", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16869", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16869", + "https://lists.debian.org/debian-lts/2019/03/msg00021.html", + "https://lists.lysator.liu.se/pipermail/nettle-bugs/2018/007363.html" + ], + "PublishedDate": "2018-12-03T14:29:00Z", + "LastModifiedDate": "2019-10-09T23:36:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11164", + "PkgName": "libpcre3", + "InstalledVersion": "2:8.39-3", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11164", + "Title": "pcre: OP_KETRMAX feature in the match function in pcre_exec.c", + "Description": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 7.8, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2017/07/11/3", + "http://www.securityfocus.com/bid/99575", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164" + ], + "PublishedDate": "2017-07-11T03:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16231", + "PkgName": "libpcre3", + "InstalledVersion": "2:8.39-3", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16231", + "Title": "pcre: self-recursive call in match() in pcre_exec.c leads to denial of service", + "Description": "** DISPUTED ** In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 2.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://packetstormsecurity.com/files/150897/PCRE-8.41-Buffer-Overflow.html", + "http://seclists.org/fulldisclosure/2018/Dec/33", + "http://www.openwall.com/lists/oss-security/2017/11/01/11", + "http://www.openwall.com/lists/oss-security/2017/11/01/3", + "http://www.openwall.com/lists/oss-security/2017/11/01/7", + "http://www.openwall.com/lists/oss-security/2017/11/01/8", + "http://www.securityfocus.com/bid/101688", + "https://bugs.exim.org/show_bug.cgi?id=2047" + ], + "PublishedDate": "2019-03-21T15:59:00Z", + "LastModifiedDate": "2019-04-02T13:55:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7245", + "PkgName": "libpcre3", + "InstalledVersion": "2:8.39-3", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7245", + "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", + "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97067", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7245", + "https://security.gentoo.org/glsa/201710-25" + ], + "PublishedDate": "2017-03-23T21:59:00Z", + "LastModifiedDate": "2018-08-17T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7246", + "PkgName": "libpcre3", + "InstalledVersion": "2:8.39-3", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7246", + "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", + "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97067", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7246", + "https://security.gentoo.org/glsa/201710-25" + ], + "PublishedDate": "2017-03-23T21:59:00Z", + "LastModifiedDate": "2018-08-17T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2779", + "PkgName": "libsmartcols1", + "InstalledVersion": "2.29.2-1+deb9u1", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", + "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", + "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "V2Score": 6.2, + "V3Score": 8.6 + } + }, + "References": [ + "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", + "http://www.openwall.com/lists/oss-security/2016/02/27/1", + "http://www.openwall.com/lists/oss-security/2016/02/27/2", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" + ], + "PublishedDate": "2017-02-07T15:59:00Z", + "LastModifiedDate": "2019-01-04T14:14:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5094", + "PkgName": "libss2", + "InstalledVersion": "1.43.4-2", + "FixedVersion": "1.43.4-2+deb9u1", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", + "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", + "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", + "https://seclists.org/bugtraq/2019/Sep/58", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", + "https://usn.ubuntu.com/4142-2/", + "https://usn.ubuntu.com/usn/usn-4142-1", + "https://usn.ubuntu.com/usn/usn-4142-2", + "https://www.debian.org/security/2019/dsa-4535" + ], + "PublishedDate": "2019-09-24T22:15:00Z", + "LastModifiedDate": "2019-09-28T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5188", + "PkgName": "libss2", + "InstalledVersion": "1.43.4-2", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", + "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", + "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", + "https://usn.ubuntu.com/4249-1/", + "https://usn.ubuntu.com/usn/usn-4249-1" + ], + "PublishedDate": "2020-01-08T16:15:00Z", + "LastModifiedDate": "2020-01-28T06:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12886", + "PkgName": "libstdc++6", + "InstalledVersion": "6.3.0-18+deb9u1", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12886", + "Title": "gcc: spilling of stack protection address in cfgexpand.c and function.c leads to stack-overflow protection bypass", + "Description": "stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "V3Score": 6.8 + } + }, + "References": [ + "https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=266379\u0026view=markup", + "https://www.gnu.org/software/gcc/gcc-8/changes.html" + ], + "PublishedDate": "2019-05-22T19:29:00Z", + "LastModifiedDate": "2019-05-23T13:50:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3843", + "PkgName": "libsystemd0", + "InstalledVersion": "232-25+deb9u11", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3843", + "Title": "systemd: services with DynamicUser can create SUID/SGID binaries", + "Description": "It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 4.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/108116", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3843", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3843", + "https://github.com/systemd/systemd-stable/pull/54 (backport for v241-stable)", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5JXQAKSTMABZ46EVCRMW62DHWYHTTFES/", + "https://security.netapp.com/advisory/ntap-20190619-0002/", + "https://usn.ubuntu.com/usn/usn-4269-1" + ], + "PublishedDate": "2019-04-26T21:29:00Z", + "LastModifiedDate": "2019-06-19T10:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3844", + "PkgName": "libsystemd0", + "InstalledVersion": "232-25+deb9u11", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3844", + "Title": "systemd: services with DynamicUser can get new privileges and create SGID binaries", + "Description": "It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 4.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/108096", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3844", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3844", + "https://security.netapp.com/advisory/ntap-20190619-0002/", + "https://usn.ubuntu.com/usn/usn-4269-1" + ], + "PublishedDate": "2019-04-26T21:29:00Z", + "LastModifiedDate": "2019-06-19T10:15:00Z" + }, + { + "VulnerabilityID": "CVE-2020-1712", + "PkgName": "libsystemd0", + "InstalledVersion": "232-25+deb9u11", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-1712", + "Title": "systemd: use-after-free when asynchronous polkit queries are performed", + "Description": "A heap use-after-free vulnerability was found in systemd, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.", + "Severity": "HIGH", + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2020-1712.html", + "http://linux.oracle.com/errata/ELSA-2020-0575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1712", + "https://usn.ubuntu.com/usn/usn-4269-1" + ] + }, + { + "VulnerabilityID": "CVE-2013-4392", + "PkgName": "libsystemd0", + "InstalledVersion": "232-25+deb9u11", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4392", + "Title": "systemd: TOCTOU race condition when updating file permissions and SELinux security contexts", + "Description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", + "Severity": "LOW", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "V2Score": 3.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "V2Score": 3.3 + } + }, + "References": [ + "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", + "http://www.openwall.com/lists/oss-security/2013/10/01/9", + "https://bugzilla.redhat.com/show_bug.cgi?id=859060" + ], + "PublishedDate": "2013-10-28T22:55:00Z", + "LastModifiedDate": "2013-12-08T06:00:00Z" + }, + { + "VulnerabilityID": "CVE-2017-1000082", + "PkgName": "libsystemd0", + "InstalledVersion": "232-25+deb9u11", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000082", + "Title": "systemd: fails to parse usernames that start with digits", + "Description": "systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. \"0day\"), running the service in question with root privileges rather than the user intended.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 10, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", + "V3Score": 7.2 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2017/07/02/1", + "http://www.securityfocus.com/bid/99507", + "http://www.securitytracker.com/id/1038839", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000082", + "https://github.com/systemd/systemd/issues/6237" + ], + "PublishedDate": "2017-07-07T17:29:00Z", + "LastModifiedDate": "2017-07-23T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-18078", + "PkgName": "libsystemd0", + "InstalledVersion": "232-25+deb9u11", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18078", + "Title": "systemd: Unsafe handling of hard links allowing privilege escalation", + "Description": "systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-59" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 6.7 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-updates/2018-02/msg00109.html", + "http://packetstormsecurity.com/files/146184/systemd-Local-Privilege-Escalation.html", + "http://www.openwall.com/lists/oss-security/2018/01/29/3", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18078", + "https://github.com/systemd/systemd/issues/7736", + "https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html", + "https://www.exploit-db.com/exploits/43935/", + "https://www.openwall.com/lists/oss-security/2018/01/29/4" + ], + "PublishedDate": "2018-01-29T05:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16888", + "PkgName": "libsystemd0", + "InstalledVersion": "232-25+deb9u11", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16888", + "Title": "systemd: kills privileged process if unprivileged PIDFile was tampered", + "Description": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20", + "CWE-732" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.4 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16888.html", + "http://linux.oracle.com/errata/ELSA-2019-2091.html", + "https://access.redhat.com/errata/RHSA-2019:2091", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16888", + "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74@%3Cuser.cassandra.apache.org%3E", + "https://security.netapp.com/advisory/ntap-20190307-0007/", + "https://usn.ubuntu.com/usn/usn-4269-1" + ], + "PublishedDate": "2019-01-14T22:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-6954", + "PkgName": "libsystemd0", + "InstalledVersion": "232-25+deb9u11", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6954", + "Title": "systemd: Mishandled symlinks in systemd-tmpfiles allows local users to obtain ownership of arbitrary files", + "Description": "systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.", + "Severity": "LOW", + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6954", + "https://github.com/systemd/systemd/issues/7986", + "https://usn.ubuntu.com/3816-1/", + "https://usn.ubuntu.com/3816-2/", + "https://usn.ubuntu.com/usn/usn-3816-1", + "https://usn.ubuntu.com/usn/usn-3816-2" + ], + "PublishedDate": "2018-02-13T20:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-20386", + "PkgName": "libsystemd0", + "InstalledVersion": "232-25+deb9u11", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20386", + "Title": "systemd: a memory leak was discovered in button_open in login/logind-button.c when udev events are received", + "Description": "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.", + "Severity": "LOW", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 2.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20386", + "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad", + "https://security.netapp.com/advisory/ntap-20200210-0002/", + "https://usn.ubuntu.com/4269-1/", + "https://usn.ubuntu.com/usn/usn-4269-1" + ], + "PublishedDate": "2020-01-21T06:15:00Z", + "LastModifiedDate": "2020-02-10T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-19211", + "PkgName": "libtinfo5", + "InstalledVersion": "6.0+20161126-1+deb9u2", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19211", + "Title": "ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c", + "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1643754", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19211" + ], + "PublishedDate": "2018-11-12T19:29:00Z", + "LastModifiedDate": "2019-04-23T13:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17594", + "PkgName": "libtinfo5", + "InstalledVersion": "6.0+20161126-1+deb9u2", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", + "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-26T15:35:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17595", + "PkgName": "libtinfo5", + "InstalledVersion": "6.0+20161126-1+deb9u2", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", + "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V2Score": 5.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 5.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-23T19:26:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3843", + "PkgName": "libudev1", + "InstalledVersion": "232-25+deb9u11", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3843", + "Title": "systemd: services with DynamicUser can create SUID/SGID binaries", + "Description": "It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 4.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/108116", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3843", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3843", + "https://github.com/systemd/systemd-stable/pull/54 (backport for v241-stable)", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5JXQAKSTMABZ46EVCRMW62DHWYHTTFES/", + "https://security.netapp.com/advisory/ntap-20190619-0002/", + "https://usn.ubuntu.com/usn/usn-4269-1" + ], + "PublishedDate": "2019-04-26T21:29:00Z", + "LastModifiedDate": "2019-06-19T10:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3844", + "PkgName": "libudev1", + "InstalledVersion": "232-25+deb9u11", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3844", + "Title": "systemd: services with DynamicUser can get new privileges and create SGID binaries", + "Description": "It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 4.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/108096", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3844", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3844", + "https://security.netapp.com/advisory/ntap-20190619-0002/", + "https://usn.ubuntu.com/usn/usn-4269-1" + ], + "PublishedDate": "2019-04-26T21:29:00Z", + "LastModifiedDate": "2019-06-19T10:15:00Z" + }, + { + "VulnerabilityID": "CVE-2020-1712", + "PkgName": "libudev1", + "InstalledVersion": "232-25+deb9u11", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-1712", + "Title": "systemd: use-after-free when asynchronous polkit queries are performed", + "Description": "A heap use-after-free vulnerability was found in systemd, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.", + "Severity": "HIGH", + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2020-1712.html", + "http://linux.oracle.com/errata/ELSA-2020-0575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1712", + "https://usn.ubuntu.com/usn/usn-4269-1" + ] + }, + { + "VulnerabilityID": "CVE-2013-4392", + "PkgName": "libudev1", + "InstalledVersion": "232-25+deb9u11", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4392", + "Title": "systemd: TOCTOU race condition when updating file permissions and SELinux security contexts", + "Description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", + "Severity": "LOW", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "V2Score": 3.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "V2Score": 3.3 + } + }, + "References": [ + "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", + "http://www.openwall.com/lists/oss-security/2013/10/01/9", + "https://bugzilla.redhat.com/show_bug.cgi?id=859060" + ], + "PublishedDate": "2013-10-28T22:55:00Z", + "LastModifiedDate": "2013-12-08T06:00:00Z" + }, + { + "VulnerabilityID": "CVE-2017-1000082", + "PkgName": "libudev1", + "InstalledVersion": "232-25+deb9u11", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000082", + "Title": "systemd: fails to parse usernames that start with digits", + "Description": "systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. \"0day\"), running the service in question with root privileges rather than the user intended.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 10, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", + "V3Score": 7.2 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2017/07/02/1", + "http://www.securityfocus.com/bid/99507", + "http://www.securitytracker.com/id/1038839", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000082", + "https://github.com/systemd/systemd/issues/6237" + ], + "PublishedDate": "2017-07-07T17:29:00Z", + "LastModifiedDate": "2017-07-23T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-18078", + "PkgName": "libudev1", + "InstalledVersion": "232-25+deb9u11", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18078", + "Title": "systemd: Unsafe handling of hard links allowing privilege escalation", + "Description": "systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-59" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 6.7 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-updates/2018-02/msg00109.html", + "http://packetstormsecurity.com/files/146184/systemd-Local-Privilege-Escalation.html", + "http://www.openwall.com/lists/oss-security/2018/01/29/3", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18078", + "https://github.com/systemd/systemd/issues/7736", + "https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html", + "https://www.exploit-db.com/exploits/43935/", + "https://www.openwall.com/lists/oss-security/2018/01/29/4" + ], + "PublishedDate": "2018-01-29T05:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16888", + "PkgName": "libudev1", + "InstalledVersion": "232-25+deb9u11", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16888", + "Title": "systemd: kills privileged process if unprivileged PIDFile was tampered", + "Description": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20", + "CWE-732" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.4 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16888.html", + "http://linux.oracle.com/errata/ELSA-2019-2091.html", + "https://access.redhat.com/errata/RHSA-2019:2091", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16888", + "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74@%3Cuser.cassandra.apache.org%3E", + "https://security.netapp.com/advisory/ntap-20190307-0007/", + "https://usn.ubuntu.com/usn/usn-4269-1" + ], + "PublishedDate": "2019-01-14T22:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-6954", + "PkgName": "libudev1", + "InstalledVersion": "232-25+deb9u11", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6954", + "Title": "systemd: Mishandled symlinks in systemd-tmpfiles allows local users to obtain ownership of arbitrary files", + "Description": "systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.", + "Severity": "LOW", + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6954", + "https://github.com/systemd/systemd/issues/7986", + "https://usn.ubuntu.com/3816-1/", + "https://usn.ubuntu.com/3816-2/", + "https://usn.ubuntu.com/usn/usn-3816-1", + "https://usn.ubuntu.com/usn/usn-3816-2" + ], + "PublishedDate": "2018-02-13T20:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-20386", + "PkgName": "libudev1", + "InstalledVersion": "232-25+deb9u11", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20386", + "Title": "systemd: a memory leak was discovered in button_open in login/logind-button.c when udev events are received", + "Description": "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.", + "Severity": "LOW", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 2.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20386", + "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad", + "https://security.netapp.com/advisory/ntap-20200210-0002/", + "https://usn.ubuntu.com/4269-1/", + "https://usn.ubuntu.com/usn/usn-4269-1" + ], + "PublishedDate": "2020-01-21T06:15:00Z", + "LastModifiedDate": "2020-02-10T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2779", + "PkgName": "libuuid1", + "InstalledVersion": "2.29.2-1+deb9u1", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", + "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", + "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "V2Score": 6.2, + "V3Score": 8.6 + } + }, + "References": [ + "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", + "http://www.openwall.com/lists/oss-security/2016/02/27/1", + "http://www.openwall.com/lists/oss-security/2016/02/27/2", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" + ], + "PublishedDate": "2017-02-07T15:59:00Z", + "LastModifiedDate": "2019-01-04T14:14:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12424", + "PkgName": "login", + "InstalledVersion": "1:4.4-4.1", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12424", + "Title": "shadow-utils: Buffer overflow via newusers tool", + "Description": "In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 4.5 + } + }, + "References": [ + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756630", + "https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1266675", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12424", + "https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952", + "https://security.gentoo.org/glsa/201710-16" + ], + "PublishedDate": "2017-08-04T09:29:00Z", + "LastModifiedDate": "2017-10-17T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2007-5686", + "PkgName": "login", + "InstalledVersion": "1:4.4-4.1", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2007-5686", + "Description": "initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.", + "Severity": "LOW", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N", + "V2Score": 4.9 + } + }, + "References": [ + "http://secunia.com/advisories/27215", + "http://www.securityfocus.com/archive/1/482129/100/100/threaded", + "http://www.securityfocus.com/archive/1/482857/100/0/threaded", + "http://www.securityfocus.com/bid/26048", + "http://www.vupen.com/english/advisories/2007/3474", + "https://issues.rpath.com/browse/RPL-1825" + ], + "PublishedDate": "2007-10-28T17:08:00Z", + "LastModifiedDate": "2018-10-15T21:45:00Z" + }, + { + "VulnerabilityID": "CVE-2013-4235", + "PkgName": "login", + "InstalledVersion": "1:4.4-4.1", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4235", + "Title": "shadow-utils: TOCTOU race conditions by copying and removing directory trees", + "Description": "shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees", + "Severity": "LOW", + "CweIDs": [ + "CWE-367" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", + "V2Score": 3.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 3.7, + "V3Score": 6.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/cve-2013-4235", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4235", + "https://security-tracker.debian.org/tracker/CVE-2013-4235" + ], + "PublishedDate": "2019-12-03T15:15:00Z", + "LastModifiedDate": "2019-12-13T15:30:00Z" + }, + { + "VulnerabilityID": "CVE-2018-7169", + "PkgName": "login", + "InstalledVersion": "1:4.4-4.1", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7169", + "Title": "shadow-utils: newgidmap allows unprivileged user to drop supplementary groups potentially allowing privilege escalation", + "Description": "An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used \"group blacklisting\" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.", + "Severity": "LOW", + "CweIDs": [ + "CWE-732" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.4 + } + }, + "References": [ + "https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7169", + "https://github.com/shadow-maint/shadow/pull/97", + "https://security.gentoo.org/glsa/201805-09" + ], + "PublishedDate": "2018-02-15T20:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19882", + "PkgName": "login", + "InstalledVersion": "1:4.4-4.1", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19882", + "Title": "shadow-utils: local users can obtain root access because setuid programs are misconfigured", + "Description": "shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing --disable-account-tools-setuid, and without a PAM configuration suitable for use with setuid account management tools. This combination leads to account management tools (groupadd, groupdel, groupmod, useradd, userdel, usermod) that can easily be used by unprivileged local users to escalate privileges to root in multiple ways. This issue became much more relevant in approximately December 2019 when an unrelated bug was fixed (i.e., the chmod calls to suidusbins were fixed in the upstream Makefile which is now included in the release version 4.8).", + "Severity": "LOW", + "CweIDs": [ + "CWE-269" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", + "V2Score": 6.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://bugs.archlinux.org/task/64836", + "https://bugs.gentoo.org/702252", + "https://github.com/shadow-maint/shadow/commit/edf7547ad5aa650be868cf2dac58944773c12d75", + "https://github.com/shadow-maint/shadow/pull/199", + "https://github.com/void-linux/void-packages/pull/17580" + ], + "PublishedDate": "2019-12-18T16:15:00Z", + "LastModifiedDate": "2019-12-30T19:02:00Z" + }, + { + "VulnerabilityID": "TEMP-0628843-DBAD28", + "PkgName": "login", + "InstalledVersion": "1:4.4-4.1", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://security-tracker.debian.org/tracker/TEMP-0628843-DBAD28", + "Severity": "LOW" + }, + { + "VulnerabilityID": "CVE-2016-2779", + "PkgName": "mount", + "InstalledVersion": "2.29.2-1+deb9u1", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", + "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", + "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "V2Score": 6.2, + "V3Score": 8.6 + } + }, + "References": [ + "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", + "http://www.openwall.com/lists/oss-security/2016/02/27/1", + "http://www.openwall.com/lists/oss-security/2016/02/27/2", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" + ], + "PublishedDate": "2017-02-07T15:59:00Z", + "LastModifiedDate": "2019-01-04T14:14:00Z" + }, + { + "VulnerabilityID": "CVE-2018-6485", + "PkgName": "multiarch-support", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6485", + "Title": "glibc: Integer overflow in posix_memalign in memalign functions", + "Description": "An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://bugs.debian.org/878159", + "http://linux.oracle.com/cve/CVE-2018-6485.html", + "http://linux.oracle.com/errata/ELSA-2018-3092.html", + "http://www.securityfocus.com/bid/102912", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3092", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6485", + "https://security.netapp.com/advisory/ntap-20190404-0003/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22343", + "https://usn.ubuntu.com/4218-1/", + "https://usn.ubuntu.com/usn/usn-4218-1", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-02-01T14:29:00Z", + "LastModifiedDate": "2019-12-10T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-6551", + "PkgName": "multiarch-support", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6551", + "Title": "glibc: integer overflow in malloc functions", + "Description": "The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6551", + "https://security.netapp.com/advisory/ntap-20190404-0003/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22774", + "https://sourceware.org/git/?p=glibc.git;a=commit;h=8e448310d74b283c5cd02b9ed7fb997b47bf9b22" + ], + "PublishedDate": "2018-02-02T14:29:00Z", + "LastModifiedDate": "2019-04-04T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9169", + "PkgName": "multiarch-support", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9169", + "Title": "glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/107160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24114", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9", + "https://support.f5.com/csp/article/K54823184" + ], + "PublishedDate": "2019-02-26T02:29:00Z", + "LastModifiedDate": "2019-04-16T05:29:00Z" + }, + { + "VulnerabilityID": "CVE-2009-5155", + "PkgName": "multiarch-support", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2009-5155", + "Title": "glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result", + "Description": "In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-19" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5155", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=11053", + "https://sourceware.org/bugzilla/show_bug.cgi?id=18986", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672", + "https://support.f5.com/csp/article/K64119434" + ], + "PublishedDate": "2019-02-26T02:29:00Z", + "LastModifiedDate": "2019-03-25T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1000001", + "PkgName": "multiarch-support", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000001", + "Title": "glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation", + "Description": "In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-1000001.html", + "http://linux.oracle.com/errata/ELSA-2018-0805.html", + "http://seclists.org/oss-sec/2018/q1/38", + "http://www.openwall.com/lists/oss-security/2018/01/11/5", + "http://www.securityfocus.com/bid/102525", + "http://www.securitytracker.com/id/1040162", + "https://access.redhat.com/errata/RHSA-2018:0805", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000001", + "https://lists.samba.org/archive/rsync/2018-February/031478.html", + "https://security.netapp.com/advisory/ntap-20190404-0003/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=18203", + "https://usn.ubuntu.com/3534-1/", + "https://usn.ubuntu.com/3536-1/", + "https://usn.ubuntu.com/usn/usn-3534-1", + "https://usn.ubuntu.com/usn/usn-3536-1", + "https://www.exploit-db.com/exploits/43775/", + "https://www.exploit-db.com/exploits/44889/", + "https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/" + ], + "PublishedDate": "2018-01-31T14:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10739", + "PkgName": "multiarch-support", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10739", + "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 4.6, + "V3Score": 5.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-10739.html", + "http://linux.oracle.com/errata/ELSA-2019-3513.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html", + "http://www.securityfocus.com/bid/106672", + "https://access.redhat.com/errata/RHSA-2019:2118", + "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20018" + ], + "PublishedDate": "2019-01-21T19:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12132", + "PkgName": "multiarch-support", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12132", + "Title": "glibc: Fragmentation attacks possible when EDNS0 is enabled", + "Description": "The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", + "V3Score": 3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2017-12132.html", + "http://linux.oracle.com/errata/ELSA-2018-0805.html", + "http://www.securityfocus.com/bid/100598", + "https://access.redhat.com/errata/RHSA-2018:0805", + "https://arxiv.org/pdf/1205.4011.pdf", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12132", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21361" + ], + "PublishedDate": "2017-08-01T16:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2010-4051", + "PkgName": "multiarch-support", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4051", + "Title": "CVE-2010-4052 glibc: De-recursivise regular expression engine", + "Description": "The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a \"RE_DUP_MAX overflow.\"", + "Severity": "LOW", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + } + }, + "References": [ + "http://cxib.net/stuff/proftpd.gnu.c", + "http://seclists.org/fulldisclosure/2011/Jan/78", + "http://secunia.com/advisories/42547", + "http://securityreason.com/achievement_securityalert/93", + "http://securityreason.com/securityalert/8003", + "http://securitytracker.com/id?1024832", + "http://www.exploit-db.com/exploits/15935", + "http://www.kb.cert.org/vuls/id/912279", + "http://www.securityfocus.com/archive/1/515589/100/0/threaded", + "http://www.securityfocus.com/bid/45233", + "https://bugzilla.redhat.com/show_bug.cgi?id=645859" + ], + "PublishedDate": "2011-01-13T19:00:00Z", + "LastModifiedDate": "2018-10-10T20:06:00Z" + }, + { + "VulnerabilityID": "CVE-2010-4052", + "PkgName": "multiarch-support", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4052", + "Title": "CVE-2010-4051 CVE-2010-4052 glibc: De-recursivise regular expression engine", + "Description": "Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + } + }, + "References": [ + "http://cxib.net/stuff/proftpd.gnu.c", + "http://seclists.org/fulldisclosure/2011/Jan/78", + "http://secunia.com/advisories/42547", + "http://securityreason.com/achievement_securityalert/93", + "http://securityreason.com/securityalert/8003", + "http://securitytracker.com/id?1024832", + "http://www.exploit-db.com/exploits/15935", + "http://www.kb.cert.org/vuls/id/912279", + "http://www.securityfocus.com/archive/1/515589/100/0/threaded", + "http://www.securityfocus.com/bid/45233", + "https://bugzilla.redhat.com/show_bug.cgi?id=645859" + ], + "PublishedDate": "2011-01-13T19:00:00Z", + "LastModifiedDate": "2018-10-10T20:06:00Z" + }, + { + "VulnerabilityID": "CVE-2010-4756", + "PkgName": "multiarch-support", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4756", + "Title": "glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions", + "Description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "V2Score": 4 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + } + }, + "References": [ + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223" + ], + "PublishedDate": "2011-03-02T20:00:00Z", + "LastModifiedDate": "2011-03-04T05:00:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8985", + "PkgName": "multiarch-support", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8985", + "Title": "glibc: potential denial of service in pop_fail_stack()", + "Description": "The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.", + "Severity": "LOW", + "CweIDs": [ + "CWE-19" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 1.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2017/02/14/9", + "http://www.securityfocus.com/bid/76916", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8985", + "https://security.gentoo.org/glsa/201908-06" + ], + "PublishedDate": "2017-03-20T16:59:00Z", + "LastModifiedDate": "2019-08-15T18:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10228", + "PkgName": "multiarch-support", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228", + "Title": "glibc: iconv program can hang when invoked with the -c option", + "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2017/03/01/10", + "http://www.securityfocus.com/bid/96525", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228", + "https://sourceware.org/bugzilla/show_bug.cgi?id=19519" + ], + "PublishedDate": "2017-03-02T01:59:00Z", + "LastModifiedDate": "2017-03-04T02:59:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20796", + "PkgName": "multiarch-support", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20796", + "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/107160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", + "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" + ], + "PublishedDate": "2019-02-26T02:29:00Z", + "LastModifiedDate": "2019-11-05T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1010022", + "PkgName": "multiarch-support", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010022", + "Title": "glibc: stack guard protection bypass", + "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850" + ], + "PublishedDate": "2019-07-15T04:15:00Z", + "LastModifiedDate": "2019-07-18T15:44:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1010023", + "PkgName": "multiarch-support", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010023", + "Title": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", + "Description": "GNU Libc current is affected by: Re-mapping current loaded libray with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code.", + "Severity": "LOW", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.securityfocus.com/bid/109167", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "https://support.f5.com/csp/article/K11932200?utm_source=f5support\u0026amp;utm_medium=RSS" + ], + "PublishedDate": "2019-07-15T04:15:00Z", + "LastModifiedDate": "2019-10-09T20:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1010024", + "PkgName": "multiarch-support", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010024", + "Title": "glibc: ASLR bypass using cache of thread stack and heap", + "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/109162", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", + "https://support.f5.com/csp/article/K06046097" + ], + "PublishedDate": "2019-07-15T04:15:00Z", + "LastModifiedDate": "2019-09-20T07:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1010025", + "PkgName": "multiarch-support", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010025", + "Title": "glibc: information disclosure of heap addresses of pthread_created thread", + "Description": "** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 2.9 + } + }, + "References": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=22853" + ], + "PublishedDate": "2019-07-15T04:15:00Z", + "LastModifiedDate": "2019-08-05T22:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19126", + "PkgName": "multiarch-support", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19126", + "Title": "glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries", + "Description": "On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 2.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 2.9 + } + }, + "References": [ + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFJ5E7NWOL6ROE5QVICHKIOUGCPFJVUH/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=25204" + ], + "PublishedDate": "2019-11-19T22:15:00Z", + "LastModifiedDate": "2020-01-21T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-6488", + "PkgName": "multiarch-support", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-6488", + "Title": "glibc: Incorrect attempt to use a 64-bit register for size_t in assembly codes results in segmentation fault", + "Description": "The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in __memmove_avx_unaligned_erms in sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S during a memcpy.", + "Severity": "LOW", + "CweIDs": [ + "CWE-404" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106671", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6488", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24097" + ], + "PublishedDate": "2019-01-18T19:29:00Z", + "LastModifiedDate": "2019-02-05T17:30:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7309", + "PkgName": "multiarch-support", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7309", + "Title": "glibc: memcmp function incorrectly returns zero", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 2.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106835", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7309", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24155", + "https://sourceware.org/ml/libc-alpha/2019-02/msg00041.html", + "https://sourceware.org/ml/libc-alpha/2019-02/msg00063.html" + ], + "PublishedDate": "2019-02-03T02:29:00Z", + "LastModifiedDate": "2019-02-27T18:07:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9192", + "PkgName": "multiarch-support", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9192", + "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", + "Description": "** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 2.8 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" + ], + "PublishedDate": "2019-02-26T18:29:00Z", + "LastModifiedDate": "2019-11-05T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-19211", + "PkgName": "ncurses-base", + "InstalledVersion": "6.0+20161126-1+deb9u2", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19211", + "Title": "ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c", + "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1643754", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19211" + ], + "PublishedDate": "2018-11-12T19:29:00Z", + "LastModifiedDate": "2019-04-23T13:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17594", + "PkgName": "ncurses-base", + "InstalledVersion": "6.0+20161126-1+deb9u2", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", + "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-26T15:35:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17595", + "PkgName": "ncurses-base", + "InstalledVersion": "6.0+20161126-1+deb9u2", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", + "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V2Score": 5.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 5.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-23T19:26:00Z" + }, + { + "VulnerabilityID": "CVE-2018-19211", + "PkgName": "ncurses-bin", + "InstalledVersion": "6.0+20161126-1+deb9u2", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19211", + "Title": "ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c", + "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1643754", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19211" + ], + "PublishedDate": "2018-11-12T19:29:00Z", + "LastModifiedDate": "2019-04-23T13:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17594", + "PkgName": "ncurses-bin", + "InstalledVersion": "6.0+20161126-1+deb9u2", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", + "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-26T15:35:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17595", + "PkgName": "ncurses-bin", + "InstalledVersion": "6.0+20161126-1+deb9u2", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", + "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V2Score": 5.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 5.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-23T19:26:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12424", + "PkgName": "passwd", + "InstalledVersion": "1:4.4-4.1", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12424", + "Title": "shadow-utils: Buffer overflow via newusers tool", + "Description": "In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 4.5 + } + }, + "References": [ + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756630", + "https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1266675", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12424", + "https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952", + "https://security.gentoo.org/glsa/201710-16" + ], + "PublishedDate": "2017-08-04T09:29:00Z", + "LastModifiedDate": "2017-10-17T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2007-5686", + "PkgName": "passwd", + "InstalledVersion": "1:4.4-4.1", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2007-5686", + "Description": "initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.", + "Severity": "LOW", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N", + "V2Score": 4.9 + } + }, + "References": [ + "http://secunia.com/advisories/27215", + "http://www.securityfocus.com/archive/1/482129/100/100/threaded", + "http://www.securityfocus.com/archive/1/482857/100/0/threaded", + "http://www.securityfocus.com/bid/26048", + "http://www.vupen.com/english/advisories/2007/3474", + "https://issues.rpath.com/browse/RPL-1825" + ], + "PublishedDate": "2007-10-28T17:08:00Z", + "LastModifiedDate": "2018-10-15T21:45:00Z" + }, + { + "VulnerabilityID": "CVE-2013-4235", + "PkgName": "passwd", + "InstalledVersion": "1:4.4-4.1", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4235", + "Title": "shadow-utils: TOCTOU race conditions by copying and removing directory trees", + "Description": "shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees", + "Severity": "LOW", + "CweIDs": [ + "CWE-367" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", + "V2Score": 3.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 3.7, + "V3Score": 6.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/cve-2013-4235", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4235", + "https://security-tracker.debian.org/tracker/CVE-2013-4235" + ], + "PublishedDate": "2019-12-03T15:15:00Z", + "LastModifiedDate": "2019-12-13T15:30:00Z" + }, + { + "VulnerabilityID": "CVE-2018-7169", + "PkgName": "passwd", + "InstalledVersion": "1:4.4-4.1", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7169", + "Title": "shadow-utils: newgidmap allows unprivileged user to drop supplementary groups potentially allowing privilege escalation", + "Description": "An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used \"group blacklisting\" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.", + "Severity": "LOW", + "CweIDs": [ + "CWE-732" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.4 + } + }, + "References": [ + "https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7169", + "https://github.com/shadow-maint/shadow/pull/97", + "https://security.gentoo.org/glsa/201805-09" + ], + "PublishedDate": "2018-02-15T20:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19882", + "PkgName": "passwd", + "InstalledVersion": "1:4.4-4.1", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19882", + "Title": "shadow-utils: local users can obtain root access because setuid programs are misconfigured", + "Description": "shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing --disable-account-tools-setuid, and without a PAM configuration suitable for use with setuid account management tools. This combination leads to account management tools (groupadd, groupdel, groupmod, useradd, userdel, usermod) that can easily be used by unprivileged local users to escalate privileges to root in multiple ways. This issue became much more relevant in approximately December 2019 when an unrelated bug was fixed (i.e., the chmod calls to suidusbins were fixed in the upstream Makefile which is now included in the release version 4.8).", + "Severity": "LOW", + "CweIDs": [ + "CWE-269" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", + "V2Score": 6.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://bugs.archlinux.org/task/64836", + "https://bugs.gentoo.org/702252", + "https://github.com/shadow-maint/shadow/commit/edf7547ad5aa650be868cf2dac58944773c12d75", + "https://github.com/shadow-maint/shadow/pull/199", + "https://github.com/void-linux/void-packages/pull/17580" + ], + "PublishedDate": "2019-12-18T16:15:00Z", + "LastModifiedDate": "2019-12-30T19:02:00Z" + }, + { + "VulnerabilityID": "TEMP-0628843-DBAD28", + "PkgName": "passwd", + "InstalledVersion": "1:4.4-4.1", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://security-tracker.debian.org/tracker/TEMP-0628843-DBAD28", + "Severity": "LOW" + }, + { + "VulnerabilityID": "CVE-2011-4116", + "PkgName": "perl-base", + "InstalledVersion": "5.24.1-3+deb9u5", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-4116", + "Title": "perl: File::Temp insecure temporary file handling", + "Description": "_is_safe in the File::Temp module for Perl does not properly handle symlinks.", + "Severity": "LOW", + "CweIDs": [ + "CWE-59" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", + "V2Score": 1.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2011/11/04/2", + "http://www.openwall.com/lists/oss-security/2011/11/04/4", + "https://github.com/Perl-Toolchain-Gang/File-Temp/issues/14", + "https://rt.cpan.org/Public/Bug/Display.html?id=69106", + "https://seclists.org/oss-sec/2011/q4/238" + ], + "PublishedDate": "2020-01-31T18:15:00Z", + "LastModifiedDate": "2020-02-05T22:10:00Z" + }, + { + "VulnerabilityID": "TEMP-0517018-A83CE6", + "PkgName": "sysvinit-utils", + "InstalledVersion": "2.88dsf-59.9", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://security-tracker.debian.org/tracker/TEMP-0517018-A83CE6", + "Severity": "LOW" + }, + { + "VulnerabilityID": "CVE-2018-20482", + "PkgName": "tar", + "InstalledVersion": "1.29b-1.1", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20482", + "Title": "tar: Infinite read loop in sparse_dump_region function in sparse.c", + "Description": "GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42ccd1e2377945fd0414eca1a49294bff454", + "http://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html", + "http://www.securityfocus.com/bid/106354", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20482", + "https://lists.debian.org/debian-lts-announce/2018/12/msg00023.html", + "https://news.ycombinator.com/item?id=18745431", + "https://security.gentoo.org/glsa/201903-05", + "https://twitter.com/thatcks/status/1076166645708668928", + "https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug" + ], + "PublishedDate": "2018-12-26T18:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2005-2541", + "PkgName": "tar", + "InstalledVersion": "1.29b-1.1", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2005-2541", + "Description": "Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.", + "Severity": "LOW", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "V2Score": 10 + } + }, + "References": [ + "http://marc.info/?l=bugtraq\u0026m=112327628230258\u0026w=2" + ], + "PublishedDate": "2005-08-10T04:00:00Z", + "LastModifiedDate": "2016-10-18T03:28:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9923", + "PkgName": "tar", + "InstalledVersion": "1.29b-1.1", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9923", + "Title": "tar: null-pointer dereference in pax_decode_header in sparse.c", + "Description": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html", + "http://savannah.gnu.org/bugs/?55369", + "https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241" + ], + "PublishedDate": "2019-03-22T08:29:00Z", + "LastModifiedDate": "2019-04-24T19:02:00Z" + }, + { + "VulnerabilityID": "TEMP-0290435-0B57B5", + "PkgName": "tar", + "InstalledVersion": "1.29b-1.1", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://security-tracker.debian.org/tracker/TEMP-0290435-0B57B5", + "Severity": "LOW" + }, + { + "VulnerabilityID": "CVE-2016-2779", + "PkgName": "util-linux", + "InstalledVersion": "2.29.2-1+deb9u1", + "Layer": { + "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", + "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", + "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "V2Score": 6.2, + "V3Score": 8.6 + } + }, + "References": [ + "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", + "http://www.openwall.com/lists/oss-security/2016/02/27/1", + "http://www.openwall.com/lists/oss-security/2016/02/27/2", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" + ], + "PublishedDate": "2017-02-07T15:59:00Z", + "LastModifiedDate": "2019-01-04T14:14:00Z" + } + ] + } + ] +} \ No newline at end of file diff --git a/integration/testdata/distroless-base-ignore-unfixed.json.golden b/integration/testdata/distroless-base-ignore-unfixed.json.golden index 3cdaa60ce6..1b4713122b 100644 --- a/integration/testdata/distroless-base-ignore-unfixed.json.golden +++ b/integration/testdata/distroless-base-ignore-unfixed.json.golden @@ -1,87 +1,134 @@ -[ - { - "Target": "testdata/fixtures/images/distroless-base.tar.gz (debian 9.9)", - "Class": "os-pkgs", - "Type": "debian", - "Vulnerabilities": [ - { - "VulnerabilityID": "CVE-2019-1563", - "PkgName": "libssl1.1", - "InstalledVersion": "1.1.0k-1~deb9u1", - "FixedVersion": "1.1.0l-1~deb9u1", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" +{ + "SchemaVersion": 2, + "ArtifactName": "testdata/fixtures/images/distroless-base.tar.gz", + "ArtifactType": "container_image", + "Metadata": { + "OS": { + "Family": "debian", + "Name": "9.9" + }, + "ImageID": "sha256:7f04a8d247173b1f2546d22913af637bbab4e7411e00ae6207da8d94c445750d", + "DiffIDs": [ + "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", + "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + ], + "ImageConfig": { + "architecture": "amd64", + "author": "Bazel", + "created": "1970-01-01T00:00:00Z", + "history": [ + { + "author": "Bazel", + "created": "1970-01-01T00:00:00Z", + "created_by": "bazel build ..." }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", - "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey", - "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-311" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 3.7 - } - }, - "References": [ - "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", - "https://seclists.org/bugtraq/2019/Sep/25", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-12T11:15:00Z" + { + "author": "Bazel", + "created": "1970-01-01T00:00:00Z", + "created_by": "bazel build ..." + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", + "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + ] }, - { - "VulnerabilityID": "CVE-2019-1563", - "PkgName": "openssl", - "InstalledVersion": "1.1.0k-1~deb9u1", - "FixedVersion": "1.1.0l-1~deb9u1", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", - "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey", - "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-311" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 3.7 - } - }, - "References": [ - "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", - "https://seclists.org/bugtraq/2019/Sep/25", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-12T11:15:00Z" + "config": { + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt" + ] } - ] - } -] \ No newline at end of file + } + }, + "Results": [ + { + "Target": "testdata/fixtures/images/distroless-base.tar.gz (debian 9.9)", + "Class": "os-pkgs", + "Type": "debian", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2019-1563", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.0k-1~deb9u1", + "FixedVersion": "1.1.0l-1~deb9u1", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", + "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey", + "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-311" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", + "https://seclists.org/bugtraq/2019/Sep/25", + "https://security.netapp.com/advisory/ntap-20190919-0002/", + "https://www.openssl.org/news/secadv/20190910.txt" + ], + "PublishedDate": "2019-09-10T17:15:00Z", + "LastModifiedDate": "2019-09-12T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1563", + "PkgName": "openssl", + "InstalledVersion": "1.1.0k-1~deb9u1", + "FixedVersion": "1.1.0l-1~deb9u1", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", + "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey", + "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-311" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", + "https://seclists.org/bugtraq/2019/Sep/25", + "https://security.netapp.com/advisory/ntap-20190919-0002/", + "https://www.openssl.org/news/secadv/20190910.txt" + ], + "PublishedDate": "2019-09-10T17:15:00Z", + "LastModifiedDate": "2019-09-12T11:15:00Z" + } + ] + } + ] +} \ No newline at end of file diff --git a/integration/testdata/distroless-base.json.golden b/integration/testdata/distroless-base.json.golden index 76fbc82338..af2473595b 100644 --- a/integration/testdata/distroless-base.json.golden +++ b/integration/testdata/distroless-base.json.golden @@ -1,1099 +1,1146 @@ -[ - { - "Target": "testdata/fixtures/images/distroless-base.tar.gz (debian 9.9)", - "Class": "os-pkgs", - "Type": "debian", - "Vulnerabilities": [ - { - "VulnerabilityID": "CVE-2018-6485", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" +{ + "SchemaVersion": 2, + "ArtifactName": "testdata/fixtures/images/distroless-base.tar.gz", + "ArtifactType": "container_image", + "Metadata": { + "OS": { + "Family": "debian", + "Name": "9.9" + }, + "ImageID": "sha256:7f04a8d247173b1f2546d22913af637bbab4e7411e00ae6207da8d94c445750d", + "DiffIDs": [ + "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", + "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + ], + "ImageConfig": { + "architecture": "amd64", + "author": "Bazel", + "created": "1970-01-01T00:00:00Z", + "history": [ + { + "author": "Bazel", + "created": "1970-01-01T00:00:00Z", + "created_by": "bazel build ..." }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6485", - "Title": "glibc: Integer overflow in posix_memalign in memalign functions", - "Description": "An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://bugs.debian.org/878159", - "http://linux.oracle.com/cve/CVE-2018-6485.html", - "http://linux.oracle.com/errata/ELSA-2018-3092.html", - "http://www.securityfocus.com/bid/102912", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3092", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6485", - "https://security.netapp.com/advisory/ntap-20190404-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22343", - "https://usn.ubuntu.com/4218-1/", - "https://usn.ubuntu.com/usn/usn-4218-1", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-02-01T14:29:00Z", - "LastModifiedDate": "2019-12-10T17:15:00Z" + { + "author": "Bazel", + "created": "1970-01-01T00:00:00Z", + "created_by": "bazel build ..." + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", + "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + ] }, - { - "VulnerabilityID": "CVE-2018-6551", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6551", - "Title": "glibc: integer overflow in malloc functions", - "Description": "The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6551", - "https://security.netapp.com/advisory/ntap-20190404-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22774", - "https://sourceware.org/git/?p=glibc.git;a=commit;h=8e448310d74b283c5cd02b9ed7fb997b47bf9b22" - ], - "PublishedDate": "2018-02-02T14:29:00Z", - "LastModifiedDate": "2019-04-04T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9169", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9169", - "Title": "glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24114", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9", - "https://support.f5.com/csp/article/K54823184" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-04-16T05:29:00Z" - }, - { - "VulnerabilityID": "CVE-2009-5155", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2009-5155", - "Title": "glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result", - "Description": "In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5155", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=11053", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18986", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672", - "https://support.f5.com/csp/article/K64119434" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-03-25T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1000001", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000001", - "Title": "glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation", - "Description": "In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-1000001.html", - "http://linux.oracle.com/errata/ELSA-2018-0805.html", - "http://seclists.org/oss-sec/2018/q1/38", - "http://www.openwall.com/lists/oss-security/2018/01/11/5", - "http://www.securityfocus.com/bid/102525", - "http://www.securitytracker.com/id/1040162", - "https://access.redhat.com/errata/RHSA-2018:0805", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000001", - "https://lists.samba.org/archive/rsync/2018-February/031478.html", - "https://security.netapp.com/advisory/ntap-20190404-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18203", - "https://usn.ubuntu.com/3534-1/", - "https://usn.ubuntu.com/3536-1/", - "https://usn.ubuntu.com/usn/usn-3534-1", - "https://usn.ubuntu.com/usn/usn-3536-1", - "https://www.exploit-db.com/exploits/43775/", - "https://www.exploit-db.com/exploits/44889/", - "https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/" - ], - "PublishedDate": "2018-01-31T14:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10739", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10739", - "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4.6, - "V3Score": 5.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-10739.html", - "http://linux.oracle.com/errata/ELSA-2019-3513.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html", - "http://www.securityfocus.com/bid/106672", - "https://access.redhat.com/errata/RHSA-2019:2118", - "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20018" - ], - "PublishedDate": "2019-01-21T19:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12132", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12132", - "Title": "glibc: Fragmentation attacks possible when EDNS0 is enabled", - "Description": "The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", - "V3Score": 3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2017-12132.html", - "http://linux.oracle.com/errata/ELSA-2018-0805.html", - "http://www.securityfocus.com/bid/100598", - "https://access.redhat.com/errata/RHSA-2018:0805", - "https://arxiv.org/pdf/1205.4011.pdf", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12132", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21361" - ], - "PublishedDate": "2017-08-01T16:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2010-4051", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4051", - "Title": "CVE-2010-4052 glibc: De-recursivise regular expression engine", - "Description": "The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a \"RE_DUP_MAX overflow.\"", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://cxib.net/stuff/proftpd.gnu.c", - "http://seclists.org/fulldisclosure/2011/Jan/78", - "http://secunia.com/advisories/42547", - "http://securityreason.com/achievement_securityalert/93", - "http://securityreason.com/securityalert/8003", - "http://securitytracker.com/id?1024832", - "http://www.exploit-db.com/exploits/15935", - "http://www.kb.cert.org/vuls/id/912279", - "http://www.securityfocus.com/archive/1/515589/100/0/threaded", - "http://www.securityfocus.com/bid/45233", - "https://bugzilla.redhat.com/show_bug.cgi?id=645859" - ], - "PublishedDate": "2011-01-13T19:00:00Z", - "LastModifiedDate": "2018-10-10T20:06:00Z" - }, - { - "VulnerabilityID": "CVE-2010-4052", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4052", - "Title": "CVE-2010-4051 CVE-2010-4052 glibc: De-recursivise regular expression engine", - "Description": "Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://cxib.net/stuff/proftpd.gnu.c", - "http://seclists.org/fulldisclosure/2011/Jan/78", - "http://secunia.com/advisories/42547", - "http://securityreason.com/achievement_securityalert/93", - "http://securityreason.com/securityalert/8003", - "http://securitytracker.com/id?1024832", - "http://www.exploit-db.com/exploits/15935", - "http://www.kb.cert.org/vuls/id/912279", - "http://www.securityfocus.com/archive/1/515589/100/0/threaded", - "http://www.securityfocus.com/bid/45233", - "https://bugzilla.redhat.com/show_bug.cgi?id=645859" - ], - "PublishedDate": "2011-01-13T19:00:00Z", - "LastModifiedDate": "2018-10-10T20:06:00Z" - }, - { - "VulnerabilityID": "CVE-2010-4756", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4756", - "Title": "glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions", - "Description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "V2Score": 4 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223" - ], - "PublishedDate": "2011-03-02T20:00:00Z", - "LastModifiedDate": "2011-03-04T05:00:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8985", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8985", - "Title": "glibc: potential denial of service in pop_fail_stack()", - "Description": "The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.", - "Severity": "LOW", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/76916", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8985", - "https://security.gentoo.org/glsa/201908-06" - ], - "PublishedDate": "2017-03-20T16:59:00Z", - "LastModifiedDate": "2019-08-15T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10228", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228", - "Title": "glibc: iconv program can hang when invoked with the -c option", - "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2017/03/01/10", - "http://www.securityfocus.com/bid/96525", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228", - "https://sourceware.org/bugzilla/show_bug.cgi?id=19519" - ], - "PublishedDate": "2017-03-02T01:59:00Z", - "LastModifiedDate": "2017-03-04T02:59:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20796", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20796", - "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", - "Severity": "LOW", - "CweIDs": [ - "CWE-674" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", - "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-11-05T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010022", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010022", - "Title": "glibc: stack guard protection bypass", - "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850" - ], - "PublishedDate": "2019-07-15T04:15:00Z", - "LastModifiedDate": "2019-07-18T15:44:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010023", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010023", - "Title": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", - "Description": "GNU Libc current is affected by: Re-mapping current loaded libray with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://www.securityfocus.com/bid/109167", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", - "https://support.f5.com/csp/article/K11932200?utm_source=f5support\u0026amp;utm_medium=RSS" - ], - "PublishedDate": "2019-07-15T04:15:00Z", - "LastModifiedDate": "2019-10-09T20:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010024", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010024", - "Title": "glibc: ASLR bypass using cache of thread stack and heap", - "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/109162", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", - "https://support.f5.com/csp/article/K06046097" - ], - "PublishedDate": "2019-07-15T04:15:00Z", - "LastModifiedDate": "2019-09-20T07:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010025", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010025", - "Title": "glibc: information disclosure of heap addresses of pthread_created thread", - "Description": "** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 2.9 - } - }, - "References": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=22853" - ], - "PublishedDate": "2019-07-15T04:15:00Z", - "LastModifiedDate": "2019-08-05T22:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19126", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19126", - "Title": "glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries", - "Description": "On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 2.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 2.9 - } - }, - "References": [ - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFJ5E7NWOL6ROE5QVICHKIOUGCPFJVUH/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=25204" - ], - "PublishedDate": "2019-11-19T22:15:00Z", - "LastModifiedDate": "2020-01-21T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-6488", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-6488", - "Title": "glibc: Incorrect attempt to use a 64-bit register for size_t in assembly codes results in segmentation fault", - "Description": "The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in __memmove_avx_unaligned_erms in sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S during a memcpy.", - "Severity": "LOW", - "CweIDs": [ - "CWE-404" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106671", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6488", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24097" - ], - "PublishedDate": "2019-01-18T19:29:00Z", - "LastModifiedDate": "2019-02-05T17:30:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7309", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7309", - "Title": "glibc: memcmp function incorrectly returns zero", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 2.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106835", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7309", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24155", - "https://sourceware.org/ml/libc-alpha/2019-02/msg00041.html", - "https://sourceware.org/ml/libc-alpha/2019-02/msg00063.html" - ], - "PublishedDate": "2019-02-03T02:29:00Z", - "LastModifiedDate": "2019-02-27T18:07:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9192", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9192", - "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", - "Description": "** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.8 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" - ], - "PublishedDate": "2019-02-26T18:29:00Z", - "LastModifiedDate": "2019-11-05T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1563", - "PkgName": "libssl1.1", - "InstalledVersion": "1.1.0k-1~deb9u1", - "FixedVersion": "1.1.0l-1~deb9u1", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", - "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey", - "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-311" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 3.7 - } - }, - "References": [ - "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", - "https://seclists.org/bugtraq/2019/Sep/25", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-12T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2007-6755", - "PkgName": "libssl1.1", - "InstalledVersion": "1.1.0k-1~deb9u1", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2007-6755", - "Title": "Dual_EC_DRBG: weak pseudo random number generator", - "Description": "The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain \"skeleton key\" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.", - "Severity": "LOW", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 5.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 5.8 - } - }, - "References": [ - "http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/", - "http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html", - "http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html", - "http://rump2007.cr.yp.to/15-shumow.pdf", - "http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/", - "http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect", - "http://www.securityfocus.com/bid/63657", - "https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html" - ], - "PublishedDate": "2013-10-11T22:55:00Z", - "LastModifiedDate": "2016-11-28T19:07:00Z" - }, - { - "VulnerabilityID": "CVE-2010-0928", - "PkgName": "libssl1.1", - "InstalledVersion": "1.1.0k-1~deb9u1", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-0928", - "Title": "openssl: RSA authentication weakness", - "Description": "OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a \"fault-based attack.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:N/A:N", - "V2Score": 4 - } - }, - "References": [ - "http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection/", - "http://www.eecs.umich.edu/%7Evaleria/research/publications/DATE10RSA.pdf", - "http://www.networkworld.com/news/2010/030410-rsa-security-attack.html", - "http://www.osvdb.org/62808", - "http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/56750" - ], - "PublishedDate": "2010-03-05T19:30:00Z", - "LastModifiedDate": "2017-08-17T01:32:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1551", - "PkgName": "libssl1.1", - "InstalledVersion": "1.1.0k-1~deb9u1", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", - "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64", - "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.8 - } - }, - "References": [ - "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98", - "https://github.com/openssl/openssl/pull/10575", - "https://seclists.org/bugtraq/2019/Dec/39", - "https://seclists.org/bugtraq/2019/Dec/46", - "https://security.netapp.com/advisory/ntap-20191210-0001/", - "https://www.debian.org/security/2019/dsa-4594", - "https://www.openssl.org/news/secadv/20191206.txt", - "https://www.tenable.com/security/tns-2019-09" - ], - "PublishedDate": "2019-12-06T18:15:00Z", - "LastModifiedDate": "2019-12-25T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1563", - "PkgName": "openssl", - "InstalledVersion": "1.1.0k-1~deb9u1", - "FixedVersion": "1.1.0l-1~deb9u1", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", - "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey", - "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-311" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 3.7 - } - }, - "References": [ - "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", - "https://seclists.org/bugtraq/2019/Sep/25", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-12T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2007-6755", - "PkgName": "openssl", - "InstalledVersion": "1.1.0k-1~deb9u1", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2007-6755", - "Title": "Dual_EC_DRBG: weak pseudo random number generator", - "Description": "The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain \"skeleton key\" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.", - "Severity": "LOW", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 5.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 5.8 - } - }, - "References": [ - "http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/", - "http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html", - "http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html", - "http://rump2007.cr.yp.to/15-shumow.pdf", - "http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/", - "http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect", - "http://www.securityfocus.com/bid/63657", - "https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html" - ], - "PublishedDate": "2013-10-11T22:55:00Z", - "LastModifiedDate": "2016-11-28T19:07:00Z" - }, - { - "VulnerabilityID": "CVE-2010-0928", - "PkgName": "openssl", - "InstalledVersion": "1.1.0k-1~deb9u1", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-0928", - "Title": "openssl: RSA authentication weakness", - "Description": "OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a \"fault-based attack.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:N/A:N", - "V2Score": 4 - } - }, - "References": [ - "http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection/", - "http://www.eecs.umich.edu/%7Evaleria/research/publications/DATE10RSA.pdf", - "http://www.networkworld.com/news/2010/030410-rsa-security-attack.html", - "http://www.osvdb.org/62808", - "http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/56750" - ], - "PublishedDate": "2010-03-05T19:30:00Z", - "LastModifiedDate": "2017-08-17T01:32:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1551", - "PkgName": "openssl", - "InstalledVersion": "1.1.0k-1~deb9u1", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", - "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64", - "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.8 - } - }, - "References": [ - "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98", - "https://github.com/openssl/openssl/pull/10575", - "https://seclists.org/bugtraq/2019/Dec/39", - "https://seclists.org/bugtraq/2019/Dec/46", - "https://security.netapp.com/advisory/ntap-20191210-0001/", - "https://www.debian.org/security/2019/dsa-4594", - "https://www.openssl.org/news/secadv/20191206.txt", - "https://www.tenable.com/security/tns-2019-09" - ], - "PublishedDate": "2019-12-06T18:15:00Z", - "LastModifiedDate": "2019-12-25T11:15:00Z" + "config": { + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt" + ] } - ] - } -] \ No newline at end of file + } + }, + "Results": [ + { + "Target": "testdata/fixtures/images/distroless-base.tar.gz (debian 9.9)", + "Class": "os-pkgs", + "Type": "debian", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2018-6485", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6485", + "Title": "glibc: Integer overflow in posix_memalign in memalign functions", + "Description": "An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://bugs.debian.org/878159", + "http://linux.oracle.com/cve/CVE-2018-6485.html", + "http://linux.oracle.com/errata/ELSA-2018-3092.html", + "http://www.securityfocus.com/bid/102912", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3092", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6485", + "https://security.netapp.com/advisory/ntap-20190404-0003/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22343", + "https://usn.ubuntu.com/4218-1/", + "https://usn.ubuntu.com/usn/usn-4218-1", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-02-01T14:29:00Z", + "LastModifiedDate": "2019-12-10T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-6551", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6551", + "Title": "glibc: integer overflow in malloc functions", + "Description": "The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6551", + "https://security.netapp.com/advisory/ntap-20190404-0003/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22774", + "https://sourceware.org/git/?p=glibc.git;a=commit;h=8e448310d74b283c5cd02b9ed7fb997b47bf9b22" + ], + "PublishedDate": "2018-02-02T14:29:00Z", + "LastModifiedDate": "2019-04-04T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9169", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9169", + "Title": "glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/107160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24114", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9", + "https://support.f5.com/csp/article/K54823184" + ], + "PublishedDate": "2019-02-26T02:29:00Z", + "LastModifiedDate": "2019-04-16T05:29:00Z" + }, + { + "VulnerabilityID": "CVE-2009-5155", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2009-5155", + "Title": "glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result", + "Description": "In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-19" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5155", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=11053", + "https://sourceware.org/bugzilla/show_bug.cgi?id=18986", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672", + "https://support.f5.com/csp/article/K64119434" + ], + "PublishedDate": "2019-02-26T02:29:00Z", + "LastModifiedDate": "2019-03-25T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1000001", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000001", + "Title": "glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation", + "Description": "In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-1000001.html", + "http://linux.oracle.com/errata/ELSA-2018-0805.html", + "http://seclists.org/oss-sec/2018/q1/38", + "http://www.openwall.com/lists/oss-security/2018/01/11/5", + "http://www.securityfocus.com/bid/102525", + "http://www.securitytracker.com/id/1040162", + "https://access.redhat.com/errata/RHSA-2018:0805", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000001", + "https://lists.samba.org/archive/rsync/2018-February/031478.html", + "https://security.netapp.com/advisory/ntap-20190404-0003/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=18203", + "https://usn.ubuntu.com/3534-1/", + "https://usn.ubuntu.com/3536-1/", + "https://usn.ubuntu.com/usn/usn-3534-1", + "https://usn.ubuntu.com/usn/usn-3536-1", + "https://www.exploit-db.com/exploits/43775/", + "https://www.exploit-db.com/exploits/44889/", + "https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/" + ], + "PublishedDate": "2018-01-31T14:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10739", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10739", + "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 4.6, + "V3Score": 5.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-10739.html", + "http://linux.oracle.com/errata/ELSA-2019-3513.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html", + "http://www.securityfocus.com/bid/106672", + "https://access.redhat.com/errata/RHSA-2019:2118", + "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20018" + ], + "PublishedDate": "2019-01-21T19:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12132", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12132", + "Title": "glibc: Fragmentation attacks possible when EDNS0 is enabled", + "Description": "The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", + "V3Score": 3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2017-12132.html", + "http://linux.oracle.com/errata/ELSA-2018-0805.html", + "http://www.securityfocus.com/bid/100598", + "https://access.redhat.com/errata/RHSA-2018:0805", + "https://arxiv.org/pdf/1205.4011.pdf", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12132", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21361" + ], + "PublishedDate": "2017-08-01T16:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2010-4051", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4051", + "Title": "CVE-2010-4052 glibc: De-recursivise regular expression engine", + "Description": "The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a \"RE_DUP_MAX overflow.\"", + "Severity": "LOW", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + } + }, + "References": [ + "http://cxib.net/stuff/proftpd.gnu.c", + "http://seclists.org/fulldisclosure/2011/Jan/78", + "http://secunia.com/advisories/42547", + "http://securityreason.com/achievement_securityalert/93", + "http://securityreason.com/securityalert/8003", + "http://securitytracker.com/id?1024832", + "http://www.exploit-db.com/exploits/15935", + "http://www.kb.cert.org/vuls/id/912279", + "http://www.securityfocus.com/archive/1/515589/100/0/threaded", + "http://www.securityfocus.com/bid/45233", + "https://bugzilla.redhat.com/show_bug.cgi?id=645859" + ], + "PublishedDate": "2011-01-13T19:00:00Z", + "LastModifiedDate": "2018-10-10T20:06:00Z" + }, + { + "VulnerabilityID": "CVE-2010-4052", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4052", + "Title": "CVE-2010-4051 CVE-2010-4052 glibc: De-recursivise regular expression engine", + "Description": "Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + } + }, + "References": [ + "http://cxib.net/stuff/proftpd.gnu.c", + "http://seclists.org/fulldisclosure/2011/Jan/78", + "http://secunia.com/advisories/42547", + "http://securityreason.com/achievement_securityalert/93", + "http://securityreason.com/securityalert/8003", + "http://securitytracker.com/id?1024832", + "http://www.exploit-db.com/exploits/15935", + "http://www.kb.cert.org/vuls/id/912279", + "http://www.securityfocus.com/archive/1/515589/100/0/threaded", + "http://www.securityfocus.com/bid/45233", + "https://bugzilla.redhat.com/show_bug.cgi?id=645859" + ], + "PublishedDate": "2011-01-13T19:00:00Z", + "LastModifiedDate": "2018-10-10T20:06:00Z" + }, + { + "VulnerabilityID": "CVE-2010-4756", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4756", + "Title": "glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions", + "Description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "V2Score": 4 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + } + }, + "References": [ + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223" + ], + "PublishedDate": "2011-03-02T20:00:00Z", + "LastModifiedDate": "2011-03-04T05:00:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8985", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8985", + "Title": "glibc: potential denial of service in pop_fail_stack()", + "Description": "The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.", + "Severity": "LOW", + "CweIDs": [ + "CWE-19" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 1.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2017/02/14/9", + "http://www.securityfocus.com/bid/76916", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8985", + "https://security.gentoo.org/glsa/201908-06" + ], + "PublishedDate": "2017-03-20T16:59:00Z", + "LastModifiedDate": "2019-08-15T18:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10228", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228", + "Title": "glibc: iconv program can hang when invoked with the -c option", + "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2017/03/01/10", + "http://www.securityfocus.com/bid/96525", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228", + "https://sourceware.org/bugzilla/show_bug.cgi?id=19519" + ], + "PublishedDate": "2017-03-02T01:59:00Z", + "LastModifiedDate": "2017-03-04T02:59:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20796", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20796", + "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/107160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", + "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" + ], + "PublishedDate": "2019-02-26T02:29:00Z", + "LastModifiedDate": "2019-11-05T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1010022", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010022", + "Title": "glibc: stack guard protection bypass", + "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850" + ], + "PublishedDate": "2019-07-15T04:15:00Z", + "LastModifiedDate": "2019-07-18T15:44:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1010023", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010023", + "Title": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", + "Description": "GNU Libc current is affected by: Re-mapping current loaded libray with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code.", + "Severity": "LOW", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.securityfocus.com/bid/109167", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "https://support.f5.com/csp/article/K11932200?utm_source=f5support\u0026amp;utm_medium=RSS" + ], + "PublishedDate": "2019-07-15T04:15:00Z", + "LastModifiedDate": "2019-10-09T20:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1010024", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010024", + "Title": "glibc: ASLR bypass using cache of thread stack and heap", + "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/109162", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", + "https://support.f5.com/csp/article/K06046097" + ], + "PublishedDate": "2019-07-15T04:15:00Z", + "LastModifiedDate": "2019-09-20T07:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1010025", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010025", + "Title": "glibc: information disclosure of heap addresses of pthread_created thread", + "Description": "** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 2.9 + } + }, + "References": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=22853" + ], + "PublishedDate": "2019-07-15T04:15:00Z", + "LastModifiedDate": "2019-08-05T22:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19126", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19126", + "Title": "glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries", + "Description": "On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 2.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 2.9 + } + }, + "References": [ + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFJ5E7NWOL6ROE5QVICHKIOUGCPFJVUH/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=25204" + ], + "PublishedDate": "2019-11-19T22:15:00Z", + "LastModifiedDate": "2020-01-21T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-6488", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-6488", + "Title": "glibc: Incorrect attempt to use a 64-bit register for size_t in assembly codes results in segmentation fault", + "Description": "The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in __memmove_avx_unaligned_erms in sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S during a memcpy.", + "Severity": "LOW", + "CweIDs": [ + "CWE-404" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106671", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6488", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24097" + ], + "PublishedDate": "2019-01-18T19:29:00Z", + "LastModifiedDate": "2019-02-05T17:30:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7309", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7309", + "Title": "glibc: memcmp function incorrectly returns zero", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 2.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106835", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7309", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24155", + "https://sourceware.org/ml/libc-alpha/2019-02/msg00041.html", + "https://sourceware.org/ml/libc-alpha/2019-02/msg00063.html" + ], + "PublishedDate": "2019-02-03T02:29:00Z", + "LastModifiedDate": "2019-02-27T18:07:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9192", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9192", + "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", + "Description": "** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 2.8 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" + ], + "PublishedDate": "2019-02-26T18:29:00Z", + "LastModifiedDate": "2019-11-05T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1563", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.0k-1~deb9u1", + "FixedVersion": "1.1.0l-1~deb9u1", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", + "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey", + "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-311" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", + "https://seclists.org/bugtraq/2019/Sep/25", + "https://security.netapp.com/advisory/ntap-20190919-0002/", + "https://www.openssl.org/news/secadv/20190910.txt" + ], + "PublishedDate": "2019-09-10T17:15:00Z", + "LastModifiedDate": "2019-09-12T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2007-6755", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.0k-1~deb9u1", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2007-6755", + "Title": "Dual_EC_DRBG: weak pseudo random number generator", + "Description": "The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain \"skeleton key\" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.", + "Severity": "LOW", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", + "V2Score": 5.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", + "V2Score": 5.8 + } + }, + "References": [ + "http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/", + "http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html", + "http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html", + "http://rump2007.cr.yp.to/15-shumow.pdf", + "http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/", + "http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect", + "http://www.securityfocus.com/bid/63657", + "https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html" + ], + "PublishedDate": "2013-10-11T22:55:00Z", + "LastModifiedDate": "2016-11-28T19:07:00Z" + }, + { + "VulnerabilityID": "CVE-2010-0928", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.0k-1~deb9u1", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-0928", + "Title": "openssl: RSA authentication weakness", + "Description": "OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a \"fault-based attack.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:N/A:N", + "V2Score": 4 + } + }, + "References": [ + "http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection/", + "http://www.eecs.umich.edu/%7Evaleria/research/publications/DATE10RSA.pdf", + "http://www.networkworld.com/news/2010/030410-rsa-security-attack.html", + "http://www.osvdb.org/62808", + "http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/56750" + ], + "PublishedDate": "2010-03-05T19:30:00Z", + "LastModifiedDate": "2017-08-17T01:32:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1551", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.0k-1~deb9u1", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", + "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64", + "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98", + "https://github.com/openssl/openssl/pull/10575", + "https://seclists.org/bugtraq/2019/Dec/39", + "https://seclists.org/bugtraq/2019/Dec/46", + "https://security.netapp.com/advisory/ntap-20191210-0001/", + "https://www.debian.org/security/2019/dsa-4594", + "https://www.openssl.org/news/secadv/20191206.txt", + "https://www.tenable.com/security/tns-2019-09" + ], + "PublishedDate": "2019-12-06T18:15:00Z", + "LastModifiedDate": "2019-12-25T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1563", + "PkgName": "openssl", + "InstalledVersion": "1.1.0k-1~deb9u1", + "FixedVersion": "1.1.0l-1~deb9u1", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", + "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey", + "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-311" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", + "https://seclists.org/bugtraq/2019/Sep/25", + "https://security.netapp.com/advisory/ntap-20190919-0002/", + "https://www.openssl.org/news/secadv/20190910.txt" + ], + "PublishedDate": "2019-09-10T17:15:00Z", + "LastModifiedDate": "2019-09-12T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2007-6755", + "PkgName": "openssl", + "InstalledVersion": "1.1.0k-1~deb9u1", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2007-6755", + "Title": "Dual_EC_DRBG: weak pseudo random number generator", + "Description": "The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain \"skeleton key\" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.", + "Severity": "LOW", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", + "V2Score": 5.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", + "V2Score": 5.8 + } + }, + "References": [ + "http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/", + "http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html", + "http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html", + "http://rump2007.cr.yp.to/15-shumow.pdf", + "http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/", + "http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect", + "http://www.securityfocus.com/bid/63657", + "https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html" + ], + "PublishedDate": "2013-10-11T22:55:00Z", + "LastModifiedDate": "2016-11-28T19:07:00Z" + }, + { + "VulnerabilityID": "CVE-2010-0928", + "PkgName": "openssl", + "InstalledVersion": "1.1.0k-1~deb9u1", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-0928", + "Title": "openssl: RSA authentication weakness", + "Description": "OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a \"fault-based attack.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:N/A:N", + "V2Score": 4 + } + }, + "References": [ + "http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection/", + "http://www.eecs.umich.edu/%7Evaleria/research/publications/DATE10RSA.pdf", + "http://www.networkworld.com/news/2010/030410-rsa-security-attack.html", + "http://www.osvdb.org/62808", + "http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/56750" + ], + "PublishedDate": "2010-03-05T19:30:00Z", + "LastModifiedDate": "2017-08-17T01:32:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1551", + "PkgName": "openssl", + "InstalledVersion": "1.1.0k-1~deb9u1", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", + "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64", + "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98", + "https://github.com/openssl/openssl/pull/10575", + "https://seclists.org/bugtraq/2019/Dec/39", + "https://seclists.org/bugtraq/2019/Dec/46", + "https://security.netapp.com/advisory/ntap-20191210-0001/", + "https://www.debian.org/security/2019/dsa-4594", + "https://www.openssl.org/news/secadv/20191206.txt", + "https://www.tenable.com/security/tns-2019-09" + ], + "PublishedDate": "2019-12-06T18:15:00Z", + "LastModifiedDate": "2019-12-25T11:15:00Z" + } + ] + } + ] +} \ No newline at end of file diff --git a/integration/testdata/distroless-python27.json.golden b/integration/testdata/distroless-python27.json.golden index 45eecd3619..e4c475b8a3 100644 --- a/integration/testdata/distroless-python27.json.golden +++ b/integration/testdata/distroless-python27.json.golden @@ -1,4024 +1,4088 @@ -[ - { - "Target": "testdata/fixtures/images/distroless-python27.tar.gz (debian 9.9)", - "Class": "os-pkgs", - "Type": "debian", - "Vulnerabilities": [ - { - "VulnerabilityID": "CVE-2019-12900", - "PkgName": "libbz2-1.0", - "InstalledVersion": "1.0.6-8.1", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12900", - "Title": "bzip2: out-of-bounds write in function BZ2_decompress", - "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 4 - } - }, - "References": [ - "https://bugs.launchpad.net/ubuntu/+source/bzip2/+bug/1834494", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12900", - "https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html", - "https://usn.ubuntu.com/4038-1/", - "https://usn.ubuntu.com/4038-2/", - "https://usn.ubuntu.com/usn/usn-4038-1", - "https://usn.ubuntu.com/usn/usn-4038-2", - "https://usn.ubuntu.com/usn/usn-4038-3", - "https://usn.ubuntu.com/usn/usn-4038-4", - "https://usn.ubuntu.com/usn/usn-4146-1", - "https://usn.ubuntu.com/usn/usn-4146-2" - ], - "PublishedDate": "2019-06-19T23:15:00Z", - "LastModifiedDate": "2019-06-24T23:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6485", - "PkgName": "libc-bin", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6485", - "Title": "glibc: Integer overflow in posix_memalign in memalign functions", - "Description": "An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://bugs.debian.org/878159", - "http://linux.oracle.com/cve/CVE-2018-6485.html", - "http://linux.oracle.com/errata/ELSA-2018-3092.html", - "http://www.securityfocus.com/bid/102912", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3092", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6485", - "https://security.netapp.com/advisory/ntap-20190404-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22343", - "https://usn.ubuntu.com/4218-1/", - "https://usn.ubuntu.com/usn/usn-4218-1", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-02-01T14:29:00Z", - "LastModifiedDate": "2019-12-10T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6551", - "PkgName": "libc-bin", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6551", - "Title": "glibc: integer overflow in malloc functions", - "Description": "The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6551", - "https://security.netapp.com/advisory/ntap-20190404-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22774", - "https://sourceware.org/git/?p=glibc.git;a=commit;h=8e448310d74b283c5cd02b9ed7fb997b47bf9b22" - ], - "PublishedDate": "2018-02-02T14:29:00Z", - "LastModifiedDate": "2019-04-04T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9169", - "PkgName": "libc-bin", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9169", - "Title": "glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24114", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9", - "https://support.f5.com/csp/article/K54823184" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-04-16T05:29:00Z" - }, - { - "VulnerabilityID": "CVE-2009-5155", - "PkgName": "libc-bin", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2009-5155", - "Title": "glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result", - "Description": "In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5155", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=11053", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18986", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672", - "https://support.f5.com/csp/article/K64119434" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-03-25T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1000001", - "PkgName": "libc-bin", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000001", - "Title": "glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation", - "Description": "In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-1000001.html", - "http://linux.oracle.com/errata/ELSA-2018-0805.html", - "http://seclists.org/oss-sec/2018/q1/38", - "http://www.openwall.com/lists/oss-security/2018/01/11/5", - "http://www.securityfocus.com/bid/102525", - "http://www.securitytracker.com/id/1040162", - "https://access.redhat.com/errata/RHSA-2018:0805", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000001", - "https://lists.samba.org/archive/rsync/2018-February/031478.html", - "https://security.netapp.com/advisory/ntap-20190404-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18203", - "https://usn.ubuntu.com/3534-1/", - "https://usn.ubuntu.com/3536-1/", - "https://usn.ubuntu.com/usn/usn-3534-1", - "https://usn.ubuntu.com/usn/usn-3536-1", - "https://www.exploit-db.com/exploits/43775/", - "https://www.exploit-db.com/exploits/44889/", - "https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/" - ], - "PublishedDate": "2018-01-31T14:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10739", - "PkgName": "libc-bin", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10739", - "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4.6, - "V3Score": 5.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-10739.html", - "http://linux.oracle.com/errata/ELSA-2019-3513.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html", - "http://www.securityfocus.com/bid/106672", - "https://access.redhat.com/errata/RHSA-2019:2118", - "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20018" - ], - "PublishedDate": "2019-01-21T19:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12132", - "PkgName": "libc-bin", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12132", - "Title": "glibc: Fragmentation attacks possible when EDNS0 is enabled", - "Description": "The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", - "V3Score": 3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2017-12132.html", - "http://linux.oracle.com/errata/ELSA-2018-0805.html", - "http://www.securityfocus.com/bid/100598", - "https://access.redhat.com/errata/RHSA-2018:0805", - "https://arxiv.org/pdf/1205.4011.pdf", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12132", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21361" - ], - "PublishedDate": "2017-08-01T16:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2010-4051", - "PkgName": "libc-bin", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4051", - "Title": "CVE-2010-4052 glibc: De-recursivise regular expression engine", - "Description": "The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a \"RE_DUP_MAX overflow.\"", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://cxib.net/stuff/proftpd.gnu.c", - "http://seclists.org/fulldisclosure/2011/Jan/78", - "http://secunia.com/advisories/42547", - "http://securityreason.com/achievement_securityalert/93", - "http://securityreason.com/securityalert/8003", - "http://securitytracker.com/id?1024832", - "http://www.exploit-db.com/exploits/15935", - "http://www.kb.cert.org/vuls/id/912279", - "http://www.securityfocus.com/archive/1/515589/100/0/threaded", - "http://www.securityfocus.com/bid/45233", - "https://bugzilla.redhat.com/show_bug.cgi?id=645859" - ], - "PublishedDate": "2011-01-13T19:00:00Z", - "LastModifiedDate": "2018-10-10T20:06:00Z" - }, - { - "VulnerabilityID": "CVE-2010-4052", - "PkgName": "libc-bin", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4052", - "Title": "CVE-2010-4051 CVE-2010-4052 glibc: De-recursivise regular expression engine", - "Description": "Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://cxib.net/stuff/proftpd.gnu.c", - "http://seclists.org/fulldisclosure/2011/Jan/78", - "http://secunia.com/advisories/42547", - "http://securityreason.com/achievement_securityalert/93", - "http://securityreason.com/securityalert/8003", - "http://securitytracker.com/id?1024832", - "http://www.exploit-db.com/exploits/15935", - "http://www.kb.cert.org/vuls/id/912279", - "http://www.securityfocus.com/archive/1/515589/100/0/threaded", - "http://www.securityfocus.com/bid/45233", - "https://bugzilla.redhat.com/show_bug.cgi?id=645859" - ], - "PublishedDate": "2011-01-13T19:00:00Z", - "LastModifiedDate": "2018-10-10T20:06:00Z" - }, - { - "VulnerabilityID": "CVE-2010-4756", - "PkgName": "libc-bin", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4756", - "Title": "glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions", - "Description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "V2Score": 4 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223" - ], - "PublishedDate": "2011-03-02T20:00:00Z", - "LastModifiedDate": "2011-03-04T05:00:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8985", - "PkgName": "libc-bin", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8985", - "Title": "glibc: potential denial of service in pop_fail_stack()", - "Description": "The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.", - "Severity": "LOW", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/76916", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8985", - "https://security.gentoo.org/glsa/201908-06" - ], - "PublishedDate": "2017-03-20T16:59:00Z", - "LastModifiedDate": "2019-08-15T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10228", - "PkgName": "libc-bin", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228", - "Title": "glibc: iconv program can hang when invoked with the -c option", - "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2017/03/01/10", - "http://www.securityfocus.com/bid/96525", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228", - "https://sourceware.org/bugzilla/show_bug.cgi?id=19519" - ], - "PublishedDate": "2017-03-02T01:59:00Z", - "LastModifiedDate": "2017-03-04T02:59:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20796", - "PkgName": "libc-bin", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20796", - "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", - "Severity": "LOW", - "CweIDs": [ - "CWE-674" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", - "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-11-05T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010022", - "PkgName": "libc-bin", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010022", - "Title": "glibc: stack guard protection bypass", - "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850" - ], - "PublishedDate": "2019-07-15T04:15:00Z", - "LastModifiedDate": "2019-07-18T15:44:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010023", - "PkgName": "libc-bin", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010023", - "Title": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", - "Description": "GNU Libc current is affected by: Re-mapping current loaded libray with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://www.securityfocus.com/bid/109167", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", - "https://support.f5.com/csp/article/K11932200?utm_source=f5support\u0026amp;utm_medium=RSS" - ], - "PublishedDate": "2019-07-15T04:15:00Z", - "LastModifiedDate": "2019-10-09T20:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010024", - "PkgName": "libc-bin", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010024", - "Title": "glibc: ASLR bypass using cache of thread stack and heap", - "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/109162", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", - "https://support.f5.com/csp/article/K06046097" - ], - "PublishedDate": "2019-07-15T04:15:00Z", - "LastModifiedDate": "2019-09-20T07:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010025", - "PkgName": "libc-bin", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010025", - "Title": "glibc: information disclosure of heap addresses of pthread_created thread", - "Description": "** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 2.9 - } - }, - "References": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=22853" - ], - "PublishedDate": "2019-07-15T04:15:00Z", - "LastModifiedDate": "2019-08-05T22:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19126", - "PkgName": "libc-bin", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19126", - "Title": "glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries", - "Description": "On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 2.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 2.9 - } - }, - "References": [ - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFJ5E7NWOL6ROE5QVICHKIOUGCPFJVUH/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=25204" - ], - "PublishedDate": "2019-11-19T22:15:00Z", - "LastModifiedDate": "2020-01-21T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-6488", - "PkgName": "libc-bin", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-6488", - "Title": "glibc: Incorrect attempt to use a 64-bit register for size_t in assembly codes results in segmentation fault", - "Description": "The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in __memmove_avx_unaligned_erms in sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S during a memcpy.", - "Severity": "LOW", - "CweIDs": [ - "CWE-404" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106671", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6488", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24097" - ], - "PublishedDate": "2019-01-18T19:29:00Z", - "LastModifiedDate": "2019-02-05T17:30:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7309", - "PkgName": "libc-bin", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7309", - "Title": "glibc: memcmp function incorrectly returns zero", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 2.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106835", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7309", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24155", - "https://sourceware.org/ml/libc-alpha/2019-02/msg00041.html", - "https://sourceware.org/ml/libc-alpha/2019-02/msg00063.html" - ], - "PublishedDate": "2019-02-03T02:29:00Z", - "LastModifiedDate": "2019-02-27T18:07:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9192", - "PkgName": "libc-bin", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9192", - "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", - "Description": "** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.8 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" - ], - "PublishedDate": "2019-02-26T18:29:00Z", - "LastModifiedDate": "2019-11-05T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6485", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6485", - "Title": "glibc: Integer overflow in posix_memalign in memalign functions", - "Description": "An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://bugs.debian.org/878159", - "http://linux.oracle.com/cve/CVE-2018-6485.html", - "http://linux.oracle.com/errata/ELSA-2018-3092.html", - "http://www.securityfocus.com/bid/102912", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3092", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6485", - "https://security.netapp.com/advisory/ntap-20190404-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22343", - "https://usn.ubuntu.com/4218-1/", - "https://usn.ubuntu.com/usn/usn-4218-1", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-02-01T14:29:00Z", - "LastModifiedDate": "2019-12-10T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6551", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6551", - "Title": "glibc: integer overflow in malloc functions", - "Description": "The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6551", - "https://security.netapp.com/advisory/ntap-20190404-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22774", - "https://sourceware.org/git/?p=glibc.git;a=commit;h=8e448310d74b283c5cd02b9ed7fb997b47bf9b22" - ], - "PublishedDate": "2018-02-02T14:29:00Z", - "LastModifiedDate": "2019-04-04T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9169", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9169", - "Title": "glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24114", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9", - "https://support.f5.com/csp/article/K54823184" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-04-16T05:29:00Z" - }, - { - "VulnerabilityID": "CVE-2009-5155", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2009-5155", - "Title": "glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result", - "Description": "In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5155", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=11053", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18986", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672", - "https://support.f5.com/csp/article/K64119434" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-03-25T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1000001", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000001", - "Title": "glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation", - "Description": "In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-1000001.html", - "http://linux.oracle.com/errata/ELSA-2018-0805.html", - "http://seclists.org/oss-sec/2018/q1/38", - "http://www.openwall.com/lists/oss-security/2018/01/11/5", - "http://www.securityfocus.com/bid/102525", - "http://www.securitytracker.com/id/1040162", - "https://access.redhat.com/errata/RHSA-2018:0805", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000001", - "https://lists.samba.org/archive/rsync/2018-February/031478.html", - "https://security.netapp.com/advisory/ntap-20190404-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18203", - "https://usn.ubuntu.com/3534-1/", - "https://usn.ubuntu.com/3536-1/", - "https://usn.ubuntu.com/usn/usn-3534-1", - "https://usn.ubuntu.com/usn/usn-3536-1", - "https://www.exploit-db.com/exploits/43775/", - "https://www.exploit-db.com/exploits/44889/", - "https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/" - ], - "PublishedDate": "2018-01-31T14:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10739", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10739", - "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4.6, - "V3Score": 5.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-10739.html", - "http://linux.oracle.com/errata/ELSA-2019-3513.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html", - "http://www.securityfocus.com/bid/106672", - "https://access.redhat.com/errata/RHSA-2019:2118", - "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20018" - ], - "PublishedDate": "2019-01-21T19:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12132", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12132", - "Title": "glibc: Fragmentation attacks possible when EDNS0 is enabled", - "Description": "The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", - "V3Score": 3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2017-12132.html", - "http://linux.oracle.com/errata/ELSA-2018-0805.html", - "http://www.securityfocus.com/bid/100598", - "https://access.redhat.com/errata/RHSA-2018:0805", - "https://arxiv.org/pdf/1205.4011.pdf", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12132", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21361" - ], - "PublishedDate": "2017-08-01T16:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2010-4051", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4051", - "Title": "CVE-2010-4052 glibc: De-recursivise regular expression engine", - "Description": "The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a \"RE_DUP_MAX overflow.\"", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://cxib.net/stuff/proftpd.gnu.c", - "http://seclists.org/fulldisclosure/2011/Jan/78", - "http://secunia.com/advisories/42547", - "http://securityreason.com/achievement_securityalert/93", - "http://securityreason.com/securityalert/8003", - "http://securitytracker.com/id?1024832", - "http://www.exploit-db.com/exploits/15935", - "http://www.kb.cert.org/vuls/id/912279", - "http://www.securityfocus.com/archive/1/515589/100/0/threaded", - "http://www.securityfocus.com/bid/45233", - "https://bugzilla.redhat.com/show_bug.cgi?id=645859" - ], - "PublishedDate": "2011-01-13T19:00:00Z", - "LastModifiedDate": "2018-10-10T20:06:00Z" - }, - { - "VulnerabilityID": "CVE-2010-4052", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4052", - "Title": "CVE-2010-4051 CVE-2010-4052 glibc: De-recursivise regular expression engine", - "Description": "Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://cxib.net/stuff/proftpd.gnu.c", - "http://seclists.org/fulldisclosure/2011/Jan/78", - "http://secunia.com/advisories/42547", - "http://securityreason.com/achievement_securityalert/93", - "http://securityreason.com/securityalert/8003", - "http://securitytracker.com/id?1024832", - "http://www.exploit-db.com/exploits/15935", - "http://www.kb.cert.org/vuls/id/912279", - "http://www.securityfocus.com/archive/1/515589/100/0/threaded", - "http://www.securityfocus.com/bid/45233", - "https://bugzilla.redhat.com/show_bug.cgi?id=645859" - ], - "PublishedDate": "2011-01-13T19:00:00Z", - "LastModifiedDate": "2018-10-10T20:06:00Z" - }, - { - "VulnerabilityID": "CVE-2010-4756", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4756", - "Title": "glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions", - "Description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "V2Score": 4 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223" - ], - "PublishedDate": "2011-03-02T20:00:00Z", - "LastModifiedDate": "2011-03-04T05:00:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8985", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8985", - "Title": "glibc: potential denial of service in pop_fail_stack()", - "Description": "The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.", - "Severity": "LOW", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/76916", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8985", - "https://security.gentoo.org/glsa/201908-06" - ], - "PublishedDate": "2017-03-20T16:59:00Z", - "LastModifiedDate": "2019-08-15T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10228", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228", - "Title": "glibc: iconv program can hang when invoked with the -c option", - "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2017/03/01/10", - "http://www.securityfocus.com/bid/96525", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228", - "https://sourceware.org/bugzilla/show_bug.cgi?id=19519" - ], - "PublishedDate": "2017-03-02T01:59:00Z", - "LastModifiedDate": "2017-03-04T02:59:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20796", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20796", - "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", - "Severity": "LOW", - "CweIDs": [ - "CWE-674" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", - "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-11-05T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010022", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010022", - "Title": "glibc: stack guard protection bypass", - "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850" - ], - "PublishedDate": "2019-07-15T04:15:00Z", - "LastModifiedDate": "2019-07-18T15:44:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010023", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010023", - "Title": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", - "Description": "GNU Libc current is affected by: Re-mapping current loaded libray with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://www.securityfocus.com/bid/109167", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", - "https://support.f5.com/csp/article/K11932200?utm_source=f5support\u0026amp;utm_medium=RSS" - ], - "PublishedDate": "2019-07-15T04:15:00Z", - "LastModifiedDate": "2019-10-09T20:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010024", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010024", - "Title": "glibc: ASLR bypass using cache of thread stack and heap", - "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/109162", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", - "https://support.f5.com/csp/article/K06046097" - ], - "PublishedDate": "2019-07-15T04:15:00Z", - "LastModifiedDate": "2019-09-20T07:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010025", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010025", - "Title": "glibc: information disclosure of heap addresses of pthread_created thread", - "Description": "** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 2.9 - } - }, - "References": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=22853" - ], - "PublishedDate": "2019-07-15T04:15:00Z", - "LastModifiedDate": "2019-08-05T22:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19126", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19126", - "Title": "glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries", - "Description": "On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 2.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 2.9 - } - }, - "References": [ - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFJ5E7NWOL6ROE5QVICHKIOUGCPFJVUH/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=25204" - ], - "PublishedDate": "2019-11-19T22:15:00Z", - "LastModifiedDate": "2020-01-21T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-6488", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-6488", - "Title": "glibc: Incorrect attempt to use a 64-bit register for size_t in assembly codes results in segmentation fault", - "Description": "The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in __memmove_avx_unaligned_erms in sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S during a memcpy.", - "Severity": "LOW", - "CweIDs": [ - "CWE-404" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106671", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6488", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24097" - ], - "PublishedDate": "2019-01-18T19:29:00Z", - "LastModifiedDate": "2019-02-05T17:30:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7309", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7309", - "Title": "glibc: memcmp function incorrectly returns zero", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 2.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106835", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7309", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24155", - "https://sourceware.org/ml/libc-alpha/2019-02/msg00041.html", - "https://sourceware.org/ml/libc-alpha/2019-02/msg00063.html" - ], - "PublishedDate": "2019-02-03T02:29:00Z", - "LastModifiedDate": "2019-02-27T18:07:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9192", - "PkgName": "libc6", - "InstalledVersion": "2.24-11+deb9u4", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9192", - "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", - "Description": "** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.8 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" - ], - "PublishedDate": "2019-02-26T18:29:00Z", - "LastModifiedDate": "2019-11-05T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2013-0340", - "PkgName": "libexpat1", - "InstalledVersion": "2.2.0-2+deb9u2", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-0340", - "Title": "expat: internal entity expansion", - "Description": "expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2013/02/22/3", - "http://securitytracker.com/id?1028213", - "http://www.openwall.com/lists/oss-security/2013/04/12/6", - "http://www.osvdb.org/90634", - "http://www.securityfocus.com/bid/58233", - "https://security.gentoo.org/glsa/201701-21" - ], - "PublishedDate": "2014-01-21T18:55:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12886", - "PkgName": "libgcc1", - "InstalledVersion": "6.3.0-18+deb9u1", - "Layer": { - "DiffID": "sha256:6189abe095d53c1c9f2bfc8f50128ee876b9a5d10f9eda1564e5f5357d6ffe61" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12886", - "Title": "gcc: spilling of stack protection address in cfgexpand.c and function.c leads to stack-overflow protection bypass", - "Description": "stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", - "V3Score": 6.8 - } - }, - "References": [ - "https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=266379\u0026view=markup", - "https://www.gnu.org/software/gcc/gcc-8/changes.html" - ], - "PublishedDate": "2019-05-22T19:29:00Z", - "LastModifiedDate": "2019-05-23T13:50:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12886", - "PkgName": "libgomp1", - "InstalledVersion": "6.3.0-18+deb9u1", - "Layer": { - "DiffID": "sha256:6189abe095d53c1c9f2bfc8f50128ee876b9a5d10f9eda1564e5f5357d6ffe61" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12886", - "Title": "gcc: spilling of stack protection address in cfgexpand.c and function.c leads to stack-overflow protection bypass", - "Description": "stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", - "V3Score": 6.8 - } - }, - "References": [ - "https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=266379\u0026view=markup", - "https://www.gnu.org/software/gcc/gcc-8/changes.html" - ], - "PublishedDate": "2019-05-22T19:29:00Z", - "LastModifiedDate": "2019-05-23T13:50:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19211", - "PkgName": "libncursesw5", - "InstalledVersion": "6.0+20161126-1+deb9u2", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19211", - "Title": "ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c", - "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1643754", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19211" - ], - "PublishedDate": "2018-11-12T19:29:00Z", - "LastModifiedDate": "2019-04-23T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17594", - "PkgName": "libncursesw5", - "InstalledVersion": "6.0+20161126-1+deb9u2", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", - "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-26T15:35:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17595", - "PkgName": "libncursesw5", - "InstalledVersion": "6.0+20161126-1+deb9u2", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", - "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-23T19:26:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9636", - "PkgName": "libpython2.7-minimal", - "InstalledVersion": "2.7.13-2+deb9u3", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9636", - "Title": "python: Information Disclosure due to urlsplit improper NFKC normalization", - "Description": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 9.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9636.html", - "http://linux.oracle.com/errata/ELSA-2019-1467.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", - "http://www.securityfocus.com/bid/107400", - "https://access.redhat.com/errata/RHBA-2019:0959", - "https://access.redhat.com/errata/RHSA-2019:0710", - "https://access.redhat.com/errata/RHSA-2019:0765", - "https://access.redhat.com/errata/RHSA-2019:0806", - "https://access.redhat.com/errata/RHSA-2019:0902", - "https://access.redhat.com/errata/RHSA-2019:0981", - "https://access.redhat.com/errata/RHSA-2019:0997", - "https://access.redhat.com/errata/RHSA-2019:1467", - "https://bugs.python.org/issue36216", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636", - "https://github.com/python/cpython/pull/12201", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/", - "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html", - "https://security.netapp.com/advisory/ntap-20190517-0001/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-08T21:29:00Z", - "LastModifiedDate": "2019-06-13T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9948", - "PkgName": "libpython2.7-minimal", - "InstalledVersion": "2.7.13-2+deb9u3", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9948", - "Title": "python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms", - "Description": "urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", - "V3Score": 7.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9948.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", - "http://www.securityfocus.com/bid/107549", - "https://bugs.python.org/issue35907", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948", - "https://github.com/python/cpython/pull/11842", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", - "https://security.netapp.com/advisory/ntap-20190404-0004/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-23T18:29:00Z", - "LastModifiedDate": "2019-06-19T02:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20852", - "PkgName": "libpython2.7-minimal", - "InstalledVersion": "2.7.13-2+deb9u3", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20852", - "Title": "python: Cookie domain check returns incorrect results", - "Description": "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-20852.html", - "http://linux.oracle.com/errata/ELSA-2019-4884.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00071.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00074.html", - "https://bugs.python.org/issue35121", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20852", - "https://lists.debian.org/debian-lts-announce/2019/08/msg00022.html", - "https://python-security.readthedocs.io/vuln/cookie-domain-check.html", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-07-13T21:15:00Z", - "LastModifiedDate": "2019-08-17T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-16056", - "PkgName": "libpython2.7-minimal", - "InstalledVersion": "2.7.13-2+deb9u3", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16056", - "Title": "python: email.utils.parseaddr wrongly parses email addresses", - "Description": "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugs.python.org/issue34155", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16056", - "https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00018.html", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00019.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K4KZEFP6E4YPYB52AF4WXCUDSGQOTF37/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/", - "https://usn.ubuntu.com/usn/usn-4151-1", - "https://usn.ubuntu.com/usn/usn-4151-2" - ], - "PublishedDate": "2019-09-06T18:15:00Z", - "LastModifiedDate": "2019-09-11T05:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-16935", - "PkgName": "libpython2.7-minimal", - "InstalledVersion": "2.7.13-2+deb9u3", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16935", - "Title": "python: XSS vulnerability in the documentation XML-RPC server in server_title field", - "Description": "The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-79" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V3Score": 6.1 - } - }, - "References": [ - "https://bugs.python.org/issue38243", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16935", - "https://github.com/python/cpython/blob/35c0809158be7feae4c4f877a08b93baea2d8291/Lib/xmlrpc/server.py#L897", - "https://github.com/python/cpython/blob/e007860b8b3609ce0bc62b1780efaa06241520bd/Lib/DocXMLRPCServer.py#L213", - "https://github.com/python/cpython/pull/16373", - "https://security.netapp.com/advisory/ntap-20191017-0004/", - "https://usn.ubuntu.com/4151-1/", - "https://usn.ubuntu.com/4151-2/", - "https://usn.ubuntu.com/usn/usn-4151-1", - "https://usn.ubuntu.com/usn/usn-4151-2" - ], - "PublishedDate": "2019-09-28T02:15:00Z", - "LastModifiedDate": "2019-10-09T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5010", - "PkgName": "libpython2.7-minimal", - "InstalledVersion": "2.7.13-2+deb9u3", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5010", - "Title": "python: NULL pointer dereference using a specially crafted X509 certificate", - "Description": "An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-5010.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "https://access.redhat.com/errata/RHSA-2019:3520", - "https://access.redhat.com/errata/RHSA-2019:3725", - "https://blog.talosintelligence.com/2019/01/vulnerability-spotlight-pythonorg.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010", - "https://github.com/python/cpython/pull/11569", - "https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0758", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-10-31T21:15:00Z", - "LastModifiedDate": "2019-11-06T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9740", - "PkgName": "libpython2.7-minimal", - "InstalledVersion": "2.7.13-2+deb9u3", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9740", - "Title": "python: CRLF injection via the query part of the url passed to urlopen()", - "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-93" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V2Score": 4.3, - "V3Score": 6.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9740.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "http://www.securityfocus.com/bid/107466", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://bugs.python.org/issue36276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://python-security.readthedocs.io/vuln/http-header-injection2.html", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-13T03:29:00Z", - "LastModifiedDate": "2019-05-28T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9947", - "PkgName": "libpython2.7-minimal", - "InstalledVersion": "2.7.13-2+deb9u3", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9947", - "Title": "python: CRLF injection via the path part of the url passed to urlopen()", - "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-93" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V2Score": 4.3, - "V3Score": 6.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9947.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://bugs.python.org/issue35906", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9947", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://python-security.readthedocs.io/vuln/http-header-injection2.html", - "https://security.netapp.com/advisory/ntap-20190404-0004/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-23T18:29:00Z", - "LastModifiedDate": "2019-05-28T19:29:00Z" - }, - { - "VulnerabilityID": "CVE-2020-8492", - "PkgName": "libpython2.7-minimal", - "InstalledVersion": "2.7.13-2+deb9u3", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-8492", - "Description": "Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "https://bugs.python.org/issue39503", - "https://github.com/python/cpython/pull/18284", - "https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html", - "https://security.netapp.com/advisory/ntap-20200221-0001/" - ], - "PublishedDate": "2020-01-30T19:15:00Z", - "LastModifiedDate": "2020-02-24T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2013-7040", - "PkgName": "libpython2.7-minimal", - "InstalledVersion": "2.7.13-2+deb9u3", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-7040", - "Title": "python: hash secret can be recovered remotely", - "Description": "Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.", - "Severity": "LOW", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://bugs.python.org/issue14621", - "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", - "http://www.openwall.com/lists/oss-security/2013/12/09/13", - "http://www.openwall.com/lists/oss-security/2013/12/09/3", - "http://www.securityfocus.com/bid/64194", - "https://support.apple.com/kb/HT205031" - ], - "PublishedDate": "2014-05-19T14:55:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17522", - "PkgName": "libpython2.7-minimal", - "InstalledVersion": "2.7.13-2+deb9u3", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17522", - "Title": "python: Command injection in Lib/webbrowser.py", - "Description": "** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is impossible because the code relies on subprocess.Popen and the default shell=False setting.", - "Severity": "LOW", - "CweIDs": [ - "CWE-74" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/102207", - "https://bugs.python.org/issue32367", - "https://security-tracker.debian.org/tracker/CVE-2017-17522" - ], - "PublishedDate": "2017-12-14T16:29:00Z", - "LastModifiedDate": "2017-12-28T19:13:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1000030", - "PkgName": "libpython2.7-minimal", - "InstalledVersion": "2.7.13-2+deb9u3", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000030", - "Title": "python: Heap-Buffer-Overflow and Heap-Use-After-Free in Objects/fileobject.c", - "Description": "Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3-\u003eMalloc-\u003eThread1-\u003eFree's-\u003eThread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119", - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "https://bugs.python.org/issue31530", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000030", - "https://drive.google.com/file/d/1oyR9DAZjZK_SCn3mor6NRAYLJS6ueXaY/view", - "https://security.gentoo.org/glsa/201811-02", - "https://usn.ubuntu.com/3817-1/", - "https://usn.ubuntu.com/3817-2/", - "https://usn.ubuntu.com/usn/usn-3817-1", - "https://usn.ubuntu.com/usn/usn-3817-2", - "https://www.dropbox.com/sh/sj3ee7xv55j36k7/AADwP-YfOYikBMuy32e0uvPFa?dl=0" - ], - "PublishedDate": "2018-02-08T17:29:00Z", - "LastModifiedDate": "2019-10-09T23:32:00Z" - }, - { - "VulnerabilityID": "CVE-2019-18348", - "PkgName": "libpython2.7-minimal", - "InstalledVersion": "2.7.13-2+deb9u3", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18348", - "Title": "python: CRLF injection via the host part of the url passed to urlopen()", - "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.)", - "Severity": "LOW", - "CweIDs": [ - "CWE-74" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "https://bugs.python.org/issue30458#msg347282", - "https://bugzilla.redhat.com/show_bug.cgi?id=1727276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18348", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/", - "https://security.netapp.com/advisory/ntap-20191107-0004/" - ], - "PublishedDate": "2019-10-23T17:15:00Z", - "LastModifiedDate": "2019-11-07T10:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9674", - "PkgName": "libpython2.7-minimal", - "InstalledVersion": "2.7.13-2+deb9u3", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9674", - "Title": "python: Nested zip file (Zip bomb) vulnerability in Lib/zipfile.py", - "Description": "Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.", - "Severity": "LOW", - "CweIDs": [ - "CWE-400" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://bugs.python.org/issue36260", - "https://bugs.python.org/issue36462", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9674", - "https://github.com/python/cpython/blob/master/Lib/zipfile.py", - "https://github.com/python/cpython/commit/3ba51d587f6897a45301ce9126300c14fcd4eba2", - "https://python-security.readthedocs.io/security.html#archives-and-zip-bomb", - "https://security.netapp.com/advisory/ntap-20200221-0003/", - "https://www.python.org/news/security/" - ], - "PublishedDate": "2020-02-04T15:15:00Z", - "LastModifiedDate": "2020-02-24T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20346", - "PkgName": "libsqlite3-0", - "InstalledVersion": "3.27.2-3~bpo9+1", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20346", - "Title": "CVE-2018-20505 CVE-2018-20506 sqlite: Multiple flaws in sqlite which can be triggered via corrupted internal databases (Magellan)", - "Description": "SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html", - "http://www.securityfocus.com/bid/106323", - "https://access.redhat.com/articles/3758321", - "https://blade.tencent.com/magellan/index_en.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=1659379", - "https://bugzilla.redhat.com/show_bug.cgi?id=1659677", - "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", - "https://chromium.googlesource.com/chromium/src/+/c368e30ae55600a1c3c9cb1710a54f9c55de786e", - "https://crbug.com/900910", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20346", - "https://github.com/zhuowei/worthdoingbadly.com/blob/master/_posts/2018-12-14-sqlitebug.html", - "https://lists.debian.org/debian-lts-announce/2018/12/msg00012.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/", - "https://news.ycombinator.com/item?id=18685296", - "https://security.gentoo.org/glsa/201904-21", - "https://sqlite.org/src/info/940f2adc8541a838", - "https://sqlite.org/src/info/d44318f59044162e", - "https://support.apple.com/HT209443", - "https://support.apple.com/HT209446", - "https://support.apple.com/HT209447", - "https://support.apple.com/HT209448", - "https://support.apple.com/HT209450", - "https://support.apple.com/HT209451", - "https://usn.ubuntu.com/4019-1/", - "https://usn.ubuntu.com/4019-2/", - "https://usn.ubuntu.com/usn/usn-4019-1", - "https://usn.ubuntu.com/usn/usn-4019-2", - "https://worthdoingbadly.com/sqlitebug/", - "https://www.freebsd.org/security/advisories/FreeBSD-EN-19:03.sqlite.asc", - "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg113218.html", - "https://www.sqlite.org/releaselog/3_25_3.html", - "https://www.synology.com/security/advisory/Synology_SA_18_61" - ], - "PublishedDate": "2018-12-21T21:29:00Z", - "LastModifiedDate": "2019-12-19T20:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20505", - "PkgName": "libsqlite3-0", - "InstalledVersion": "3.27.2-3~bpo9+1", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20505", - "Title": "CVE-2018-20346 CVE-2018-20505 CVE-2018-20506 sqlite: Multiple flaws in sqlite which can be triggered via corrupted internal databases (Magellan)", - "Description": "SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).", - "Severity": "HIGH", - "CweIDs": [ - "CWE-89" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://seclists.org/fulldisclosure/2019/Jan/62", - "http://seclists.org/fulldisclosure/2019/Jan/64", - "http://seclists.org/fulldisclosure/2019/Jan/66", - "http://seclists.org/fulldisclosure/2019/Jan/67", - "http://seclists.org/fulldisclosure/2019/Jan/68", - "http://seclists.org/fulldisclosure/2019/Jan/69", - "http://www.securityfocus.com/bid/106698", - "https://access.redhat.com/articles/3758321", - "https://blade.tencent.com/magellan/index_en.html", - "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20505", - "https://seclists.org/bugtraq/2019/Jan/28", - "https://seclists.org/bugtraq/2019/Jan/29", - "https://seclists.org/bugtraq/2019/Jan/31", - "https://seclists.org/bugtraq/2019/Jan/32", - "https://seclists.org/bugtraq/2019/Jan/33", - "https://seclists.org/bugtraq/2019/Jan/39", - "https://security.netapp.com/advisory/ntap-20190502-0004/", - "https://sqlite.org/src/info/1a84668dcfdebaf12415d", - "https://support.apple.com/kb/HT209443", - "https://support.apple.com/kb/HT209446", - "https://support.apple.com/kb/HT209447", - "https://support.apple.com/kb/HT209448", - "https://support.apple.com/kb/HT209450", - "https://support.apple.com/kb/HT209451", - "https://usn.ubuntu.com/4019-1/", - "https://usn.ubuntu.com/usn/usn-4019-1" - ], - "PublishedDate": "2019-04-03T18:29:00Z", - "LastModifiedDate": "2019-06-19T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20506", - "PkgName": "libsqlite3-0", - "InstalledVersion": "3.27.2-3~bpo9+1", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20506", - "Title": "CVE-2018-20346 CVE-2018-20505 CVE-2018-20506 sqlite: Multiple flaws in sqlite which can be triggered via corrupted internal databases (Magellan)", - "Description": "SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a \"merge\" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html", - "http://seclists.org/fulldisclosure/2019/Jan/62", - "http://seclists.org/fulldisclosure/2019/Jan/64", - "http://seclists.org/fulldisclosure/2019/Jan/66", - "http://seclists.org/fulldisclosure/2019/Jan/67", - "http://seclists.org/fulldisclosure/2019/Jan/68", - "http://seclists.org/fulldisclosure/2019/Jan/69", - "http://www.securityfocus.com/bid/106698", - "https://access.redhat.com/articles/3758321", - "https://blade.tencent.com/magellan/index_en.html", - "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20506", - "https://seclists.org/bugtraq/2019/Jan/28", - "https://seclists.org/bugtraq/2019/Jan/29", - "https://seclists.org/bugtraq/2019/Jan/31", - "https://seclists.org/bugtraq/2019/Jan/32", - "https://seclists.org/bugtraq/2019/Jan/33", - "https://seclists.org/bugtraq/2019/Jan/39", - "https://security.netapp.com/advisory/ntap-20190502-0004/", - "https://sqlite.org/src/info/940f2adc8541a838", - "https://support.apple.com/kb/HT209443", - "https://support.apple.com/kb/HT209446", - "https://support.apple.com/kb/HT209447", - "https://support.apple.com/kb/HT209448", - "https://support.apple.com/kb/HT209450", - "https://support.apple.com/kb/HT209451", - "https://usn.ubuntu.com/4019-1/", - "https://usn.ubuntu.com/4019-2/", - "https://usn.ubuntu.com/usn/usn-4019-1", - "https://usn.ubuntu.com/usn/usn-4019-2" - ], - "PublishedDate": "2019-04-03T18:29:00Z", - "LastModifiedDate": "2019-06-19T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-8740", - "PkgName": "libsqlite3-0", - "InstalledVersion": "3.27.2-3~bpo9+1", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-8740", - "Title": "sqlite: NULL pointer dereference with databases with schema corrupted with CREATE TABLE AS allows for denial of service", - "Description": "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html", - "http://www.securityfocus.com/bid/103466", - "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964", - "https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8740", - "https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html", - "https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema", - "https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d\u0026to=d75e67654aa9620b" - ], - "PublishedDate": "2018-03-17T00:29:00Z", - "LastModifiedDate": "2019-05-22T03:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5827", - "PkgName": "libsqlite3-0", - "InstalledVersion": "3.27.2-3~bpo9+1", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5827", - "Title": "chromium-browser: out-of-bounds access in SQLite", - "Description": "Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 8.8 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html", - "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html", - "https://crbug.com/952406", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5827", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/", - "https://usn.ubuntu.com/usn/usn-4205-1" - ], - "PublishedDate": "2019-06-27T17:15:00Z", - "LastModifiedDate": "2019-07-25T04:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-8457", - "PkgName": "libsqlite3-0", - "InstalledVersion": "3.27.2-3~bpo9+1", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-8457", - "Title": "sqlite: heap out-of-bound read in function rtreenode()", - "Description": "SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00074.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8457", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPKYSWCOM3CL66RI76TYVIG6TJ263RXH/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJPFGA45DI4F5MCF2OAACGH3HQOF4G3M/", - "https://security.netapp.com/advisory/ntap-20190606-0002/", - "https://usn.ubuntu.com/4004-1/", - "https://usn.ubuntu.com/4004-2/", - "https://usn.ubuntu.com/4019-1/", - "https://usn.ubuntu.com/4019-2/", - "https://usn.ubuntu.com/usn/usn-4004-1", - "https://usn.ubuntu.com/usn/usn-4004-2", - "https://usn.ubuntu.com/usn/usn-4019-1", - "https://usn.ubuntu.com/usn/usn-4019-2", - "https://www.oracle.com/security-alerts/cpujan2020.html", - "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "https://www.sqlite.org/releaselog/3_28_0.html", - "https://www.sqlite.org/src/info/90acdbfce9c08858" - ], - "PublishedDate": "2019-05-30T16:29:00Z", - "LastModifiedDate": "2020-01-15T20:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-16168", - "PkgName": "libsqlite3-0", - "InstalledVersion": "3.27.2-3~bpo9+1", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16168", - "Title": "sqlite: division by zero in whereLoopAddBtreeIndex in sqlite3.c", - "Description": "In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a \"severe division by zero in the query planner.\"", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-369" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00032.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00033.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16168", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XZARJHJJDBHI7CE5PZEBXS5HKK6HXKW2/", - "https://security.netapp.com/advisory/ntap-20190926-0003/", - "https://security.netapp.com/advisory/ntap-20200122-0003/", - "https://usn.ubuntu.com/4205-1/", - "https://usn.ubuntu.com/usn/usn-4205-1", - "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg116312.html", - "https://www.oracle.com/security-alerts/cpujan2020.html", - "https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62", - "https://www.sqlite.org/src/timeline?c=98357d8c1263920b" - ], - "PublishedDate": "2019-09-09T17:15:00Z", - "LastModifiedDate": "2020-01-15T20:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19603", - "PkgName": "libsqlite3-0", - "InstalledVersion": "3.27.2-3~bpo9+1", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19603", - "Title": "sqlite: mishandles certain SELECT statements with a nonexistent VIEW, leading to DoS", - "Description": "SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19603", - "https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13", - "https://security.netapp.com/advisory/ntap-20191223-0001/", - "https://www.sqlite.org/" - ], - "PublishedDate": "2019-12-09T19:15:00Z", - "LastModifiedDate": "2020-02-03T14:22:00Z" - }, - { - "VulnerabilityID": "CVE-2019-20218", - "PkgName": "libsqlite3-0", - "InstalledVersion": "3.27.2-3~bpo9+1", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20218", - "Title": "sqlite: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error", - "Description": "selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-755" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20218", - "https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387" - ], - "PublishedDate": "2020-01-02T14:16:00Z", - "LastModifiedDate": "2020-01-16T20:35:00Z" - }, - { - "VulnerabilityID": "CVE-2020-9327", - "PkgName": "libsqlite3-0", - "InstalledVersion": "3.27.2-3~bpo9+1", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-9327", - "Description": "In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "https://www.sqlite.org/cgi/src/info/4374860b29383380", - "https://www.sqlite.org/cgi/src/info/9d0d4ab95dc0c56e", - "https://www.sqlite.org/cgi/src/info/abc473fb8fb99900" - ], - "PublishedDate": "2020-02-21T22:15:00Z", - "LastModifiedDate": "2020-02-25T17:48:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13685", - "PkgName": "libsqlite3-0", - "InstalledVersion": "3.27.2-3~bpo9+1", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13685", - "Title": "sqlite: Local DoS via dump_callback function", - "Description": "The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html", - "http://www.securityfocus.com/bid/100521", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13685", - "https://usn.ubuntu.com/usn/usn-4019-1", - "https://usn.ubuntu.com/usn/usn-4019-2" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2017-08-31T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19645", - "PkgName": "libsqlite3-0", - "InstalledVersion": "3.27.2-3~bpo9+1", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19645", - "Title": "sqlite: infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements", - "Description": "alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.", - "Severity": "LOW", - "CweIDs": [ - "CWE-674" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19645", - "https://github.com/sqlite/sqlite/commit/38096961c7cd109110ac21d3ed7dad7e0cb0ae06", - "https://security.netapp.com/advisory/ntap-20191223-0001/" - ], - "PublishedDate": "2019-12-09T16:15:00Z", - "LastModifiedDate": "2019-12-23T05:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9936", - "PkgName": "libsqlite3-0", - "InstalledVersion": "3.27.2-3~bpo9+1", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9936", - "Title": "sqlite: heap-based buffer over-read in function fts5HashEntrySort in sqlite3.c", - "Description": "In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00026.html", - "http://www.securityfocus.com/bid/107562", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9936", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXD2GYJVTDGEQPUNMMMC5TB7MQXOBBMO/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N66U5PY5UJU4XBFZJH7QNKIDNAVIB4OP/", - "https://security.netapp.com/advisory/ntap-20190416-0005/", - "https://sqlite.org/src/info/b3fa58dd7403dbd4", - "https://usn.ubuntu.com/usn/usn-4019-1", - "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114382.html", - "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114394.html" - ], - "PublishedDate": "2019-03-22T08:29:00Z", - "LastModifiedDate": "2019-06-04T04:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9937", - "PkgName": "libsqlite3-0", - "InstalledVersion": "3.27.2-3~bpo9+1", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9937", - "Title": "sqlite: null-pointer dereference in function fts5ChunkIterate in sqlite3.c", - "Description": "In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00026.html", - "http://www.securityfocus.com/bid/107562", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9937", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXD2GYJVTDGEQPUNMMMC5TB7MQXOBBMO/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N66U5PY5UJU4XBFZJH7QNKIDNAVIB4OP/", - "https://security.netapp.com/advisory/ntap-20190416-0005/", - "https://sqlite.org/src/info/45c73deb440496e8", - "https://usn.ubuntu.com/usn/usn-4019-1", - "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114383.html", - "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114393.html" - ], - "PublishedDate": "2019-03-22T08:29:00Z", - "LastModifiedDate": "2019-06-04T04:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1563", - "PkgName": "libssl1.1", - "InstalledVersion": "1.1.0k-1~deb9u1", - "FixedVersion": "1.1.0l-1~deb9u1", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", - "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey", - "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-311" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 3.7 - } - }, - "References": [ - "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", - "https://seclists.org/bugtraq/2019/Sep/25", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-12T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2007-6755", - "PkgName": "libssl1.1", - "InstalledVersion": "1.1.0k-1~deb9u1", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2007-6755", - "Title": "Dual_EC_DRBG: weak pseudo random number generator", - "Description": "The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain \"skeleton key\" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.", - "Severity": "LOW", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 5.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 5.8 - } - }, - "References": [ - "http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/", - "http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html", - "http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html", - "http://rump2007.cr.yp.to/15-shumow.pdf", - "http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/", - "http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect", - "http://www.securityfocus.com/bid/63657", - "https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html" - ], - "PublishedDate": "2013-10-11T22:55:00Z", - "LastModifiedDate": "2016-11-28T19:07:00Z" - }, - { - "VulnerabilityID": "CVE-2010-0928", - "PkgName": "libssl1.1", - "InstalledVersion": "1.1.0k-1~deb9u1", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-0928", - "Title": "openssl: RSA authentication weakness", - "Description": "OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a \"fault-based attack.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:N/A:N", - "V2Score": 4 - } - }, - "References": [ - "http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection/", - "http://www.eecs.umich.edu/%7Evaleria/research/publications/DATE10RSA.pdf", - "http://www.networkworld.com/news/2010/030410-rsa-security-attack.html", - "http://www.osvdb.org/62808", - "http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/56750" - ], - "PublishedDate": "2010-03-05T19:30:00Z", - "LastModifiedDate": "2017-08-17T01:32:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1551", - "PkgName": "libssl1.1", - "InstalledVersion": "1.1.0k-1~deb9u1", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", - "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64", - "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.8 - } - }, - "References": [ - "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98", - "https://github.com/openssl/openssl/pull/10575", - "https://seclists.org/bugtraq/2019/Dec/39", - "https://seclists.org/bugtraq/2019/Dec/46", - "https://security.netapp.com/advisory/ntap-20191210-0001/", - "https://www.debian.org/security/2019/dsa-4594", - "https://www.openssl.org/news/secadv/20191206.txt", - "https://www.tenable.com/security/tns-2019-09" - ], - "PublishedDate": "2019-12-06T18:15:00Z", - "LastModifiedDate": "2019-12-25T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12886", - "PkgName": "libstdc++6", - "InstalledVersion": "6.3.0-18+deb9u1", - "Layer": { - "DiffID": "sha256:6189abe095d53c1c9f2bfc8f50128ee876b9a5d10f9eda1564e5f5357d6ffe61" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12886", - "Title": "gcc: spilling of stack protection address in cfgexpand.c and function.c leads to stack-overflow protection bypass", - "Description": "stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", - "V3Score": 6.8 - } - }, - "References": [ - "https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=266379\u0026view=markup", - "https://www.gnu.org/software/gcc/gcc-8/changes.html" - ], - "PublishedDate": "2019-05-22T19:29:00Z", - "LastModifiedDate": "2019-05-23T13:50:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19211", - "PkgName": "libtinfo5", - "InstalledVersion": "6.0+20161126-1+deb9u2", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19211", - "Title": "ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c", - "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1643754", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19211" - ], - "PublishedDate": "2018-11-12T19:29:00Z", - "LastModifiedDate": "2019-04-23T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17594", - "PkgName": "libtinfo5", - "InstalledVersion": "6.0+20161126-1+deb9u2", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", - "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-26T15:35:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17595", - "PkgName": "libtinfo5", - "InstalledVersion": "6.0+20161126-1+deb9u2", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", - "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-23T19:26:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1563", - "PkgName": "openssl", - "InstalledVersion": "1.1.0k-1~deb9u1", - "FixedVersion": "1.1.0l-1~deb9u1", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", - "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey", - "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-311" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 3.7 - } - }, - "References": [ - "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", - "https://seclists.org/bugtraq/2019/Sep/25", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-12T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2007-6755", - "PkgName": "openssl", - "InstalledVersion": "1.1.0k-1~deb9u1", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2007-6755", - "Title": "Dual_EC_DRBG: weak pseudo random number generator", - "Description": "The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain \"skeleton key\" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.", - "Severity": "LOW", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 5.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 5.8 - } - }, - "References": [ - "http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/", - "http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html", - "http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html", - "http://rump2007.cr.yp.to/15-shumow.pdf", - "http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/", - "http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect", - "http://www.securityfocus.com/bid/63657", - "https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html" - ], - "PublishedDate": "2013-10-11T22:55:00Z", - "LastModifiedDate": "2016-11-28T19:07:00Z" - }, - { - "VulnerabilityID": "CVE-2010-0928", - "PkgName": "openssl", - "InstalledVersion": "1.1.0k-1~deb9u1", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-0928", - "Title": "openssl: RSA authentication weakness", - "Description": "OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a \"fault-based attack.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:N/A:N", - "V2Score": 4 - } - }, - "References": [ - "http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection/", - "http://www.eecs.umich.edu/%7Evaleria/research/publications/DATE10RSA.pdf", - "http://www.networkworld.com/news/2010/030410-rsa-security-attack.html", - "http://www.osvdb.org/62808", - "http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/56750" - ], - "PublishedDate": "2010-03-05T19:30:00Z", - "LastModifiedDate": "2017-08-17T01:32:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1551", - "PkgName": "openssl", - "InstalledVersion": "1.1.0k-1~deb9u1", - "Layer": { - "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", - "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64", - "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.8 - } - }, - "References": [ - "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98", - "https://github.com/openssl/openssl/pull/10575", - "https://seclists.org/bugtraq/2019/Dec/39", - "https://seclists.org/bugtraq/2019/Dec/46", - "https://security.netapp.com/advisory/ntap-20191210-0001/", - "https://www.debian.org/security/2019/dsa-4594", - "https://www.openssl.org/news/secadv/20191206.txt", - "https://www.tenable.com/security/tns-2019-09" - ], - "PublishedDate": "2019-12-06T18:15:00Z", - "LastModifiedDate": "2019-12-25T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9636", - "PkgName": "python2.7-minimal", - "InstalledVersion": "2.7.13-2+deb9u3", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9636", - "Title": "python: Information Disclosure due to urlsplit improper NFKC normalization", - "Description": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 9.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9636.html", - "http://linux.oracle.com/errata/ELSA-2019-1467.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", - "http://www.securityfocus.com/bid/107400", - "https://access.redhat.com/errata/RHBA-2019:0959", - "https://access.redhat.com/errata/RHSA-2019:0710", - "https://access.redhat.com/errata/RHSA-2019:0765", - "https://access.redhat.com/errata/RHSA-2019:0806", - "https://access.redhat.com/errata/RHSA-2019:0902", - "https://access.redhat.com/errata/RHSA-2019:0981", - "https://access.redhat.com/errata/RHSA-2019:0997", - "https://access.redhat.com/errata/RHSA-2019:1467", - "https://bugs.python.org/issue36216", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636", - "https://github.com/python/cpython/pull/12201", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/", - "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html", - "https://security.netapp.com/advisory/ntap-20190517-0001/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-08T21:29:00Z", - "LastModifiedDate": "2019-06-13T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9948", - "PkgName": "python2.7-minimal", - "InstalledVersion": "2.7.13-2+deb9u3", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9948", - "Title": "python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms", - "Description": "urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", - "V3Score": 7.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9948.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", - "http://www.securityfocus.com/bid/107549", - "https://bugs.python.org/issue35907", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948", - "https://github.com/python/cpython/pull/11842", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", - "https://security.netapp.com/advisory/ntap-20190404-0004/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-23T18:29:00Z", - "LastModifiedDate": "2019-06-19T02:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20852", - "PkgName": "python2.7-minimal", - "InstalledVersion": "2.7.13-2+deb9u3", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20852", - "Title": "python: Cookie domain check returns incorrect results", - "Description": "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-20852.html", - "http://linux.oracle.com/errata/ELSA-2019-4884.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00071.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00074.html", - "https://bugs.python.org/issue35121", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20852", - "https://lists.debian.org/debian-lts-announce/2019/08/msg00022.html", - "https://python-security.readthedocs.io/vuln/cookie-domain-check.html", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-07-13T21:15:00Z", - "LastModifiedDate": "2019-08-17T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-16056", - "PkgName": "python2.7-minimal", - "InstalledVersion": "2.7.13-2+deb9u3", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16056", - "Title": "python: email.utils.parseaddr wrongly parses email addresses", - "Description": "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugs.python.org/issue34155", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16056", - "https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00018.html", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00019.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K4KZEFP6E4YPYB52AF4WXCUDSGQOTF37/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/", - "https://usn.ubuntu.com/usn/usn-4151-1", - "https://usn.ubuntu.com/usn/usn-4151-2" - ], - "PublishedDate": "2019-09-06T18:15:00Z", - "LastModifiedDate": "2019-09-11T05:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-16935", - "PkgName": "python2.7-minimal", - "InstalledVersion": "2.7.13-2+deb9u3", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16935", - "Title": "python: XSS vulnerability in the documentation XML-RPC server in server_title field", - "Description": "The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-79" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V3Score": 6.1 - } - }, - "References": [ - "https://bugs.python.org/issue38243", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16935", - "https://github.com/python/cpython/blob/35c0809158be7feae4c4f877a08b93baea2d8291/Lib/xmlrpc/server.py#L897", - "https://github.com/python/cpython/blob/e007860b8b3609ce0bc62b1780efaa06241520bd/Lib/DocXMLRPCServer.py#L213", - "https://github.com/python/cpython/pull/16373", - "https://security.netapp.com/advisory/ntap-20191017-0004/", - "https://usn.ubuntu.com/4151-1/", - "https://usn.ubuntu.com/4151-2/", - "https://usn.ubuntu.com/usn/usn-4151-1", - "https://usn.ubuntu.com/usn/usn-4151-2" - ], - "PublishedDate": "2019-09-28T02:15:00Z", - "LastModifiedDate": "2019-10-09T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5010", - "PkgName": "python2.7-minimal", - "InstalledVersion": "2.7.13-2+deb9u3", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5010", - "Title": "python: NULL pointer dereference using a specially crafted X509 certificate", - "Description": "An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-5010.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "https://access.redhat.com/errata/RHSA-2019:3520", - "https://access.redhat.com/errata/RHSA-2019:3725", - "https://blog.talosintelligence.com/2019/01/vulnerability-spotlight-pythonorg.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010", - "https://github.com/python/cpython/pull/11569", - "https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0758", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-10-31T21:15:00Z", - "LastModifiedDate": "2019-11-06T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9740", - "PkgName": "python2.7-minimal", - "InstalledVersion": "2.7.13-2+deb9u3", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9740", - "Title": "python: CRLF injection via the query part of the url passed to urlopen()", - "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-93" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V2Score": 4.3, - "V3Score": 6.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9740.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "http://www.securityfocus.com/bid/107466", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://bugs.python.org/issue36276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://python-security.readthedocs.io/vuln/http-header-injection2.html", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-13T03:29:00Z", - "LastModifiedDate": "2019-05-28T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9947", - "PkgName": "python2.7-minimal", - "InstalledVersion": "2.7.13-2+deb9u3", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9947", - "Title": "python: CRLF injection via the path part of the url passed to urlopen()", - "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-93" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V2Score": 4.3, - "V3Score": 6.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9947.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://bugs.python.org/issue35906", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9947", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://python-security.readthedocs.io/vuln/http-header-injection2.html", - "https://security.netapp.com/advisory/ntap-20190404-0004/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-23T18:29:00Z", - "LastModifiedDate": "2019-05-28T19:29:00Z" - }, - { - "VulnerabilityID": "CVE-2020-8492", - "PkgName": "python2.7-minimal", - "InstalledVersion": "2.7.13-2+deb9u3", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-8492", - "Description": "Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "https://bugs.python.org/issue39503", - "https://github.com/python/cpython/pull/18284", - "https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html", - "https://security.netapp.com/advisory/ntap-20200221-0001/" - ], - "PublishedDate": "2020-01-30T19:15:00Z", - "LastModifiedDate": "2020-02-24T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2013-7040", - "PkgName": "python2.7-minimal", - "InstalledVersion": "2.7.13-2+deb9u3", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-7040", - "Title": "python: hash secret can be recovered remotely", - "Description": "Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.", - "Severity": "LOW", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://bugs.python.org/issue14621", - "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", - "http://www.openwall.com/lists/oss-security/2013/12/09/13", - "http://www.openwall.com/lists/oss-security/2013/12/09/3", - "http://www.securityfocus.com/bid/64194", - "https://support.apple.com/kb/HT205031" - ], - "PublishedDate": "2014-05-19T14:55:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17522", - "PkgName": "python2.7-minimal", - "InstalledVersion": "2.7.13-2+deb9u3", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17522", - "Title": "python: Command injection in Lib/webbrowser.py", - "Description": "** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is impossible because the code relies on subprocess.Popen and the default shell=False setting.", - "Severity": "LOW", - "CweIDs": [ - "CWE-74" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/102207", - "https://bugs.python.org/issue32367", - "https://security-tracker.debian.org/tracker/CVE-2017-17522" - ], - "PublishedDate": "2017-12-14T16:29:00Z", - "LastModifiedDate": "2017-12-28T19:13:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1000030", - "PkgName": "python2.7-minimal", - "InstalledVersion": "2.7.13-2+deb9u3", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000030", - "Title": "python: Heap-Buffer-Overflow and Heap-Use-After-Free in Objects/fileobject.c", - "Description": "Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3-\u003eMalloc-\u003eThread1-\u003eFree's-\u003eThread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119", - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "https://bugs.python.org/issue31530", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000030", - "https://drive.google.com/file/d/1oyR9DAZjZK_SCn3mor6NRAYLJS6ueXaY/view", - "https://security.gentoo.org/glsa/201811-02", - "https://usn.ubuntu.com/3817-1/", - "https://usn.ubuntu.com/3817-2/", - "https://usn.ubuntu.com/usn/usn-3817-1", - "https://usn.ubuntu.com/usn/usn-3817-2", - "https://www.dropbox.com/sh/sj3ee7xv55j36k7/AADwP-YfOYikBMuy32e0uvPFa?dl=0" - ], - "PublishedDate": "2018-02-08T17:29:00Z", - "LastModifiedDate": "2019-10-09T23:32:00Z" - }, - { - "VulnerabilityID": "CVE-2019-18348", - "PkgName": "python2.7-minimal", - "InstalledVersion": "2.7.13-2+deb9u3", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18348", - "Title": "python: CRLF injection via the host part of the url passed to urlopen()", - "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.)", - "Severity": "LOW", - "CweIDs": [ - "CWE-74" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "https://bugs.python.org/issue30458#msg347282", - "https://bugzilla.redhat.com/show_bug.cgi?id=1727276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18348", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/", - "https://security.netapp.com/advisory/ntap-20191107-0004/" - ], - "PublishedDate": "2019-10-23T17:15:00Z", - "LastModifiedDate": "2019-11-07T10:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9674", - "PkgName": "python2.7-minimal", - "InstalledVersion": "2.7.13-2+deb9u3", - "Layer": { - "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" - }, - "SeveritySource": "debian", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9674", - "Title": "python: Nested zip file (Zip bomb) vulnerability in Lib/zipfile.py", - "Description": "Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.", - "Severity": "LOW", - "CweIDs": [ - "CWE-400" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://bugs.python.org/issue36260", - "https://bugs.python.org/issue36462", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9674", - "https://github.com/python/cpython/blob/master/Lib/zipfile.py", - "https://github.com/python/cpython/commit/3ba51d587f6897a45301ce9126300c14fcd4eba2", - "https://python-security.readthedocs.io/security.html#archives-and-zip-bomb", - "https://security.netapp.com/advisory/ntap-20200221-0003/", - "https://www.python.org/news/security/" - ], - "PublishedDate": "2020-02-04T15:15:00Z", - "LastModifiedDate": "2020-02-24T17:15:00Z" +{ + "SchemaVersion": 2, + "ArtifactName": "testdata/fixtures/images/distroless-python27.tar.gz", + "ArtifactType": "container_image", + "Metadata": { + "OS": { + "Family": "debian", + "Name": "9.9" + }, + "ImageID": "sha256:6fcac2cc8a710f21577b5bbd534e0bfc841c0cca569b57182ba19054696cddda", + "DiffIDs": [ + "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", + "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5", + "sha256:6189abe095d53c1c9f2bfc8f50128ee876b9a5d10f9eda1564e5f5357d6ffe61", + "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + ], + "ImageConfig": { + "architecture": "amd64", + "author": "Bazel", + "created": "1970-01-01T00:00:00Z", + "history": [ + { + "author": "Bazel", + "created": "1970-01-01T00:00:00Z", + "created_by": "bazel build ..." + }, + { + "author": "Bazel", + "created": "1970-01-01T00:00:00Z", + "created_by": "bazel build ..." + }, + { + "author": "Bazel", + "created": "1970-01-01T00:00:00Z", + "created_by": "bazel build ..." + }, + { + "author": "Bazel", + "created": "1970-01-01T00:00:00Z", + "created_by": "bazel build ..." + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", + "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5", + "sha256:6189abe095d53c1c9f2bfc8f50128ee876b9a5d10f9eda1564e5f5357d6ffe61", + "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + ] + }, + "config": { + "Entrypoint": [ + "/usr/bin/python2.7" + ], + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt" + ] } - ] - } -] \ No newline at end of file + } + }, + "Results": [ + { + "Target": "testdata/fixtures/images/distroless-python27.tar.gz (debian 9.9)", + "Class": "os-pkgs", + "Type": "debian", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2019-12900", + "PkgName": "libbz2-1.0", + "InstalledVersion": "1.0.6-8.1", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12900", + "Title": "bzip2: out-of-bounds write in function BZ2_decompress", + "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4 + } + }, + "References": [ + "https://bugs.launchpad.net/ubuntu/+source/bzip2/+bug/1834494", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12900", + "https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html", + "https://usn.ubuntu.com/4038-1/", + "https://usn.ubuntu.com/4038-2/", + "https://usn.ubuntu.com/usn/usn-4038-1", + "https://usn.ubuntu.com/usn/usn-4038-2", + "https://usn.ubuntu.com/usn/usn-4038-3", + "https://usn.ubuntu.com/usn/usn-4038-4", + "https://usn.ubuntu.com/usn/usn-4146-1", + "https://usn.ubuntu.com/usn/usn-4146-2" + ], + "PublishedDate": "2019-06-19T23:15:00Z", + "LastModifiedDate": "2019-06-24T23:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-6485", + "PkgName": "libc-bin", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6485", + "Title": "glibc: Integer overflow in posix_memalign in memalign functions", + "Description": "An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://bugs.debian.org/878159", + "http://linux.oracle.com/cve/CVE-2018-6485.html", + "http://linux.oracle.com/errata/ELSA-2018-3092.html", + "http://www.securityfocus.com/bid/102912", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3092", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6485", + "https://security.netapp.com/advisory/ntap-20190404-0003/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22343", + "https://usn.ubuntu.com/4218-1/", + "https://usn.ubuntu.com/usn/usn-4218-1", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-02-01T14:29:00Z", + "LastModifiedDate": "2019-12-10T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-6551", + "PkgName": "libc-bin", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6551", + "Title": "glibc: integer overflow in malloc functions", + "Description": "The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6551", + "https://security.netapp.com/advisory/ntap-20190404-0003/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22774", + "https://sourceware.org/git/?p=glibc.git;a=commit;h=8e448310d74b283c5cd02b9ed7fb997b47bf9b22" + ], + "PublishedDate": "2018-02-02T14:29:00Z", + "LastModifiedDate": "2019-04-04T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9169", + "PkgName": "libc-bin", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9169", + "Title": "glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/107160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24114", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9", + "https://support.f5.com/csp/article/K54823184" + ], + "PublishedDate": "2019-02-26T02:29:00Z", + "LastModifiedDate": "2019-04-16T05:29:00Z" + }, + { + "VulnerabilityID": "CVE-2009-5155", + "PkgName": "libc-bin", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2009-5155", + "Title": "glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result", + "Description": "In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-19" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5155", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=11053", + "https://sourceware.org/bugzilla/show_bug.cgi?id=18986", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672", + "https://support.f5.com/csp/article/K64119434" + ], + "PublishedDate": "2019-02-26T02:29:00Z", + "LastModifiedDate": "2019-03-25T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1000001", + "PkgName": "libc-bin", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000001", + "Title": "glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation", + "Description": "In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-1000001.html", + "http://linux.oracle.com/errata/ELSA-2018-0805.html", + "http://seclists.org/oss-sec/2018/q1/38", + "http://www.openwall.com/lists/oss-security/2018/01/11/5", + "http://www.securityfocus.com/bid/102525", + "http://www.securitytracker.com/id/1040162", + "https://access.redhat.com/errata/RHSA-2018:0805", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000001", + "https://lists.samba.org/archive/rsync/2018-February/031478.html", + "https://security.netapp.com/advisory/ntap-20190404-0003/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=18203", + "https://usn.ubuntu.com/3534-1/", + "https://usn.ubuntu.com/3536-1/", + "https://usn.ubuntu.com/usn/usn-3534-1", + "https://usn.ubuntu.com/usn/usn-3536-1", + "https://www.exploit-db.com/exploits/43775/", + "https://www.exploit-db.com/exploits/44889/", + "https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/" + ], + "PublishedDate": "2018-01-31T14:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10739", + "PkgName": "libc-bin", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10739", + "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 4.6, + "V3Score": 5.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-10739.html", + "http://linux.oracle.com/errata/ELSA-2019-3513.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html", + "http://www.securityfocus.com/bid/106672", + "https://access.redhat.com/errata/RHSA-2019:2118", + "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20018" + ], + "PublishedDate": "2019-01-21T19:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12132", + "PkgName": "libc-bin", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12132", + "Title": "glibc: Fragmentation attacks possible when EDNS0 is enabled", + "Description": "The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", + "V3Score": 3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2017-12132.html", + "http://linux.oracle.com/errata/ELSA-2018-0805.html", + "http://www.securityfocus.com/bid/100598", + "https://access.redhat.com/errata/RHSA-2018:0805", + "https://arxiv.org/pdf/1205.4011.pdf", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12132", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21361" + ], + "PublishedDate": "2017-08-01T16:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2010-4051", + "PkgName": "libc-bin", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4051", + "Title": "CVE-2010-4052 glibc: De-recursivise regular expression engine", + "Description": "The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a \"RE_DUP_MAX overflow.\"", + "Severity": "LOW", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + } + }, + "References": [ + "http://cxib.net/stuff/proftpd.gnu.c", + "http://seclists.org/fulldisclosure/2011/Jan/78", + "http://secunia.com/advisories/42547", + "http://securityreason.com/achievement_securityalert/93", + "http://securityreason.com/securityalert/8003", + "http://securitytracker.com/id?1024832", + "http://www.exploit-db.com/exploits/15935", + "http://www.kb.cert.org/vuls/id/912279", + "http://www.securityfocus.com/archive/1/515589/100/0/threaded", + "http://www.securityfocus.com/bid/45233", + "https://bugzilla.redhat.com/show_bug.cgi?id=645859" + ], + "PublishedDate": "2011-01-13T19:00:00Z", + "LastModifiedDate": "2018-10-10T20:06:00Z" + }, + { + "VulnerabilityID": "CVE-2010-4052", + "PkgName": "libc-bin", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4052", + "Title": "CVE-2010-4051 CVE-2010-4052 glibc: De-recursivise regular expression engine", + "Description": "Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + } + }, + "References": [ + "http://cxib.net/stuff/proftpd.gnu.c", + "http://seclists.org/fulldisclosure/2011/Jan/78", + "http://secunia.com/advisories/42547", + "http://securityreason.com/achievement_securityalert/93", + "http://securityreason.com/securityalert/8003", + "http://securitytracker.com/id?1024832", + "http://www.exploit-db.com/exploits/15935", + "http://www.kb.cert.org/vuls/id/912279", + "http://www.securityfocus.com/archive/1/515589/100/0/threaded", + "http://www.securityfocus.com/bid/45233", + "https://bugzilla.redhat.com/show_bug.cgi?id=645859" + ], + "PublishedDate": "2011-01-13T19:00:00Z", + "LastModifiedDate": "2018-10-10T20:06:00Z" + }, + { + "VulnerabilityID": "CVE-2010-4756", + "PkgName": "libc-bin", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4756", + "Title": "glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions", + "Description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "V2Score": 4 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + } + }, + "References": [ + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223" + ], + "PublishedDate": "2011-03-02T20:00:00Z", + "LastModifiedDate": "2011-03-04T05:00:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8985", + "PkgName": "libc-bin", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8985", + "Title": "glibc: potential denial of service in pop_fail_stack()", + "Description": "The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.", + "Severity": "LOW", + "CweIDs": [ + "CWE-19" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 1.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2017/02/14/9", + "http://www.securityfocus.com/bid/76916", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8985", + "https://security.gentoo.org/glsa/201908-06" + ], + "PublishedDate": "2017-03-20T16:59:00Z", + "LastModifiedDate": "2019-08-15T18:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10228", + "PkgName": "libc-bin", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228", + "Title": "glibc: iconv program can hang when invoked with the -c option", + "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2017/03/01/10", + "http://www.securityfocus.com/bid/96525", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228", + "https://sourceware.org/bugzilla/show_bug.cgi?id=19519" + ], + "PublishedDate": "2017-03-02T01:59:00Z", + "LastModifiedDate": "2017-03-04T02:59:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20796", + "PkgName": "libc-bin", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20796", + "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/107160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", + "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" + ], + "PublishedDate": "2019-02-26T02:29:00Z", + "LastModifiedDate": "2019-11-05T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1010022", + "PkgName": "libc-bin", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010022", + "Title": "glibc: stack guard protection bypass", + "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850" + ], + "PublishedDate": "2019-07-15T04:15:00Z", + "LastModifiedDate": "2019-07-18T15:44:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1010023", + "PkgName": "libc-bin", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010023", + "Title": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", + "Description": "GNU Libc current is affected by: Re-mapping current loaded libray with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code.", + "Severity": "LOW", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.securityfocus.com/bid/109167", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "https://support.f5.com/csp/article/K11932200?utm_source=f5support\u0026amp;utm_medium=RSS" + ], + "PublishedDate": "2019-07-15T04:15:00Z", + "LastModifiedDate": "2019-10-09T20:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1010024", + "PkgName": "libc-bin", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010024", + "Title": "glibc: ASLR bypass using cache of thread stack and heap", + "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/109162", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", + "https://support.f5.com/csp/article/K06046097" + ], + "PublishedDate": "2019-07-15T04:15:00Z", + "LastModifiedDate": "2019-09-20T07:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1010025", + "PkgName": "libc-bin", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010025", + "Title": "glibc: information disclosure of heap addresses of pthread_created thread", + "Description": "** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 2.9 + } + }, + "References": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=22853" + ], + "PublishedDate": "2019-07-15T04:15:00Z", + "LastModifiedDate": "2019-08-05T22:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19126", + "PkgName": "libc-bin", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19126", + "Title": "glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries", + "Description": "On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 2.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 2.9 + } + }, + "References": [ + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFJ5E7NWOL6ROE5QVICHKIOUGCPFJVUH/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=25204" + ], + "PublishedDate": "2019-11-19T22:15:00Z", + "LastModifiedDate": "2020-01-21T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-6488", + "PkgName": "libc-bin", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-6488", + "Title": "glibc: Incorrect attempt to use a 64-bit register for size_t in assembly codes results in segmentation fault", + "Description": "The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in __memmove_avx_unaligned_erms in sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S during a memcpy.", + "Severity": "LOW", + "CweIDs": [ + "CWE-404" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106671", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6488", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24097" + ], + "PublishedDate": "2019-01-18T19:29:00Z", + "LastModifiedDate": "2019-02-05T17:30:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7309", + "PkgName": "libc-bin", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7309", + "Title": "glibc: memcmp function incorrectly returns zero", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 2.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106835", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7309", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24155", + "https://sourceware.org/ml/libc-alpha/2019-02/msg00041.html", + "https://sourceware.org/ml/libc-alpha/2019-02/msg00063.html" + ], + "PublishedDate": "2019-02-03T02:29:00Z", + "LastModifiedDate": "2019-02-27T18:07:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9192", + "PkgName": "libc-bin", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9192", + "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", + "Description": "** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 2.8 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" + ], + "PublishedDate": "2019-02-26T18:29:00Z", + "LastModifiedDate": "2019-11-05T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-6485", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6485", + "Title": "glibc: Integer overflow in posix_memalign in memalign functions", + "Description": "An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://bugs.debian.org/878159", + "http://linux.oracle.com/cve/CVE-2018-6485.html", + "http://linux.oracle.com/errata/ELSA-2018-3092.html", + "http://www.securityfocus.com/bid/102912", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3092", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6485", + "https://security.netapp.com/advisory/ntap-20190404-0003/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22343", + "https://usn.ubuntu.com/4218-1/", + "https://usn.ubuntu.com/usn/usn-4218-1", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-02-01T14:29:00Z", + "LastModifiedDate": "2019-12-10T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-6551", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6551", + "Title": "glibc: integer overflow in malloc functions", + "Description": "The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6551", + "https://security.netapp.com/advisory/ntap-20190404-0003/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22774", + "https://sourceware.org/git/?p=glibc.git;a=commit;h=8e448310d74b283c5cd02b9ed7fb997b47bf9b22" + ], + "PublishedDate": "2018-02-02T14:29:00Z", + "LastModifiedDate": "2019-04-04T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9169", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9169", + "Title": "glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/107160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24114", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9", + "https://support.f5.com/csp/article/K54823184" + ], + "PublishedDate": "2019-02-26T02:29:00Z", + "LastModifiedDate": "2019-04-16T05:29:00Z" + }, + { + "VulnerabilityID": "CVE-2009-5155", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2009-5155", + "Title": "glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result", + "Description": "In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-19" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5155", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=11053", + "https://sourceware.org/bugzilla/show_bug.cgi?id=18986", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672", + "https://support.f5.com/csp/article/K64119434" + ], + "PublishedDate": "2019-02-26T02:29:00Z", + "LastModifiedDate": "2019-03-25T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1000001", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000001", + "Title": "glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation", + "Description": "In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-1000001.html", + "http://linux.oracle.com/errata/ELSA-2018-0805.html", + "http://seclists.org/oss-sec/2018/q1/38", + "http://www.openwall.com/lists/oss-security/2018/01/11/5", + "http://www.securityfocus.com/bid/102525", + "http://www.securitytracker.com/id/1040162", + "https://access.redhat.com/errata/RHSA-2018:0805", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000001", + "https://lists.samba.org/archive/rsync/2018-February/031478.html", + "https://security.netapp.com/advisory/ntap-20190404-0003/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=18203", + "https://usn.ubuntu.com/3534-1/", + "https://usn.ubuntu.com/3536-1/", + "https://usn.ubuntu.com/usn/usn-3534-1", + "https://usn.ubuntu.com/usn/usn-3536-1", + "https://www.exploit-db.com/exploits/43775/", + "https://www.exploit-db.com/exploits/44889/", + "https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/" + ], + "PublishedDate": "2018-01-31T14:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10739", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10739", + "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 4.6, + "V3Score": 5.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-10739.html", + "http://linux.oracle.com/errata/ELSA-2019-3513.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html", + "http://www.securityfocus.com/bid/106672", + "https://access.redhat.com/errata/RHSA-2019:2118", + "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20018" + ], + "PublishedDate": "2019-01-21T19:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12132", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12132", + "Title": "glibc: Fragmentation attacks possible when EDNS0 is enabled", + "Description": "The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", + "V3Score": 3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2017-12132.html", + "http://linux.oracle.com/errata/ELSA-2018-0805.html", + "http://www.securityfocus.com/bid/100598", + "https://access.redhat.com/errata/RHSA-2018:0805", + "https://arxiv.org/pdf/1205.4011.pdf", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12132", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21361" + ], + "PublishedDate": "2017-08-01T16:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2010-4051", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4051", + "Title": "CVE-2010-4052 glibc: De-recursivise regular expression engine", + "Description": "The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a \"RE_DUP_MAX overflow.\"", + "Severity": "LOW", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + } + }, + "References": [ + "http://cxib.net/stuff/proftpd.gnu.c", + "http://seclists.org/fulldisclosure/2011/Jan/78", + "http://secunia.com/advisories/42547", + "http://securityreason.com/achievement_securityalert/93", + "http://securityreason.com/securityalert/8003", + "http://securitytracker.com/id?1024832", + "http://www.exploit-db.com/exploits/15935", + "http://www.kb.cert.org/vuls/id/912279", + "http://www.securityfocus.com/archive/1/515589/100/0/threaded", + "http://www.securityfocus.com/bid/45233", + "https://bugzilla.redhat.com/show_bug.cgi?id=645859" + ], + "PublishedDate": "2011-01-13T19:00:00Z", + "LastModifiedDate": "2018-10-10T20:06:00Z" + }, + { + "VulnerabilityID": "CVE-2010-4052", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4052", + "Title": "CVE-2010-4051 CVE-2010-4052 glibc: De-recursivise regular expression engine", + "Description": "Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + } + }, + "References": [ + "http://cxib.net/stuff/proftpd.gnu.c", + "http://seclists.org/fulldisclosure/2011/Jan/78", + "http://secunia.com/advisories/42547", + "http://securityreason.com/achievement_securityalert/93", + "http://securityreason.com/securityalert/8003", + "http://securitytracker.com/id?1024832", + "http://www.exploit-db.com/exploits/15935", + "http://www.kb.cert.org/vuls/id/912279", + "http://www.securityfocus.com/archive/1/515589/100/0/threaded", + "http://www.securityfocus.com/bid/45233", + "https://bugzilla.redhat.com/show_bug.cgi?id=645859" + ], + "PublishedDate": "2011-01-13T19:00:00Z", + "LastModifiedDate": "2018-10-10T20:06:00Z" + }, + { + "VulnerabilityID": "CVE-2010-4756", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4756", + "Title": "glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions", + "Description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "V2Score": 4 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + } + }, + "References": [ + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223" + ], + "PublishedDate": "2011-03-02T20:00:00Z", + "LastModifiedDate": "2011-03-04T05:00:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8985", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8985", + "Title": "glibc: potential denial of service in pop_fail_stack()", + "Description": "The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.", + "Severity": "LOW", + "CweIDs": [ + "CWE-19" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 1.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2017/02/14/9", + "http://www.securityfocus.com/bid/76916", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8985", + "https://security.gentoo.org/glsa/201908-06" + ], + "PublishedDate": "2017-03-20T16:59:00Z", + "LastModifiedDate": "2019-08-15T18:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10228", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228", + "Title": "glibc: iconv program can hang when invoked with the -c option", + "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2017/03/01/10", + "http://www.securityfocus.com/bid/96525", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228", + "https://sourceware.org/bugzilla/show_bug.cgi?id=19519" + ], + "PublishedDate": "2017-03-02T01:59:00Z", + "LastModifiedDate": "2017-03-04T02:59:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20796", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20796", + "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/107160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", + "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" + ], + "PublishedDate": "2019-02-26T02:29:00Z", + "LastModifiedDate": "2019-11-05T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1010022", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010022", + "Title": "glibc: stack guard protection bypass", + "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850" + ], + "PublishedDate": "2019-07-15T04:15:00Z", + "LastModifiedDate": "2019-07-18T15:44:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1010023", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010023", + "Title": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", + "Description": "GNU Libc current is affected by: Re-mapping current loaded libray with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code.", + "Severity": "LOW", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.securityfocus.com/bid/109167", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "https://support.f5.com/csp/article/K11932200?utm_source=f5support\u0026amp;utm_medium=RSS" + ], + "PublishedDate": "2019-07-15T04:15:00Z", + "LastModifiedDate": "2019-10-09T20:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1010024", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010024", + "Title": "glibc: ASLR bypass using cache of thread stack and heap", + "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/109162", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", + "https://support.f5.com/csp/article/K06046097" + ], + "PublishedDate": "2019-07-15T04:15:00Z", + "LastModifiedDate": "2019-09-20T07:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1010025", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010025", + "Title": "glibc: information disclosure of heap addresses of pthread_created thread", + "Description": "** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 2.9 + } + }, + "References": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=22853" + ], + "PublishedDate": "2019-07-15T04:15:00Z", + "LastModifiedDate": "2019-08-05T22:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19126", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19126", + "Title": "glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries", + "Description": "On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 2.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 2.9 + } + }, + "References": [ + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFJ5E7NWOL6ROE5QVICHKIOUGCPFJVUH/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=25204" + ], + "PublishedDate": "2019-11-19T22:15:00Z", + "LastModifiedDate": "2020-01-21T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-6488", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-6488", + "Title": "glibc: Incorrect attempt to use a 64-bit register for size_t in assembly codes results in segmentation fault", + "Description": "The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in __memmove_avx_unaligned_erms in sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S during a memcpy.", + "Severity": "LOW", + "CweIDs": [ + "CWE-404" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106671", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6488", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24097" + ], + "PublishedDate": "2019-01-18T19:29:00Z", + "LastModifiedDate": "2019-02-05T17:30:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7309", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7309", + "Title": "glibc: memcmp function incorrectly returns zero", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 2.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106835", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7309", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24155", + "https://sourceware.org/ml/libc-alpha/2019-02/msg00041.html", + "https://sourceware.org/ml/libc-alpha/2019-02/msg00063.html" + ], + "PublishedDate": "2019-02-03T02:29:00Z", + "LastModifiedDate": "2019-02-27T18:07:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9192", + "PkgName": "libc6", + "InstalledVersion": "2.24-11+deb9u4", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9192", + "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", + "Description": "** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 2.8 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" + ], + "PublishedDate": "2019-02-26T18:29:00Z", + "LastModifiedDate": "2019-11-05T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2013-0340", + "PkgName": "libexpat1", + "InstalledVersion": "2.2.0-2+deb9u2", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-0340", + "Title": "expat: internal entity expansion", + "Description": "expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.", + "Severity": "LOW", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2013/02/22/3", + "http://securitytracker.com/id?1028213", + "http://www.openwall.com/lists/oss-security/2013/04/12/6", + "http://www.osvdb.org/90634", + "http://www.securityfocus.com/bid/58233", + "https://security.gentoo.org/glsa/201701-21" + ], + "PublishedDate": "2014-01-21T18:55:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12886", + "PkgName": "libgcc1", + "InstalledVersion": "6.3.0-18+deb9u1", + "Layer": { + "DiffID": "sha256:6189abe095d53c1c9f2bfc8f50128ee876b9a5d10f9eda1564e5f5357d6ffe61" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12886", + "Title": "gcc: spilling of stack protection address in cfgexpand.c and function.c leads to stack-overflow protection bypass", + "Description": "stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "V3Score": 6.8 + } + }, + "References": [ + "https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=266379\u0026view=markup", + "https://www.gnu.org/software/gcc/gcc-8/changes.html" + ], + "PublishedDate": "2019-05-22T19:29:00Z", + "LastModifiedDate": "2019-05-23T13:50:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12886", + "PkgName": "libgomp1", + "InstalledVersion": "6.3.0-18+deb9u1", + "Layer": { + "DiffID": "sha256:6189abe095d53c1c9f2bfc8f50128ee876b9a5d10f9eda1564e5f5357d6ffe61" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12886", + "Title": "gcc: spilling of stack protection address in cfgexpand.c and function.c leads to stack-overflow protection bypass", + "Description": "stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "V3Score": 6.8 + } + }, + "References": [ + "https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=266379\u0026view=markup", + "https://www.gnu.org/software/gcc/gcc-8/changes.html" + ], + "PublishedDate": "2019-05-22T19:29:00Z", + "LastModifiedDate": "2019-05-23T13:50:00Z" + }, + { + "VulnerabilityID": "CVE-2018-19211", + "PkgName": "libncursesw5", + "InstalledVersion": "6.0+20161126-1+deb9u2", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19211", + "Title": "ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c", + "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1643754", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19211" + ], + "PublishedDate": "2018-11-12T19:29:00Z", + "LastModifiedDate": "2019-04-23T13:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17594", + "PkgName": "libncursesw5", + "InstalledVersion": "6.0+20161126-1+deb9u2", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", + "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-26T15:35:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17595", + "PkgName": "libncursesw5", + "InstalledVersion": "6.0+20161126-1+deb9u2", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", + "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V2Score": 5.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 5.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-23T19:26:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9636", + "PkgName": "libpython2.7-minimal", + "InstalledVersion": "2.7.13-2+deb9u3", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9636", + "Title": "python: Information Disclosure due to urlsplit improper NFKC normalization", + "Description": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-255" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9636.html", + "http://linux.oracle.com/errata/ELSA-2019-1467.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", + "http://www.securityfocus.com/bid/107400", + "https://access.redhat.com/errata/RHBA-2019:0959", + "https://access.redhat.com/errata/RHSA-2019:0710", + "https://access.redhat.com/errata/RHSA-2019:0765", + "https://access.redhat.com/errata/RHSA-2019:0806", + "https://access.redhat.com/errata/RHSA-2019:0902", + "https://access.redhat.com/errata/RHSA-2019:0981", + "https://access.redhat.com/errata/RHSA-2019:0997", + "https://access.redhat.com/errata/RHSA-2019:1467", + "https://bugs.python.org/issue36216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636", + "https://github.com/python/cpython/pull/12201", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/", + "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html", + "https://security.netapp.com/advisory/ntap-20190517-0001/", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-03-08T21:29:00Z", + "LastModifiedDate": "2019-06-13T16:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9948", + "PkgName": "libpython2.7-minimal", + "InstalledVersion": "2.7.13-2+deb9u3", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9948", + "Title": "python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms", + "Description": "urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-254" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9948.html", + "http://linux.oracle.com/errata/ELSA-2019-3520.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", + "http://www.securityfocus.com/bid/107549", + "https://bugs.python.org/issue35907", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948", + "https://github.com/python/cpython/pull/11842", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", + "https://security.netapp.com/advisory/ntap-20190404-0004/", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-03-23T18:29:00Z", + "LastModifiedDate": "2019-06-19T02:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20852", + "PkgName": "libpython2.7-minimal", + "InstalledVersion": "2.7.13-2+deb9u3", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20852", + "Title": "python: Cookie domain check returns incorrect results", + "Description": "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-20852.html", + "http://linux.oracle.com/errata/ELSA-2019-4884.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00071.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00074.html", + "https://bugs.python.org/issue35121", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20852", + "https://lists.debian.org/debian-lts-announce/2019/08/msg00022.html", + "https://python-security.readthedocs.io/vuln/cookie-domain-check.html", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-07-13T21:15:00Z", + "LastModifiedDate": "2019-08-17T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-16056", + "PkgName": "libpython2.7-minimal", + "InstalledVersion": "2.7.13-2+deb9u3", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16056", + "Title": "python: email.utils.parseaddr wrongly parses email addresses", + "Description": "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + } + }, + "References": [ + "https://bugs.python.org/issue34155", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16056", + "https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00018.html", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00019.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K4KZEFP6E4YPYB52AF4WXCUDSGQOTF37/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/", + "https://usn.ubuntu.com/usn/usn-4151-1", + "https://usn.ubuntu.com/usn/usn-4151-2" + ], + "PublishedDate": "2019-09-06T18:15:00Z", + "LastModifiedDate": "2019-09-11T05:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-16935", + "PkgName": "libpython2.7-minimal", + "InstalledVersion": "2.7.13-2+deb9u3", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16935", + "Title": "python: XSS vulnerability in the documentation XML-RPC server in server_title field", + "Description": "The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://bugs.python.org/issue38243", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16935", + "https://github.com/python/cpython/blob/35c0809158be7feae4c4f877a08b93baea2d8291/Lib/xmlrpc/server.py#L897", + "https://github.com/python/cpython/blob/e007860b8b3609ce0bc62b1780efaa06241520bd/Lib/DocXMLRPCServer.py#L213", + "https://github.com/python/cpython/pull/16373", + "https://security.netapp.com/advisory/ntap-20191017-0004/", + "https://usn.ubuntu.com/4151-1/", + "https://usn.ubuntu.com/4151-2/", + "https://usn.ubuntu.com/usn/usn-4151-1", + "https://usn.ubuntu.com/usn/usn-4151-2" + ], + "PublishedDate": "2019-09-28T02:15:00Z", + "LastModifiedDate": "2019-10-09T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5010", + "PkgName": "libpython2.7-minimal", + "InstalledVersion": "2.7.13-2+deb9u3", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5010", + "Title": "python: NULL pointer dereference using a specially crafted X509 certificate", + "Description": "An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-5010.html", + "http://linux.oracle.com/errata/ELSA-2019-3520.html", + "https://access.redhat.com/errata/RHSA-2019:3520", + "https://access.redhat.com/errata/RHSA-2019:3725", + "https://blog.talosintelligence.com/2019/01/vulnerability-spotlight-pythonorg.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010", + "https://github.com/python/cpython/pull/11569", + "https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0758", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-10-31T21:15:00Z", + "LastModifiedDate": "2019-11-06T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9740", + "PkgName": "libpython2.7-minimal", + "InstalledVersion": "2.7.13-2+deb9u3", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9740", + "Title": "python: CRLF injection via the query part of the url passed to urlopen()", + "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-93" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V2Score": 4.3, + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9740.html", + "http://linux.oracle.com/errata/ELSA-2019-3520.html", + "http://www.securityfocus.com/bid/107466", + "https://access.redhat.com/errata/RHSA-2019:1260", + "https://bugs.python.org/issue36276", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", + "https://python-security.readthedocs.io/vuln/http-header-injection2.html", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-03-13T03:29:00Z", + "LastModifiedDate": "2019-05-28T18:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9947", + "PkgName": "libpython2.7-minimal", + "InstalledVersion": "2.7.13-2+deb9u3", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9947", + "Title": "python: CRLF injection via the path part of the url passed to urlopen()", + "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-93" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V2Score": 4.3, + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9947.html", + "http://linux.oracle.com/errata/ELSA-2019-3520.html", + "https://access.redhat.com/errata/RHSA-2019:1260", + "https://bugs.python.org/issue35906", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9947", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", + "https://python-security.readthedocs.io/vuln/http-header-injection2.html", + "https://security.netapp.com/advisory/ntap-20190404-0004/", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-03-23T18:29:00Z", + "LastModifiedDate": "2019-05-28T19:29:00Z" + }, + { + "VulnerabilityID": "CVE-2020-8492", + "PkgName": "libpython2.7-minimal", + "InstalledVersion": "2.7.13-2+deb9u3", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-8492", + "Description": "Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + } + }, + "References": [ + "https://bugs.python.org/issue39503", + "https://github.com/python/cpython/pull/18284", + "https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html", + "https://security.netapp.com/advisory/ntap-20200221-0001/" + ], + "PublishedDate": "2020-01-30T19:15:00Z", + "LastModifiedDate": "2020-02-24T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2013-7040", + "PkgName": "libpython2.7-minimal", + "InstalledVersion": "2.7.13-2+deb9u3", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-7040", + "Title": "python: hash secret can be recovered remotely", + "Description": "Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.", + "Severity": "LOW", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + } + }, + "References": [ + "http://bugs.python.org/issue14621", + "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", + "http://www.openwall.com/lists/oss-security/2013/12/09/13", + "http://www.openwall.com/lists/oss-security/2013/12/09/3", + "http://www.securityfocus.com/bid/64194", + "https://support.apple.com/kb/HT205031" + ], + "PublishedDate": "2014-05-19T14:55:00Z", + "LastModifiedDate": "2019-10-25T11:53:00Z" + }, + { + "VulnerabilityID": "CVE-2017-17522", + "PkgName": "libpython2.7-minimal", + "InstalledVersion": "2.7.13-2+deb9u3", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17522", + "Title": "python: Command injection in Lib/webbrowser.py", + "Description": "** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is impossible because the code relies on subprocess.Popen and the default shell=False setting.", + "Severity": "LOW", + "CweIDs": [ + "CWE-74" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/102207", + "https://bugs.python.org/issue32367", + "https://security-tracker.debian.org/tracker/CVE-2017-17522" + ], + "PublishedDate": "2017-12-14T16:29:00Z", + "LastModifiedDate": "2017-12-28T19:13:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1000030", + "PkgName": "libpython2.7-minimal", + "InstalledVersion": "2.7.13-2+deb9u3", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000030", + "Title": "python: Heap-Buffer-Overflow and Heap-Use-After-Free in Objects/fileobject.c", + "Description": "Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3-\u003eMalloc-\u003eThread1-\u003eFree's-\u003eThread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119", + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 3.6 + } + }, + "References": [ + "https://bugs.python.org/issue31530", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000030", + "https://drive.google.com/file/d/1oyR9DAZjZK_SCn3mor6NRAYLJS6ueXaY/view", + "https://security.gentoo.org/glsa/201811-02", + "https://usn.ubuntu.com/3817-1/", + "https://usn.ubuntu.com/3817-2/", + "https://usn.ubuntu.com/usn/usn-3817-1", + "https://usn.ubuntu.com/usn/usn-3817-2", + "https://www.dropbox.com/sh/sj3ee7xv55j36k7/AADwP-YfOYikBMuy32e0uvPFa?dl=0" + ], + "PublishedDate": "2018-02-08T17:29:00Z", + "LastModifiedDate": "2019-10-09T23:32:00Z" + }, + { + "VulnerabilityID": "CVE-2019-18348", + "PkgName": "libpython2.7-minimal", + "InstalledVersion": "2.7.13-2+deb9u3", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18348", + "Title": "python: CRLF injection via the host part of the url passed to urlopen()", + "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.)", + "Severity": "LOW", + "CweIDs": [ + "CWE-74" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://bugs.python.org/issue30458#msg347282", + "https://bugzilla.redhat.com/show_bug.cgi?id=1727276", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18348", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/", + "https://security.netapp.com/advisory/ntap-20191107-0004/" + ], + "PublishedDate": "2019-10-23T17:15:00Z", + "LastModifiedDate": "2019-11-07T10:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9674", + "PkgName": "libpython2.7-minimal", + "InstalledVersion": "2.7.13-2+deb9u3", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9674", + "Title": "python: Nested zip file (Zip bomb) vulnerability in Lib/zipfile.py", + "Description": "Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.", + "Severity": "LOW", + "CweIDs": [ + "CWE-400" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://bugs.python.org/issue36260", + "https://bugs.python.org/issue36462", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9674", + "https://github.com/python/cpython/blob/master/Lib/zipfile.py", + "https://github.com/python/cpython/commit/3ba51d587f6897a45301ce9126300c14fcd4eba2", + "https://python-security.readthedocs.io/security.html#archives-and-zip-bomb", + "https://security.netapp.com/advisory/ntap-20200221-0003/", + "https://www.python.org/news/security/" + ], + "PublishedDate": "2020-02-04T15:15:00Z", + "LastModifiedDate": "2020-02-24T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20346", + "PkgName": "libsqlite3-0", + "InstalledVersion": "3.27.2-3~bpo9+1", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20346", + "Title": "CVE-2018-20505 CVE-2018-20506 sqlite: Multiple flaws in sqlite which can be triggered via corrupted internal databases (Magellan)", + "Description": "SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html", + "http://www.securityfocus.com/bid/106323", + "https://access.redhat.com/articles/3758321", + "https://blade.tencent.com/magellan/index_en.html", + "https://bugzilla.redhat.com/show_bug.cgi?id=1659379", + "https://bugzilla.redhat.com/show_bug.cgi?id=1659677", + "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", + "https://chromium.googlesource.com/chromium/src/+/c368e30ae55600a1c3c9cb1710a54f9c55de786e", + "https://crbug.com/900910", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20346", + "https://github.com/zhuowei/worthdoingbadly.com/blob/master/_posts/2018-12-14-sqlitebug.html", + "https://lists.debian.org/debian-lts-announce/2018/12/msg00012.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/", + "https://news.ycombinator.com/item?id=18685296", + "https://security.gentoo.org/glsa/201904-21", + "https://sqlite.org/src/info/940f2adc8541a838", + "https://sqlite.org/src/info/d44318f59044162e", + "https://support.apple.com/HT209443", + "https://support.apple.com/HT209446", + "https://support.apple.com/HT209447", + "https://support.apple.com/HT209448", + "https://support.apple.com/HT209450", + "https://support.apple.com/HT209451", + "https://usn.ubuntu.com/4019-1/", + "https://usn.ubuntu.com/4019-2/", + "https://usn.ubuntu.com/usn/usn-4019-1", + "https://usn.ubuntu.com/usn/usn-4019-2", + "https://worthdoingbadly.com/sqlitebug/", + "https://www.freebsd.org/security/advisories/FreeBSD-EN-19:03.sqlite.asc", + "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg113218.html", + "https://www.sqlite.org/releaselog/3_25_3.html", + "https://www.synology.com/security/advisory/Synology_SA_18_61" + ], + "PublishedDate": "2018-12-21T21:29:00Z", + "LastModifiedDate": "2019-12-19T20:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20505", + "PkgName": "libsqlite3-0", + "InstalledVersion": "3.27.2-3~bpo9+1", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20505", + "Title": "CVE-2018-20346 CVE-2018-20505 CVE-2018-20506 sqlite: Multiple flaws in sqlite which can be triggered via corrupted internal databases (Magellan)", + "Description": "SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-89" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2019/Jan/62", + "http://seclists.org/fulldisclosure/2019/Jan/64", + "http://seclists.org/fulldisclosure/2019/Jan/66", + "http://seclists.org/fulldisclosure/2019/Jan/67", + "http://seclists.org/fulldisclosure/2019/Jan/68", + "http://seclists.org/fulldisclosure/2019/Jan/69", + "http://www.securityfocus.com/bid/106698", + "https://access.redhat.com/articles/3758321", + "https://blade.tencent.com/magellan/index_en.html", + "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20505", + "https://seclists.org/bugtraq/2019/Jan/28", + "https://seclists.org/bugtraq/2019/Jan/29", + "https://seclists.org/bugtraq/2019/Jan/31", + "https://seclists.org/bugtraq/2019/Jan/32", + "https://seclists.org/bugtraq/2019/Jan/33", + "https://seclists.org/bugtraq/2019/Jan/39", + "https://security.netapp.com/advisory/ntap-20190502-0004/", + "https://sqlite.org/src/info/1a84668dcfdebaf12415d", + "https://support.apple.com/kb/HT209443", + "https://support.apple.com/kb/HT209446", + "https://support.apple.com/kb/HT209447", + "https://support.apple.com/kb/HT209448", + "https://support.apple.com/kb/HT209450", + "https://support.apple.com/kb/HT209451", + "https://usn.ubuntu.com/4019-1/", + "https://usn.ubuntu.com/usn/usn-4019-1" + ], + "PublishedDate": "2019-04-03T18:29:00Z", + "LastModifiedDate": "2019-06-19T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20506", + "PkgName": "libsqlite3-0", + "InstalledVersion": "3.27.2-3~bpo9+1", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20506", + "Title": "CVE-2018-20346 CVE-2018-20505 CVE-2018-20506 sqlite: Multiple flaws in sqlite which can be triggered via corrupted internal databases (Magellan)", + "Description": "SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a \"merge\" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html", + "http://seclists.org/fulldisclosure/2019/Jan/62", + "http://seclists.org/fulldisclosure/2019/Jan/64", + "http://seclists.org/fulldisclosure/2019/Jan/66", + "http://seclists.org/fulldisclosure/2019/Jan/67", + "http://seclists.org/fulldisclosure/2019/Jan/68", + "http://seclists.org/fulldisclosure/2019/Jan/69", + "http://www.securityfocus.com/bid/106698", + "https://access.redhat.com/articles/3758321", + "https://blade.tencent.com/magellan/index_en.html", + "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20506", + "https://seclists.org/bugtraq/2019/Jan/28", + "https://seclists.org/bugtraq/2019/Jan/29", + "https://seclists.org/bugtraq/2019/Jan/31", + "https://seclists.org/bugtraq/2019/Jan/32", + "https://seclists.org/bugtraq/2019/Jan/33", + "https://seclists.org/bugtraq/2019/Jan/39", + "https://security.netapp.com/advisory/ntap-20190502-0004/", + "https://sqlite.org/src/info/940f2adc8541a838", + "https://support.apple.com/kb/HT209443", + "https://support.apple.com/kb/HT209446", + "https://support.apple.com/kb/HT209447", + "https://support.apple.com/kb/HT209448", + "https://support.apple.com/kb/HT209450", + "https://support.apple.com/kb/HT209451", + "https://usn.ubuntu.com/4019-1/", + "https://usn.ubuntu.com/4019-2/", + "https://usn.ubuntu.com/usn/usn-4019-1", + "https://usn.ubuntu.com/usn/usn-4019-2" + ], + "PublishedDate": "2019-04-03T18:29:00Z", + "LastModifiedDate": "2019-06-19T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-8740", + "PkgName": "libsqlite3-0", + "InstalledVersion": "3.27.2-3~bpo9+1", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-8740", + "Title": "sqlite: NULL pointer dereference with databases with schema corrupted with CREATE TABLE AS allows for denial of service", + "Description": "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html", + "http://www.securityfocus.com/bid/103466", + "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964", + "https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8740", + "https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html", + "https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema", + "https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d\u0026to=d75e67654aa9620b" + ], + "PublishedDate": "2018-03-17T00:29:00Z", + "LastModifiedDate": "2019-05-22T03:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5827", + "PkgName": "libsqlite3-0", + "InstalledVersion": "3.27.2-3~bpo9+1", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5827", + "Title": "chromium-browser: out-of-bounds access in SQLite", + "Description": "Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html", + "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html", + "https://crbug.com/952406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5827", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/", + "https://usn.ubuntu.com/usn/usn-4205-1" + ], + "PublishedDate": "2019-06-27T17:15:00Z", + "LastModifiedDate": "2019-07-25T04:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-8457", + "PkgName": "libsqlite3-0", + "InstalledVersion": "3.27.2-3~bpo9+1", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-8457", + "Title": "sqlite: heap out-of-bound read in function rtreenode()", + "Description": "SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00074.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8457", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPKYSWCOM3CL66RI76TYVIG6TJ263RXH/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJPFGA45DI4F5MCF2OAACGH3HQOF4G3M/", + "https://security.netapp.com/advisory/ntap-20190606-0002/", + "https://usn.ubuntu.com/4004-1/", + "https://usn.ubuntu.com/4004-2/", + "https://usn.ubuntu.com/4019-1/", + "https://usn.ubuntu.com/4019-2/", + "https://usn.ubuntu.com/usn/usn-4004-1", + "https://usn.ubuntu.com/usn/usn-4004-2", + "https://usn.ubuntu.com/usn/usn-4019-1", + "https://usn.ubuntu.com/usn/usn-4019-2", + "https://www.oracle.com/security-alerts/cpujan2020.html", + "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "https://www.sqlite.org/releaselog/3_28_0.html", + "https://www.sqlite.org/src/info/90acdbfce9c08858" + ], + "PublishedDate": "2019-05-30T16:29:00Z", + "LastModifiedDate": "2020-01-15T20:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-16168", + "PkgName": "libsqlite3-0", + "InstalledVersion": "3.27.2-3~bpo9+1", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16168", + "Title": "sqlite: division by zero in whereLoopAddBtreeIndex in sqlite3.c", + "Description": "In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a \"severe division by zero in the query planner.\"", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-369" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00032.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00033.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16168", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XZARJHJJDBHI7CE5PZEBXS5HKK6HXKW2/", + "https://security.netapp.com/advisory/ntap-20190926-0003/", + "https://security.netapp.com/advisory/ntap-20200122-0003/", + "https://usn.ubuntu.com/4205-1/", + "https://usn.ubuntu.com/usn/usn-4205-1", + "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg116312.html", + "https://www.oracle.com/security-alerts/cpujan2020.html", + "https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62", + "https://www.sqlite.org/src/timeline?c=98357d8c1263920b" + ], + "PublishedDate": "2019-09-09T17:15:00Z", + "LastModifiedDate": "2020-01-15T20:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19603", + "PkgName": "libsqlite3-0", + "InstalledVersion": "3.27.2-3~bpo9+1", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19603", + "Title": "sqlite: mishandles certain SELECT statements with a nonexistent VIEW, leading to DoS", + "Description": "SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19603", + "https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13", + "https://security.netapp.com/advisory/ntap-20191223-0001/", + "https://www.sqlite.org/" + ], + "PublishedDate": "2019-12-09T19:15:00Z", + "LastModifiedDate": "2020-02-03T14:22:00Z" + }, + { + "VulnerabilityID": "CVE-2019-20218", + "PkgName": "libsqlite3-0", + "InstalledVersion": "3.27.2-3~bpo9+1", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20218", + "Title": "sqlite: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error", + "Description": "selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-755" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20218", + "https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387" + ], + "PublishedDate": "2020-01-02T14:16:00Z", + "LastModifiedDate": "2020-01-16T20:35:00Z" + }, + { + "VulnerabilityID": "CVE-2020-9327", + "PkgName": "libsqlite3-0", + "InstalledVersion": "3.27.2-3~bpo9+1", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-9327", + "Description": "In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + } + }, + "References": [ + "https://www.sqlite.org/cgi/src/info/4374860b29383380", + "https://www.sqlite.org/cgi/src/info/9d0d4ab95dc0c56e", + "https://www.sqlite.org/cgi/src/info/abc473fb8fb99900" + ], + "PublishedDate": "2020-02-21T22:15:00Z", + "LastModifiedDate": "2020-02-25T17:48:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13685", + "PkgName": "libsqlite3-0", + "InstalledVersion": "3.27.2-3~bpo9+1", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13685", + "Title": "sqlite: Local DoS via dump_callback function", + "Description": "The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html", + "http://www.securityfocus.com/bid/100521", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13685", + "https://usn.ubuntu.com/usn/usn-4019-1", + "https://usn.ubuntu.com/usn/usn-4019-2" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2017-08-31T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19645", + "PkgName": "libsqlite3-0", + "InstalledVersion": "3.27.2-3~bpo9+1", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19645", + "Title": "sqlite: infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements", + "Description": "alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19645", + "https://github.com/sqlite/sqlite/commit/38096961c7cd109110ac21d3ed7dad7e0cb0ae06", + "https://security.netapp.com/advisory/ntap-20191223-0001/" + ], + "PublishedDate": "2019-12-09T16:15:00Z", + "LastModifiedDate": "2019-12-23T05:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9936", + "PkgName": "libsqlite3-0", + "InstalledVersion": "3.27.2-3~bpo9+1", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9936", + "Title": "sqlite: heap-based buffer over-read in function fts5HashEntrySort in sqlite3.c", + "Description": "In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00026.html", + "http://www.securityfocus.com/bid/107562", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9936", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXD2GYJVTDGEQPUNMMMC5TB7MQXOBBMO/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N66U5PY5UJU4XBFZJH7QNKIDNAVIB4OP/", + "https://security.netapp.com/advisory/ntap-20190416-0005/", + "https://sqlite.org/src/info/b3fa58dd7403dbd4", + "https://usn.ubuntu.com/usn/usn-4019-1", + "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114382.html", + "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114394.html" + ], + "PublishedDate": "2019-03-22T08:29:00Z", + "LastModifiedDate": "2019-06-04T04:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9937", + "PkgName": "libsqlite3-0", + "InstalledVersion": "3.27.2-3~bpo9+1", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9937", + "Title": "sqlite: null-pointer dereference in function fts5ChunkIterate in sqlite3.c", + "Description": "In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00026.html", + "http://www.securityfocus.com/bid/107562", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9937", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXD2GYJVTDGEQPUNMMMC5TB7MQXOBBMO/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N66U5PY5UJU4XBFZJH7QNKIDNAVIB4OP/", + "https://security.netapp.com/advisory/ntap-20190416-0005/", + "https://sqlite.org/src/info/45c73deb440496e8", + "https://usn.ubuntu.com/usn/usn-4019-1", + "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114383.html", + "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114393.html" + ], + "PublishedDate": "2019-03-22T08:29:00Z", + "LastModifiedDate": "2019-06-04T04:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1563", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.0k-1~deb9u1", + "FixedVersion": "1.1.0l-1~deb9u1", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", + "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey", + "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-311" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", + "https://seclists.org/bugtraq/2019/Sep/25", + "https://security.netapp.com/advisory/ntap-20190919-0002/", + "https://www.openssl.org/news/secadv/20190910.txt" + ], + "PublishedDate": "2019-09-10T17:15:00Z", + "LastModifiedDate": "2019-09-12T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2007-6755", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.0k-1~deb9u1", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2007-6755", + "Title": "Dual_EC_DRBG: weak pseudo random number generator", + "Description": "The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain \"skeleton key\" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.", + "Severity": "LOW", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", + "V2Score": 5.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", + "V2Score": 5.8 + } + }, + "References": [ + "http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/", + "http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html", + "http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html", + "http://rump2007.cr.yp.to/15-shumow.pdf", + "http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/", + "http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect", + "http://www.securityfocus.com/bid/63657", + "https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html" + ], + "PublishedDate": "2013-10-11T22:55:00Z", + "LastModifiedDate": "2016-11-28T19:07:00Z" + }, + { + "VulnerabilityID": "CVE-2010-0928", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.0k-1~deb9u1", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-0928", + "Title": "openssl: RSA authentication weakness", + "Description": "OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a \"fault-based attack.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:N/A:N", + "V2Score": 4 + } + }, + "References": [ + "http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection/", + "http://www.eecs.umich.edu/%7Evaleria/research/publications/DATE10RSA.pdf", + "http://www.networkworld.com/news/2010/030410-rsa-security-attack.html", + "http://www.osvdb.org/62808", + "http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/56750" + ], + "PublishedDate": "2010-03-05T19:30:00Z", + "LastModifiedDate": "2017-08-17T01:32:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1551", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.0k-1~deb9u1", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", + "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64", + "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98", + "https://github.com/openssl/openssl/pull/10575", + "https://seclists.org/bugtraq/2019/Dec/39", + "https://seclists.org/bugtraq/2019/Dec/46", + "https://security.netapp.com/advisory/ntap-20191210-0001/", + "https://www.debian.org/security/2019/dsa-4594", + "https://www.openssl.org/news/secadv/20191206.txt", + "https://www.tenable.com/security/tns-2019-09" + ], + "PublishedDate": "2019-12-06T18:15:00Z", + "LastModifiedDate": "2019-12-25T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12886", + "PkgName": "libstdc++6", + "InstalledVersion": "6.3.0-18+deb9u1", + "Layer": { + "DiffID": "sha256:6189abe095d53c1c9f2bfc8f50128ee876b9a5d10f9eda1564e5f5357d6ffe61" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12886", + "Title": "gcc: spilling of stack protection address in cfgexpand.c and function.c leads to stack-overflow protection bypass", + "Description": "stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "V3Score": 6.8 + } + }, + "References": [ + "https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=266379\u0026view=markup", + "https://www.gnu.org/software/gcc/gcc-8/changes.html" + ], + "PublishedDate": "2019-05-22T19:29:00Z", + "LastModifiedDate": "2019-05-23T13:50:00Z" + }, + { + "VulnerabilityID": "CVE-2018-19211", + "PkgName": "libtinfo5", + "InstalledVersion": "6.0+20161126-1+deb9u2", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19211", + "Title": "ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c", + "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1643754", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19211" + ], + "PublishedDate": "2018-11-12T19:29:00Z", + "LastModifiedDate": "2019-04-23T13:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17594", + "PkgName": "libtinfo5", + "InstalledVersion": "6.0+20161126-1+deb9u2", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", + "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-26T15:35:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17595", + "PkgName": "libtinfo5", + "InstalledVersion": "6.0+20161126-1+deb9u2", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", + "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V2Score": 5.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 5.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-23T19:26:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1563", + "PkgName": "openssl", + "InstalledVersion": "1.1.0k-1~deb9u1", + "FixedVersion": "1.1.0l-1~deb9u1", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", + "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey", + "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-311" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", + "https://seclists.org/bugtraq/2019/Sep/25", + "https://security.netapp.com/advisory/ntap-20190919-0002/", + "https://www.openssl.org/news/secadv/20190910.txt" + ], + "PublishedDate": "2019-09-10T17:15:00Z", + "LastModifiedDate": "2019-09-12T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2007-6755", + "PkgName": "openssl", + "InstalledVersion": "1.1.0k-1~deb9u1", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2007-6755", + "Title": "Dual_EC_DRBG: weak pseudo random number generator", + "Description": "The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain \"skeleton key\" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.", + "Severity": "LOW", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", + "V2Score": 5.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", + "V2Score": 5.8 + } + }, + "References": [ + "http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/", + "http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html", + "http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html", + "http://rump2007.cr.yp.to/15-shumow.pdf", + "http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/", + "http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect", + "http://www.securityfocus.com/bid/63657", + "https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html" + ], + "PublishedDate": "2013-10-11T22:55:00Z", + "LastModifiedDate": "2016-11-28T19:07:00Z" + }, + { + "VulnerabilityID": "CVE-2010-0928", + "PkgName": "openssl", + "InstalledVersion": "1.1.0k-1~deb9u1", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-0928", + "Title": "openssl: RSA authentication weakness", + "Description": "OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a \"fault-based attack.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:N/A:N", + "V2Score": 4 + } + }, + "References": [ + "http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection/", + "http://www.eecs.umich.edu/%7Evaleria/research/publications/DATE10RSA.pdf", + "http://www.networkworld.com/news/2010/030410-rsa-security-attack.html", + "http://www.osvdb.org/62808", + "http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/56750" + ], + "PublishedDate": "2010-03-05T19:30:00Z", + "LastModifiedDate": "2017-08-17T01:32:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1551", + "PkgName": "openssl", + "InstalledVersion": "1.1.0k-1~deb9u1", + "Layer": { + "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", + "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64", + "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98", + "https://github.com/openssl/openssl/pull/10575", + "https://seclists.org/bugtraq/2019/Dec/39", + "https://seclists.org/bugtraq/2019/Dec/46", + "https://security.netapp.com/advisory/ntap-20191210-0001/", + "https://www.debian.org/security/2019/dsa-4594", + "https://www.openssl.org/news/secadv/20191206.txt", + "https://www.tenable.com/security/tns-2019-09" + ], + "PublishedDate": "2019-12-06T18:15:00Z", + "LastModifiedDate": "2019-12-25T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9636", + "PkgName": "python2.7-minimal", + "InstalledVersion": "2.7.13-2+deb9u3", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9636", + "Title": "python: Information Disclosure due to urlsplit improper NFKC normalization", + "Description": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-255" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9636.html", + "http://linux.oracle.com/errata/ELSA-2019-1467.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", + "http://www.securityfocus.com/bid/107400", + "https://access.redhat.com/errata/RHBA-2019:0959", + "https://access.redhat.com/errata/RHSA-2019:0710", + "https://access.redhat.com/errata/RHSA-2019:0765", + "https://access.redhat.com/errata/RHSA-2019:0806", + "https://access.redhat.com/errata/RHSA-2019:0902", + "https://access.redhat.com/errata/RHSA-2019:0981", + "https://access.redhat.com/errata/RHSA-2019:0997", + "https://access.redhat.com/errata/RHSA-2019:1467", + "https://bugs.python.org/issue36216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636", + "https://github.com/python/cpython/pull/12201", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/", + "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html", + "https://security.netapp.com/advisory/ntap-20190517-0001/", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-03-08T21:29:00Z", + "LastModifiedDate": "2019-06-13T16:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9948", + "PkgName": "python2.7-minimal", + "InstalledVersion": "2.7.13-2+deb9u3", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9948", + "Title": "python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms", + "Description": "urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-254" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9948.html", + "http://linux.oracle.com/errata/ELSA-2019-3520.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", + "http://www.securityfocus.com/bid/107549", + "https://bugs.python.org/issue35907", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948", + "https://github.com/python/cpython/pull/11842", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", + "https://security.netapp.com/advisory/ntap-20190404-0004/", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-03-23T18:29:00Z", + "LastModifiedDate": "2019-06-19T02:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20852", + "PkgName": "python2.7-minimal", + "InstalledVersion": "2.7.13-2+deb9u3", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20852", + "Title": "python: Cookie domain check returns incorrect results", + "Description": "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-20852.html", + "http://linux.oracle.com/errata/ELSA-2019-4884.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00071.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00074.html", + "https://bugs.python.org/issue35121", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20852", + "https://lists.debian.org/debian-lts-announce/2019/08/msg00022.html", + "https://python-security.readthedocs.io/vuln/cookie-domain-check.html", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-07-13T21:15:00Z", + "LastModifiedDate": "2019-08-17T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-16056", + "PkgName": "python2.7-minimal", + "InstalledVersion": "2.7.13-2+deb9u3", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16056", + "Title": "python: email.utils.parseaddr wrongly parses email addresses", + "Description": "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + } + }, + "References": [ + "https://bugs.python.org/issue34155", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16056", + "https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00018.html", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00019.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K4KZEFP6E4YPYB52AF4WXCUDSGQOTF37/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/", + "https://usn.ubuntu.com/usn/usn-4151-1", + "https://usn.ubuntu.com/usn/usn-4151-2" + ], + "PublishedDate": "2019-09-06T18:15:00Z", + "LastModifiedDate": "2019-09-11T05:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-16935", + "PkgName": "python2.7-minimal", + "InstalledVersion": "2.7.13-2+deb9u3", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16935", + "Title": "python: XSS vulnerability in the documentation XML-RPC server in server_title field", + "Description": "The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://bugs.python.org/issue38243", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16935", + "https://github.com/python/cpython/blob/35c0809158be7feae4c4f877a08b93baea2d8291/Lib/xmlrpc/server.py#L897", + "https://github.com/python/cpython/blob/e007860b8b3609ce0bc62b1780efaa06241520bd/Lib/DocXMLRPCServer.py#L213", + "https://github.com/python/cpython/pull/16373", + "https://security.netapp.com/advisory/ntap-20191017-0004/", + "https://usn.ubuntu.com/4151-1/", + "https://usn.ubuntu.com/4151-2/", + "https://usn.ubuntu.com/usn/usn-4151-1", + "https://usn.ubuntu.com/usn/usn-4151-2" + ], + "PublishedDate": "2019-09-28T02:15:00Z", + "LastModifiedDate": "2019-10-09T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5010", + "PkgName": "python2.7-minimal", + "InstalledVersion": "2.7.13-2+deb9u3", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5010", + "Title": "python: NULL pointer dereference using a specially crafted X509 certificate", + "Description": "An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-5010.html", + "http://linux.oracle.com/errata/ELSA-2019-3520.html", + "https://access.redhat.com/errata/RHSA-2019:3520", + "https://access.redhat.com/errata/RHSA-2019:3725", + "https://blog.talosintelligence.com/2019/01/vulnerability-spotlight-pythonorg.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010", + "https://github.com/python/cpython/pull/11569", + "https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0758", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-10-31T21:15:00Z", + "LastModifiedDate": "2019-11-06T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9740", + "PkgName": "python2.7-minimal", + "InstalledVersion": "2.7.13-2+deb9u3", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9740", + "Title": "python: CRLF injection via the query part of the url passed to urlopen()", + "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-93" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V2Score": 4.3, + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9740.html", + "http://linux.oracle.com/errata/ELSA-2019-3520.html", + "http://www.securityfocus.com/bid/107466", + "https://access.redhat.com/errata/RHSA-2019:1260", + "https://bugs.python.org/issue36276", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", + "https://python-security.readthedocs.io/vuln/http-header-injection2.html", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-03-13T03:29:00Z", + "LastModifiedDate": "2019-05-28T18:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9947", + "PkgName": "python2.7-minimal", + "InstalledVersion": "2.7.13-2+deb9u3", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9947", + "Title": "python: CRLF injection via the path part of the url passed to urlopen()", + "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-93" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V2Score": 4.3, + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9947.html", + "http://linux.oracle.com/errata/ELSA-2019-3520.html", + "https://access.redhat.com/errata/RHSA-2019:1260", + "https://bugs.python.org/issue35906", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9947", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", + "https://python-security.readthedocs.io/vuln/http-header-injection2.html", + "https://security.netapp.com/advisory/ntap-20190404-0004/", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-03-23T18:29:00Z", + "LastModifiedDate": "2019-05-28T19:29:00Z" + }, + { + "VulnerabilityID": "CVE-2020-8492", + "PkgName": "python2.7-minimal", + "InstalledVersion": "2.7.13-2+deb9u3", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-8492", + "Description": "Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + } + }, + "References": [ + "https://bugs.python.org/issue39503", + "https://github.com/python/cpython/pull/18284", + "https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html", + "https://security.netapp.com/advisory/ntap-20200221-0001/" + ], + "PublishedDate": "2020-01-30T19:15:00Z", + "LastModifiedDate": "2020-02-24T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2013-7040", + "PkgName": "python2.7-minimal", + "InstalledVersion": "2.7.13-2+deb9u3", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-7040", + "Title": "python: hash secret can be recovered remotely", + "Description": "Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.", + "Severity": "LOW", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + } + }, + "References": [ + "http://bugs.python.org/issue14621", + "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", + "http://www.openwall.com/lists/oss-security/2013/12/09/13", + "http://www.openwall.com/lists/oss-security/2013/12/09/3", + "http://www.securityfocus.com/bid/64194", + "https://support.apple.com/kb/HT205031" + ], + "PublishedDate": "2014-05-19T14:55:00Z", + "LastModifiedDate": "2019-10-25T11:53:00Z" + }, + { + "VulnerabilityID": "CVE-2017-17522", + "PkgName": "python2.7-minimal", + "InstalledVersion": "2.7.13-2+deb9u3", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17522", + "Title": "python: Command injection in Lib/webbrowser.py", + "Description": "** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is impossible because the code relies on subprocess.Popen and the default shell=False setting.", + "Severity": "LOW", + "CweIDs": [ + "CWE-74" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/102207", + "https://bugs.python.org/issue32367", + "https://security-tracker.debian.org/tracker/CVE-2017-17522" + ], + "PublishedDate": "2017-12-14T16:29:00Z", + "LastModifiedDate": "2017-12-28T19:13:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1000030", + "PkgName": "python2.7-minimal", + "InstalledVersion": "2.7.13-2+deb9u3", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000030", + "Title": "python: Heap-Buffer-Overflow and Heap-Use-After-Free in Objects/fileobject.c", + "Description": "Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3-\u003eMalloc-\u003eThread1-\u003eFree's-\u003eThread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119", + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 3.6 + } + }, + "References": [ + "https://bugs.python.org/issue31530", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000030", + "https://drive.google.com/file/d/1oyR9DAZjZK_SCn3mor6NRAYLJS6ueXaY/view", + "https://security.gentoo.org/glsa/201811-02", + "https://usn.ubuntu.com/3817-1/", + "https://usn.ubuntu.com/3817-2/", + "https://usn.ubuntu.com/usn/usn-3817-1", + "https://usn.ubuntu.com/usn/usn-3817-2", + "https://www.dropbox.com/sh/sj3ee7xv55j36k7/AADwP-YfOYikBMuy32e0uvPFa?dl=0" + ], + "PublishedDate": "2018-02-08T17:29:00Z", + "LastModifiedDate": "2019-10-09T23:32:00Z" + }, + { + "VulnerabilityID": "CVE-2019-18348", + "PkgName": "python2.7-minimal", + "InstalledVersion": "2.7.13-2+deb9u3", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18348", + "Title": "python: CRLF injection via the host part of the url passed to urlopen()", + "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.)", + "Severity": "LOW", + "CweIDs": [ + "CWE-74" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://bugs.python.org/issue30458#msg347282", + "https://bugzilla.redhat.com/show_bug.cgi?id=1727276", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18348", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/", + "https://security.netapp.com/advisory/ntap-20191107-0004/" + ], + "PublishedDate": "2019-10-23T17:15:00Z", + "LastModifiedDate": "2019-11-07T10:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9674", + "PkgName": "python2.7-minimal", + "InstalledVersion": "2.7.13-2+deb9u3", + "Layer": { + "DiffID": "sha256:e92caab8efcf25a24bea5213ab7e54d4a5f5f08644836bb2d296070b1ae1044e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9674", + "Title": "python: Nested zip file (Zip bomb) vulnerability in Lib/zipfile.py", + "Description": "Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.", + "Severity": "LOW", + "CweIDs": [ + "CWE-400" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://bugs.python.org/issue36260", + "https://bugs.python.org/issue36462", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9674", + "https://github.com/python/cpython/blob/master/Lib/zipfile.py", + "https://github.com/python/cpython/commit/3ba51d587f6897a45301ce9126300c14fcd4eba2", + "https://python-security.readthedocs.io/security.html#archives-and-zip-bomb", + "https://security.netapp.com/advisory/ntap-20200221-0003/", + "https://www.python.org/news/security/" + ], + "PublishedDate": "2020-02-04T15:15:00Z", + "LastModifiedDate": "2020-02-24T17:15:00Z" + } + ] + } + ] +} \ No newline at end of file diff --git a/integration/testdata/dockerfile-custom-policies.json.golden b/integration/testdata/dockerfile-custom-policies.json.golden index 1d3bebc0e3..eae5ecfa63 100644 --- a/integration/testdata/dockerfile-custom-policies.json.golden +++ b/integration/testdata/dockerfile-custom-policies.json.golden @@ -1,40 +1,57 @@ -[ - { - "Target": "Dockerfile", - "Class": "config", - "Type": "dockerfile", - "MisconfSummary": { - "Successes": 0, - "Failures": 2, - "Exceptions": 0 - }, - "Misconfigurations": [ - { - "Type": "N/A", - "ID": "N/A", - "Title": "N/A", - "Message": "something bad: bar", - "Namespace": "user.bar", - "Query": "data.user.bar.deny", - "Severity": "UNKNOWN", - "Status": "FAIL", - "Layer": { - "DiffID": "sha256:8dc85f0b450296556c427e94db1d76a25fdce31334a4fcedac370f1aa59c86dc" - } +{ + "SchemaVersion": 2, + "ArtifactName": "testdata/fixtures/fs/custom-policy", + "ArtifactType": "filesystem", + "Metadata": { + "ImageConfig": { + "architecture": "", + "created": "0001-01-01T00:00:00Z", + "os": "", + "rootfs": { + "type": "", + "diff_ids": null }, - { - "Type": "N/A", - "ID": "N/A", - "Title": "N/A", - "Message": "something bad: foo", - "Namespace": "user.foo", - "Query": "data.user.foo.deny", - "Severity": "UNKNOWN", - "Status": "FAIL", - "Layer": { - "DiffID": "sha256:8dc85f0b450296556c427e94db1d76a25fdce31334a4fcedac370f1aa59c86dc" + "config": {} + } + }, + "Results": [ + { + "Target": "Dockerfile", + "Class": "config", + "Type": "dockerfile", + "MisconfSummary": { + "Successes": 0, + "Failures": 2, + "Exceptions": 0 + }, + "Misconfigurations": [ + { + "Type": "N/A", + "ID": "N/A", + "Title": "N/A", + "Message": "something bad: bar", + "Namespace": "user.bar", + "Query": "data.user.bar.deny", + "Severity": "UNKNOWN", + "Status": "FAIL", + "Layer": { + "DiffID": "sha256:8dc85f0b450296556c427e94db1d76a25fdce31334a4fcedac370f1aa59c86dc" + } + }, + { + "Type": "N/A", + "ID": "N/A", + "Title": "N/A", + "Message": "something bad: foo", + "Namespace": "user.foo", + "Query": "data.user.foo.deny", + "Severity": "UNKNOWN", + "Status": "FAIL", + "Layer": { + "DiffID": "sha256:8dc85f0b450296556c427e94db1d76a25fdce31334a4fcedac370f1aa59c86dc" + } } - } - ] - } -] \ No newline at end of file + ] + } + ] +} \ No newline at end of file diff --git a/integration/testdata/dockerfile-namespace-exception.json.golden b/integration/testdata/dockerfile-namespace-exception.json.golden index d4d4dc0a1d..28731302de 100644 --- a/integration/testdata/dockerfile-namespace-exception.json.golden +++ b/integration/testdata/dockerfile-namespace-exception.json.golden @@ -1,12 +1,29 @@ -[ - { - "Target": "Dockerfile", - "Class": "config", - "Type": "dockerfile", - "MisconfSummary": { - "Successes": 0, - "Failures": 0, - "Exceptions": 1 +{ + "SchemaVersion": 2, + "ArtifactName": "testdata/fixtures/fs/namespace-exception", + "ArtifactType": "filesystem", + "Metadata": { + "ImageConfig": { + "architecture": "", + "created": "0001-01-01T00:00:00Z", + "os": "", + "rootfs": { + "type": "", + "diff_ids": null + }, + "config": {} } - } -] \ No newline at end of file + }, + "Results": [ + { + "Target": "Dockerfile", + "Class": "config", + "Type": "dockerfile", + "MisconfSummary": { + "Successes": 0, + "Failures": 0, + "Exceptions": 1 + } + } + ] +} \ No newline at end of file diff --git a/integration/testdata/dockerfile-rule-exception.json.golden b/integration/testdata/dockerfile-rule-exception.json.golden index d4d4dc0a1d..83e284a17b 100644 --- a/integration/testdata/dockerfile-rule-exception.json.golden +++ b/integration/testdata/dockerfile-rule-exception.json.golden @@ -1,12 +1,29 @@ -[ - { - "Target": "Dockerfile", - "Class": "config", - "Type": "dockerfile", - "MisconfSummary": { - "Successes": 0, - "Failures": 0, - "Exceptions": 1 +{ + "SchemaVersion": 2, + "ArtifactName": "testdata/fixtures/fs/rule-exception", + "ArtifactType": "filesystem", + "Metadata": { + "ImageConfig": { + "architecture": "", + "created": "0001-01-01T00:00:00Z", + "os": "", + "rootfs": { + "type": "", + "diff_ids": null + }, + "config": {} } - } -] \ No newline at end of file + }, + "Results": [ + { + "Target": "Dockerfile", + "Class": "config", + "Type": "dockerfile", + "MisconfSummary": { + "Successes": 0, + "Failures": 0, + "Exceptions": 1 + } + } + ] +} \ No newline at end of file diff --git a/integration/testdata/dockerfile.json.golden b/integration/testdata/dockerfile.json.golden index c7f4e32d2f..5848421c62 100644 --- a/integration/testdata/dockerfile.json.golden +++ b/integration/testdata/dockerfile.json.golden @@ -1,34 +1,51 @@ -[ - { - "Target": "Dockerfile", - "Class": "config", - "Type": "dockerfile", - "MisconfSummary": { - "Successes": 0, - "Failures": 1, - "Exceptions": 0 - }, - "Misconfigurations": [ - { - "Type": "Dockerfile Security Check", - "ID": "DS002", - "Title": "Image user should not be 'root'", - "Description": "It is a good practice to run the container as a non-root user.", - "Message": "Specify at least 1 USER command in Dockerfile", - "Namespace": "appshield.dockerfile.DS002", - "Query": "data.appshield.dockerfile.DS002.deny", - "Resolution": "Add 'USER \u003cnon root user name\u003e' line to the Dockerfile", - "Severity": "HIGH", - "PrimaryURL": "https://avd.aquasec.com/appshield/ds002", - "References": [ - "https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", - "https://avd.aquasec.com/appshield/ds002" - ], - "Status": "FAIL", - "Layer": { - "DiffID": "sha256:2f8334a38883ba260fc9cab989110b8eea18721ee15c319b83fa3eba8d5981ca" +{ + "SchemaVersion": 2, + "ArtifactName": "testdata/fixtures/fs/dockerfile", + "ArtifactType": "filesystem", + "Metadata": { + "ImageConfig": { + "architecture": "", + "created": "0001-01-01T00:00:00Z", + "os": "", + "rootfs": { + "type": "", + "diff_ids": null + }, + "config": {} + } + }, + "Results": [ + { + "Target": "Dockerfile", + "Class": "config", + "Type": "dockerfile", + "MisconfSummary": { + "Successes": 0, + "Failures": 1, + "Exceptions": 0 + }, + "Misconfigurations": [ + { + "Type": "Dockerfile Security Check", + "ID": "DS002", + "Title": "Image user should not be 'root'", + "Description": "It is a good practice to run the container as a non-root user.", + "Message": "Specify at least 1 USER command in Dockerfile", + "Namespace": "appshield.dockerfile.DS002", + "Query": "data.appshield.dockerfile.DS002.deny", + "Resolution": "Add 'USER \u003cnon root user name\u003e' line to the Dockerfile", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/appshield/ds002", + "References": [ + "https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", + "https://avd.aquasec.com/appshield/ds002" + ], + "Status": "FAIL", + "Layer": { + "DiffID": "sha256:2f8334a38883ba260fc9cab989110b8eea18721ee15c319b83fa3eba8d5981ca" + } } - } - ] - } -] \ No newline at end of file + ] + } + ] +} \ No newline at end of file diff --git a/integration/testdata/fluentd-multiple-lockfiles.json.golden b/integration/testdata/fluentd-multiple-lockfiles.json.golden index 3e86ff3123..00c4660168 100644 --- a/integration/testdata/fluentd-multiple-lockfiles.json.golden +++ b/integration/testdata/fluentd-multiple-lockfiles.json.golden @@ -1,224 +1,326 @@ -[ - { - "Target": "testdata/fixtures/images/fluentd-multiple-lockfiles.tar.gz (debian 10.2)", - "Class": "os-pkgs", - "Type": "debian", - "Vulnerabilities": [ - { - "VulnerabilityID": "CVE-2019-5188", - "PkgName": "e2fsprogs", - "InstalledVersion": "1.44.5-1+deb10u2", - "FixedVersion": "1.44.5-1+deb10u3", - "Layer": { - "DiffID": "sha256:831c5620387fb9efec59fc82a42b948546c6be601e3ab34a87108ecf852aa15f" +{ + "SchemaVersion": 2, + "ArtifactName": "testdata/fixtures/images/fluentd-multiple-lockfiles.tar.gz", + "ArtifactType": "container_image", + "Metadata": { + "OS": { + "Family": "debian", + "Name": "10.2" + }, + "ImageID": "sha256:5a992077baba51b97f27591a10d54d2f2723dc9c81a3fe419e261023f2554933", + "DiffIDs": [ + "sha256:831c5620387fb9efec59fc82a42b948546c6be601e3ab34a87108ecf852aa15f", + "sha256:02874b2b269dea8dde0f7edb4c9906904dfe38a09de1a214f20c650cfb15c60e", + "sha256:3752e1f6fd759c795c13aff2c93c081529366e27635ba6621e849b0f9cfc77f0", + "sha256:75e43d55939745950bc3f8fad56c5834617c4339f0f54755e69a0dd5372624e9", + "sha256:788c00e2cfc8f2a018ae4344ccf0b2c226ebd756d7effd1ce50eea1a4252cd89", + "sha256:25165eb51d15842f870f97873e0a58409d5e860e6108e3dd829bd10e484c0065" + ], + "ImageConfig": { + "architecture": "amd64", + "container": "232f3fc7ddffd71dc3ff52c6c0c3a5feea2f51acffd9b53850a8fc6f1a15319a", + "created": "2020-03-04T13:59:39.161374106Z", + "docker_version": "19.03.4", + "history": [ + { + "created": "2019-11-22T14:55:09.912242636Z", + "created_by": "/bin/sh -c #(nop) ADD file:bc8179c87c8dbb3d962bed1801f99e7c860ff03797cde6ad19b107d43b973ada in / " }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", - "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", - "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", - "V3Score": 7.5 - } + { + "created": "2019-11-22T14:55:10.253859615Z", + "created_by": "/bin/sh -c #(nop) CMD [\"bash\"]", + "empty_layer": true }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", - "https://usn.ubuntu.com/4249-1/", - "https://usn.ubuntu.com/usn/usn-4249-1" - ], - "PublishedDate": "2020-01-08T16:15:00Z", - "LastModifiedDate": "2020-01-28T06:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5188", - "PkgName": "libcom-err2", - "InstalledVersion": "1.44.5-1+deb10u2", - "FixedVersion": "1.44.5-1+deb10u3", - "Layer": { - "DiffID": "sha256:831c5620387fb9efec59fc82a42b948546c6be601e3ab34a87108ecf852aa15f" + { + "created": "2020-03-04T13:58:17.973854594Z", + "created_by": "/bin/sh -c #(nop) ARG DEBIAN_FRONTEND=noninteractive", + "empty_layer": true }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", - "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", - "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", - "V3Score": 7.5 - } + { + "created": "2020-03-04T13:58:18.12120844Z", + "created_by": "/bin/sh -c #(nop) COPY file:4e7fdb1bc31a0f689d88f6af28d4f0352e89a2ac598c523e9637da3de75bfada in /tmp/install.sh " }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", - "https://usn.ubuntu.com/4249-1/", - "https://usn.ubuntu.com/usn/usn-4249-1" - ], - "PublishedDate": "2020-01-08T16:15:00Z", - "LastModifiedDate": "2020-01-28T06:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5188", - "PkgName": "libext2fs2", - "InstalledVersion": "1.44.5-1+deb10u2", - "FixedVersion": "1.44.5-1+deb10u3", - "Layer": { - "DiffID": "sha256:831c5620387fb9efec59fc82a42b948546c6be601e3ab34a87108ecf852aa15f" + { + "created": "2020-03-04T13:58:18.26894021Z", + "created_by": "/bin/sh -c #(nop) COPY file:c03560fcb4f0aff4cecd93039c348ba4992564740c77e3d6049a44fe79ca44ab in /Gemfile " }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", - "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", - "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", - "V3Score": 7.5 - } + { + "created": "2020-03-04T13:59:37.96119583Z", + "created_by": "|1 DEBIAN_FRONTEND=noninteractive /bin/sh -c chmod +x /tmp/install.sh \u0026\u0026 /bin/bash -l -c /tmp/install.sh \u0026\u0026 rm /tmp/*" }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", - "https://usn.ubuntu.com/4249-1/", - "https://usn.ubuntu.com/usn/usn-4249-1" - ], - "PublishedDate": "2020-01-08T16:15:00Z", - "LastModifiedDate": "2020-01-28T06:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-18224", - "PkgName": "libidn2-0", - "InstalledVersion": "2.0.5-1", - "FixedVersion": "2.0.5-1+deb10u1", - "Layer": { - "DiffID": "sha256:831c5620387fb9efec59fc82a42b948546c6be601e3ab34a87108ecf852aa15f" + { + "created": "2020-03-04T13:59:38.583719926Z", + "created_by": "/bin/sh -c #(nop) COPY file:f742fdea941d5baccbf9a9c45ccc9cd943377f3c3e07da787a8d8d9f92a8b3d3 in /etc/fluent/fluent.conf " }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18224", - "Title": "libidn2: heap-based buffer overflow in idn2_to_ascii_4i in lib/lookup.c", - "Description": "idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.6 - } + { + "created": "2020-03-04T13:59:38.72131564Z", + "created_by": "/bin/sh -c #(nop) COPY file:a9ce963551c165ec55bb4d982d96336caa97e8c70011eb4ca58927956bd08e2a in /run.sh " }, - "References": [ - "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12420", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18224", - "https://github.com/libidn/libidn2/commit/e4d1558aa2c1c04a05066ee8600f37603890ba8c", - "https://github.com/libidn/libidn2/compare/libidn2-2.1.0...libidn2-2.1.1", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDQVQ2XPV5BTZUFINT7AFJSKNNBVURNJ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MINU5RKDFE6TKAFY5DRFN3WSFDS4DYVS/", - "https://usn.ubuntu.com/4168-1/", - "https://usn.ubuntu.com/usn/usn-4168-1" - ], - "PublishedDate": "2019-10-21T17:15:00Z", - "LastModifiedDate": "2019-10-29T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5188", - "PkgName": "libss2", - "InstalledVersion": "1.44.5-1+deb10u2", - "FixedVersion": "1.44.5-1+deb10u3", - "Layer": { - "DiffID": "sha256:831c5620387fb9efec59fc82a42b948546c6be601e3ab34a87108ecf852aa15f" + { + "created": "2020-03-04T13:59:38.844116271Z", + "created_by": "/bin/sh -c #(nop) EXPOSE 80", + "empty_layer": true }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", - "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", - "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", - "V3Score": 7.5 - } + { + "created": "2020-03-04T13:59:38.99446051Z", + "created_by": "/bin/sh -c #(nop) ENV LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libjemalloc.so.2", + "empty_layer": true }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", - "https://usn.ubuntu.com/4249-1/", - "https://usn.ubuntu.com/usn/usn-4249-1" - ], - "PublishedDate": "2020-01-08T16:15:00Z", - "LastModifiedDate": "2020-01-28T06:15:00Z" - } - ] - }, - { - "Target": "Ruby", - "Class": "lang-pkgs", - "Type": "gemspec", - "Vulnerabilities": [ - { - "VulnerabilityID": "CVE-2020-8165", - "PkgName": "activesupport", - "PkgPath": "var/lib/gems/2.5.0/specifications/activesupport-6.0.2.1.gemspec", - "InstalledVersion": "6.0.2.1", - "FixedVersion": "~\u003e 5.2.4.3, \u003e= 6.0.3.1", - "Layer": { - "DiffID": "sha256:75e43d55939745950bc3f8fad56c5834617c4339f0f54755e69a0dd5372624e9" - }, - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-8165", - "Title": "Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore", - "Description": "There is potentially unexpected behaviour in the MemCacheStore and RedisCacheStore where, when\nuntrusted user input is written to the cache store using the `raw: true` parameter, re-reading the result\nfrom the cache can evaluate the user input as a Marshalled object instead of plain text. Vulnerable code looks like:\n\n```\ndata = cache.fetch(\"demo\", raw: true) { untrusted_string }\n```\n\nVersions Affected: rails \u003c 5.2.5, rails \u003c 6.0.4\nNot affected: Applications not using MemCacheStore or RedisCacheStore. Applications that do not use the `raw` option when storing untrusted user input.\nFixed Versions: rails \u003e= 5.2.4.3, rails \u003e= 6.0.3.1\n\nImpact\n------\n\nUnmarshalling of untrusted user input can have impact up to and including RCE. At a minimum,\nthis vulnerability allows an attacker to inject untrusted Ruby objects into a web application.\n\nIn addition to upgrading to the latest versions of Rails, developers should ensure that whenever\nthey are calling `Rails.cache.fetch` they are using consistent values of the `raw` parameter for both\nreading and writing, especially in the case of the RedisCacheStore which does not, prior to these changes,\ndetect if data was serialized using the raw option upon deserialization.\n\nWorkarounds\n-----------\n\nIt is recommended that application developers apply the suggested patch or upgrade to the latest release as\nsoon as possible. If this is not possible, we recommend ensuring that all user-provided strings cached using\nthe `raw` argument should be double-checked to ensure that they conform to the expected format.\n", - "Severity": "UNKNOWN", - "References": [ - "https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c" + { + "created": "2020-03-04T13:59:39.161374106Z", + "created_by": "/bin/sh -c #(nop) CMD [\"/run.sh\"]", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:831c5620387fb9efec59fc82a42b948546c6be601e3ab34a87108ecf852aa15f", + "sha256:02874b2b269dea8dde0f7edb4c9906904dfe38a09de1a214f20c650cfb15c60e", + "sha256:3752e1f6fd759c795c13aff2c93c081529366e27635ba6621e849b0f9cfc77f0", + "sha256:75e43d55939745950bc3f8fad56c5834617c4339f0f54755e69a0dd5372624e9", + "sha256:788c00e2cfc8f2a018ae4344ccf0b2c226ebd756d7effd1ce50eea1a4252cd89", + "sha256:25165eb51d15842f870f97873e0a58409d5e860e6108e3dd829bd10e484c0065" ] + }, + "config": { + "Cmd": [ + "/run.sh" + ], + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libjemalloc.so.2" + ], + "Image": "sha256:2a538358cddc4824e9eff1531e0c63ae5e3cda85d2984c647df9b1c816b9b86b", + "ExposedPorts": { + "80/tcp": {} + } } - ] - } -] \ No newline at end of file + } + }, + "Results": [ + { + "Target": "testdata/fixtures/images/fluentd-multiple-lockfiles.tar.gz (debian 10.2)", + "Class": "os-pkgs", + "Type": "debian", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2019-5188", + "PkgName": "e2fsprogs", + "InstalledVersion": "1.44.5-1+deb10u2", + "FixedVersion": "1.44.5-1+deb10u3", + "Layer": { + "DiffID": "sha256:831c5620387fb9efec59fc82a42b948546c6be601e3ab34a87108ecf852aa15f" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", + "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", + "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", + "https://usn.ubuntu.com/4249-1/", + "https://usn.ubuntu.com/usn/usn-4249-1" + ], + "PublishedDate": "2020-01-08T16:15:00Z", + "LastModifiedDate": "2020-01-28T06:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5188", + "PkgName": "libcom-err2", + "InstalledVersion": "1.44.5-1+deb10u2", + "FixedVersion": "1.44.5-1+deb10u3", + "Layer": { + "DiffID": "sha256:831c5620387fb9efec59fc82a42b948546c6be601e3ab34a87108ecf852aa15f" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", + "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", + "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", + "https://usn.ubuntu.com/4249-1/", + "https://usn.ubuntu.com/usn/usn-4249-1" + ], + "PublishedDate": "2020-01-08T16:15:00Z", + "LastModifiedDate": "2020-01-28T06:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5188", + "PkgName": "libext2fs2", + "InstalledVersion": "1.44.5-1+deb10u2", + "FixedVersion": "1.44.5-1+deb10u3", + "Layer": { + "DiffID": "sha256:831c5620387fb9efec59fc82a42b948546c6be601e3ab34a87108ecf852aa15f" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", + "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", + "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", + "https://usn.ubuntu.com/4249-1/", + "https://usn.ubuntu.com/usn/usn-4249-1" + ], + "PublishedDate": "2020-01-08T16:15:00Z", + "LastModifiedDate": "2020-01-28T06:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-18224", + "PkgName": "libidn2-0", + "InstalledVersion": "2.0.5-1", + "FixedVersion": "2.0.5-1+deb10u1", + "Layer": { + "DiffID": "sha256:831c5620387fb9efec59fc82a42b948546c6be601e3ab34a87108ecf852aa15f" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18224", + "Title": "libidn2: heap-based buffer overflow in idn2_to_ascii_4i in lib/lookup.c", + "Description": "idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.6 + } + }, + "References": [ + "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18224", + "https://github.com/libidn/libidn2/commit/e4d1558aa2c1c04a05066ee8600f37603890ba8c", + "https://github.com/libidn/libidn2/compare/libidn2-2.1.0...libidn2-2.1.1", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDQVQ2XPV5BTZUFINT7AFJSKNNBVURNJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MINU5RKDFE6TKAFY5DRFN3WSFDS4DYVS/", + "https://usn.ubuntu.com/4168-1/", + "https://usn.ubuntu.com/usn/usn-4168-1" + ], + "PublishedDate": "2019-10-21T17:15:00Z", + "LastModifiedDate": "2019-10-29T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5188", + "PkgName": "libss2", + "InstalledVersion": "1.44.5-1+deb10u2", + "FixedVersion": "1.44.5-1+deb10u3", + "Layer": { + "DiffID": "sha256:831c5620387fb9efec59fc82a42b948546c6be601e3ab34a87108ecf852aa15f" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", + "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", + "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", + "https://usn.ubuntu.com/4249-1/", + "https://usn.ubuntu.com/usn/usn-4249-1" + ], + "PublishedDate": "2020-01-08T16:15:00Z", + "LastModifiedDate": "2020-01-28T06:15:00Z" + } + ] + }, + { + "Target": "Ruby", + "Class": "lang-pkgs", + "Type": "gemspec", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2020-8165", + "PkgName": "activesupport", + "PkgPath": "var/lib/gems/2.5.0/specifications/activesupport-6.0.2.1.gemspec", + "InstalledVersion": "6.0.2.1", + "FixedVersion": "~\u003e 5.2.4.3, \u003e= 6.0.3.1", + "Layer": { + "DiffID": "sha256:75e43d55939745950bc3f8fad56c5834617c4339f0f54755e69a0dd5372624e9" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-8165", + "Title": "Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore", + "Description": "There is potentially unexpected behaviour in the MemCacheStore and RedisCacheStore where, when\nuntrusted user input is written to the cache store using the `raw: true` parameter, re-reading the result\nfrom the cache can evaluate the user input as a Marshalled object instead of plain text. Vulnerable code looks like:\n\n```\ndata = cache.fetch(\"demo\", raw: true) { untrusted_string }\n```\n\nVersions Affected: rails \u003c 5.2.5, rails \u003c 6.0.4\nNot affected: Applications not using MemCacheStore or RedisCacheStore. Applications that do not use the `raw` option when storing untrusted user input.\nFixed Versions: rails \u003e= 5.2.4.3, rails \u003e= 6.0.3.1\n\nImpact\n------\n\nUnmarshalling of untrusted user input can have impact up to and including RCE. At a minimum,\nthis vulnerability allows an attacker to inject untrusted Ruby objects into a web application.\n\nIn addition to upgrading to the latest versions of Rails, developers should ensure that whenever\nthey are calling `Rails.cache.fetch` they are using consistent values of the `raw` parameter for both\nreading and writing, especially in the case of the RedisCacheStore which does not, prior to these changes,\ndetect if data was serialized using the raw option upon deserialization.\n\nWorkarounds\n-----------\n\nIt is recommended that application developers apply the suggested patch or upgrade to the latest release as\nsoon as possible. If this is not possible, we recommend ensuring that all user-provided strings cached using\nthe `raw` argument should be double-checked to ensure that they conform to the expected format.\n", + "Severity": "UNKNOWN", + "References": [ + "https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c" + ] + } + ] + } + ] +} \ No newline at end of file diff --git a/integration/testdata/nodejs.json.golden b/integration/testdata/nodejs.json.golden index 81622fcead..f361f48155 100644 --- a/integration/testdata/nodejs.json.golden +++ b/integration/testdata/nodejs.json.golden @@ -1,227 +1,244 @@ -[ - { - "Target": "package-lock.json", - "Class": "lang-pkgs", - "Type": "npm", - "Vulnerabilities": [ - { - "VulnerabilityID": "CVE-2019-11358", - "PkgName": "jquery", - "InstalledVersion": "3.3.9", - "FixedVersion": "3.4.0", - "Layer": { - "DiffID": "sha256:0b7517474d221ce39e6d69d41dabef6ae965464eef0d7037ba80361160c0d63c" - }, - "SeveritySource": "nodejs-security-wg", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11358", - "Title": "js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection", - "Description": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-79" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V2Score": 4.3, - "V3Score": 6.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.6 - } - }, - "References": [ - "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", - "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", - "http://seclists.org/fulldisclosure/2019/May/10", - "http://seclists.org/fulldisclosure/2019/May/11", - "http://seclists.org/fulldisclosure/2019/May/13", - "http://www.openwall.com/lists/oss-security/2019/06/03/2", - "http://www.securityfocus.com/bid/108023", - "https://access.redhat.com/errata/RHSA-2019:1456", - "https://backdropcms.org/security/backdrop-sa-core-2019-009", - "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358", - "https://github.com/DanielRuf/snyk-js-jquery-174006?files=1", - "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b", - "https://github.com/jquery/jquery/pull/4333", - "https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#434", - "https://hackerone.com/reports/454365", - "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E", - "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E", - "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E", - "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E", - "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E", - "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html", - "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/", - "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", - "https://seclists.org/bugtraq/2019/Apr/32", - "https://seclists.org/bugtraq/2019/Jun/12", - "https://seclists.org/bugtraq/2019/May/18", - "https://snyk.io/vuln/SNYK-JS-JQUERY-174006", - "https://www.debian.org/security/2019/dsa-4434", - "https://www.debian.org/security/2019/dsa-4460", - "https://www.drupal.org/sa-core-2019-006" - ], - "PublishedDate": "2019-04-20T00:29:00Z", - "LastModifiedDate": "2019-06-12T17:29:00Z" +{ + "SchemaVersion": 2, + "ArtifactName": "testdata/fixtures/fs/nodejs", + "ArtifactType": "filesystem", + "Metadata": { + "ImageConfig": { + "architecture": "", + "created": "0001-01-01T00:00:00Z", + "os": "", + "rootfs": { + "type": "", + "diff_ids": null }, - { - "VulnerabilityID": "CVE-2019-10744", - "PkgName": "lodash", - "InstalledVersion": "4.17.4", - "FixedVersion": "4.17.12", - "Layer": { - "DiffID": "sha256:0b7517474d221ce39e6d69d41dabef6ae965464eef0d7037ba80361160c0d63c" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-10744", - "Title": "nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties", - "Description": "Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 + "config": {} + } + }, + "Results": [ + { + "Target": "package-lock.json", + "Class": "lang-pkgs", + "Type": "npm", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2019-11358", + "PkgName": "jquery", + "InstalledVersion": "3.3.9", + "FixedVersion": "3.4.0", + "Layer": { + "DiffID": "sha256:0b7517474d221ce39e6d69d41dabef6ae965464eef0d7037ba80361160c0d63c" }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", - "V3Score": 9.1 - } - }, - "References": [ - "https://access.redhat.com/errata/RHSA-2019:3024", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10744", - "https://github.com/lodash/lodash/issues/4348", - "https://github.com/lodash/lodash/pull/4336", - "https://nvd.nist.gov/vuln/detail/CVE-2019-10744", - "https://security.netapp.com/advisory/ntap-20191004-0005/", - "https://snyk.io/vuln/SNYK-JS-LODASH-450202" - ], - "PublishedDate": "2019-07-26T00:15:00Z", - "LastModifiedDate": "2019-10-04T09:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16487", - "PkgName": "lodash", - "InstalledVersion": "4.17.4", - "FixedVersion": "4.17.11", - "Layer": { - "DiffID": "sha256:0b7517474d221ce39e6d69d41dabef6ae965464eef0d7037ba80361160c0d63c" - }, - "SeveritySource": "nodejs-security-wg", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16487", - "Title": "lodash: Prototype pollution in utilities function", - "Description": "A prototype pollution vulnerability was found in lodash \u003c4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 + "SeveritySource": "nodejs-security-wg", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11358", + "Title": "js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection", + "Description": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V2Score": 4.3, + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.6 + } }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.6 - } + "References": [ + "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", + "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", + "http://seclists.org/fulldisclosure/2019/May/10", + "http://seclists.org/fulldisclosure/2019/May/11", + "http://seclists.org/fulldisclosure/2019/May/13", + "http://www.openwall.com/lists/oss-security/2019/06/03/2", + "http://www.securityfocus.com/bid/108023", + "https://access.redhat.com/errata/RHSA-2019:1456", + "https://backdropcms.org/security/backdrop-sa-core-2019-009", + "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358", + "https://github.com/DanielRuf/snyk-js-jquery-174006?files=1", + "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b", + "https://github.com/jquery/jquery/pull/4333", + "https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#434", + "https://hackerone.com/reports/454365", + "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E", + "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E", + "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E", + "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E", + "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E", + "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html", + "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/", + "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", + "https://seclists.org/bugtraq/2019/Apr/32", + "https://seclists.org/bugtraq/2019/Jun/12", + "https://seclists.org/bugtraq/2019/May/18", + "https://snyk.io/vuln/SNYK-JS-JQUERY-174006", + "https://www.debian.org/security/2019/dsa-4434", + "https://www.debian.org/security/2019/dsa-4460", + "https://www.drupal.org/sa-core-2019-006" + ], + "PublishedDate": "2019-04-20T00:29:00Z", + "LastModifiedDate": "2019-06-12T17:29:00Z" }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16487", - "https://hackerone.com/reports/380873", - "https://nvd.nist.gov/vuln/detail/CVE-2018-16487", - "https://security.netapp.com/advisory/ntap-20190919-0004/", - "https://www.npmjs.com/advisories/782" - ], - "PublishedDate": "2019-02-01T18:29:00Z", - "LastModifiedDate": "2019-09-19T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010266", - "PkgName": "lodash", - "InstalledVersion": "4.17.4", - "FixedVersion": "4.17.11", - "Layer": { - "DiffID": "sha256:0b7517474d221ce39e6d69d41dabef6ae965464eef0d7037ba80361160c0d63c" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010266", - "Title": "Moderate severity vulnerability that affects lodash", - "Description": "lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.17.11.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-400" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4, - "V3Score": 6.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010266", - "https://github.com/lodash/lodash/issues/3359", - "https://github.com/lodash/lodash/wiki/Changelog", - "https://nvd.nist.gov/vuln/detail/CVE-2019-1010266", - "https://security.netapp.com/advisory/ntap-20190919-0004/", - "https://snyk.io/vuln/SNYK-JS-LODASH-73639" - ], - "PublishedDate": "2019-07-17T21:15:00Z", - "LastModifiedDate": "2019-09-19T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-3721", - "PkgName": "lodash", - "InstalledVersion": "4.17.4", - "FixedVersion": "4.17.5", - "Layer": { - "DiffID": "sha256:0b7517474d221ce39e6d69d41dabef6ae965464eef0d7037ba80361160c0d63c" - }, - "SeveritySource": "nodejs-security-wg", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-3721", - "Title": "lodash: Prototype pollution in utilities function", - "Description": "lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of \"Object\" via __proto__, causing the addition or modification of an existing property that will exist on all objects.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4, - "V3Score": 6.5 + { + "VulnerabilityID": "CVE-2019-10744", + "PkgName": "lodash", + "InstalledVersion": "4.17.4", + "FixedVersion": "4.17.12", + "Layer": { + "DiffID": "sha256:0b7517474d221ce39e6d69d41dabef6ae965464eef0d7037ba80361160c0d63c" }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 2.9 - } + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-10744", + "Title": "nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties", + "Description": "Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "V3Score": 9.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2019:3024", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10744", + "https://github.com/lodash/lodash/issues/4348", + "https://github.com/lodash/lodash/pull/4336", + "https://nvd.nist.gov/vuln/detail/CVE-2019-10744", + "https://security.netapp.com/advisory/ntap-20191004-0005/", + "https://snyk.io/vuln/SNYK-JS-LODASH-450202" + ], + "PublishedDate": "2019-07-26T00:15:00Z", + "LastModifiedDate": "2019-10-04T09:15:00Z" }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3721", - "https://github.com/lodash/lodash/commit/d8e069cc3410082e44eb18fcf8e7f3d08ebe1d4a", - "https://hackerone.com/reports/310443", - "https://nvd.nist.gov/vuln/detail/CVE-2018-3721", - "https://security.netapp.com/advisory/ntap-20190919-0004/" - ], - "PublishedDate": "2018-06-07T02:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - } - ] - } -] \ No newline at end of file + { + "VulnerabilityID": "CVE-2018-16487", + "PkgName": "lodash", + "InstalledVersion": "4.17.4", + "FixedVersion": "4.17.11", + "Layer": { + "DiffID": "sha256:0b7517474d221ce39e6d69d41dabef6ae965464eef0d7037ba80361160c0d63c" + }, + "SeveritySource": "nodejs-security-wg", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16487", + "Title": "lodash: Prototype pollution in utilities function", + "Description": "A prototype pollution vulnerability was found in lodash \u003c4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-254" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.6 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16487", + "https://hackerone.com/reports/380873", + "https://nvd.nist.gov/vuln/detail/CVE-2018-16487", + "https://security.netapp.com/advisory/ntap-20190919-0004/", + "https://www.npmjs.com/advisories/782" + ], + "PublishedDate": "2019-02-01T18:29:00Z", + "LastModifiedDate": "2019-09-19T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1010266", + "PkgName": "lodash", + "InstalledVersion": "4.17.4", + "FixedVersion": "4.17.11", + "Layer": { + "DiffID": "sha256:0b7517474d221ce39e6d69d41dabef6ae965464eef0d7037ba80361160c0d63c" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010266", + "Title": "Moderate severity vulnerability that affects lodash", + "Description": "lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.17.11.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-400" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4, + "V3Score": 6.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010266", + "https://github.com/lodash/lodash/issues/3359", + "https://github.com/lodash/lodash/wiki/Changelog", + "https://nvd.nist.gov/vuln/detail/CVE-2019-1010266", + "https://security.netapp.com/advisory/ntap-20190919-0004/", + "https://snyk.io/vuln/SNYK-JS-LODASH-73639" + ], + "PublishedDate": "2019-07-17T21:15:00Z", + "LastModifiedDate": "2019-09-19T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-3721", + "PkgName": "lodash", + "InstalledVersion": "4.17.4", + "FixedVersion": "4.17.5", + "Layer": { + "DiffID": "sha256:0b7517474d221ce39e6d69d41dabef6ae965464eef0d7037ba80361160c0d63c" + }, + "SeveritySource": "nodejs-security-wg", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-3721", + "Title": "lodash: Prototype pollution in utilities function", + "Description": "lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of \"Object\" via __proto__, causing the addition or modification of an existing property that will exist on all objects.", + "Severity": "LOW", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 4, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 2.9 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3721", + "https://github.com/lodash/lodash/commit/d8e069cc3410082e44eb18fcf8e7f3d08ebe1d4a", + "https://hackerone.com/reports/310443", + "https://nvd.nist.gov/vuln/detail/CVE-2018-3721", + "https://security.netapp.com/advisory/ntap-20190919-0004/" + ], + "PublishedDate": "2018-06-07T02:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + } + ] + } + ] +} \ No newline at end of file diff --git a/integration/testdata/opensuse-leap-151.json.golden b/integration/testdata/opensuse-leap-151.json.golden index 9e34fcfab8..027c16b7bc 100644 --- a/integration/testdata/opensuse-leap-151.json.golden +++ b/integration/testdata/opensuse-leap-151.json.golden @@ -1,297 +1,354 @@ -[ - { - "Target": "testdata/fixtures/images/opensuse-leap-151.tar.gz (opensuse.leap 15.1)", - "Class": "os-pkgs", - "Type": "opensuse.leap", - "Vulnerabilities": [ - { - "VulnerabilityID": "openSUSE-SU-2019:2596-1", - "PkgName": "cpio", - "InstalledVersion": "2.12-lp151.2.68", - "FixedVersion": "2.12-lp151.3.3.1", - "Layer": { - "DiffID": "sha256:f7f9ae80878a1c56d8f9ca977a5d844168f7afc0c1429feef9366e713eac06ff" - }, - "Title": "Security update for cpio", - "Description": "This update for cpio fixes the following issues:\n\n- CVE-2019-14866: Fixed an improper validation of the values written \n in the header of a TAR file through the to_oct() function which could \n have led to unexpected TAR generation (bsc#1155199).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", - "Severity": "MEDIUM", - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00076.html", - "https://www.suse.com/support/security/rating/" +{ + "SchemaVersion": 2, + "ArtifactName": "testdata/fixtures/images/opensuse-leap-151.tar.gz", + "ArtifactType": "container_image", + "Metadata": { + "OS": { + "Family": "opensuse.leap", + "Name": "15.1", + "EOSL": true + }, + "ImageID": "sha256:fef5ad254f6378f08071cfa2daaf05a1ce9857141c944b67a40742e63e65cecc", + "DiffIDs": [ + "sha256:f7f9ae80878a1c56d8f9ca977a5d844168f7afc0c1429feef9366e713eac06ff" + ], + "ImageConfig": { + "architecture": "amd64", + "author": "Fabian Vogt \u003cfvogt@suse.com\u003e", + "created": "2019-11-05T15:54:41Z", + "history": [ + { + "created": "2019-11-05T15:54:41Z", + "created_by": "KIWI 9.17.16" + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:f7f9ae80878a1c56d8f9ca977a5d844168f7afc0c1429feef9366e713eac06ff" ] }, - { - "VulnerabilityID": "openSUSE-SU-2020:0166-1", - "PkgName": "libcom_err2", - "InstalledVersion": "1.43.8-lp151.5.6.1", - "FixedVersion": "1.43.8-lp151.5.12.1", - "Layer": { - "DiffID": "sha256:f7f9ae80878a1c56d8f9ca977a5d844168f7afc0c1429feef9366e713eac06ff" - }, - "Title": "Security update for e2fsprogs", - "Description": "This update for e2fsprogs fixes the following issues:\n\n- CVE-2019-5188: Fixed a code execution vulnerability in the directory rehashing functionality (bsc#1160571).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", - "Severity": "MEDIUM", - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", - "https://www.suse.com/support/security/rating/" - ] - }, - { - "VulnerabilityID": "openSUSE-SU-2020:0022-1", - "PkgName": "libgcrypt20", - "InstalledVersion": "1.8.2-lp151.9.4.1", - "FixedVersion": "1.8.2-lp151.9.7.1", - "Layer": { - "DiffID": "sha256:f7f9ae80878a1c56d8f9ca977a5d844168f7afc0c1429feef9366e713eac06ff" - }, - "Title": "Security update for libgcrypt", - "Description": "This update for libgcrypt fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-13627: Mitigation against an ECDSA timing attack (bsc#1148987).\n\nBug fixes:\n\n- Added CMAC AES self test (bsc#1155339).\n- Added CMAC TDES self test missing (bsc#1155338).\n- Fix test dsa-rfc6979 in FIPS mode.\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.", - "Severity": "MEDIUM", - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00018.html", - "https://www.suse.com/support/security/rating/" - ] - }, - { - "VulnerabilityID": "openSUSE-SU-2019:2611-1", - "PkgName": "libidn2-0", - "InstalledVersion": "2.0.4-lp151.2.3", - "FixedVersion": "2.2.0-lp151.3.3.1", - "Layer": { - "DiffID": "sha256:f7f9ae80878a1c56d8f9ca977a5d844168f7afc0c1429feef9366e713eac06ff" - }, - "Title": "Security update for libidn2", - "Description": "This update for libidn2 to version 2.2.0 fixes the following issues:\n\n- CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884).\n- CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", - "Severity": "MEDIUM", - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00009.html", - "https://www.suse.com/support/security/rating/" - ] - }, - { - "VulnerabilityID": "openSUSE-SU-2019:2551-1", - "PkgName": "libncurses6", - "InstalledVersion": "6.1-lp151.5.41", - "FixedVersion": "6.1-lp151.6.3.1", - "Layer": { - "DiffID": "sha256:f7f9ae80878a1c56d8f9ca977a5d844168f7afc0c1429feef9366e713eac06ff" - }, - "Title": "Security update for ncurses", - "Description": "This update for ncurses fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-17594: Fixed a heap-based buffer over-read in the _nc_find_entry function (bsc#1154036).\n- CVE-2019-17595: Fixed a heap-based buffer over-read in the fmt_entry function (bsc#1154037).\n\nNon-security issue fixed:\n\n- Removed screen.xterm from terminfo database (bsc#1103320).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", - "Severity": "MEDIUM", - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "https://www.suse.com/support/security/rating/" - ] - }, - { - "VulnerabilityID": "openSUSE-SU-2020:0062-1", - "PkgName": "libopenssl1_1", - "InstalledVersion": "1.1.0i-lp151.8.3.1", - "FixedVersion": "1.1.0i-lp151.8.6.1", - "Layer": { - "DiffID": "sha256:f7f9ae80878a1c56d8f9ca977a5d844168f7afc0c1429feef9366e713eac06ff" - }, - "Title": "Security update for openssl-1_1", - "Description": "This update for openssl-1_1 fixes the following issues:\n\nSecurity issue fixed:\n\n- CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809). \n\nVarious FIPS related improvements were done:\n\n- FIPS: Backport SSH KDF to openssl (jsc#SLE-8789, bsc#1157775).\n- Port FIPS patches from SLE-12 (bsc#1158101).\n- Use SHA-2 in the RSA pairwise consistency check (bsc#1155346).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.", - "Severity": "MEDIUM", - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html", - "https://www.suse.com/support/security/rating/" - ] - }, - { - "VulnerabilityID": "openSUSE-SU-2020:0255-1", - "PkgName": "libsolv-tools", - "InstalledVersion": "0.7.6-lp151.2.3.2", - "FixedVersion": "0.7.10-lp151.2.10.1", - "Layer": { - "DiffID": "sha256:f7f9ae80878a1c56d8f9ca977a5d844168f7afc0c1429feef9366e713eac06ff" - }, - "Title": "Security update for libsolv, libzypp, zypper", - "Description": "This update for libsolv, libzypp, zypper fixes the following issues:\n\n\nSecurity issue fixed:\n\n- CVE-2019-18900: Fixed assert cookie file that was world readable (bsc#1158763).\n\nBug fixes\n\n- Fixed removing orphaned packages dropped by to-be-installed products (bsc#1155819).\n- Adds libzypp API to mark all obsolete kernels according to the existing purge-kernel script rules (bsc#1155198).\n- Do not enforce 'en' being in RequestedLocales If the user decides to have a system without explicit language support he may do so (bsc#1155678). \n- Load only target resolvables for zypper rm (bsc#1157377).\n- Fix broken search by filelist (bsc#1135114).\n- Replace python by a bash script in zypper-log (fixes#304, fixes#306, bsc#1156158).\n- Do not sort out requested locales which are not available (bsc#1155678).\n- Prevent listing duplicate matches in tables. XML result is provided within the new list-patches-byissue element (bsc#1154805). \n- XML add patch issue-date and issue-list (bsc#1154805).\n- Fix zypper lp --cve/bugzilla/issue options (bsc#1155298).\n- Always execute commit when adding/removing locales (fixes bsc#1155205).\n- Fix description of --table-style,-s in man page (bsc#1154804).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.", - "Severity": "MEDIUM", - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00036.html", - "https://www.suse.com/support/security/rating/" - ] - }, - { - "VulnerabilityID": "openSUSE-SU-2019:2689-1", - "PkgName": "libssh4", - "InstalledVersion": "0.8.7-lp151.2.3.1", - "FixedVersion": "0.8.7-lp151.2.6.1", - "Layer": { - "DiffID": "sha256:f7f9ae80878a1c56d8f9ca977a5d844168f7afc0c1429feef9366e713eac06ff" - }, - "Title": "Security update for libssh", - "Description": "This update for libssh fixes the following issues:\n\n- CVE-2019-14889: Fixed an arbitrary command execution (bsc#1158095).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.", - "Severity": "HIGH", - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00033.html", - "https://www.suse.com/support/security/rating/" - ] - }, - { - "VulnerabilityID": "openSUSE-SU-2020:0102-1", - "PkgName": "libssh4", - "InstalledVersion": "0.8.7-lp151.2.3.1", - "FixedVersion": "0.8.7-lp151.2.9.1", - "Layer": { - "DiffID": "sha256:f7f9ae80878a1c56d8f9ca977a5d844168f7afc0c1429feef9366e713eac06ff" - }, - "Title": "Security update for libssh", - "Description": "This update for libssh fixes the following issues:\n\n- CVE-2019-14889: Fixed an unwanted command execution in scp caused by unsanitized location (bsc#1158095).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.", - "Severity": "HIGH", - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00047.html", - "https://www.suse.com/support/security/rating/" - ] - }, - { - "VulnerabilityID": "openSUSE-SU-2020:0208-1", - "PkgName": "libsystemd0", - "InstalledVersion": "234-lp151.26.4.1", - "FixedVersion": "234-lp151.26.7.1", - "Layer": { - "DiffID": "sha256:f7f9ae80878a1c56d8f9ca977a5d844168f7afc0c1429feef9366e713eac06ff" - }, - "Title": "Security update for systemd", - "Description": "This update for systemd fixes the following issues:\n\n- CVE-2020-1712 (bsc#bsc#1162108)\n Fix a heap use-after-free vulnerability, when asynchronous\n Polkit queries were performed while handling Dbus messages. A local\n unprivileged attacker could have abused this flaw to crash systemd services or\n potentially execute code and elevate their privileges, by sending specially\n crafted Dbus messages.\n\n- Use suse.pool.ntp.org server pool on SLE distros (jsc#SLE-7683)\n\n- libblkid: open device in nonblock mode. (bsc#1084671)\n- udev/cdrom_id: Do not open CD-rom in exclusive mode. (bsc#1154256)\n- bus_open leak sd_event_source when udevadm trigger。 (bsc#1161436 CVE-2019-20386)\n- fileio: introduce read_full_virtual_file() for reading virtual files in sysfs, procfs (bsc#1133495 bsc#1159814)\n- fileio: initialize errno to zero before we do fread()\n- fileio: try to read one byte too much in read_full_stream()\n- logind: consider 'greeter' sessions suitable as 'display' sessions of a user (bsc#1158485)\n- logind: never elect a session that is stopping as display\n\n- journal: include kmsg lines from the systemd process which exec()d us (#8078)\n- udevd: don't use monitor after manager_exit()\n- udevd: capitalize log messages in on_sigchld()\n- udevd: merge conditions to decrease indentation\n- Revert 'udevd: fix crash when workers time out after exit is signal caught'\n- core: fragments of masked units ought not be considered for NeedDaemonReload (#7060) (bsc#1156482)\n- udevd: fix crash when workers time out after exit is signal caught\n- udevd: wait for workers to finish when exiting (bsc#1106383)\n\n- Improve bash completion support (bsc#1155207)\n * shell-completion: systemctl: do not list template units in {re,}start\n * shell-completion: systemctl: pass current word to all list_unit*\n * bash-completion: systemctl: pass current partial unit to list-unit* (bsc#1155207)\n * bash-completion: systemctl: use systemctl --no-pager\n * bash-completion: also suggest template unit files\n * bash-completion: systemctl: add missing options and verbs\n * bash-completion: use the first argument instead of the global variable (#6457)\n\n- networkd: VXLan Make group and remote variable separate (bsc#1156213)\n- networkd: vxlan require Remote= to be a non multicast address (#8117) (bsc#1156213)\n- fs-util: let's avoid unnecessary strerror()\n- fs-util: introduce inotify_add_watch_and_warn() helper\n- ask-password: improve log message when inotify limit is reached (bsc#1155574)\n- shared/install: failing with -ELOOP can be due to the use of an alias in install_error() (bsc#1151377)\n- man: alias names can't be used with enable command (bsc#1151377)\n\n- Add boot option to not use swap at system start (jsc#SLE-7689)\n\n- Allow YaST to select Iranian (Persian, Farsi) keyboard layout\n (bsc#1092920)\n \nThis update was imported from the SUSE:SLE-15:Update update project.", - "Severity": "HIGH", - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html", - "https://www.suse.com/support/security/rating/" - ] - }, - { - "VulnerabilityID": "openSUSE-SU-2020:0208-1", - "PkgName": "libudev1", - "InstalledVersion": "234-lp151.26.4.1", - "FixedVersion": "234-lp151.26.7.1", - "Layer": { - "DiffID": "sha256:f7f9ae80878a1c56d8f9ca977a5d844168f7afc0c1429feef9366e713eac06ff" - }, - "Title": "Security update for systemd", - "Description": "This update for systemd fixes the following issues:\n\n- CVE-2020-1712 (bsc#bsc#1162108)\n Fix a heap use-after-free vulnerability, when asynchronous\n Polkit queries were performed while handling Dbus messages. A local\n unprivileged attacker could have abused this flaw to crash systemd services or\n potentially execute code and elevate their privileges, by sending specially\n crafted Dbus messages.\n\n- Use suse.pool.ntp.org server pool on SLE distros (jsc#SLE-7683)\n\n- libblkid: open device in nonblock mode. (bsc#1084671)\n- udev/cdrom_id: Do not open CD-rom in exclusive mode. (bsc#1154256)\n- bus_open leak sd_event_source when udevadm trigger。 (bsc#1161436 CVE-2019-20386)\n- fileio: introduce read_full_virtual_file() for reading virtual files in sysfs, procfs (bsc#1133495 bsc#1159814)\n- fileio: initialize errno to zero before we do fread()\n- fileio: try to read one byte too much in read_full_stream()\n- logind: consider 'greeter' sessions suitable as 'display' sessions of a user (bsc#1158485)\n- logind: never elect a session that is stopping as display\n\n- journal: include kmsg lines from the systemd process which exec()d us (#8078)\n- udevd: don't use monitor after manager_exit()\n- udevd: capitalize log messages in on_sigchld()\n- udevd: merge conditions to decrease indentation\n- Revert 'udevd: fix crash when workers time out after exit is signal caught'\n- core: fragments of masked units ought not be considered for NeedDaemonReload (#7060) (bsc#1156482)\n- udevd: fix crash when workers time out after exit is signal caught\n- udevd: wait for workers to finish when exiting (bsc#1106383)\n\n- Improve bash completion support (bsc#1155207)\n * shell-completion: systemctl: do not list template units in {re,}start\n * shell-completion: systemctl: pass current word to all list_unit*\n * bash-completion: systemctl: pass current partial unit to list-unit* (bsc#1155207)\n * bash-completion: systemctl: use systemctl --no-pager\n * bash-completion: also suggest template unit files\n * bash-completion: systemctl: add missing options and verbs\n * bash-completion: use the first argument instead of the global variable (#6457)\n\n- networkd: VXLan Make group and remote variable separate (bsc#1156213)\n- networkd: vxlan require Remote= to be a non multicast address (#8117) (bsc#1156213)\n- fs-util: let's avoid unnecessary strerror()\n- fs-util: introduce inotify_add_watch_and_warn() helper\n- ask-password: improve log message when inotify limit is reached (bsc#1155574)\n- shared/install: failing with -ELOOP can be due to the use of an alias in install_error() (bsc#1151377)\n- man: alias names can't be used with enable command (bsc#1151377)\n\n- Add boot option to not use swap at system start (jsc#SLE-7689)\n\n- Allow YaST to select Iranian (Persian, Farsi) keyboard layout\n (bsc#1092920)\n \nThis update was imported from the SUSE:SLE-15:Update update project.", - "Severity": "HIGH", - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html", - "https://www.suse.com/support/security/rating/" - ] - }, - { - "VulnerabilityID": "openSUSE-SU-2019:2612-1", - "PkgName": "libxml2-2", - "InstalledVersion": "2.9.7-lp151.5.3.1", - "FixedVersion": "2.9.7-lp151.5.6.1", - "Layer": { - "DiffID": "sha256:f7f9ae80878a1c56d8f9ca977a5d844168f7afc0c1429feef9366e713eac06ff" - }, - "Title": "Security update for libxml2", - "Description": "This update for libxml2 doesn't fix any additional security issues, but correct its rpm changelog to reflect\nall CVEs that have been fixed over the past.\nThis update was imported from the SUSE:SLE-15:Update update project.", - "Severity": "UNKNOWN", - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00010.html", - "https://www.suse.com/support/security/rating/" - ] - }, - { - "VulnerabilityID": "openSUSE-SU-2020:0255-1", - "PkgName": "libzypp", - "InstalledVersion": "17.15.0-lp151.2.3.2", - "FixedVersion": "17.19.0-lp151.2.10.1", - "Layer": { - "DiffID": "sha256:f7f9ae80878a1c56d8f9ca977a5d844168f7afc0c1429feef9366e713eac06ff" - }, - "Title": "Security update for libsolv, libzypp, zypper", - "Description": "This update for libsolv, libzypp, zypper fixes the following issues:\n\n\nSecurity issue fixed:\n\n- CVE-2019-18900: Fixed assert cookie file that was world readable (bsc#1158763).\n\nBug fixes\n\n- Fixed removing orphaned packages dropped by to-be-installed products (bsc#1155819).\n- Adds libzypp API to mark all obsolete kernels according to the existing purge-kernel script rules (bsc#1155198).\n- Do not enforce 'en' being in RequestedLocales If the user decides to have a system without explicit language support he may do so (bsc#1155678). \n- Load only target resolvables for zypper rm (bsc#1157377).\n- Fix broken search by filelist (bsc#1135114).\n- Replace python by a bash script in zypper-log (fixes#304, fixes#306, bsc#1156158).\n- Do not sort out requested locales which are not available (bsc#1155678).\n- Prevent listing duplicate matches in tables. XML result is provided within the new list-patches-byissue element (bsc#1154805). \n- XML add patch issue-date and issue-list (bsc#1154805).\n- Fix zypper lp --cve/bugzilla/issue options (bsc#1155298).\n- Always execute commit when adding/removing locales (fixes bsc#1155205).\n- Fix description of --table-style,-s in man page (bsc#1154804).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.", - "Severity": "MEDIUM", - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00036.html", - "https://www.suse.com/support/security/rating/" - ] - }, - { - "VulnerabilityID": "openSUSE-SU-2019:2551-1", - "PkgName": "ncurses-utils", - "InstalledVersion": "6.1-lp151.5.41", - "FixedVersion": "6.1-lp151.6.3.1", - "Layer": { - "DiffID": "sha256:f7f9ae80878a1c56d8f9ca977a5d844168f7afc0c1429feef9366e713eac06ff" - }, - "Title": "Security update for ncurses", - "Description": "This update for ncurses fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-17594: Fixed a heap-based buffer over-read in the _nc_find_entry function (bsc#1154036).\n- CVE-2019-17595: Fixed a heap-based buffer over-read in the fmt_entry function (bsc#1154037).\n\nNon-security issue fixed:\n\n- Removed screen.xterm from terminfo database (bsc#1103320).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", - "Severity": "MEDIUM", - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "https://www.suse.com/support/security/rating/" - ] - }, - { - "VulnerabilityID": "openSUSE-SU-2020:0062-1", - "PkgName": "openssl-1_1", - "InstalledVersion": "1.1.0i-lp151.8.3.1", - "FixedVersion": "1.1.0i-lp151.8.6.1", - "Layer": { - "DiffID": "sha256:f7f9ae80878a1c56d8f9ca977a5d844168f7afc0c1429feef9366e713eac06ff" - }, - "Title": "Security update for openssl-1_1", - "Description": "This update for openssl-1_1 fixes the following issues:\n\nSecurity issue fixed:\n\n- CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809). \n\nVarious FIPS related improvements were done:\n\n- FIPS: Backport SSH KDF to openssl (jsc#SLE-8789, bsc#1157775).\n- Port FIPS patches from SLE-12 (bsc#1158101).\n- Use SHA-2 in the RSA pairwise consistency check (bsc#1155346).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.", - "Severity": "MEDIUM", - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html", - "https://www.suse.com/support/security/rating/" - ] - }, - { - "VulnerabilityID": "openSUSE-SU-2019:2672-1", - "PkgName": "permissions", - "InstalledVersion": "20181116-lp151.4.6.1", - "FixedVersion": "20181116-lp151.4.9.1", - "Layer": { - "DiffID": "sha256:f7f9ae80878a1c56d8f9ca977a5d844168f7afc0c1429feef9366e713eac06ff" - }, - "Title": "Security update for permissions", - "Description": "This update for permissions fixes the following issues:\n\n- CVE-2019-3688: Changed wrong ownership in /usr/sbin/pinger to root:squid\n which could have allowed a squid user to gain persistence by changing the \n binary (bsc#1093414).\n- CVE-2019-3690: Fixed a privilege escalation through untrusted symbolic \n links (bsc#1150734).\n- Fixed a regression which caused sagmentation fault (bsc#1157198).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.", - "Severity": "MEDIUM", - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00024.html", - "https://www.suse.com/support/security/rating/" - ] - }, - { - "VulnerabilityID": "openSUSE-SU-2019:2551-1", - "PkgName": "terminfo-base", - "InstalledVersion": "6.1-lp151.5.41", - "FixedVersion": "6.1-lp151.6.3.1", - "Layer": { - "DiffID": "sha256:f7f9ae80878a1c56d8f9ca977a5d844168f7afc0c1429feef9366e713eac06ff" - }, - "Title": "Security update for ncurses", - "Description": "This update for ncurses fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-17594: Fixed a heap-based buffer over-read in the _nc_find_entry function (bsc#1154036).\n- CVE-2019-17595: Fixed a heap-based buffer over-read in the fmt_entry function (bsc#1154037).\n\nNon-security issue fixed:\n\n- Removed screen.xterm from terminfo database (bsc#1103320).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", - "Severity": "MEDIUM", - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "https://www.suse.com/support/security/rating/" - ] - }, - { - "VulnerabilityID": "openSUSE-SU-2020:0255-1", - "PkgName": "zypper", - "InstalledVersion": "1.14.30-lp151.2.3.1", - "FixedVersion": "1.14.33-lp151.2.10.1", - "Layer": { - "DiffID": "sha256:f7f9ae80878a1c56d8f9ca977a5d844168f7afc0c1429feef9366e713eac06ff" - }, - "Title": "Security update for libsolv, libzypp, zypper", - "Description": "This update for libsolv, libzypp, zypper fixes the following issues:\n\n\nSecurity issue fixed:\n\n- CVE-2019-18900: Fixed assert cookie file that was world readable (bsc#1158763).\n\nBug fixes\n\n- Fixed removing orphaned packages dropped by to-be-installed products (bsc#1155819).\n- Adds libzypp API to mark all obsolete kernels according to the existing purge-kernel script rules (bsc#1155198).\n- Do not enforce 'en' being in RequestedLocales If the user decides to have a system without explicit language support he may do so (bsc#1155678). \n- Load only target resolvables for zypper rm (bsc#1157377).\n- Fix broken search by filelist (bsc#1135114).\n- Replace python by a bash script in zypper-log (fixes#304, fixes#306, bsc#1156158).\n- Do not sort out requested locales which are not available (bsc#1155678).\n- Prevent listing duplicate matches in tables. XML result is provided within the new list-patches-byissue element (bsc#1154805). \n- XML add patch issue-date and issue-list (bsc#1154805).\n- Fix zypper lp --cve/bugzilla/issue options (bsc#1155298).\n- Always execute commit when adding/removing locales (fixes bsc#1155205).\n- Fix description of --table-style,-s in man page (bsc#1154804).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.", - "Severity": "MEDIUM", - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00036.html", - "https://www.suse.com/support/security/rating/" - ] + "config": { + "Cmd": [ + "/bin/bash" + ], + "Labels": { + "org.openbuildservice.disturl": "obs://build.opensuse.org/openSUSE:Leap:15.1:Images/images/740264e3294afe7ca32a3ea9deb863d2-opensuse-leap-image:docker", + "org.opencontainers.image.created": "2019-11-05T15:54:10.571514200Z", + "org.opencontainers.image.description": "Image containing a minimal environment for containers based on openSUSE Leap 15.1.", + "org.opencontainers.image.title": "openSUSE Leap 15.1 Base Container", + "org.opencontainers.image.url": "https://www.opensuse.org/", + "org.opencontainers.image.vendor": "openSUSE Project", + "org.opencontainers.image.version": "15.1.3.67", + "org.opensuse.base.created": "2019-11-05T15:54:10.571514200Z", + "org.opensuse.base.description": "Image containing a minimal environment for containers based on openSUSE Leap 15.1.", + "org.opensuse.base.disturl": "obs://build.opensuse.org/openSUSE:Leap:15.1:Images/images/740264e3294afe7ca32a3ea9deb863d2-opensuse-leap-image:docker", + "org.opensuse.base.reference": "registry.opensuse.org/opensuse/leap:15.1.3.67", + "org.opensuse.base.title": "openSUSE Leap 15.1 Base Container", + "org.opensuse.base.url": "https://www.opensuse.org/", + "org.opensuse.base.vendor": "openSUSE Project", + "org.opensuse.base.version": "15.1.3.67", + "org.opensuse.reference": "registry.opensuse.org/opensuse/leap:15.1.3.67" + } } - ] - } -] \ No newline at end of file + } + }, + "Results": [ + { + "Target": "testdata/fixtures/images/opensuse-leap-151.tar.gz (opensuse.leap 15.1)", + "Class": "os-pkgs", + "Type": "opensuse.leap", + "Vulnerabilities": [ + { + "VulnerabilityID": "openSUSE-SU-2019:2596-1", + "PkgName": "cpio", + "InstalledVersion": "2.12-lp151.2.68", + "FixedVersion": "2.12-lp151.3.3.1", + "Layer": { + "DiffID": "sha256:f7f9ae80878a1c56d8f9ca977a5d844168f7afc0c1429feef9366e713eac06ff" + }, + "Title": "Security update for cpio", + "Description": "This update for cpio fixes the following issues:\n\n- CVE-2019-14866: Fixed an improper validation of the values written \n in the header of a TAR file through the to_oct() function which could \n have led to unexpected TAR generation (bsc#1155199).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", + "Severity": "MEDIUM", + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00076.html", + "https://www.suse.com/support/security/rating/" + ] + }, + { + "VulnerabilityID": "openSUSE-SU-2020:0166-1", + "PkgName": "libcom_err2", + "InstalledVersion": "1.43.8-lp151.5.6.1", + "FixedVersion": "1.43.8-lp151.5.12.1", + "Layer": { + "DiffID": "sha256:f7f9ae80878a1c56d8f9ca977a5d844168f7afc0c1429feef9366e713eac06ff" + }, + "Title": "Security update for e2fsprogs", + "Description": "This update for e2fsprogs fixes the following issues:\n\n- CVE-2019-5188: Fixed a code execution vulnerability in the directory rehashing functionality (bsc#1160571).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", + "Severity": "MEDIUM", + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", + "https://www.suse.com/support/security/rating/" + ] + }, + { + "VulnerabilityID": "openSUSE-SU-2020:0022-1", + "PkgName": "libgcrypt20", + "InstalledVersion": "1.8.2-lp151.9.4.1", + "FixedVersion": "1.8.2-lp151.9.7.1", + "Layer": { + "DiffID": "sha256:f7f9ae80878a1c56d8f9ca977a5d844168f7afc0c1429feef9366e713eac06ff" + }, + "Title": "Security update for libgcrypt", + "Description": "This update for libgcrypt fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-13627: Mitigation against an ECDSA timing attack (bsc#1148987).\n\nBug fixes:\n\n- Added CMAC AES self test (bsc#1155339).\n- Added CMAC TDES self test missing (bsc#1155338).\n- Fix test dsa-rfc6979 in FIPS mode.\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.", + "Severity": "MEDIUM", + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00018.html", + "https://www.suse.com/support/security/rating/" + ] + }, + { + "VulnerabilityID": "openSUSE-SU-2019:2611-1", + "PkgName": "libidn2-0", + "InstalledVersion": "2.0.4-lp151.2.3", + "FixedVersion": "2.2.0-lp151.3.3.1", + "Layer": { + "DiffID": "sha256:f7f9ae80878a1c56d8f9ca977a5d844168f7afc0c1429feef9366e713eac06ff" + }, + "Title": "Security update for libidn2", + "Description": "This update for libidn2 to version 2.2.0 fixes the following issues:\n\n- CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884).\n- CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", + "Severity": "MEDIUM", + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00009.html", + "https://www.suse.com/support/security/rating/" + ] + }, + { + "VulnerabilityID": "openSUSE-SU-2019:2551-1", + "PkgName": "libncurses6", + "InstalledVersion": "6.1-lp151.5.41", + "FixedVersion": "6.1-lp151.6.3.1", + "Layer": { + "DiffID": "sha256:f7f9ae80878a1c56d8f9ca977a5d844168f7afc0c1429feef9366e713eac06ff" + }, + "Title": "Security update for ncurses", + "Description": "This update for ncurses fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-17594: Fixed a heap-based buffer over-read in the _nc_find_entry function (bsc#1154036).\n- CVE-2019-17595: Fixed a heap-based buffer over-read in the fmt_entry function (bsc#1154037).\n\nNon-security issue fixed:\n\n- Removed screen.xterm from terminfo database (bsc#1103320).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", + "Severity": "MEDIUM", + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "https://www.suse.com/support/security/rating/" + ] + }, + { + "VulnerabilityID": "openSUSE-SU-2020:0062-1", + "PkgName": "libopenssl1_1", + "InstalledVersion": "1.1.0i-lp151.8.3.1", + "FixedVersion": "1.1.0i-lp151.8.6.1", + "Layer": { + "DiffID": "sha256:f7f9ae80878a1c56d8f9ca977a5d844168f7afc0c1429feef9366e713eac06ff" + }, + "Title": "Security update for openssl-1_1", + "Description": "This update for openssl-1_1 fixes the following issues:\n\nSecurity issue fixed:\n\n- CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809). \n\nVarious FIPS related improvements were done:\n\n- FIPS: Backport SSH KDF to openssl (jsc#SLE-8789, bsc#1157775).\n- Port FIPS patches from SLE-12 (bsc#1158101).\n- Use SHA-2 in the RSA pairwise consistency check (bsc#1155346).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.", + "Severity": "MEDIUM", + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html", + "https://www.suse.com/support/security/rating/" + ] + }, + { + "VulnerabilityID": "openSUSE-SU-2020:0255-1", + "PkgName": "libsolv-tools", + "InstalledVersion": "0.7.6-lp151.2.3.2", + "FixedVersion": "0.7.10-lp151.2.10.1", + "Layer": { + "DiffID": "sha256:f7f9ae80878a1c56d8f9ca977a5d844168f7afc0c1429feef9366e713eac06ff" + }, + "Title": "Security update for libsolv, libzypp, zypper", + "Description": "This update for libsolv, libzypp, zypper fixes the following issues:\n\n\nSecurity issue fixed:\n\n- CVE-2019-18900: Fixed assert cookie file that was world readable (bsc#1158763).\n\nBug fixes\n\n- Fixed removing orphaned packages dropped by to-be-installed products (bsc#1155819).\n- Adds libzypp API to mark all obsolete kernels according to the existing purge-kernel script rules (bsc#1155198).\n- Do not enforce 'en' being in RequestedLocales If the user decides to have a system without explicit language support he may do so (bsc#1155678). \n- Load only target resolvables for zypper rm (bsc#1157377).\n- Fix broken search by filelist (bsc#1135114).\n- Replace python by a bash script in zypper-log (fixes#304, fixes#306, bsc#1156158).\n- Do not sort out requested locales which are not available (bsc#1155678).\n- Prevent listing duplicate matches in tables. XML result is provided within the new list-patches-byissue element (bsc#1154805). \n- XML add patch issue-date and issue-list (bsc#1154805).\n- Fix zypper lp --cve/bugzilla/issue options (bsc#1155298).\n- Always execute commit when adding/removing locales (fixes bsc#1155205).\n- Fix description of --table-style,-s in man page (bsc#1154804).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.", + "Severity": "MEDIUM", + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00036.html", + "https://www.suse.com/support/security/rating/" + ] + }, + { + "VulnerabilityID": "openSUSE-SU-2019:2689-1", + "PkgName": "libssh4", + "InstalledVersion": "0.8.7-lp151.2.3.1", + "FixedVersion": "0.8.7-lp151.2.6.1", + "Layer": { + "DiffID": "sha256:f7f9ae80878a1c56d8f9ca977a5d844168f7afc0c1429feef9366e713eac06ff" + }, + "Title": "Security update for libssh", + "Description": "This update for libssh fixes the following issues:\n\n- CVE-2019-14889: Fixed an arbitrary command execution (bsc#1158095).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.", + "Severity": "HIGH", + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00033.html", + "https://www.suse.com/support/security/rating/" + ] + }, + { + "VulnerabilityID": "openSUSE-SU-2020:0102-1", + "PkgName": "libssh4", + "InstalledVersion": "0.8.7-lp151.2.3.1", + "FixedVersion": "0.8.7-lp151.2.9.1", + "Layer": { + "DiffID": "sha256:f7f9ae80878a1c56d8f9ca977a5d844168f7afc0c1429feef9366e713eac06ff" + }, + "Title": "Security update for libssh", + "Description": "This update for libssh fixes the following issues:\n\n- CVE-2019-14889: Fixed an unwanted command execution in scp caused by unsanitized location (bsc#1158095).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.", + "Severity": "HIGH", + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00047.html", + "https://www.suse.com/support/security/rating/" + ] + }, + { + "VulnerabilityID": "openSUSE-SU-2020:0208-1", + "PkgName": "libsystemd0", + "InstalledVersion": "234-lp151.26.4.1", + "FixedVersion": "234-lp151.26.7.1", + "Layer": { + "DiffID": "sha256:f7f9ae80878a1c56d8f9ca977a5d844168f7afc0c1429feef9366e713eac06ff" + }, + "Title": "Security update for systemd", + "Description": "This update for systemd fixes the following issues:\n\n- CVE-2020-1712 (bsc#bsc#1162108)\n Fix a heap use-after-free vulnerability, when asynchronous\n Polkit queries were performed while handling Dbus messages. A local\n unprivileged attacker could have abused this flaw to crash systemd services or\n potentially execute code and elevate their privileges, by sending specially\n crafted Dbus messages.\n\n- Use suse.pool.ntp.org server pool on SLE distros (jsc#SLE-7683)\n\n- libblkid: open device in nonblock mode. (bsc#1084671)\n- udev/cdrom_id: Do not open CD-rom in exclusive mode. (bsc#1154256)\n- bus_open leak sd_event_source when udevadm trigger。 (bsc#1161436 CVE-2019-20386)\n- fileio: introduce read_full_virtual_file() for reading virtual files in sysfs, procfs (bsc#1133495 bsc#1159814)\n- fileio: initialize errno to zero before we do fread()\n- fileio: try to read one byte too much in read_full_stream()\n- logind: consider 'greeter' sessions suitable as 'display' sessions of a user (bsc#1158485)\n- logind: never elect a session that is stopping as display\n\n- journal: include kmsg lines from the systemd process which exec()d us (#8078)\n- udevd: don't use monitor after manager_exit()\n- udevd: capitalize log messages in on_sigchld()\n- udevd: merge conditions to decrease indentation\n- Revert 'udevd: fix crash when workers time out after exit is signal caught'\n- core: fragments of masked units ought not be considered for NeedDaemonReload (#7060) (bsc#1156482)\n- udevd: fix crash when workers time out after exit is signal caught\n- udevd: wait for workers to finish when exiting (bsc#1106383)\n\n- Improve bash completion support (bsc#1155207)\n * shell-completion: systemctl: do not list template units in {re,}start\n * shell-completion: systemctl: pass current word to all list_unit*\n * bash-completion: systemctl: pass current partial unit to list-unit* (bsc#1155207)\n * bash-completion: systemctl: use systemctl --no-pager\n * bash-completion: also suggest template unit files\n * bash-completion: systemctl: add missing options and verbs\n * bash-completion: use the first argument instead of the global variable (#6457)\n\n- networkd: VXLan Make group and remote variable separate (bsc#1156213)\n- networkd: vxlan require Remote= to be a non multicast address (#8117) (bsc#1156213)\n- fs-util: let's avoid unnecessary strerror()\n- fs-util: introduce inotify_add_watch_and_warn() helper\n- ask-password: improve log message when inotify limit is reached (bsc#1155574)\n- shared/install: failing with -ELOOP can be due to the use of an alias in install_error() (bsc#1151377)\n- man: alias names can't be used with enable command (bsc#1151377)\n\n- Add boot option to not use swap at system start (jsc#SLE-7689)\n\n- Allow YaST to select Iranian (Persian, Farsi) keyboard layout\n (bsc#1092920)\n \nThis update was imported from the SUSE:SLE-15:Update update project.", + "Severity": "HIGH", + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html", + "https://www.suse.com/support/security/rating/" + ] + }, + { + "VulnerabilityID": "openSUSE-SU-2020:0208-1", + "PkgName": "libudev1", + "InstalledVersion": "234-lp151.26.4.1", + "FixedVersion": "234-lp151.26.7.1", + "Layer": { + "DiffID": "sha256:f7f9ae80878a1c56d8f9ca977a5d844168f7afc0c1429feef9366e713eac06ff" + }, + "Title": "Security update for systemd", + "Description": "This update for systemd fixes the following issues:\n\n- CVE-2020-1712 (bsc#bsc#1162108)\n Fix a heap use-after-free vulnerability, when asynchronous\n Polkit queries were performed while handling Dbus messages. A local\n unprivileged attacker could have abused this flaw to crash systemd services or\n potentially execute code and elevate their privileges, by sending specially\n crafted Dbus messages.\n\n- Use suse.pool.ntp.org server pool on SLE distros (jsc#SLE-7683)\n\n- libblkid: open device in nonblock mode. (bsc#1084671)\n- udev/cdrom_id: Do not open CD-rom in exclusive mode. (bsc#1154256)\n- bus_open leak sd_event_source when udevadm trigger。 (bsc#1161436 CVE-2019-20386)\n- fileio: introduce read_full_virtual_file() for reading virtual files in sysfs, procfs (bsc#1133495 bsc#1159814)\n- fileio: initialize errno to zero before we do fread()\n- fileio: try to read one byte too much in read_full_stream()\n- logind: consider 'greeter' sessions suitable as 'display' sessions of a user (bsc#1158485)\n- logind: never elect a session that is stopping as display\n\n- journal: include kmsg lines from the systemd process which exec()d us (#8078)\n- udevd: don't use monitor after manager_exit()\n- udevd: capitalize log messages in on_sigchld()\n- udevd: merge conditions to decrease indentation\n- Revert 'udevd: fix crash when workers time out after exit is signal caught'\n- core: fragments of masked units ought not be considered for NeedDaemonReload (#7060) (bsc#1156482)\n- udevd: fix crash when workers time out after exit is signal caught\n- udevd: wait for workers to finish when exiting (bsc#1106383)\n\n- Improve bash completion support (bsc#1155207)\n * shell-completion: systemctl: do not list template units in {re,}start\n * shell-completion: systemctl: pass current word to all list_unit*\n * bash-completion: systemctl: pass current partial unit to list-unit* (bsc#1155207)\n * bash-completion: systemctl: use systemctl --no-pager\n * bash-completion: also suggest template unit files\n * bash-completion: systemctl: add missing options and verbs\n * bash-completion: use the first argument instead of the global variable (#6457)\n\n- networkd: VXLan Make group and remote variable separate (bsc#1156213)\n- networkd: vxlan require Remote= to be a non multicast address (#8117) (bsc#1156213)\n- fs-util: let's avoid unnecessary strerror()\n- fs-util: introduce inotify_add_watch_and_warn() helper\n- ask-password: improve log message when inotify limit is reached (bsc#1155574)\n- shared/install: failing with -ELOOP can be due to the use of an alias in install_error() (bsc#1151377)\n- man: alias names can't be used with enable command (bsc#1151377)\n\n- Add boot option to not use swap at system start (jsc#SLE-7689)\n\n- Allow YaST to select Iranian (Persian, Farsi) keyboard layout\n (bsc#1092920)\n \nThis update was imported from the SUSE:SLE-15:Update update project.", + "Severity": "HIGH", + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html", + "https://www.suse.com/support/security/rating/" + ] + }, + { + "VulnerabilityID": "openSUSE-SU-2019:2612-1", + "PkgName": "libxml2-2", + "InstalledVersion": "2.9.7-lp151.5.3.1", + "FixedVersion": "2.9.7-lp151.5.6.1", + "Layer": { + "DiffID": "sha256:f7f9ae80878a1c56d8f9ca977a5d844168f7afc0c1429feef9366e713eac06ff" + }, + "Title": "Security update for libxml2", + "Description": "This update for libxml2 doesn't fix any additional security issues, but correct its rpm changelog to reflect\nall CVEs that have been fixed over the past.\nThis update was imported from the SUSE:SLE-15:Update update project.", + "Severity": "UNKNOWN", + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00010.html", + "https://www.suse.com/support/security/rating/" + ] + }, + { + "VulnerabilityID": "openSUSE-SU-2020:0255-1", + "PkgName": "libzypp", + "InstalledVersion": "17.15.0-lp151.2.3.2", + "FixedVersion": "17.19.0-lp151.2.10.1", + "Layer": { + "DiffID": "sha256:f7f9ae80878a1c56d8f9ca977a5d844168f7afc0c1429feef9366e713eac06ff" + }, + "Title": "Security update for libsolv, libzypp, zypper", + "Description": "This update for libsolv, libzypp, zypper fixes the following issues:\n\n\nSecurity issue fixed:\n\n- CVE-2019-18900: Fixed assert cookie file that was world readable (bsc#1158763).\n\nBug fixes\n\n- Fixed removing orphaned packages dropped by to-be-installed products (bsc#1155819).\n- Adds libzypp API to mark all obsolete kernels according to the existing purge-kernel script rules (bsc#1155198).\n- Do not enforce 'en' being in RequestedLocales If the user decides to have a system without explicit language support he may do so (bsc#1155678). \n- Load only target resolvables for zypper rm (bsc#1157377).\n- Fix broken search by filelist (bsc#1135114).\n- Replace python by a bash script in zypper-log (fixes#304, fixes#306, bsc#1156158).\n- Do not sort out requested locales which are not available (bsc#1155678).\n- Prevent listing duplicate matches in tables. XML result is provided within the new list-patches-byissue element (bsc#1154805). \n- XML add patch issue-date and issue-list (bsc#1154805).\n- Fix zypper lp --cve/bugzilla/issue options (bsc#1155298).\n- Always execute commit when adding/removing locales (fixes bsc#1155205).\n- Fix description of --table-style,-s in man page (bsc#1154804).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.", + "Severity": "MEDIUM", + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00036.html", + "https://www.suse.com/support/security/rating/" + ] + }, + { + "VulnerabilityID": "openSUSE-SU-2019:2551-1", + "PkgName": "ncurses-utils", + "InstalledVersion": "6.1-lp151.5.41", + "FixedVersion": "6.1-lp151.6.3.1", + "Layer": { + "DiffID": "sha256:f7f9ae80878a1c56d8f9ca977a5d844168f7afc0c1429feef9366e713eac06ff" + }, + "Title": "Security update for ncurses", + "Description": "This update for ncurses fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-17594: Fixed a heap-based buffer over-read in the _nc_find_entry function (bsc#1154036).\n- CVE-2019-17595: Fixed a heap-based buffer over-read in the fmt_entry function (bsc#1154037).\n\nNon-security issue fixed:\n\n- Removed screen.xterm from terminfo database (bsc#1103320).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", + "Severity": "MEDIUM", + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "https://www.suse.com/support/security/rating/" + ] + }, + { + "VulnerabilityID": "openSUSE-SU-2020:0062-1", + "PkgName": "openssl-1_1", + "InstalledVersion": "1.1.0i-lp151.8.3.1", + "FixedVersion": "1.1.0i-lp151.8.6.1", + "Layer": { + "DiffID": "sha256:f7f9ae80878a1c56d8f9ca977a5d844168f7afc0c1429feef9366e713eac06ff" + }, + "Title": "Security update for openssl-1_1", + "Description": "This update for openssl-1_1 fixes the following issues:\n\nSecurity issue fixed:\n\n- CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809). \n\nVarious FIPS related improvements were done:\n\n- FIPS: Backport SSH KDF to openssl (jsc#SLE-8789, bsc#1157775).\n- Port FIPS patches from SLE-12 (bsc#1158101).\n- Use SHA-2 in the RSA pairwise consistency check (bsc#1155346).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.", + "Severity": "MEDIUM", + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html", + "https://www.suse.com/support/security/rating/" + ] + }, + { + "VulnerabilityID": "openSUSE-SU-2019:2672-1", + "PkgName": "permissions", + "InstalledVersion": "20181116-lp151.4.6.1", + "FixedVersion": "20181116-lp151.4.9.1", + "Layer": { + "DiffID": "sha256:f7f9ae80878a1c56d8f9ca977a5d844168f7afc0c1429feef9366e713eac06ff" + }, + "Title": "Security update for permissions", + "Description": "This update for permissions fixes the following issues:\n\n- CVE-2019-3688: Changed wrong ownership in /usr/sbin/pinger to root:squid\n which could have allowed a squid user to gain persistence by changing the \n binary (bsc#1093414).\n- CVE-2019-3690: Fixed a privilege escalation through untrusted symbolic \n links (bsc#1150734).\n- Fixed a regression which caused sagmentation fault (bsc#1157198).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.", + "Severity": "MEDIUM", + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00024.html", + "https://www.suse.com/support/security/rating/" + ] + }, + { + "VulnerabilityID": "openSUSE-SU-2019:2551-1", + "PkgName": "terminfo-base", + "InstalledVersion": "6.1-lp151.5.41", + "FixedVersion": "6.1-lp151.6.3.1", + "Layer": { + "DiffID": "sha256:f7f9ae80878a1c56d8f9ca977a5d844168f7afc0c1429feef9366e713eac06ff" + }, + "Title": "Security update for ncurses", + "Description": "This update for ncurses fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-17594: Fixed a heap-based buffer over-read in the _nc_find_entry function (bsc#1154036).\n- CVE-2019-17595: Fixed a heap-based buffer over-read in the fmt_entry function (bsc#1154037).\n\nNon-security issue fixed:\n\n- Removed screen.xterm from terminfo database (bsc#1103320).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", + "Severity": "MEDIUM", + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "https://www.suse.com/support/security/rating/" + ] + }, + { + "VulnerabilityID": "openSUSE-SU-2020:0255-1", + "PkgName": "zypper", + "InstalledVersion": "1.14.30-lp151.2.3.1", + "FixedVersion": "1.14.33-lp151.2.10.1", + "Layer": { + "DiffID": "sha256:f7f9ae80878a1c56d8f9ca977a5d844168f7afc0c1429feef9366e713eac06ff" + }, + "Title": "Security update for libsolv, libzypp, zypper", + "Description": "This update for libsolv, libzypp, zypper fixes the following issues:\n\n\nSecurity issue fixed:\n\n- CVE-2019-18900: Fixed assert cookie file that was world readable (bsc#1158763).\n\nBug fixes\n\n- Fixed removing orphaned packages dropped by to-be-installed products (bsc#1155819).\n- Adds libzypp API to mark all obsolete kernels according to the existing purge-kernel script rules (bsc#1155198).\n- Do not enforce 'en' being in RequestedLocales If the user decides to have a system without explicit language support he may do so (bsc#1155678). \n- Load only target resolvables for zypper rm (bsc#1157377).\n- Fix broken search by filelist (bsc#1135114).\n- Replace python by a bash script in zypper-log (fixes#304, fixes#306, bsc#1156158).\n- Do not sort out requested locales which are not available (bsc#1155678).\n- Prevent listing duplicate matches in tables. XML result is provided within the new list-patches-byissue element (bsc#1154805). \n- XML add patch issue-date and issue-list (bsc#1154805).\n- Fix zypper lp --cve/bugzilla/issue options (bsc#1155298).\n- Always execute commit when adding/removing locales (fixes bsc#1155205).\n- Fix description of --table-style,-s in man page (bsc#1154804).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.", + "Severity": "MEDIUM", + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00036.html", + "https://www.suse.com/support/security/rating/" + ] + } + ] + } + ] +} \ No newline at end of file diff --git a/integration/testdata/opensuse-leap-423.json.golden b/integration/testdata/opensuse-leap-423.json.golden index 16fefd8aa7..e3161e923e 100644 --- a/integration/testdata/opensuse-leap-423.json.golden +++ b/integration/testdata/opensuse-leap-423.json.golden @@ -1,7 +1,55 @@ -[ - { - "Target": "testdata/fixtures/images/opensuse-leap-423.tar.gz (opensuse.leap 42.3)", - "Class": "os-pkgs", - "Type": "opensuse.leap" - } -] \ No newline at end of file +{ + "SchemaVersion": 2, + "ArtifactName": "testdata/fixtures/images/opensuse-leap-423.tar.gz", + "ArtifactType": "container_image", + "Metadata": { + "OS": { + "Family": "opensuse.leap", + "Name": "42.3", + "EOSL": true + }, + "ImageID": "sha256:8e098189cc8dcb9cf52438dded1403b802a5822acb22e44db027705a146fef7a", + "DiffIDs": [ + "sha256:55e4cf12579297bd6b98a41e0f22e56241508b5f697dcc43ab9a3d7c546acb3c" + ], + "ImageConfig": { + "architecture": "amd64", + "author": "SUSE Containers Team \u003ccontainers@suse.com\u003e", + "created": "2019-08-13T08:49:10Z", + "history": [ + { + "created": "2019-08-13T08:48:40.372298552Z", + "created_by": "umoci config" + }, + { + "author": "SUSE Containers Team \u003ccontainers@suse.com\u003e", + "created": "2019-08-13T08:49:10.375196393Z", + "created_by": "umoci config", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:55e4cf12579297bd6b98a41e0f22e56241508b5f697dcc43ab9a3d7c546acb3c" + ] + }, + "config": { + "Cmd": [ + "/bin/bash" + ], + "Labels": { + "org.openbuildservice.disturl": "'obs://build.opensuse.org/Virtualization:containers:images:openSUSE-Leap-42.3/containers/e855437d458198eb2a8cf9d551fc66c3-openSUSE-Leap-42.3-container-image:docker'" + } + } + } + }, + "Results": [ + { + "Target": "testdata/fixtures/images/opensuse-leap-423.tar.gz (opensuse.leap 42.3)", + "Class": "os-pkgs", + "Type": "opensuse.leap" + } + ] +} \ No newline at end of file diff --git a/integration/testdata/oraclelinux-6-slim.json.golden b/integration/testdata/oraclelinux-6-slim.json.golden index 68768eb078..b8f07763b8 100644 --- a/integration/testdata/oraclelinux-6-slim.json.golden +++ b/integration/testdata/oraclelinux-6-slim.json.golden @@ -1,504 +1,563 @@ -[ - { - "Target": "testdata/fixtures/images/oraclelinux-6-slim.tar.gz (oracle 6.10)", - "Class": "os-pkgs", - "Type": "oracle", - "Vulnerabilities": [ - { - "VulnerabilityID": "CVE-2019-3862", - "PkgName": "libssh2", - "InstalledVersion": "1.4.2-2.el6_7.1", - "FixedVersion": "1.4.2-2.0.1.el6_7.1", - "Layer": { - "DiffID": "sha256:a6f189f69066d36aff8efe2602482d28c02de433aef44ee9087b291df7e8fd08" +{ + "SchemaVersion": 2, + "ArtifactName": "testdata/fixtures/images/oraclelinux-6-slim.tar.gz", + "ArtifactType": "container_image", + "Metadata": { + "OS": { + "Family": "oracle", + "Name": "6.10", + "EOSL": true + }, + "ImageID": "sha256:0689e911150c66c3f03c9b184239ff5578685f0de9f913e1fbfff71a6bb77461", + "DiffIDs": [ + "sha256:a6f189f69066d36aff8efe2602482d28c02de433aef44ee9087b291df7e8fd08" + ], + "ImageConfig": { + "architecture": "amd64", + "author": "Oracle Linux Product Team \u003col-ovm-info_ww@oracle.com\u003e", + "container": "8878731dd37dcf400770b7f4b72a1e8e84d21d1cc8c47e4f697e126493cd4d54", + "created": "2019-06-14T22:36:44.570639862Z", + "docker_version": "18.06.1-ce", + "history": [ + { + "author": "Oracle Linux Product Team \u003col-ovm-info_ww@oracle.com\u003e", + "created": "2018-08-30T21:49:27.028879762Z", + "created_by": "/bin/sh -c #(nop) MAINTAINER Oracle Linux Product Team \u003col-ovm-info_ww@oracle.com\u003e", + "empty_layer": true }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3862", - "Title": "libssh2: Out-of-bounds memory comparison with specially crafted message channel request", - "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 7.3 - } + { + "author": "Oracle Linux Product Team \u003col-ovm-info_ww@oracle.com\u003e", + "created": "2019-06-14T22:36:44.306550224Z", + "created_by": "/bin/sh -c #(nop) ADD file:f1e31a7216515c21d38e5af18cbaf6cac772a2f953ac2a9e7772beb29f2652d8 in / " }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3862.html", - "http://linux.oracle.com/errata/ELSA-2019-4693.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", - "http://www.openwall.com/lists/oss-security/2019/03/18/3", - "http://www.securityfocus.com/bid/107485", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3862", - "https://github.com/libssh2/libssh2/pull/316", - "https://libssh2.org/CVE-2019-3862.html", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://seclists.org/bugtraq/2019/Mar/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3862.html" - ], - "PublishedDate": "2019-03-21T16:01:00Z", - "LastModifiedDate": "2019-04-15T12:31:00Z" + { + "author": "Oracle Linux Product Team \u003col-ovm-info_ww@oracle.com\u003e", + "created": "2019-06-14T22:36:44.570639862Z", + "created_by": "/bin/sh -c #(nop) CMD [\"/bin/bash\"]", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:a6f189f69066d36aff8efe2602482d28c02de433aef44ee9087b291df7e8fd08" + ] }, - { - "VulnerabilityID": "CVE-2019-3855", - "PkgName": "libssh2", - "InstalledVersion": "1.4.2-2.el6_7.1", - "FixedVersion": "1.4.2-3.0.1.el6_10.1", - "Layer": { - "DiffID": "sha256:a6f189f69066d36aff8efe2602482d28c02de433aef44ee9087b291df7e8fd08" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3855", - "Title": "libssh2: Integer overflow in transport read resulting in out of bounds write", - "Description": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-190" + "config": { + "Cmd": [ + "/bin/bash" ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 9.3, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3855.html", - "http://linux.oracle.com/errata/ELSA-2019-1652.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", - "http://www.openwall.com/lists/oss-security/2019/03/18/3", - "http://www.securityfocus.com/bid/107485", - "https://access.redhat.com/errata/RHSA-2019:0679", - "https://access.redhat.com/errata/RHSA-2019:1175", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3855", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3855", - "https://github.com/libssh2/libssh2/pull/315", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://seclists.org/bugtraq/2019/Mar/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3855.html" + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ], - "PublishedDate": "2019-03-21T21:29:00Z", - "LastModifiedDate": "2019-05-14T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3856", - "PkgName": "libssh2", - "InstalledVersion": "1.4.2-2.el6_7.1", - "FixedVersion": "1.4.2-3.0.1.el6_10.1", - "Layer": { - "DiffID": "sha256:a6f189f69066d36aff8efe2602482d28c02de433aef44ee9087b291df7e8fd08" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3856", - "Title": "libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write", - "Description": "An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3856.html", - "http://linux.oracle.com/errata/ELSA-2019-1652.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "https://access.redhat.com/errata/RHSA-2019:0679", - "https://access.redhat.com/errata/RHSA-2019:1175", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3856", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3856", - "https://github.com/libssh2/libssh2/pull/315", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3856.html" - ], - "PublishedDate": "2019-03-25T19:29:00Z", - "LastModifiedDate": "2019-05-14T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3857", - "PkgName": "libssh2", - "InstalledVersion": "1.4.2-2.el6_7.1", - "FixedVersion": "1.4.2-3.0.1.el6_10.1", - "Layer": { - "DiffID": "sha256:a6f189f69066d36aff8efe2602482d28c02de433aef44ee9087b291df7e8fd08" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3857", - "Title": "libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write", - "Description": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3857.html", - "http://linux.oracle.com/errata/ELSA-2019-1652.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "https://access.redhat.com/errata/RHSA-2019:0679", - "https://access.redhat.com/errata/RHSA-2019:1175", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3857", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3857", - "https://github.com/libssh2/libssh2/pull/315", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3857.html" - ], - "PublishedDate": "2019-03-25T19:29:00Z", - "LastModifiedDate": "2019-05-14T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3863", - "PkgName": "libssh2", - "InstalledVersion": "1.4.2-2.el6_7.1", - "FixedVersion": "1.4.2-3.0.1.el6_10.1", - "Layer": { - "DiffID": "sha256:a6f189f69066d36aff8efe2602482d28c02de433aef44ee9087b291df7e8fd08" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3863", - "Title": "libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes", - "Description": "A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3863.html", - "http://linux.oracle.com/errata/ELSA-2019-1652.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "https://access.redhat.com/errata/RHSA-2019:0679", - "https://access.redhat.com/errata/RHSA-2019:1175", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3863", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3863", - "https://github.com/libssh2/libssh2/pull/315", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3863.html" - ], - "PublishedDate": "2019-03-25T18:29:00Z", - "LastModifiedDate": "2019-05-14T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-softokn", - "InstalledVersion": "3.14.3-23.3.0.1.el6_8", - "FixedVersion": "3.44.0-6.0.1.el6_10", - "Layer": { - "DiffID": "sha256:a6f189f69066d36aff8efe2602482d28c02de433aef44ee9087b291df7e8fd08" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.14.3-23.3.0.1.el6_8", - "FixedVersion": "3.44.0-6.0.1.el6_10", - "Layer": { - "DiffID": "sha256:a6f189f69066d36aff8efe2602482d28c02de433aef44ee9087b291df7e8fd08" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1559", - "PkgName": "openssl", - "InstalledVersion": "1.0.1e-57.0.6.el6", - "FixedVersion": "1.0.1e-58.0.1.el6_10", - "Layer": { - "DiffID": "sha256:a6f189f69066d36aff8efe2602482d28c02de433aef44ee9087b291df7e8fd08" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1559", - "Title": "openssl: 0-byte record padding oracle", - "Description": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", - "V3Score": 6.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-1559.html", - "http://linux.oracle.com/errata/ELSA-2019-2471.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html", - "http://www.securityfocus.com/bid/107174", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e", - "https://github.com/RUB-NDS/TLS-Padding-Oracles", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html", - "https://security.gentoo.org/glsa/201903-10", - "https://security.netapp.com/advisory/ntap-20190301-0001/", - "https://security.netapp.com/advisory/ntap-20190301-0002/", - "https://security.netapp.com/advisory/ntap-20190423-0002/", - "https://support.f5.com/csp/article/K18549143", - "https://usn.ubuntu.com/3899-1/", - "https://usn.ubuntu.com/usn/usn-3899-1", - "https://www.debian.org/security/2019/dsa-4400", - "https://www.openssl.org/news/secadv/20190226.txt", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "https://www.tenable.com/security/tns-2019-02", - "https://www.tenable.com/security/tns-2019-03" - ], - "PublishedDate": "2019-02-27T23:29:00Z", - "LastModifiedDate": "2019-05-22T00:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20852", - "PkgName": "python", - "InstalledVersion": "2.6.6-68.0.1.el6_10", - "FixedVersion": "2.6.6-68.0.2.el6_10", - "Layer": { - "DiffID": "sha256:a6f189f69066d36aff8efe2602482d28c02de433aef44ee9087b291df7e8fd08" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20852", - "Title": "python: Cookie domain check returns incorrect results", - "Description": "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-20852.html", - "http://linux.oracle.com/errata/ELSA-2019-4884.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00071.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00074.html", - "https://bugs.python.org/issue35121", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20852", - "https://lists.debian.org/debian-lts-announce/2019/08/msg00022.html", - "https://python-security.readthedocs.io/vuln/cookie-domain-check.html", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-07-13T21:15:00Z", - "LastModifiedDate": "2019-08-17T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20852", - "PkgName": "python-libs", - "InstalledVersion": "2.6.6-68.0.1.el6_10", - "FixedVersion": "2.6.6-68.0.2.el6_10", - "Layer": { - "DiffID": "sha256:a6f189f69066d36aff8efe2602482d28c02de433aef44ee9087b291df7e8fd08" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20852", - "Title": "python: Cookie domain check returns incorrect results", - "Description": "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-20852.html", - "http://linux.oracle.com/errata/ELSA-2019-4884.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00071.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00074.html", - "https://bugs.python.org/issue35121", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20852", - "https://lists.debian.org/debian-lts-announce/2019/08/msg00022.html", - "https://python-security.readthedocs.io/vuln/cookie-domain-check.html", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-07-13T21:15:00Z", - "LastModifiedDate": "2019-08-17T21:15:00Z" + "Image": "sha256:c68f924be5159077a4d1c5de261fab2f423bffc06e1534a154306d551978a95c", + "ArgsEscaped": true } - ] - } -] \ No newline at end of file + } + }, + "Results": [ + { + "Target": "testdata/fixtures/images/oraclelinux-6-slim.tar.gz (oracle 6.10)", + "Class": "os-pkgs", + "Type": "oracle", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2019-3862", + "PkgName": "libssh2", + "InstalledVersion": "1.4.2-2.el6_7.1", + "FixedVersion": "1.4.2-2.0.1.el6_7.1", + "Layer": { + "DiffID": "sha256:a6f189f69066d36aff8efe2602482d28c02de433aef44ee9087b291df7e8fd08" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3862", + "Title": "libssh2: Out-of-bounds memory comparison with specially crafted message channel request", + "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-3862.html", + "http://linux.oracle.com/errata/ELSA-2019-4693.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", + "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", + "http://www.openwall.com/lists/oss-security/2019/03/18/3", + "http://www.securityfocus.com/bid/107485", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3862", + "https://github.com/libssh2/libssh2/pull/316", + "https://libssh2.org/CVE-2019-3862.html", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", + "https://seclists.org/bugtraq/2019/Apr/25", + "https://seclists.org/bugtraq/2019/Mar/25", + "https://security.netapp.com/advisory/ntap-20190327-0005/", + "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", + "https://www.debian.org/security/2019/dsa-4431", + "https://www.libssh2.org/CVE-2019-3862.html" + ], + "PublishedDate": "2019-03-21T16:01:00Z", + "LastModifiedDate": "2019-04-15T12:31:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3855", + "PkgName": "libssh2", + "InstalledVersion": "1.4.2-2.el6_7.1", + "FixedVersion": "1.4.2-3.0.1.el6_10.1", + "Layer": { + "DiffID": "sha256:a6f189f69066d36aff8efe2602482d28c02de433aef44ee9087b291df7e8fd08" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3855", + "Title": "libssh2: Integer overflow in transport read resulting in out of bounds write", + "Description": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 9.3, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-3855.html", + "http://linux.oracle.com/errata/ELSA-2019-1652.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", + "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", + "http://www.openwall.com/lists/oss-security/2019/03/18/3", + "http://www.securityfocus.com/bid/107485", + "https://access.redhat.com/errata/RHSA-2019:0679", + "https://access.redhat.com/errata/RHSA-2019:1175", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3855", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3855", + "https://github.com/libssh2/libssh2/pull/315", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", + "https://seclists.org/bugtraq/2019/Apr/25", + "https://seclists.org/bugtraq/2019/Mar/25", + "https://security.netapp.com/advisory/ntap-20190327-0005/", + "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", + "https://www.debian.org/security/2019/dsa-4431", + "https://www.libssh2.org/CVE-2019-3855.html" + ], + "PublishedDate": "2019-03-21T21:29:00Z", + "LastModifiedDate": "2019-05-14T21:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3856", + "PkgName": "libssh2", + "InstalledVersion": "1.4.2-2.el6_7.1", + "FixedVersion": "1.4.2-3.0.1.el6_10.1", + "Layer": { + "DiffID": "sha256:a6f189f69066d36aff8efe2602482d28c02de433aef44ee9087b291df7e8fd08" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3856", + "Title": "libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write", + "Description": "An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-3856.html", + "http://linux.oracle.com/errata/ELSA-2019-1652.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", + "https://access.redhat.com/errata/RHSA-2019:0679", + "https://access.redhat.com/errata/RHSA-2019:1175", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3856", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3856", + "https://github.com/libssh2/libssh2/pull/315", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", + "https://seclists.org/bugtraq/2019/Apr/25", + "https://security.netapp.com/advisory/ntap-20190327-0005/", + "https://www.debian.org/security/2019/dsa-4431", + "https://www.libssh2.org/CVE-2019-3856.html" + ], + "PublishedDate": "2019-03-25T19:29:00Z", + "LastModifiedDate": "2019-05-14T21:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3857", + "PkgName": "libssh2", + "InstalledVersion": "1.4.2-2.el6_7.1", + "FixedVersion": "1.4.2-3.0.1.el6_10.1", + "Layer": { + "DiffID": "sha256:a6f189f69066d36aff8efe2602482d28c02de433aef44ee9087b291df7e8fd08" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3857", + "Title": "libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write", + "Description": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-3857.html", + "http://linux.oracle.com/errata/ELSA-2019-1652.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", + "https://access.redhat.com/errata/RHSA-2019:0679", + "https://access.redhat.com/errata/RHSA-2019:1175", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3857", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3857", + "https://github.com/libssh2/libssh2/pull/315", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", + "https://seclists.org/bugtraq/2019/Apr/25", + "https://security.netapp.com/advisory/ntap-20190327-0005/", + "https://www.debian.org/security/2019/dsa-4431", + "https://www.libssh2.org/CVE-2019-3857.html" + ], + "PublishedDate": "2019-03-25T19:29:00Z", + "LastModifiedDate": "2019-05-14T21:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3863", + "PkgName": "libssh2", + "InstalledVersion": "1.4.2-2.el6_7.1", + "FixedVersion": "1.4.2-3.0.1.el6_10.1", + "Layer": { + "DiffID": "sha256:a6f189f69066d36aff8efe2602482d28c02de433aef44ee9087b291df7e8fd08" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3863", + "Title": "libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes", + "Description": "A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-3863.html", + "http://linux.oracle.com/errata/ELSA-2019-1652.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", + "https://access.redhat.com/errata/RHSA-2019:0679", + "https://access.redhat.com/errata/RHSA-2019:1175", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3863", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3863", + "https://github.com/libssh2/libssh2/pull/315", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", + "https://seclists.org/bugtraq/2019/Apr/25", + "https://security.netapp.com/advisory/ntap-20190327-0005/", + "https://www.debian.org/security/2019/dsa-4431", + "https://www.libssh2.org/CVE-2019-3863.html" + ], + "PublishedDate": "2019-03-25T18:29:00Z", + "LastModifiedDate": "2019-05-14T21:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11745", + "PkgName": "nss-softokn", + "InstalledVersion": "3.14.3-23.3.0.1.el6_8", + "FixedVersion": "3.44.0-6.0.1.el6_10", + "Layer": { + "DiffID": "sha256:a6f189f69066d36aff8efe2602482d28c02de433aef44ee9087b291df7e8fd08" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", + "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", + "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11745.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", + "https://usn.ubuntu.com/4241-1/", + "https://usn.ubuntu.com/usn/usn-4203-1", + "https://usn.ubuntu.com/usn/usn-4203-2", + "https://usn.ubuntu.com/usn/usn-4216-1", + "https://usn.ubuntu.com/usn/usn-4216-2", + "https://usn.ubuntu.com/usn/usn-4241-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", + "https://www.mozilla.org/security/advisories/mfsa2019-36/", + "https://www.mozilla.org/security/advisories/mfsa2019-37/", + "https://www.mozilla.org/security/advisories/mfsa2019-38/" + ], + "PublishedDate": "2020-01-08T20:15:00Z", + "LastModifiedDate": "2020-01-16T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11745", + "PkgName": "nss-softokn-freebl", + "InstalledVersion": "3.14.3-23.3.0.1.el6_8", + "FixedVersion": "3.44.0-6.0.1.el6_10", + "Layer": { + "DiffID": "sha256:a6f189f69066d36aff8efe2602482d28c02de433aef44ee9087b291df7e8fd08" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", + "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", + "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11745.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", + "https://usn.ubuntu.com/4241-1/", + "https://usn.ubuntu.com/usn/usn-4203-1", + "https://usn.ubuntu.com/usn/usn-4203-2", + "https://usn.ubuntu.com/usn/usn-4216-1", + "https://usn.ubuntu.com/usn/usn-4216-2", + "https://usn.ubuntu.com/usn/usn-4241-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", + "https://www.mozilla.org/security/advisories/mfsa2019-36/", + "https://www.mozilla.org/security/advisories/mfsa2019-37/", + "https://www.mozilla.org/security/advisories/mfsa2019-38/" + ], + "PublishedDate": "2020-01-08T20:15:00Z", + "LastModifiedDate": "2020-01-16T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1559", + "PkgName": "openssl", + "InstalledVersion": "1.0.1e-57.0.6.el6", + "FixedVersion": "1.0.1e-58.0.1.el6_10", + "Layer": { + "DiffID": "sha256:a6f189f69066d36aff8efe2602482d28c02de433aef44ee9087b291df7e8fd08" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1559", + "Title": "openssl: 0-byte record padding oracle", + "Description": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 6.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-1559.html", + "http://linux.oracle.com/errata/ELSA-2019-2471.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html", + "http://www.securityfocus.com/bid/107174", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e", + "https://github.com/RUB-NDS/TLS-Padding-Oracles", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html", + "https://security.gentoo.org/glsa/201903-10", + "https://security.netapp.com/advisory/ntap-20190301-0001/", + "https://security.netapp.com/advisory/ntap-20190301-0002/", + "https://security.netapp.com/advisory/ntap-20190423-0002/", + "https://support.f5.com/csp/article/K18549143", + "https://usn.ubuntu.com/3899-1/", + "https://usn.ubuntu.com/usn/usn-3899-1", + "https://www.debian.org/security/2019/dsa-4400", + "https://www.openssl.org/news/secadv/20190226.txt", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "https://www.tenable.com/security/tns-2019-02", + "https://www.tenable.com/security/tns-2019-03" + ], + "PublishedDate": "2019-02-27T23:29:00Z", + "LastModifiedDate": "2019-05-22T00:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20852", + "PkgName": "python", + "InstalledVersion": "2.6.6-68.0.1.el6_10", + "FixedVersion": "2.6.6-68.0.2.el6_10", + "Layer": { + "DiffID": "sha256:a6f189f69066d36aff8efe2602482d28c02de433aef44ee9087b291df7e8fd08" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20852", + "Title": "python: Cookie domain check returns incorrect results", + "Description": "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-20852.html", + "http://linux.oracle.com/errata/ELSA-2019-4884.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00071.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00074.html", + "https://bugs.python.org/issue35121", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20852", + "https://lists.debian.org/debian-lts-announce/2019/08/msg00022.html", + "https://python-security.readthedocs.io/vuln/cookie-domain-check.html", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-07-13T21:15:00Z", + "LastModifiedDate": "2019-08-17T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20852", + "PkgName": "python-libs", + "InstalledVersion": "2.6.6-68.0.1.el6_10", + "FixedVersion": "2.6.6-68.0.2.el6_10", + "Layer": { + "DiffID": "sha256:a6f189f69066d36aff8efe2602482d28c02de433aef44ee9087b291df7e8fd08" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20852", + "Title": "python: Cookie domain check returns incorrect results", + "Description": "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-20852.html", + "http://linux.oracle.com/errata/ELSA-2019-4884.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00071.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00074.html", + "https://bugs.python.org/issue35121", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20852", + "https://lists.debian.org/debian-lts-announce/2019/08/msg00022.html", + "https://python-security.readthedocs.io/vuln/cookie-domain-check.html", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-07-13T21:15:00Z", + "LastModifiedDate": "2019-08-17T21:15:00Z" + } + ] + } + ] +} \ No newline at end of file diff --git a/integration/testdata/oraclelinux-7-slim.json.golden b/integration/testdata/oraclelinux-7-slim.json.golden index 754a1e139b..b12afc1ecf 100644 --- a/integration/testdata/oraclelinux-7-slim.json.golden +++ b/integration/testdata/oraclelinux-7-slim.json.golden @@ -1,2713 +1,2771 @@ -[ - { - "Target": "testdata/fixtures/images/oraclelinux-7-slim.tar.gz (oracle 7.6)", - "Class": "os-pkgs", - "Type": "oracle", - "Vulnerabilities": [ - { - "VulnerabilityID": "CVE-2018-16842", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.0.1.el7_6.3", - "FixedVersion": "7.29.0-54.0.1.el7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" +{ + "SchemaVersion": 2, + "ArtifactName": "testdata/fixtures/images/oraclelinux-7-slim.tar.gz", + "ArtifactType": "container_image", + "Metadata": { + "OS": { + "Family": "oracle", + "Name": "7.6" + }, + "ImageID": "sha256:874477adb545ac1108a0c703bbf15f39cf00eb3a66052363ede44b971d648c29", + "DiffIDs": [ + "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + ], + "ImageConfig": { + "architecture": "amd64", + "author": "Oracle Linux Product Team \u003col-ovm-info_ww@oracle.com\u003e", + "container": "eef695e3d8b370ac9770c6437285ffaeee9197f6a902ed42c970f680c77d8c91", + "created": "2019-08-08T22:29:13.643372657Z", + "docker_version": "18.06.1-ce", + "history": [ + { + "author": "Oracle Linux Product Team \u003col-ovm-info_ww@oracle.com\u003e", + "created": "2018-08-30T21:49:27.028879762Z", + "created_by": "/bin/sh -c #(nop) MAINTAINER Oracle Linux Product Team \u003col-ovm-info_ww@oracle.com\u003e", + "empty_layer": true }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16842", - "Title": "curl: Heap-based buffer over-read in the curl tool warning formatting", - "Description": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", - "V3Score": 3.6 - } + { + "author": "Oracle Linux Product Team \u003col-ovm-info_ww@oracle.com\u003e", + "created": "2019-08-08T22:29:13.37257495Z", + "created_by": "/bin/sh -c #(nop) ADD file:ec6faaeaeb57818c0cdf4a109896315eb8c8d30a8d0a3fddce47d0479ec28fcf in / " }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16842.html", - "http://linux.oracle.com/errata/ELSA-2019-2181.html", - "http://www.securitytracker.com/id/1042014", - "https://access.redhat.com/errata/RHSA-2019:2181", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842", - "https://curl.haxx.se/docs/CVE-2018-16842.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16842", - "https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", - "https://security.gentoo.org/glsa/201903-03", - "https://usn.ubuntu.com/3805-1/", - "https://usn.ubuntu.com/3805-2/", - "https://usn.ubuntu.com/usn/usn-3805-1", - "https://usn.ubuntu.com/usn/usn-3805-2", - "https://www.debian.org/security/2018/dsa-4331" - ], - "PublishedDate": "2018-10-31T19:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" + { + "author": "Oracle Linux Product Team \u003col-ovm-info_ww@oracle.com\u003e", + "created": "2019-08-08T22:29:13.643372657Z", + "created_by": "/bin/sh -c #(nop) CMD [\"/bin/bash\"]", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + ] }, - { - "VulnerabilityID": "CVE-2018-16402", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16402", - "Title": "elfutils: Double-free due to double decompression of sections in crafted ELF causes crash", - "Description": "libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-415" + "config": { + "Cmd": [ + "/bin/bash" ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16402.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16402", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23528", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ], - "PublishedDate": "2018-09-03T19:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16062", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16062", - "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file", - "Description": "dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16062.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23541", - "https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-08-29T03:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16403", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16403", - "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash", - "Description": "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16403.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16403", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23529", - "https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-09-03T19:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18310", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18310", - "Title": "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl", - "Description": "An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18310.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23752", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-15T02:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18520", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18520", - "Title": "elfutils: eu-size cannot handle recursive ar files", - "Description": "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18520.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23787", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-19T17:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18521", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18521", - "Title": "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c", - "Description": "Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-369" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18521.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23786", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-19T17:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7149", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7149", - "Title": "elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw", - "Description": "A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7149.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7149", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24102", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-01-29T00:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7150", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7150", - "Title": "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c", - "Description": "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7150.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24103", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-01-29T00:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7664", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7664", - "Title": "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h", - "Description": "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7664.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24084" - ], - "PublishedDate": "2019-02-09T16:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7665", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7665", - "Title": "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c", - "Description": "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7665.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24089", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-02-09T16:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10739", - "PkgName": "glibc", - "InstalledVersion": "2.17-260.0.17.el7_6.6", - "FixedVersion": "2.17-292.0.1.el7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10739", - "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4.6, - "V3Score": 5.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-10739.html", - "http://linux.oracle.com/errata/ELSA-2019-3513.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html", - "http://www.securityfocus.com/bid/106672", - "https://access.redhat.com/errata/RHSA-2019:2118", - "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20018" - ], - "PublishedDate": "2019-01-21T19:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10739", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-260.0.17.el7_6.6", - "FixedVersion": "2.17-292.0.1.el7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10739", - "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4.6, - "V3Score": 5.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-10739.html", - "http://linux.oracle.com/errata/ELSA-2019-3513.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html", - "http://www.securityfocus.com/bid/106672", - "https://access.redhat.com/errata/RHSA-2019:2118", - "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20018" - ], - "PublishedDate": "2019-01-21T19:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16842", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.0.1.el7_6.3", - "FixedVersion": "7.29.0-54.0.1.el7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16842", - "Title": "curl: Heap-based buffer over-read in the curl tool warning formatting", - "Description": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16842.html", - "http://linux.oracle.com/errata/ELSA-2019-2181.html", - "http://www.securitytracker.com/id/1042014", - "https://access.redhat.com/errata/RHSA-2019:2181", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842", - "https://curl.haxx.se/docs/CVE-2018-16842.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16842", - "https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", - "https://security.gentoo.org/glsa/201903-03", - "https://usn.ubuntu.com/3805-1/", - "https://usn.ubuntu.com/3805-2/", - "https://usn.ubuntu.com/usn/usn-3805-1", - "https://usn.ubuntu.com/usn/usn-3805-2", - "https://www.debian.org/security/2018/dsa-4331" - ], - "PublishedDate": "2018-10-31T19:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3858", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.0.1.el7_6.3", - "FixedVersion": "1.8.0-3.el7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3858", - "Title": "libssh2: Zero-byte allocation with a specially crafted SFTP packed leading to an out-of-bounds read", - "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3858.html", - "http://linux.oracle.com/errata/ELSA-2019-2136.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", - "http://www.openwall.com/lists/oss-security/2019/03/18/3", - "http://www.securityfocus.com/bid/107485", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3858", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3858", - "https://github.com/libssh2/libssh2/pull/316", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://seclists.org/bugtraq/2019/Mar/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3858.html" - ], - "PublishedDate": "2019-03-21T21:29:00Z", - "LastModifiedDate": "2019-04-15T12:31:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3861", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.0.1.el7_6.3", - "FixedVersion": "1.8.0-3.el7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3861", - "Title": "libssh2: Out-of-bounds reads with specially crafted SSH packets", - "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3861.html", - "http://linux.oracle.com/errata/ELSA-2019-2136.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3861", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3861", - "https://github.com/libssh2/libssh2/pull/316", - "https://libssh2.org/CVE-2019-3861.html", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3861.html" - ], - "PublishedDate": "2019-03-25T19:29:00Z", - "LastModifiedDate": "2019-04-15T12:31:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0495", - "PkgName": "nspr", - "InstalledVersion": "4.19.0-1.el7_5", - "FixedVersion": "4.21.0-1.el7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", - "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", - "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0495.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://www.securitytracker.com/id/1041144", - "http://www.securitytracker.com/id/1041147", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1296", - "https://access.redhat.com/errata/RHSA-2019:1297", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", - "https://dev.gnupg.org/T4011", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", - "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", - "https://usn.ubuntu.com/3689-1/", - "https://usn.ubuntu.com/3689-2/", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/3850-1/", - "https://usn.ubuntu.com/3850-2/", - "https://usn.ubuntu.com/usn/usn-3689-1", - "https://usn.ubuntu.com/usn/usn-3689-2", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.debian.org/security/2018/dsa-4231", - "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-06-13T23:29:00Z", - "LastModifiedDate": "2019-05-30T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12404", - "PkgName": "nspr", - "InstalledVersion": "4.19.0-1.el7_5", - "FixedVersion": "4.21.0-1.el7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", - "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", - "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://cat.eyalro.net/", - "http://linux.oracle.com/cve/CVE-2018-12404.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", - "http://www.securityfocus.com/bid/107260", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2" - ], - "PublishedDate": "2019-05-02T17:29:00Z", - "LastModifiedDate": "2019-07-20T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11729", - "PkgName": "nss", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-7.el7_7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", - "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", - "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11729.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0495", - "PkgName": "nss", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", - "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", - "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0495.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://www.securitytracker.com/id/1041144", - "http://www.securitytracker.com/id/1041147", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1296", - "https://access.redhat.com/errata/RHSA-2019:1297", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", - "https://dev.gnupg.org/T4011", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", - "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", - "https://usn.ubuntu.com/3689-1/", - "https://usn.ubuntu.com/3689-2/", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/3850-1/", - "https://usn.ubuntu.com/3850-2/", - "https://usn.ubuntu.com/usn/usn-3689-1", - "https://usn.ubuntu.com/usn/usn-3689-2", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.debian.org/security/2018/dsa-4231", - "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-06-13T23:29:00Z", - "LastModifiedDate": "2019-05-30T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12404", - "PkgName": "nss", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", - "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", - "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://cat.eyalro.net/", - "http://linux.oracle.com/cve/CVE-2018-12404.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", - "http://www.securityfocus.com/bid/107260", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2" - ], - "PublishedDate": "2019-05-02T17:29:00Z", - "LastModifiedDate": "2019-07-20T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-7.el7_7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11729", - "PkgName": "nss-softokn", - "InstalledVersion": "3.36.0-5.0.1.el7_5", - "FixedVersion": "3.44.0-8.0.1.el7_7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", - "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", - "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11729.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0495", - "PkgName": "nss-softokn", - "InstalledVersion": "3.36.0-5.0.1.el7_5", - "FixedVersion": "3.44.0-5.0.1.el7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", - "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", - "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0495.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://www.securitytracker.com/id/1041144", - "http://www.securitytracker.com/id/1041147", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1296", - "https://access.redhat.com/errata/RHSA-2019:1297", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", - "https://dev.gnupg.org/T4011", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", - "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", - "https://usn.ubuntu.com/3689-1/", - "https://usn.ubuntu.com/3689-2/", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/3850-1/", - "https://usn.ubuntu.com/3850-2/", - "https://usn.ubuntu.com/usn/usn-3689-1", - "https://usn.ubuntu.com/usn/usn-3689-2", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.debian.org/security/2018/dsa-4231", - "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-06-13T23:29:00Z", - "LastModifiedDate": "2019-05-30T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12404", - "PkgName": "nss-softokn", - "InstalledVersion": "3.36.0-5.0.1.el7_5", - "FixedVersion": "3.44.0-5.0.1.el7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", - "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", - "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://cat.eyalro.net/", - "http://linux.oracle.com/cve/CVE-2018-12404.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", - "http://www.securityfocus.com/bid/107260", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2" - ], - "PublishedDate": "2019-05-02T17:29:00Z", - "LastModifiedDate": "2019-07-20T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-softokn", - "InstalledVersion": "3.36.0-5.0.1.el7_5", - "FixedVersion": "3.44.0-8.0.1.el7_7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11729", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.36.0-5.0.1.el7_5", - "FixedVersion": "3.44.0-8.0.1.el7_7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", - "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", - "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11729.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0495", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.36.0-5.0.1.el7_5", - "FixedVersion": "3.44.0-5.0.1.el7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", - "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", - "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0495.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://www.securitytracker.com/id/1041144", - "http://www.securitytracker.com/id/1041147", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1296", - "https://access.redhat.com/errata/RHSA-2019:1297", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", - "https://dev.gnupg.org/T4011", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", - "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", - "https://usn.ubuntu.com/3689-1/", - "https://usn.ubuntu.com/3689-2/", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/3850-1/", - "https://usn.ubuntu.com/3850-2/", - "https://usn.ubuntu.com/usn/usn-3689-1", - "https://usn.ubuntu.com/usn/usn-3689-2", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.debian.org/security/2018/dsa-4231", - "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-06-13T23:29:00Z", - "LastModifiedDate": "2019-05-30T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12404", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.36.0-5.0.1.el7_5", - "FixedVersion": "3.44.0-5.0.1.el7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", - "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", - "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://cat.eyalro.net/", - "http://linux.oracle.com/cve/CVE-2018-12404.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", - "http://www.securityfocus.com/bid/107260", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2" - ], - "PublishedDate": "2019-05-02T17:29:00Z", - "LastModifiedDate": "2019-07-20T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.36.0-5.0.1.el7_5", - "FixedVersion": "3.44.0-8.0.1.el7_7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11729", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-7.el7_7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", - "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", - "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11729.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0495", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", - "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", - "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0495.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://www.securitytracker.com/id/1041144", - "http://www.securitytracker.com/id/1041147", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1296", - "https://access.redhat.com/errata/RHSA-2019:1297", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", - "https://dev.gnupg.org/T4011", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", - "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", - "https://usn.ubuntu.com/3689-1/", - "https://usn.ubuntu.com/3689-2/", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/3850-1/", - "https://usn.ubuntu.com/3850-2/", - "https://usn.ubuntu.com/usn/usn-3689-1", - "https://usn.ubuntu.com/usn/usn-3689-2", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.debian.org/security/2018/dsa-4231", - "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-06-13T23:29:00Z", - "LastModifiedDate": "2019-05-30T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12404", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", - "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", - "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://cat.eyalro.net/", - "http://linux.oracle.com/cve/CVE-2018-12404.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", - "http://www.securityfocus.com/bid/107260", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2" - ], - "PublishedDate": "2019-05-02T17:29:00Z", - "LastModifiedDate": "2019-07-20T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-7.el7_7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11729", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-7.el7_7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", - "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", - "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11729.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0495", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", - "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", - "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0495.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://www.securitytracker.com/id/1041144", - "http://www.securitytracker.com/id/1041147", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1296", - "https://access.redhat.com/errata/RHSA-2019:1297", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", - "https://dev.gnupg.org/T4011", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", - "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", - "https://usn.ubuntu.com/3689-1/", - "https://usn.ubuntu.com/3689-2/", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/3850-1/", - "https://usn.ubuntu.com/3850-2/", - "https://usn.ubuntu.com/usn/usn-3689-1", - "https://usn.ubuntu.com/usn/usn-3689-2", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.debian.org/security/2018/dsa-4231", - "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-06-13T23:29:00Z", - "LastModifiedDate": "2019-05-30T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12404", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", - "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", - "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://cat.eyalro.net/", - "http://linux.oracle.com/cve/CVE-2018-12404.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", - "http://www.securityfocus.com/bid/107260", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2" - ], - "PublishedDate": "2019-05-02T17:29:00Z", - "LastModifiedDate": "2019-07-20T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-7.el7_7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11729", - "PkgName": "nss-util", - "InstalledVersion": "3.36.0-1.1.el7_6", - "FixedVersion": "3.44.0-4.el7_7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", - "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", - "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11729.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0495", - "PkgName": "nss-util", - "InstalledVersion": "3.36.0-1.1.el7_6", - "FixedVersion": "3.44.0-3.el7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", - "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", - "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0495.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://www.securitytracker.com/id/1041144", - "http://www.securitytracker.com/id/1041147", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1296", - "https://access.redhat.com/errata/RHSA-2019:1297", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", - "https://dev.gnupg.org/T4011", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", - "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", - "https://usn.ubuntu.com/3689-1/", - "https://usn.ubuntu.com/3689-2/", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/3850-1/", - "https://usn.ubuntu.com/3850-2/", - "https://usn.ubuntu.com/usn/usn-3689-1", - "https://usn.ubuntu.com/usn/usn-3689-2", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.debian.org/security/2018/dsa-4231", - "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-06-13T23:29:00Z", - "LastModifiedDate": "2019-05-30T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12404", - "PkgName": "nss-util", - "InstalledVersion": "3.36.0-1.1.el7_6", - "FixedVersion": "3.44.0-3.el7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", - "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", - "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://cat.eyalro.net/", - "http://linux.oracle.com/cve/CVE-2018-12404.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", - "http://www.securityfocus.com/bid/107260", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2" - ], - "PublishedDate": "2019-05-02T17:29:00Z", - "LastModifiedDate": "2019-07-20T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-util", - "InstalledVersion": "3.36.0-1.1.el7_6", - "FixedVersion": "3.44.0-4.el7_7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0734", - "PkgName": "openssl-libs", - "InstalledVersion": "1:1.0.2k-16.0.1.el7_6.1", - "FixedVersion": "1:1.0.2k-19.0.1.el7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0734", - "Title": "openssl: timing side channel attack in the DSA signature algorithm", - "Description": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-320" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0734.html", - "http://linux.oracle.com/errata/ELSA-2019-3700.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html", - "http://www.securityfocus.com/bid/105758", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7", - "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", - "https://security.netapp.com/advisory/ntap-20181105-0002/", - "https://security.netapp.com/advisory/ntap-20190118-0002/", - "https://security.netapp.com/advisory/ntap-20190423-0002/", - "https://usn.ubuntu.com/3840-1/", - "https://usn.ubuntu.com/usn/usn-3840-1", - "https://www.debian.org/security/2018/dsa-4348", - "https://www.debian.org/security/2018/dsa-4355", - "https://www.openssl.org/news/secadv/20181030.txt", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "https://www.tenable.com/security/tns-2018-16", - "https://www.tenable.com/security/tns-2018-17" - ], - "PublishedDate": "2018-10-30T12:29:00Z", - "LastModifiedDate": "2019-06-11T22:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1559", - "PkgName": "openssl-libs", - "InstalledVersion": "1:1.0.2k-16.0.1.el7_6.1", - "FixedVersion": "1:1.0.2k-19.0.1.el7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1559", - "Title": "openssl: 0-byte record padding oracle", - "Description": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", - "V3Score": 6.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-1559.html", - "http://linux.oracle.com/errata/ELSA-2019-2471.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html", - "http://www.securityfocus.com/bid/107174", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e", - "https://github.com/RUB-NDS/TLS-Padding-Oracles", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html", - "https://security.gentoo.org/glsa/201903-10", - "https://security.netapp.com/advisory/ntap-20190301-0001/", - "https://security.netapp.com/advisory/ntap-20190301-0002/", - "https://security.netapp.com/advisory/ntap-20190423-0002/", - "https://support.f5.com/csp/article/K18549143", - "https://usn.ubuntu.com/3899-1/", - "https://usn.ubuntu.com/usn/usn-3899-1", - "https://www.debian.org/security/2019/dsa-4400", - "https://www.openssl.org/news/secadv/20190226.txt", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "https://www.tenable.com/security/tns-2019-02", - "https://www.tenable.com/security/tns-2019-03" - ], - "PublishedDate": "2019-02-27T23:29:00Z", - "LastModifiedDate": "2019-05-22T00:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9948", - "PkgName": "python", - "InstalledVersion": "2.7.5-80.0.1.el7_6", - "FixedVersion": "2.7.5-86.0.1.el7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9948", - "Title": "python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms", - "Description": "urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", - "V3Score": 7.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9948.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", - "http://www.securityfocus.com/bid/107549", - "https://bugs.python.org/issue35907", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948", - "https://github.com/python/cpython/pull/11842", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", - "https://security.netapp.com/advisory/ntap-20190404-0004/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-23T18:29:00Z", - "LastModifiedDate": "2019-06-19T02:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-14647", - "PkgName": "python", - "InstalledVersion": "2.7.5-80.0.1.el7_6", - "FixedVersion": "2.7.5-86.0.1.el7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14647", - "Title": "python: Missing salt initialization in _elementtree.c module", - "Description": "Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. Python 3.8, 3.7, 3.6, 3.5, 3.4, 2.7 are believed to be vulnerable.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-909" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-14647.html", - "http://linux.oracle.com/errata/ELSA-2019-2030.html", - "http://www.securityfocus.com/bid/105396", - "http://www.securitytracker.com/id/1041740", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://access.redhat.com/errata/RHSA-2019:2030", - "https://bugs.python.org/issue34623", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14647", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14647", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBJCB2HWOJLP3L7CUQHJHNBHLSVOXJE5/", - "https://usn.ubuntu.com/3817-1/", - "https://usn.ubuntu.com/3817-2/", - "https://usn.ubuntu.com/usn/usn-3817-1", - "https://usn.ubuntu.com/usn/usn-3817-2", - "https://www.debian.org/security/2018/dsa-4306", - "https://www.debian.org/security/2018/dsa-4307" - ], - "PublishedDate": "2018-09-25T00:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20852", - "PkgName": "python", - "InstalledVersion": "2.7.5-80.0.1.el7_6", - "FixedVersion": "2.7.5-86.0.3.el7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20852", - "Title": "python: Cookie domain check returns incorrect results", - "Description": "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-20852.html", - "http://linux.oracle.com/errata/ELSA-2019-4884.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00071.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00074.html", - "https://bugs.python.org/issue35121", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20852", - "https://lists.debian.org/debian-lts-announce/2019/08/msg00022.html", - "https://python-security.readthedocs.io/vuln/cookie-domain-check.html", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-07-13T21:15:00Z", - "LastModifiedDate": "2019-08-17T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5010", - "PkgName": "python", - "InstalledVersion": "2.7.5-80.0.1.el7_6", - "FixedVersion": "2.7.5-86.0.1.el7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5010", - "Title": "python: NULL pointer dereference using a specially crafted X509 certificate", - "Description": "An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-5010.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "https://access.redhat.com/errata/RHSA-2019:3520", - "https://access.redhat.com/errata/RHSA-2019:3725", - "https://blog.talosintelligence.com/2019/01/vulnerability-spotlight-pythonorg.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010", - "https://github.com/python/cpython/pull/11569", - "https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0758", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-10-31T21:15:00Z", - "LastModifiedDate": "2019-11-06T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9740", - "PkgName": "python", - "InstalledVersion": "2.7.5-80.0.1.el7_6", - "FixedVersion": "2.7.5-86.0.1.el7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9740", - "Title": "python: CRLF injection via the query part of the url passed to urlopen()", - "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-93" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V2Score": 4.3, - "V3Score": 6.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9740.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "http://www.securityfocus.com/bid/107466", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://bugs.python.org/issue36276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://python-security.readthedocs.io/vuln/http-header-injection2.html", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-13T03:29:00Z", - "LastModifiedDate": "2019-05-28T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9947", - "PkgName": "python", - "InstalledVersion": "2.7.5-80.0.1.el7_6", - "FixedVersion": "2.7.5-86.0.1.el7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9947", - "Title": "python: CRLF injection via the path part of the url passed to urlopen()", - "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-93" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V2Score": 4.3, - "V3Score": 6.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9947.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://bugs.python.org/issue35906", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9947", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://python-security.readthedocs.io/vuln/http-header-injection2.html", - "https://security.netapp.com/advisory/ntap-20190404-0004/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-23T18:29:00Z", - "LastModifiedDate": "2019-05-28T19:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9948", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-80.0.1.el7_6", - "FixedVersion": "2.7.5-86.0.1.el7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9948", - "Title": "python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms", - "Description": "urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", - "V3Score": 7.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9948.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", - "http://www.securityfocus.com/bid/107549", - "https://bugs.python.org/issue35907", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948", - "https://github.com/python/cpython/pull/11842", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", - "https://security.netapp.com/advisory/ntap-20190404-0004/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-23T18:29:00Z", - "LastModifiedDate": "2019-06-19T02:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-14647", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-80.0.1.el7_6", - "FixedVersion": "2.7.5-86.0.1.el7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14647", - "Title": "python: Missing salt initialization in _elementtree.c module", - "Description": "Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. Python 3.8, 3.7, 3.6, 3.5, 3.4, 2.7 are believed to be vulnerable.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-909" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-14647.html", - "http://linux.oracle.com/errata/ELSA-2019-2030.html", - "http://www.securityfocus.com/bid/105396", - "http://www.securitytracker.com/id/1041740", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://access.redhat.com/errata/RHSA-2019:2030", - "https://bugs.python.org/issue34623", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14647", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14647", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBJCB2HWOJLP3L7CUQHJHNBHLSVOXJE5/", - "https://usn.ubuntu.com/3817-1/", - "https://usn.ubuntu.com/3817-2/", - "https://usn.ubuntu.com/usn/usn-3817-1", - "https://usn.ubuntu.com/usn/usn-3817-2", - "https://www.debian.org/security/2018/dsa-4306", - "https://www.debian.org/security/2018/dsa-4307" - ], - "PublishedDate": "2018-09-25T00:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20852", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-80.0.1.el7_6", - "FixedVersion": "2.7.5-86.0.3.el7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20852", - "Title": "python: Cookie domain check returns incorrect results", - "Description": "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-20852.html", - "http://linux.oracle.com/errata/ELSA-2019-4884.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00071.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00074.html", - "https://bugs.python.org/issue35121", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20852", - "https://lists.debian.org/debian-lts-announce/2019/08/msg00022.html", - "https://python-security.readthedocs.io/vuln/cookie-domain-check.html", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-07-13T21:15:00Z", - "LastModifiedDate": "2019-08-17T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5010", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-80.0.1.el7_6", - "FixedVersion": "2.7.5-86.0.1.el7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5010", - "Title": "python: NULL pointer dereference using a specially crafted X509 certificate", - "Description": "An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-5010.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "https://access.redhat.com/errata/RHSA-2019:3520", - "https://access.redhat.com/errata/RHSA-2019:3725", - "https://blog.talosintelligence.com/2019/01/vulnerability-spotlight-pythonorg.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010", - "https://github.com/python/cpython/pull/11569", - "https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0758", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-10-31T21:15:00Z", - "LastModifiedDate": "2019-11-06T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9740", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-80.0.1.el7_6", - "FixedVersion": "2.7.5-86.0.1.el7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9740", - "Title": "python: CRLF injection via the query part of the url passed to urlopen()", - "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-93" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V2Score": 4.3, - "V3Score": 6.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9740.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "http://www.securityfocus.com/bid/107466", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://bugs.python.org/issue36276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://python-security.readthedocs.io/vuln/http-header-injection2.html", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-13T03:29:00Z", - "LastModifiedDate": "2019-05-28T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9947", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-80.0.1.el7_6", - "FixedVersion": "2.7.5-86.0.1.el7", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9947", - "Title": "python: CRLF injection via the path part of the url passed to urlopen()", - "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-93" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V2Score": 4.3, - "V3Score": 6.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9947.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://bugs.python.org/issue35906", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9947", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://python-security.readthedocs.io/vuln/http-header-injection2.html", - "https://security.netapp.com/advisory/ntap-20190404-0004/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-23T18:29:00Z", - "LastModifiedDate": "2019-05-28T19:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13734", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "FixedVersion": "3.7.17-8.el7_7.1", - "Layer": { - "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13734", - "Title": "sqlite: fts3: improve shadow table corruption detection", - "Description": "Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 8.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-13734.html", - "http://linux.oracle.com/errata/ELSA-2020-0273.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html", - "https://access.redhat.com/errata/RHSA-2019:4238", - "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", - "https://crbug.com/1025466", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13734", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/" - ], - "PublishedDate": "2019-12-10T22:15:00Z", - "LastModifiedDate": "2019-12-16T12:15:00Z" + "Image": "sha256:9397663bff18e4294dec723411c402b55445d41c076040d050aaaaf1ac130313", + "ArgsEscaped": true } - ] - } -] \ No newline at end of file + } + }, + "Results": [ + { + "Target": "testdata/fixtures/images/oraclelinux-7-slim.tar.gz (oracle 7.6)", + "Class": "os-pkgs", + "Type": "oracle", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2018-16842", + "PkgName": "curl", + "InstalledVersion": "7.29.0-51.0.1.el7_6.3", + "FixedVersion": "7.29.0-54.0.1.el7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16842", + "Title": "curl: Heap-based buffer over-read in the curl tool warning formatting", + "Description": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", + "V3Score": 3.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16842.html", + "http://linux.oracle.com/errata/ELSA-2019-2181.html", + "http://www.securitytracker.com/id/1042014", + "https://access.redhat.com/errata/RHSA-2019:2181", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842", + "https://curl.haxx.se/docs/CVE-2018-16842.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16842", + "https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211", + "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", + "https://security.gentoo.org/glsa/201903-03", + "https://usn.ubuntu.com/3805-1/", + "https://usn.ubuntu.com/3805-2/", + "https://usn.ubuntu.com/usn/usn-3805-1", + "https://usn.ubuntu.com/usn/usn-3805-2", + "https://www.debian.org/security/2018/dsa-4331" + ], + "PublishedDate": "2018-10-31T19:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16402", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16402", + "Title": "elfutils: Double-free due to double decompression of sections in crafted ELF causes crash", + "Description": "libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16402.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16402", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23528", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-09-03T19:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16062", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16062", + "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file", + "Description": "dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16062.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://access.redhat.com/errata/RHSA-2019:2197", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23541", + "https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-08-29T03:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16403", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16403", + "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash", + "Description": "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16403.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://access.redhat.com/errata/RHSA-2019:2197", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16403", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23529", + "https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-09-03T19:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18310", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18310", + "Title": "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl", + "Description": "An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-18310.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23752", + "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-10-15T02:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18520", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18520", + "Title": "elfutils: eu-size cannot handle recursive ar files", + "Description": "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-18520.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23787", + "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-10-19T17:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18521", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18521", + "Title": "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c", + "Description": "Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-369" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-18521.html", + "http://linux.oracle.com/errata/ELSA-2019-2197.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23786", + "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2018-10-19T17:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7149", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7149", + "Title": "elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw", + "Description": "A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7149.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7149", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24102", + "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2019-01-29T00:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7150", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7150", + "Title": "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c", + "Description": "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7150.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24103", + "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2019-01-29T00:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7664", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7664", + "Title": "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h", + "Description": "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7664.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://access.redhat.com/errata/RHSA-2019:2197", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24084" + ], + "PublishedDate": "2019-02-09T16:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7665", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.172-2.el7", + "FixedVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7665", + "Title": "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c", + "Description": "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7665.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24089", + "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2019-02-09T16:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10739", + "PkgName": "glibc", + "InstalledVersion": "2.17-260.0.17.el7_6.6", + "FixedVersion": "2.17-292.0.1.el7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10739", + "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 4.6, + "V3Score": 5.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-10739.html", + "http://linux.oracle.com/errata/ELSA-2019-3513.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html", + "http://www.securityfocus.com/bid/106672", + "https://access.redhat.com/errata/RHSA-2019:2118", + "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20018" + ], + "PublishedDate": "2019-01-21T19:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10739", + "PkgName": "glibc-common", + "InstalledVersion": "2.17-260.0.17.el7_6.6", + "FixedVersion": "2.17-292.0.1.el7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10739", + "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 4.6, + "V3Score": 5.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-10739.html", + "http://linux.oracle.com/errata/ELSA-2019-3513.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html", + "http://www.securityfocus.com/bid/106672", + "https://access.redhat.com/errata/RHSA-2019:2118", + "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20018" + ], + "PublishedDate": "2019-01-21T19:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16842", + "PkgName": "libcurl", + "InstalledVersion": "7.29.0-51.0.1.el7_6.3", + "FixedVersion": "7.29.0-54.0.1.el7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16842", + "Title": "curl: Heap-based buffer over-read in the curl tool warning formatting", + "Description": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", + "V3Score": 3.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16842.html", + "http://linux.oracle.com/errata/ELSA-2019-2181.html", + "http://www.securitytracker.com/id/1042014", + "https://access.redhat.com/errata/RHSA-2019:2181", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842", + "https://curl.haxx.se/docs/CVE-2018-16842.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16842", + "https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211", + "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", + "https://security.gentoo.org/glsa/201903-03", + "https://usn.ubuntu.com/3805-1/", + "https://usn.ubuntu.com/3805-2/", + "https://usn.ubuntu.com/usn/usn-3805-1", + "https://usn.ubuntu.com/usn/usn-3805-2", + "https://www.debian.org/security/2018/dsa-4331" + ], + "PublishedDate": "2018-10-31T19:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3858", + "PkgName": "libssh2", + "InstalledVersion": "1.4.3-12.0.1.el7_6.3", + "FixedVersion": "1.8.0-3.el7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3858", + "Title": "libssh2: Zero-byte allocation with a specially crafted SFTP packed leading to an out-of-bounds read", + "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-3858.html", + "http://linux.oracle.com/errata/ELSA-2019-2136.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", + "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", + "http://www.openwall.com/lists/oss-security/2019/03/18/3", + "http://www.securityfocus.com/bid/107485", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3858", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3858", + "https://github.com/libssh2/libssh2/pull/316", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", + "https://seclists.org/bugtraq/2019/Apr/25", + "https://seclists.org/bugtraq/2019/Mar/25", + "https://security.netapp.com/advisory/ntap-20190327-0005/", + "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", + "https://www.debian.org/security/2019/dsa-4431", + "https://www.libssh2.org/CVE-2019-3858.html" + ], + "PublishedDate": "2019-03-21T21:29:00Z", + "LastModifiedDate": "2019-04-15T12:31:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3861", + "PkgName": "libssh2", + "InstalledVersion": "1.4.3-12.0.1.el7_6.3", + "FixedVersion": "1.8.0-3.el7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3861", + "Title": "libssh2: Out-of-bounds reads with specially crafted SSH packets", + "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-3861.html", + "http://linux.oracle.com/errata/ELSA-2019-2136.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3861", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3861", + "https://github.com/libssh2/libssh2/pull/316", + "https://libssh2.org/CVE-2019-3861.html", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", + "https://seclists.org/bugtraq/2019/Apr/25", + "https://security.netapp.com/advisory/ntap-20190327-0005/", + "https://www.debian.org/security/2019/dsa-4431", + "https://www.libssh2.org/CVE-2019-3861.html" + ], + "PublishedDate": "2019-03-25T19:29:00Z", + "LastModifiedDate": "2019-04-15T12:31:00Z" + }, + { + "VulnerabilityID": "CVE-2018-0495", + "PkgName": "nspr", + "InstalledVersion": "4.19.0-1.el7_5", + "FixedVersion": "4.21.0-1.el7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", + "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", + "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-0495.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://www.securitytracker.com/id/1041144", + "http://www.securitytracker.com/id/1041147", + "https://access.redhat.com/errata/RHSA-2018:3221", + "https://access.redhat.com/errata/RHSA-2018:3505", + "https://access.redhat.com/errata/RHSA-2019:1296", + "https://access.redhat.com/errata/RHSA-2019:1297", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", + "https://dev.gnupg.org/T4011", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", + "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", + "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", + "https://usn.ubuntu.com/3689-1/", + "https://usn.ubuntu.com/3689-2/", + "https://usn.ubuntu.com/3692-1/", + "https://usn.ubuntu.com/3692-2/", + "https://usn.ubuntu.com/3850-1/", + "https://usn.ubuntu.com/3850-2/", + "https://usn.ubuntu.com/usn/usn-3689-1", + "https://usn.ubuntu.com/usn/usn-3689-2", + "https://usn.ubuntu.com/usn/usn-3692-1", + "https://usn.ubuntu.com/usn/usn-3692-2", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2", + "https://www.debian.org/security/2018/dsa-4231", + "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-06-13T23:29:00Z", + "LastModifiedDate": "2019-05-30T18:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12404", + "PkgName": "nspr", + "InstalledVersion": "4.19.0-1.el7_5", + "FixedVersion": "4.21.0-1.el7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", + "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", + "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://cat.eyalro.net/", + "http://linux.oracle.com/cve/CVE-2018-12404.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", + "http://www.securityfocus.com/bid/107260", + "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2" + ], + "PublishedDate": "2019-05-02T17:29:00Z", + "LastModifiedDate": "2019-07-20T12:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11729", + "PkgName": "nss", + "InstalledVersion": "3.36.0-7.1.el7_6", + "FixedVersion": "3.44.0-7.el7_7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", + "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", + "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11729.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", + "https://access.redhat.com/errata/RHSA-2019:1951", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", + "https://usn.ubuntu.com/usn/usn-4054-1", + "https://usn.ubuntu.com/usn/usn-4060-1", + "https://usn.ubuntu.com/usn/usn-4060-2", + "https://usn.ubuntu.com/usn/usn-4064-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", + "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "https://www.mozilla.org/security/advisories/mfsa2019-22/", + "https://www.mozilla.org/security/advisories/mfsa2019-23/" + ], + "PublishedDate": "2019-07-23T14:15:00Z", + "LastModifiedDate": "2019-07-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-0495", + "PkgName": "nss", + "InstalledVersion": "3.36.0-7.1.el7_6", + "FixedVersion": "3.44.0-4.el7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", + "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", + "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-0495.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://www.securitytracker.com/id/1041144", + "http://www.securitytracker.com/id/1041147", + "https://access.redhat.com/errata/RHSA-2018:3221", + "https://access.redhat.com/errata/RHSA-2018:3505", + "https://access.redhat.com/errata/RHSA-2019:1296", + "https://access.redhat.com/errata/RHSA-2019:1297", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", + "https://dev.gnupg.org/T4011", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", + "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", + "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", + "https://usn.ubuntu.com/3689-1/", + "https://usn.ubuntu.com/3689-2/", + "https://usn.ubuntu.com/3692-1/", + "https://usn.ubuntu.com/3692-2/", + "https://usn.ubuntu.com/3850-1/", + "https://usn.ubuntu.com/3850-2/", + "https://usn.ubuntu.com/usn/usn-3689-1", + "https://usn.ubuntu.com/usn/usn-3689-2", + "https://usn.ubuntu.com/usn/usn-3692-1", + "https://usn.ubuntu.com/usn/usn-3692-2", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2", + "https://www.debian.org/security/2018/dsa-4231", + "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-06-13T23:29:00Z", + "LastModifiedDate": "2019-05-30T18:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12404", + "PkgName": "nss", + "InstalledVersion": "3.36.0-7.1.el7_6", + "FixedVersion": "3.44.0-4.el7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", + "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", + "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://cat.eyalro.net/", + "http://linux.oracle.com/cve/CVE-2018-12404.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", + "http://www.securityfocus.com/bid/107260", + "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2" + ], + "PublishedDate": "2019-05-02T17:29:00Z", + "LastModifiedDate": "2019-07-20T12:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11745", + "PkgName": "nss", + "InstalledVersion": "3.36.0-7.1.el7_6", + "FixedVersion": "3.44.0-7.el7_7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", + "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", + "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11745.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", + "https://usn.ubuntu.com/4241-1/", + "https://usn.ubuntu.com/usn/usn-4203-1", + "https://usn.ubuntu.com/usn/usn-4203-2", + "https://usn.ubuntu.com/usn/usn-4216-1", + "https://usn.ubuntu.com/usn/usn-4216-2", + "https://usn.ubuntu.com/usn/usn-4241-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", + "https://www.mozilla.org/security/advisories/mfsa2019-36/", + "https://www.mozilla.org/security/advisories/mfsa2019-37/", + "https://www.mozilla.org/security/advisories/mfsa2019-38/" + ], + "PublishedDate": "2020-01-08T20:15:00Z", + "LastModifiedDate": "2020-01-16T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11729", + "PkgName": "nss-softokn", + "InstalledVersion": "3.36.0-5.0.1.el7_5", + "FixedVersion": "3.44.0-8.0.1.el7_7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", + "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", + "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11729.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", + "https://access.redhat.com/errata/RHSA-2019:1951", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", + "https://usn.ubuntu.com/usn/usn-4054-1", + "https://usn.ubuntu.com/usn/usn-4060-1", + "https://usn.ubuntu.com/usn/usn-4060-2", + "https://usn.ubuntu.com/usn/usn-4064-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", + "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "https://www.mozilla.org/security/advisories/mfsa2019-22/", + "https://www.mozilla.org/security/advisories/mfsa2019-23/" + ], + "PublishedDate": "2019-07-23T14:15:00Z", + "LastModifiedDate": "2019-07-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-0495", + "PkgName": "nss-softokn", + "InstalledVersion": "3.36.0-5.0.1.el7_5", + "FixedVersion": "3.44.0-5.0.1.el7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", + "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", + "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-0495.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://www.securitytracker.com/id/1041144", + "http://www.securitytracker.com/id/1041147", + "https://access.redhat.com/errata/RHSA-2018:3221", + "https://access.redhat.com/errata/RHSA-2018:3505", + "https://access.redhat.com/errata/RHSA-2019:1296", + "https://access.redhat.com/errata/RHSA-2019:1297", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", + "https://dev.gnupg.org/T4011", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", + "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", + "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", + "https://usn.ubuntu.com/3689-1/", + "https://usn.ubuntu.com/3689-2/", + "https://usn.ubuntu.com/3692-1/", + "https://usn.ubuntu.com/3692-2/", + "https://usn.ubuntu.com/3850-1/", + "https://usn.ubuntu.com/3850-2/", + "https://usn.ubuntu.com/usn/usn-3689-1", + "https://usn.ubuntu.com/usn/usn-3689-2", + "https://usn.ubuntu.com/usn/usn-3692-1", + "https://usn.ubuntu.com/usn/usn-3692-2", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2", + "https://www.debian.org/security/2018/dsa-4231", + "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-06-13T23:29:00Z", + "LastModifiedDate": "2019-05-30T18:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12404", + "PkgName": "nss-softokn", + "InstalledVersion": "3.36.0-5.0.1.el7_5", + "FixedVersion": "3.44.0-5.0.1.el7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", + "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", + "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://cat.eyalro.net/", + "http://linux.oracle.com/cve/CVE-2018-12404.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", + "http://www.securityfocus.com/bid/107260", + "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2" + ], + "PublishedDate": "2019-05-02T17:29:00Z", + "LastModifiedDate": "2019-07-20T12:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11745", + "PkgName": "nss-softokn", + "InstalledVersion": "3.36.0-5.0.1.el7_5", + "FixedVersion": "3.44.0-8.0.1.el7_7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", + "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", + "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11745.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", + "https://usn.ubuntu.com/4241-1/", + "https://usn.ubuntu.com/usn/usn-4203-1", + "https://usn.ubuntu.com/usn/usn-4203-2", + "https://usn.ubuntu.com/usn/usn-4216-1", + "https://usn.ubuntu.com/usn/usn-4216-2", + "https://usn.ubuntu.com/usn/usn-4241-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", + "https://www.mozilla.org/security/advisories/mfsa2019-36/", + "https://www.mozilla.org/security/advisories/mfsa2019-37/", + "https://www.mozilla.org/security/advisories/mfsa2019-38/" + ], + "PublishedDate": "2020-01-08T20:15:00Z", + "LastModifiedDate": "2020-01-16T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11729", + "PkgName": "nss-softokn-freebl", + "InstalledVersion": "3.36.0-5.0.1.el7_5", + "FixedVersion": "3.44.0-8.0.1.el7_7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", + "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", + "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11729.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", + "https://access.redhat.com/errata/RHSA-2019:1951", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", + "https://usn.ubuntu.com/usn/usn-4054-1", + "https://usn.ubuntu.com/usn/usn-4060-1", + "https://usn.ubuntu.com/usn/usn-4060-2", + "https://usn.ubuntu.com/usn/usn-4064-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", + "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "https://www.mozilla.org/security/advisories/mfsa2019-22/", + "https://www.mozilla.org/security/advisories/mfsa2019-23/" + ], + "PublishedDate": "2019-07-23T14:15:00Z", + "LastModifiedDate": "2019-07-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-0495", + "PkgName": "nss-softokn-freebl", + "InstalledVersion": "3.36.0-5.0.1.el7_5", + "FixedVersion": "3.44.0-5.0.1.el7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", + "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", + "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-0495.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://www.securitytracker.com/id/1041144", + "http://www.securitytracker.com/id/1041147", + "https://access.redhat.com/errata/RHSA-2018:3221", + "https://access.redhat.com/errata/RHSA-2018:3505", + "https://access.redhat.com/errata/RHSA-2019:1296", + "https://access.redhat.com/errata/RHSA-2019:1297", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", + "https://dev.gnupg.org/T4011", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", + "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", + "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", + "https://usn.ubuntu.com/3689-1/", + "https://usn.ubuntu.com/3689-2/", + "https://usn.ubuntu.com/3692-1/", + "https://usn.ubuntu.com/3692-2/", + "https://usn.ubuntu.com/3850-1/", + "https://usn.ubuntu.com/3850-2/", + "https://usn.ubuntu.com/usn/usn-3689-1", + "https://usn.ubuntu.com/usn/usn-3689-2", + "https://usn.ubuntu.com/usn/usn-3692-1", + "https://usn.ubuntu.com/usn/usn-3692-2", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2", + "https://www.debian.org/security/2018/dsa-4231", + "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-06-13T23:29:00Z", + "LastModifiedDate": "2019-05-30T18:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12404", + "PkgName": "nss-softokn-freebl", + "InstalledVersion": "3.36.0-5.0.1.el7_5", + "FixedVersion": "3.44.0-5.0.1.el7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", + "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", + "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://cat.eyalro.net/", + "http://linux.oracle.com/cve/CVE-2018-12404.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", + "http://www.securityfocus.com/bid/107260", + "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2" + ], + "PublishedDate": "2019-05-02T17:29:00Z", + "LastModifiedDate": "2019-07-20T12:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11745", + "PkgName": "nss-softokn-freebl", + "InstalledVersion": "3.36.0-5.0.1.el7_5", + "FixedVersion": "3.44.0-8.0.1.el7_7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", + "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", + "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11745.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", + "https://usn.ubuntu.com/4241-1/", + "https://usn.ubuntu.com/usn/usn-4203-1", + "https://usn.ubuntu.com/usn/usn-4203-2", + "https://usn.ubuntu.com/usn/usn-4216-1", + "https://usn.ubuntu.com/usn/usn-4216-2", + "https://usn.ubuntu.com/usn/usn-4241-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", + "https://www.mozilla.org/security/advisories/mfsa2019-36/", + "https://www.mozilla.org/security/advisories/mfsa2019-37/", + "https://www.mozilla.org/security/advisories/mfsa2019-38/" + ], + "PublishedDate": "2020-01-08T20:15:00Z", + "LastModifiedDate": "2020-01-16T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11729", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.36.0-7.1.el7_6", + "FixedVersion": "3.44.0-7.el7_7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", + "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", + "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11729.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", + "https://access.redhat.com/errata/RHSA-2019:1951", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", + "https://usn.ubuntu.com/usn/usn-4054-1", + "https://usn.ubuntu.com/usn/usn-4060-1", + "https://usn.ubuntu.com/usn/usn-4060-2", + "https://usn.ubuntu.com/usn/usn-4064-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", + "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "https://www.mozilla.org/security/advisories/mfsa2019-22/", + "https://www.mozilla.org/security/advisories/mfsa2019-23/" + ], + "PublishedDate": "2019-07-23T14:15:00Z", + "LastModifiedDate": "2019-07-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-0495", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.36.0-7.1.el7_6", + "FixedVersion": "3.44.0-4.el7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", + "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", + "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-0495.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://www.securitytracker.com/id/1041144", + "http://www.securitytracker.com/id/1041147", + "https://access.redhat.com/errata/RHSA-2018:3221", + "https://access.redhat.com/errata/RHSA-2018:3505", + "https://access.redhat.com/errata/RHSA-2019:1296", + "https://access.redhat.com/errata/RHSA-2019:1297", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", + "https://dev.gnupg.org/T4011", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", + "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", + "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", + "https://usn.ubuntu.com/3689-1/", + "https://usn.ubuntu.com/3689-2/", + "https://usn.ubuntu.com/3692-1/", + "https://usn.ubuntu.com/3692-2/", + "https://usn.ubuntu.com/3850-1/", + "https://usn.ubuntu.com/3850-2/", + "https://usn.ubuntu.com/usn/usn-3689-1", + "https://usn.ubuntu.com/usn/usn-3689-2", + "https://usn.ubuntu.com/usn/usn-3692-1", + "https://usn.ubuntu.com/usn/usn-3692-2", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2", + "https://www.debian.org/security/2018/dsa-4231", + "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-06-13T23:29:00Z", + "LastModifiedDate": "2019-05-30T18:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12404", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.36.0-7.1.el7_6", + "FixedVersion": "3.44.0-4.el7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", + "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", + "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://cat.eyalro.net/", + "http://linux.oracle.com/cve/CVE-2018-12404.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", + "http://www.securityfocus.com/bid/107260", + "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2" + ], + "PublishedDate": "2019-05-02T17:29:00Z", + "LastModifiedDate": "2019-07-20T12:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11745", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.36.0-7.1.el7_6", + "FixedVersion": "3.44.0-7.el7_7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", + "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", + "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11745.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", + "https://usn.ubuntu.com/4241-1/", + "https://usn.ubuntu.com/usn/usn-4203-1", + "https://usn.ubuntu.com/usn/usn-4203-2", + "https://usn.ubuntu.com/usn/usn-4216-1", + "https://usn.ubuntu.com/usn/usn-4216-2", + "https://usn.ubuntu.com/usn/usn-4241-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", + "https://www.mozilla.org/security/advisories/mfsa2019-36/", + "https://www.mozilla.org/security/advisories/mfsa2019-37/", + "https://www.mozilla.org/security/advisories/mfsa2019-38/" + ], + "PublishedDate": "2020-01-08T20:15:00Z", + "LastModifiedDate": "2020-01-16T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11729", + "PkgName": "nss-tools", + "InstalledVersion": "3.36.0-7.1.el7_6", + "FixedVersion": "3.44.0-7.el7_7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", + "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", + "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11729.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", + "https://access.redhat.com/errata/RHSA-2019:1951", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", + "https://usn.ubuntu.com/usn/usn-4054-1", + "https://usn.ubuntu.com/usn/usn-4060-1", + "https://usn.ubuntu.com/usn/usn-4060-2", + "https://usn.ubuntu.com/usn/usn-4064-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", + "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "https://www.mozilla.org/security/advisories/mfsa2019-22/", + "https://www.mozilla.org/security/advisories/mfsa2019-23/" + ], + "PublishedDate": "2019-07-23T14:15:00Z", + "LastModifiedDate": "2019-07-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-0495", + "PkgName": "nss-tools", + "InstalledVersion": "3.36.0-7.1.el7_6", + "FixedVersion": "3.44.0-4.el7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", + "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", + "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-0495.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://www.securitytracker.com/id/1041144", + "http://www.securitytracker.com/id/1041147", + "https://access.redhat.com/errata/RHSA-2018:3221", + "https://access.redhat.com/errata/RHSA-2018:3505", + "https://access.redhat.com/errata/RHSA-2019:1296", + "https://access.redhat.com/errata/RHSA-2019:1297", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", + "https://dev.gnupg.org/T4011", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", + "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", + "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", + "https://usn.ubuntu.com/3689-1/", + "https://usn.ubuntu.com/3689-2/", + "https://usn.ubuntu.com/3692-1/", + "https://usn.ubuntu.com/3692-2/", + "https://usn.ubuntu.com/3850-1/", + "https://usn.ubuntu.com/3850-2/", + "https://usn.ubuntu.com/usn/usn-3689-1", + "https://usn.ubuntu.com/usn/usn-3689-2", + "https://usn.ubuntu.com/usn/usn-3692-1", + "https://usn.ubuntu.com/usn/usn-3692-2", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2", + "https://www.debian.org/security/2018/dsa-4231", + "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-06-13T23:29:00Z", + "LastModifiedDate": "2019-05-30T18:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12404", + "PkgName": "nss-tools", + "InstalledVersion": "3.36.0-7.1.el7_6", + "FixedVersion": "3.44.0-4.el7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", + "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", + "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://cat.eyalro.net/", + "http://linux.oracle.com/cve/CVE-2018-12404.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", + "http://www.securityfocus.com/bid/107260", + "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2" + ], + "PublishedDate": "2019-05-02T17:29:00Z", + "LastModifiedDate": "2019-07-20T12:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11745", + "PkgName": "nss-tools", + "InstalledVersion": "3.36.0-7.1.el7_6", + "FixedVersion": "3.44.0-7.el7_7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", + "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", + "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11745.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", + "https://usn.ubuntu.com/4241-1/", + "https://usn.ubuntu.com/usn/usn-4203-1", + "https://usn.ubuntu.com/usn/usn-4203-2", + "https://usn.ubuntu.com/usn/usn-4216-1", + "https://usn.ubuntu.com/usn/usn-4216-2", + "https://usn.ubuntu.com/usn/usn-4241-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", + "https://www.mozilla.org/security/advisories/mfsa2019-36/", + "https://www.mozilla.org/security/advisories/mfsa2019-37/", + "https://www.mozilla.org/security/advisories/mfsa2019-38/" + ], + "PublishedDate": "2020-01-08T20:15:00Z", + "LastModifiedDate": "2020-01-16T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11729", + "PkgName": "nss-util", + "InstalledVersion": "3.36.0-1.1.el7_6", + "FixedVersion": "3.44.0-4.el7_7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", + "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", + "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11729.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", + "https://access.redhat.com/errata/RHSA-2019:1951", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", + "https://usn.ubuntu.com/usn/usn-4054-1", + "https://usn.ubuntu.com/usn/usn-4060-1", + "https://usn.ubuntu.com/usn/usn-4060-2", + "https://usn.ubuntu.com/usn/usn-4064-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", + "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "https://www.mozilla.org/security/advisories/mfsa2019-22/", + "https://www.mozilla.org/security/advisories/mfsa2019-23/" + ], + "PublishedDate": "2019-07-23T14:15:00Z", + "LastModifiedDate": "2019-07-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-0495", + "PkgName": "nss-util", + "InstalledVersion": "3.36.0-1.1.el7_6", + "FixedVersion": "3.44.0-3.el7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", + "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", + "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-0495.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://www.securitytracker.com/id/1041144", + "http://www.securitytracker.com/id/1041147", + "https://access.redhat.com/errata/RHSA-2018:3221", + "https://access.redhat.com/errata/RHSA-2018:3505", + "https://access.redhat.com/errata/RHSA-2019:1296", + "https://access.redhat.com/errata/RHSA-2019:1297", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", + "https://dev.gnupg.org/T4011", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", + "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", + "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", + "https://usn.ubuntu.com/3689-1/", + "https://usn.ubuntu.com/3689-2/", + "https://usn.ubuntu.com/3692-1/", + "https://usn.ubuntu.com/3692-2/", + "https://usn.ubuntu.com/3850-1/", + "https://usn.ubuntu.com/3850-2/", + "https://usn.ubuntu.com/usn/usn-3689-1", + "https://usn.ubuntu.com/usn/usn-3689-2", + "https://usn.ubuntu.com/usn/usn-3692-1", + "https://usn.ubuntu.com/usn/usn-3692-2", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2", + "https://www.debian.org/security/2018/dsa-4231", + "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-06-13T23:29:00Z", + "LastModifiedDate": "2019-05-30T18:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12404", + "PkgName": "nss-util", + "InstalledVersion": "3.36.0-1.1.el7_6", + "FixedVersion": "3.44.0-3.el7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", + "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", + "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://cat.eyalro.net/", + "http://linux.oracle.com/cve/CVE-2018-12404.html", + "http://linux.oracle.com/errata/ELSA-2019-2237.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", + "http://www.securityfocus.com/bid/107260", + "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", + "https://usn.ubuntu.com/usn/usn-3850-1", + "https://usn.ubuntu.com/usn/usn-3850-2" + ], + "PublishedDate": "2019-05-02T17:29:00Z", + "LastModifiedDate": "2019-07-20T12:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11745", + "PkgName": "nss-util", + "InstalledVersion": "3.36.0-1.1.el7_6", + "FixedVersion": "3.44.0-4.el7_7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", + "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", + "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11745.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", + "https://usn.ubuntu.com/4241-1/", + "https://usn.ubuntu.com/usn/usn-4203-1", + "https://usn.ubuntu.com/usn/usn-4203-2", + "https://usn.ubuntu.com/usn/usn-4216-1", + "https://usn.ubuntu.com/usn/usn-4216-2", + "https://usn.ubuntu.com/usn/usn-4241-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", + "https://www.mozilla.org/security/advisories/mfsa2019-36/", + "https://www.mozilla.org/security/advisories/mfsa2019-37/", + "https://www.mozilla.org/security/advisories/mfsa2019-38/" + ], + "PublishedDate": "2020-01-08T20:15:00Z", + "LastModifiedDate": "2020-01-16T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-0734", + "PkgName": "openssl-libs", + "InstalledVersion": "1:1.0.2k-16.0.1.el7_6.1", + "FixedVersion": "1:1.0.2k-19.0.1.el7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0734", + "Title": "openssl: timing side channel attack in the DSA signature algorithm", + "Description": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-320" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-0734.html", + "http://linux.oracle.com/errata/ELSA-2019-3700.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html", + "http://www.securityfocus.com/bid/105758", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7", + "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", + "https://security.netapp.com/advisory/ntap-20181105-0002/", + "https://security.netapp.com/advisory/ntap-20190118-0002/", + "https://security.netapp.com/advisory/ntap-20190423-0002/", + "https://usn.ubuntu.com/3840-1/", + "https://usn.ubuntu.com/usn/usn-3840-1", + "https://www.debian.org/security/2018/dsa-4348", + "https://www.debian.org/security/2018/dsa-4355", + "https://www.openssl.org/news/secadv/20181030.txt", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "https://www.tenable.com/security/tns-2018-16", + "https://www.tenable.com/security/tns-2018-17" + ], + "PublishedDate": "2018-10-30T12:29:00Z", + "LastModifiedDate": "2019-06-11T22:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1559", + "PkgName": "openssl-libs", + "InstalledVersion": "1:1.0.2k-16.0.1.el7_6.1", + "FixedVersion": "1:1.0.2k-19.0.1.el7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1559", + "Title": "openssl: 0-byte record padding oracle", + "Description": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 6.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-1559.html", + "http://linux.oracle.com/errata/ELSA-2019-2471.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html", + "http://www.securityfocus.com/bid/107174", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e", + "https://github.com/RUB-NDS/TLS-Padding-Oracles", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html", + "https://security.gentoo.org/glsa/201903-10", + "https://security.netapp.com/advisory/ntap-20190301-0001/", + "https://security.netapp.com/advisory/ntap-20190301-0002/", + "https://security.netapp.com/advisory/ntap-20190423-0002/", + "https://support.f5.com/csp/article/K18549143", + "https://usn.ubuntu.com/3899-1/", + "https://usn.ubuntu.com/usn/usn-3899-1", + "https://www.debian.org/security/2019/dsa-4400", + "https://www.openssl.org/news/secadv/20190226.txt", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "https://www.tenable.com/security/tns-2019-02", + "https://www.tenable.com/security/tns-2019-03" + ], + "PublishedDate": "2019-02-27T23:29:00Z", + "LastModifiedDate": "2019-05-22T00:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9948", + "PkgName": "python", + "InstalledVersion": "2.7.5-80.0.1.el7_6", + "FixedVersion": "2.7.5-86.0.1.el7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9948", + "Title": "python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms", + "Description": "urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-254" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9948.html", + "http://linux.oracle.com/errata/ELSA-2019-3520.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", + "http://www.securityfocus.com/bid/107549", + "https://bugs.python.org/issue35907", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948", + "https://github.com/python/cpython/pull/11842", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", + "https://security.netapp.com/advisory/ntap-20190404-0004/", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-03-23T18:29:00Z", + "LastModifiedDate": "2019-06-19T02:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-14647", + "PkgName": "python", + "InstalledVersion": "2.7.5-80.0.1.el7_6", + "FixedVersion": "2.7.5-86.0.1.el7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14647", + "Title": "python: Missing salt initialization in _elementtree.c module", + "Description": "Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. Python 3.8, 3.7, 3.6, 3.5, 3.4, 2.7 are believed to be vulnerable.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-909" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-14647.html", + "http://linux.oracle.com/errata/ELSA-2019-2030.html", + "http://www.securityfocus.com/bid/105396", + "http://www.securitytracker.com/id/1041740", + "https://access.redhat.com/errata/RHSA-2019:1260", + "https://access.redhat.com/errata/RHSA-2019:2030", + "https://bugs.python.org/issue34623", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14647", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14647", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBJCB2HWOJLP3L7CUQHJHNBHLSVOXJE5/", + "https://usn.ubuntu.com/3817-1/", + "https://usn.ubuntu.com/3817-2/", + "https://usn.ubuntu.com/usn/usn-3817-1", + "https://usn.ubuntu.com/usn/usn-3817-2", + "https://www.debian.org/security/2018/dsa-4306", + "https://www.debian.org/security/2018/dsa-4307" + ], + "PublishedDate": "2018-09-25T00:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20852", + "PkgName": "python", + "InstalledVersion": "2.7.5-80.0.1.el7_6", + "FixedVersion": "2.7.5-86.0.3.el7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20852", + "Title": "python: Cookie domain check returns incorrect results", + "Description": "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-20852.html", + "http://linux.oracle.com/errata/ELSA-2019-4884.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00071.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00074.html", + "https://bugs.python.org/issue35121", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20852", + "https://lists.debian.org/debian-lts-announce/2019/08/msg00022.html", + "https://python-security.readthedocs.io/vuln/cookie-domain-check.html", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-07-13T21:15:00Z", + "LastModifiedDate": "2019-08-17T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5010", + "PkgName": "python", + "InstalledVersion": "2.7.5-80.0.1.el7_6", + "FixedVersion": "2.7.5-86.0.1.el7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5010", + "Title": "python: NULL pointer dereference using a specially crafted X509 certificate", + "Description": "An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-5010.html", + "http://linux.oracle.com/errata/ELSA-2019-3520.html", + "https://access.redhat.com/errata/RHSA-2019:3520", + "https://access.redhat.com/errata/RHSA-2019:3725", + "https://blog.talosintelligence.com/2019/01/vulnerability-spotlight-pythonorg.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010", + "https://github.com/python/cpython/pull/11569", + "https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0758", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-10-31T21:15:00Z", + "LastModifiedDate": "2019-11-06T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9740", + "PkgName": "python", + "InstalledVersion": "2.7.5-80.0.1.el7_6", + "FixedVersion": "2.7.5-86.0.1.el7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9740", + "Title": "python: CRLF injection via the query part of the url passed to urlopen()", + "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-93" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V2Score": 4.3, + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9740.html", + "http://linux.oracle.com/errata/ELSA-2019-3520.html", + "http://www.securityfocus.com/bid/107466", + "https://access.redhat.com/errata/RHSA-2019:1260", + "https://bugs.python.org/issue36276", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", + "https://python-security.readthedocs.io/vuln/http-header-injection2.html", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-03-13T03:29:00Z", + "LastModifiedDate": "2019-05-28T18:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9947", + "PkgName": "python", + "InstalledVersion": "2.7.5-80.0.1.el7_6", + "FixedVersion": "2.7.5-86.0.1.el7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9947", + "Title": "python: CRLF injection via the path part of the url passed to urlopen()", + "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-93" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V2Score": 4.3, + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9947.html", + "http://linux.oracle.com/errata/ELSA-2019-3520.html", + "https://access.redhat.com/errata/RHSA-2019:1260", + "https://bugs.python.org/issue35906", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9947", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", + "https://python-security.readthedocs.io/vuln/http-header-injection2.html", + "https://security.netapp.com/advisory/ntap-20190404-0004/", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-03-23T18:29:00Z", + "LastModifiedDate": "2019-05-28T19:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9948", + "PkgName": "python-libs", + "InstalledVersion": "2.7.5-80.0.1.el7_6", + "FixedVersion": "2.7.5-86.0.1.el7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9948", + "Title": "python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms", + "Description": "urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-254" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9948.html", + "http://linux.oracle.com/errata/ELSA-2019-3520.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", + "http://www.securityfocus.com/bid/107549", + "https://bugs.python.org/issue35907", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948", + "https://github.com/python/cpython/pull/11842", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", + "https://security.netapp.com/advisory/ntap-20190404-0004/", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-03-23T18:29:00Z", + "LastModifiedDate": "2019-06-19T02:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-14647", + "PkgName": "python-libs", + "InstalledVersion": "2.7.5-80.0.1.el7_6", + "FixedVersion": "2.7.5-86.0.1.el7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14647", + "Title": "python: Missing salt initialization in _elementtree.c module", + "Description": "Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. Python 3.8, 3.7, 3.6, 3.5, 3.4, 2.7 are believed to be vulnerable.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-909" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-14647.html", + "http://linux.oracle.com/errata/ELSA-2019-2030.html", + "http://www.securityfocus.com/bid/105396", + "http://www.securitytracker.com/id/1041740", + "https://access.redhat.com/errata/RHSA-2019:1260", + "https://access.redhat.com/errata/RHSA-2019:2030", + "https://bugs.python.org/issue34623", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14647", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14647", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBJCB2HWOJLP3L7CUQHJHNBHLSVOXJE5/", + "https://usn.ubuntu.com/3817-1/", + "https://usn.ubuntu.com/3817-2/", + "https://usn.ubuntu.com/usn/usn-3817-1", + "https://usn.ubuntu.com/usn/usn-3817-2", + "https://www.debian.org/security/2018/dsa-4306", + "https://www.debian.org/security/2018/dsa-4307" + ], + "PublishedDate": "2018-09-25T00:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20852", + "PkgName": "python-libs", + "InstalledVersion": "2.7.5-80.0.1.el7_6", + "FixedVersion": "2.7.5-86.0.3.el7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20852", + "Title": "python: Cookie domain check returns incorrect results", + "Description": "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-20852.html", + "http://linux.oracle.com/errata/ELSA-2019-4884.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00071.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00074.html", + "https://bugs.python.org/issue35121", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20852", + "https://lists.debian.org/debian-lts-announce/2019/08/msg00022.html", + "https://python-security.readthedocs.io/vuln/cookie-domain-check.html", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-07-13T21:15:00Z", + "LastModifiedDate": "2019-08-17T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5010", + "PkgName": "python-libs", + "InstalledVersion": "2.7.5-80.0.1.el7_6", + "FixedVersion": "2.7.5-86.0.1.el7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5010", + "Title": "python: NULL pointer dereference using a specially crafted X509 certificate", + "Description": "An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-5010.html", + "http://linux.oracle.com/errata/ELSA-2019-3520.html", + "https://access.redhat.com/errata/RHSA-2019:3520", + "https://access.redhat.com/errata/RHSA-2019:3725", + "https://blog.talosintelligence.com/2019/01/vulnerability-spotlight-pythonorg.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010", + "https://github.com/python/cpython/pull/11569", + "https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0758", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-10-31T21:15:00Z", + "LastModifiedDate": "2019-11-06T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9740", + "PkgName": "python-libs", + "InstalledVersion": "2.7.5-80.0.1.el7_6", + "FixedVersion": "2.7.5-86.0.1.el7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9740", + "Title": "python: CRLF injection via the query part of the url passed to urlopen()", + "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-93" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V2Score": 4.3, + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9740.html", + "http://linux.oracle.com/errata/ELSA-2019-3520.html", + "http://www.securityfocus.com/bid/107466", + "https://access.redhat.com/errata/RHSA-2019:1260", + "https://bugs.python.org/issue36276", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", + "https://python-security.readthedocs.io/vuln/http-header-injection2.html", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-03-13T03:29:00Z", + "LastModifiedDate": "2019-05-28T18:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9947", + "PkgName": "python-libs", + "InstalledVersion": "2.7.5-80.0.1.el7_6", + "FixedVersion": "2.7.5-86.0.1.el7", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9947", + "Title": "python: CRLF injection via the path part of the url passed to urlopen()", + "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-93" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V2Score": 4.3, + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-9947.html", + "http://linux.oracle.com/errata/ELSA-2019-3520.html", + "https://access.redhat.com/errata/RHSA-2019:1260", + "https://bugs.python.org/issue35906", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9947", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", + "https://python-security.readthedocs.io/vuln/http-header-injection2.html", + "https://security.netapp.com/advisory/ntap-20190404-0004/", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-03-23T18:29:00Z", + "LastModifiedDate": "2019-05-28T19:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-13734", + "PkgName": "sqlite", + "InstalledVersion": "3.7.17-8.el7", + "FixedVersion": "3.7.17-8.el7_7.1", + "Layer": { + "DiffID": "sha256:4fee40bcfecff11f540de853f7f0dc71efbab8c14ea599452b617e215562e3e2" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13734", + "Title": "sqlite: fts3: improve shadow table corruption detection", + "Description": "Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-13734.html", + "http://linux.oracle.com/errata/ELSA-2020-0273.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html", + "https://access.redhat.com/errata/RHSA-2019:4238", + "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", + "https://crbug.com/1025466", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13734", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/" + ], + "PublishedDate": "2019-12-10T22:15:00Z", + "LastModifiedDate": "2019-12-16T12:15:00Z" + } + ] + } + ] +} \ No newline at end of file diff --git a/integration/testdata/oraclelinux-8-slim.json.golden b/integration/testdata/oraclelinux-8-slim.json.golden index c6347b755a..0cc1963bd6 100644 --- a/integration/testdata/oraclelinux-8-slim.json.golden +++ b/integration/testdata/oraclelinux-8-slim.json.golden @@ -1,1726 +1,1784 @@ -[ - { - "Target": "testdata/fixtures/images/oraclelinux-8-slim.tar.gz (oracle 8.0)", - "Class": "os-pkgs", - "Type": "oracle", - "Vulnerabilities": [ - { - "VulnerabilityID": "CVE-2019-3822", - "PkgName": "curl", - "InstalledVersion": "7.61.1-8.el8", - "FixedVersion": "7.61.1-11.el8", - "Layer": { - "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3822", - "Title": "curl: NTLMv2 type-3 header stack buffer overflow", - "Description": "libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3822.html", - "http://linux.oracle.com/errata/ELSA-2019-3701.html", - "http://www.securityfocus.com/bid/106950", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3822", - "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf", - "https://curl.haxx.se/docs/CVE-2019-3822.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3822", - "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E", - "https://security.gentoo.org/glsa/201903-03", - "https://security.netapp.com/advisory/ntap-20190315-0001/", - "https://security.netapp.com/advisory/ntap-20190719-0004/", - "https://usn.ubuntu.com/3882-1/", - "https://usn.ubuntu.com/usn/usn-3882-1", - "https://www.debian.org/security/2019/dsa-4386", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" - ], - "PublishedDate": "2019-02-06T20:29:00Z", - "LastModifiedDate": "2019-07-19T09:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16890", - "PkgName": "curl", - "InstalledVersion": "7.61.1-8.el8", - "FixedVersion": "7.61.1-11.el8", - "Layer": { - "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16890", - "Title": "curl: NTLM type-2 heap out-of-bounds buffer read", - "Description": "libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16890.html", - "http://linux.oracle.com/errata/ELSA-2019-3701.html", - "http://www.securityfocus.com/bid/106947", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890", - "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf", - "https://curl.haxx.se/docs/CVE-2018-16890.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16890", - "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E", - "https://security.netapp.com/advisory/ntap-20190315-0001/", - "https://usn.ubuntu.com/3882-1/", - "https://usn.ubuntu.com/usn/usn-3882-1", - "https://www.debian.org/security/2019/dsa-4386", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" - ], - "PublishedDate": "2019-02-06T20:29:00Z", - "LastModifiedDate": "2019-07-23T23:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20483", - "PkgName": "curl", - "InstalledVersion": "7.61.1-8.el8", - "FixedVersion": "7.61.1-11.el8", - "Layer": { - "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20483", - "Title": "wget: Information exposure in set_file_metadata function in xattr.c", - "Description": "set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 2.1, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V3Score": 5.5 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/wget.git/tree/NEWS", - "http://linux.oracle.com/cve/CVE-2018-20483.html", - "http://linux.oracle.com/errata/ELSA-2019-3701.html", - "http://www.securityfocus.com/bid/106358", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20483", - "https://security.gentoo.org/glsa/201903-08", - "https://security.netapp.com/advisory/ntap-20190321-0002/", - "https://twitter.com/marcan42/status/1077676739877232640", - "https://usn.ubuntu.com/3943-1/", - "https://usn.ubuntu.com/usn/usn-3943-1" - ], - "PublishedDate": "2018-12-26T18:29:00Z", - "LastModifiedDate": "2019-04-09T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3823", - "PkgName": "curl", - "InstalledVersion": "7.61.1-8.el8", - "FixedVersion": "7.61.1-11.el8", - "Layer": { - "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3823", - "Title": "curl: SMTP end-of-response out-of-bounds read", - "Description": "libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3823.html", - "http://linux.oracle.com/errata/ELSA-2019-3701.html", - "http://www.securityfocus.com/bid/106950", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3823", - "https://curl.haxx.se/docs/CVE-2019-3823.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3823", - "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E", - "https://security.gentoo.org/glsa/201903-03", - "https://security.netapp.com/advisory/ntap-20190315-0001/", - "https://usn.ubuntu.com/3882-1/", - "https://usn.ubuntu.com/usn/usn-3882-1", - "https://www.debian.org/security/2019/dsa-4386", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" - ], - "PublishedDate": "2019-02-06T20:29:00Z", - "LastModifiedDate": "2019-07-23T23:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7146", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.174-6.el8", - "FixedVersion": "0.176-5.el8", - "Layer": { - "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7146", - "Title": "elfutils: buffer over-read in the ebl_object_note function in eblobjnote.c in libebl", - "Description": "In elfutils 0.175, there is a buffer over-read in the ebl_object_note function in eblobjnote.c in libebl. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted elf file, as demonstrated by eu-readelf.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7146.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://access.redhat.com/errata/RHSA-2019:3575", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7146", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24075", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24081" - ], - "PublishedDate": "2019-01-29T00:29:00Z", - "LastModifiedDate": "2019-11-06T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7149", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.174-6.el8", - "FixedVersion": "0.176-5.el8", - "Layer": { - "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7149", - "Title": "elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw", - "Description": "A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7149.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7149", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24102", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-01-29T00:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7150", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.174-6.el8", - "FixedVersion": "0.176-5.el8", - "Layer": { - "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7150", - "Title": "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c", - "Description": "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7150.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24103", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-01-29T00:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7664", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.174-6.el8", - "FixedVersion": "0.176-5.el8", - "Layer": { - "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7664", - "Title": "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h", - "Description": "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7664.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24084" - ], - "PublishedDate": "2019-02-09T16:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7665", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.174-6.el8", - "FixedVersion": "0.176-5.el8", - "Layer": { - "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7665", - "Title": "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c", - "Description": "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7665.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24089", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-02-09T16:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-12450", - "PkgName": "glib2", - "InstalledVersion": "2.56.4-1.el8", - "FixedVersion": "2.56.4-7.el8", - "Layer": { - "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12450", - "Title": "glib2: file_copy_fallback in gio/gfile.c in GNOME GLib does not properly restrict file permissions while a copy operation is in progress", - "Description": "file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-275" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", - "V3Score": 6.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-12450.html", - "http://linux.oracle.com/errata/ELSA-2019-3530.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12450", - "https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00013.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2W4WIOAGO3M743M5KZLVQZM3NGHQDYLI/", - "https://security.netapp.com/advisory/ntap-20190606-0003/", - "https://usn.ubuntu.com/4014-1/", - "https://usn.ubuntu.com/4014-2/", - "https://usn.ubuntu.com/usn/usn-4014-1", - "https://usn.ubuntu.com/usn/usn-4014-2" - ], - "PublishedDate": "2019-05-29T17:29:00Z", - "LastModifiedDate": "2019-06-11T14:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10739", - "PkgName": "glibc", - "InstalledVersion": "2.28-42.0.1.el8_0.1", - "FixedVersion": "2.28-72.0.1.el8", - "Layer": { - "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10739", - "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4.6, - "V3Score": 5.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-10739.html", - "http://linux.oracle.com/errata/ELSA-2019-3513.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html", - "http://www.securityfocus.com/bid/106672", - "https://access.redhat.com/errata/RHSA-2019:2118", - "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20018" - ], - "PublishedDate": "2019-01-21T19:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10739", - "PkgName": "glibc-common", - "InstalledVersion": "2.28-42.0.1.el8_0.1", - "FixedVersion": "2.28-72.0.1.el8", - "Layer": { - "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10739", - "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4.6, - "V3Score": 5.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-10739.html", - "http://linux.oracle.com/errata/ELSA-2019-3513.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html", - "http://www.securityfocus.com/bid/106672", - "https://access.redhat.com/errata/RHSA-2019:2118", - "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20018" - ], - "PublishedDate": "2019-01-21T19:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10739", - "PkgName": "glibc-minimal-langpack", - "InstalledVersion": "2.28-42.0.1.el8_0.1", - "FixedVersion": "2.28-72.0.1.el8", - "Layer": { - "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10739", - "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4.6, - "V3Score": 5.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-10739.html", - "http://linux.oracle.com/errata/ELSA-2019-3513.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html", - "http://www.securityfocus.com/bid/106672", - "https://access.redhat.com/errata/RHSA-2019:2118", - "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20018" - ], - "PublishedDate": "2019-01-21T19:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3829", - "PkgName": "gnutls", - "InstalledVersion": "3.6.5-2.el8", - "FixedVersion": "3.6.8-8.el8", - "Layer": { - "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3829", - "Title": "gnutls: use-after-free/double-free in certificate verification", - "Description": "A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-415", - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3829.html", - "http://linux.oracle.com/errata/ELSA-2019-3600.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3829", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3829", - "https://gitlab.com/gnutls/gnutls/issues/694", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A3ETBUFBB4G7AITAOUYPGXVMBGVXKUAN/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7TJIBRJWGWSH6XIO2MXIQ3W6ES4R6I4/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WRSOL66LHP4SD3Y2ECJDOGT4K663ECDU/", - "https://lists.gnupg.org/pipermail/gnutls-help/2019-March/004497.html", - "https://security.gentoo.org/glsa/201904-14", - "https://usn.ubuntu.com/3999-1/", - "https://usn.ubuntu.com/usn/usn-3999-1", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27" - ], - "PublishedDate": "2019-03-27T18:29:00Z", - "LastModifiedDate": "2019-05-30T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3836", - "PkgName": "gnutls", - "InstalledVersion": "3.6.5-2.el8", - "FixedVersion": "3.6.8-8.el8", - "Layer": { - "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3836", - "Title": "gnutls: invalid pointer access upon receiving async handshake messages", - "Description": "It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-824" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 5.9 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3836.html", - "http://linux.oracle.com/errata/ELSA-2019-3600.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3836", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3836", - "https://gitlab.com/gnutls/gnutls/issues/704", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A3ETBUFBB4G7AITAOUYPGXVMBGVXKUAN/", - "https://lists.gnupg.org/pipermail/gnutls-help/2019-March/004497.html", - "https://security.gentoo.org/glsa/201904-14", - "https://security.netapp.com/advisory/ntap-20190502-0005/", - "https://usn.ubuntu.com/3999-1/", - "https://usn.ubuntu.com/usn/usn-3999-1", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27" - ], - "PublishedDate": "2019-04-01T15:29:00Z", - "LastModifiedDate": "2019-05-30T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14503", - "PkgName": "libarchive", - "InstalledVersion": "3.3.2-3.el8", - "FixedVersion": "3.3.2-7.el8", - "Layer": { - "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14503", - "Title": "libarchive: Out-of-bounds read in lha_read_data_none", - "Description": "libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2017-14503.html", - "http://linux.oracle.com/errata/ELSA-2019-3698.html", - "https://bugs.debian.org/875960", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14503", - "https://github.com/libarchive/libarchive/issues/948", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00037.html", - "https://usn.ubuntu.com/3736-1/", - "https://usn.ubuntu.com/usn/usn-3736-1", - "https://www.debian.org/security/2018/dsa-4360" - ], - "PublishedDate": "2017-09-17T18:29:00Z", - "LastModifiedDate": "2018-12-28T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1000877", - "PkgName": "libarchive", - "InstalledVersion": "3.3.2-3.el8", - "FixedVersion": "3.3.2-7.el8", - "Layer": { - "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000877", - "Title": "libarchive: Double free in RAR decoder resulting in a denial of service", - "Description": "libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar-\u003elzss.window, new_size) with new_size = 0 that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted RAR archive.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-1000877.html", - "http://linux.oracle.com/errata/ELSA-2019-3698.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html", - "http://www.securityfocus.com/bid/106324", - "https://access.redhat.com/errata/RHSA-2019:2298", - "https://access.redhat.com/errata/RHSA-2019:3698", - "https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000877", - "https://github.com/libarchive/libarchive/pull/1105", - "https://github.com/libarchive/libarchive/pull/1105/commits/021efa522ad729ff0f5806c4ce53e4a6cc1daa31", - "https://lists.debian.org/debian-lts-announce/2018/12/msg00011.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBOCC2M6YGPZA6US43YK4INPSJZZHRTG/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W645KCLWFDBDGFJHG57WOVXGE62QSIJI/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVXA7PHINVT6DFF6PRLTDTVTXKDLVHNF/", - "https://usn.ubuntu.com/3859-1/", - "https://usn.ubuntu.com/usn/usn-3859-1", - "https://www.debian.org/security/2018/dsa-4360" - ], - "PublishedDate": "2018-12-20T17:29:00Z", - "LastModifiedDate": "2019-11-06T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1000878", - "PkgName": "libarchive", - "InstalledVersion": "3.3.2-3.el8", - "FixedVersion": "3.3.2-7.el8", - "Layer": { - "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000878", - "Title": "libarchive: Use after free in RAR decoder resulting in a denial of service", - "Description": "libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a specially crafted RAR archive.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-1000878.html", - "http://linux.oracle.com/errata/ELSA-2019-3698.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html", - "http://www.securityfocus.com/bid/106324", - "https://access.redhat.com/errata/RHSA-2019:2298", - "https://access.redhat.com/errata/RHSA-2019:3698", - "https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000878", - "https://github.com/libarchive/libarchive/pull/1105", - "https://github.com/libarchive/libarchive/pull/1105/commits/bfcfe6f04ed20db2504db8a254d1f40a1d84eb28", - "https://lists.debian.org/debian-lts-announce/2018/12/msg00011.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBOCC2M6YGPZA6US43YK4INPSJZZHRTG/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W645KCLWFDBDGFJHG57WOVXGE62QSIJI/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVXA7PHINVT6DFF6PRLTDTVTXKDLVHNF/", - "https://usn.ubuntu.com/3859-1/", - "https://usn.ubuntu.com/usn/usn-3859-1", - "https://www.debian.org/security/2018/dsa-4360" - ], - "PublishedDate": "2018-12-20T17:29:00Z", - "LastModifiedDate": "2019-11-06T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1000019", - "PkgName": "libarchive", - "InstalledVersion": "3.3.2-3.el8", - "FixedVersion": "3.3.2-7.el8", - "Layer": { - "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1000019", - "Title": "libarchive: Out of bounds read in archive_read_support_format_7zip.c resulting in a denial of service", - "Description": "libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-1000019.html", - "http://linux.oracle.com/errata/ELSA-2019-3698.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html", - "https://access.redhat.com/errata/RHSA-2019:2298", - "https://access.redhat.com/errata/RHSA-2019:3698", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1000019", - "https://github.com/libarchive/libarchive/pull/1120", - "https://github.com/libarchive/libarchive/pull/1120/commits/65a23f5dbee4497064e9bb467f81138a62b0dae1", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00013.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBOCC2M6YGPZA6US43YK4INPSJZZHRTG/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVXA7PHINVT6DFF6PRLTDTVTXKDLVHNF/", - "https://usn.ubuntu.com/3884-1/", - "https://usn.ubuntu.com/usn/usn-3884-1" - ], - "PublishedDate": "2019-02-04T21:29:00Z", - "LastModifiedDate": "2019-11-06T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1000020", - "PkgName": "libarchive", - "InstalledVersion": "3.3.2-3.el8", - "FixedVersion": "3.3.2-7.el8", - "Layer": { - "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1000020", - "Title": "libarchive: Infinite recursion in archive_read_support_format_iso9660.c resulting in denial of service", - "Description": "libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-400" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-1000020.html", - "http://linux.oracle.com/errata/ELSA-2019-3698.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html", - "https://access.redhat.com/errata/RHSA-2019:2298", - "https://access.redhat.com/errata/RHSA-2019:3698", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1000020", - "https://github.com/libarchive/libarchive/pull/1120", - "https://github.com/libarchive/libarchive/pull/1120/commits/8312eaa576014cd9b965012af51bc1f967b12423", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00013.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBOCC2M6YGPZA6US43YK4INPSJZZHRTG/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVXA7PHINVT6DFF6PRLTDTVTXKDLVHNF/", - "https://usn.ubuntu.com/3884-1/", - "https://usn.ubuntu.com/usn/usn-3884-1" - ], - "PublishedDate": "2019-02-04T21:29:00Z", - "LastModifiedDate": "2019-11-06T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-18408", - "PkgName": "libarchive", - "InstalledVersion": "3.3.2-3.el8", - "FixedVersion": "3.3.2-8.el8_1", - "Layer": { - "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18408", - "Title": "libarchive: use-after-free in archive_read_format_rar_read_data when there is an error in the decompression of an archive entry", - "Description": "archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-18408.html", - "http://linux.oracle.com/errata/ELSA-2020-0271.html", - "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14689", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18408", - "https://github.com/libarchive/libarchive/commit/b8592ecba2f9e451e1f5cb7ab6dcee8b8e7b3f60", - "https://github.com/libarchive/libarchive/compare/v3.3.3...v3.4.0", - "https://lists.debian.org/debian-lts-announce/2019/10/msg00034.html", - "https://seclists.org/bugtraq/2019/Nov/2", - "https://usn.ubuntu.com/4169-1/", - "https://usn.ubuntu.com/usn/usn-4169-1", - "https://www.debian.org/security/2019/dsa-4557" - ], - "PublishedDate": "2019-10-24T14:15:00Z", - "LastModifiedDate": "2019-11-01T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3822", - "PkgName": "libcurl", - "InstalledVersion": "7.61.1-8.el8", - "FixedVersion": "7.61.1-11.el8", - "Layer": { - "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3822", - "Title": "curl: NTLMv2 type-3 header stack buffer overflow", - "Description": "libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3822.html", - "http://linux.oracle.com/errata/ELSA-2019-3701.html", - "http://www.securityfocus.com/bid/106950", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3822", - "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf", - "https://curl.haxx.se/docs/CVE-2019-3822.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3822", - "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E", - "https://security.gentoo.org/glsa/201903-03", - "https://security.netapp.com/advisory/ntap-20190315-0001/", - "https://security.netapp.com/advisory/ntap-20190719-0004/", - "https://usn.ubuntu.com/3882-1/", - "https://usn.ubuntu.com/usn/usn-3882-1", - "https://www.debian.org/security/2019/dsa-4386", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" - ], - "PublishedDate": "2019-02-06T20:29:00Z", - "LastModifiedDate": "2019-07-19T09:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16890", - "PkgName": "libcurl", - "InstalledVersion": "7.61.1-8.el8", - "FixedVersion": "7.61.1-11.el8", - "Layer": { - "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16890", - "Title": "curl: NTLM type-2 heap out-of-bounds buffer read", - "Description": "libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16890.html", - "http://linux.oracle.com/errata/ELSA-2019-3701.html", - "http://www.securityfocus.com/bid/106947", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890", - "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf", - "https://curl.haxx.se/docs/CVE-2018-16890.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16890", - "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E", - "https://security.netapp.com/advisory/ntap-20190315-0001/", - "https://usn.ubuntu.com/3882-1/", - "https://usn.ubuntu.com/usn/usn-3882-1", - "https://www.debian.org/security/2019/dsa-4386", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" - ], - "PublishedDate": "2019-02-06T20:29:00Z", - "LastModifiedDate": "2019-07-23T23:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20483", - "PkgName": "libcurl", - "InstalledVersion": "7.61.1-8.el8", - "FixedVersion": "7.61.1-11.el8", - "Layer": { - "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20483", - "Title": "wget: Information exposure in set_file_metadata function in xattr.c", - "Description": "set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 2.1, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V3Score": 5.5 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/wget.git/tree/NEWS", - "http://linux.oracle.com/cve/CVE-2018-20483.html", - "http://linux.oracle.com/errata/ELSA-2019-3701.html", - "http://www.securityfocus.com/bid/106358", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20483", - "https://security.gentoo.org/glsa/201903-08", - "https://security.netapp.com/advisory/ntap-20190321-0002/", - "https://twitter.com/marcan42/status/1077676739877232640", - "https://usn.ubuntu.com/3943-1/", - "https://usn.ubuntu.com/usn/usn-3943-1" - ], - "PublishedDate": "2018-12-26T18:29:00Z", - "LastModifiedDate": "2019-04-09T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3823", - "PkgName": "libcurl", - "InstalledVersion": "7.61.1-8.el8", - "FixedVersion": "7.61.1-11.el8", - "Layer": { - "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3823", - "Title": "curl: SMTP end-of-response out-of-bounds read", - "Description": "libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3823.html", - "http://linux.oracle.com/errata/ELSA-2019-3701.html", - "http://www.securityfocus.com/bid/106950", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3823", - "https://curl.haxx.se/docs/CVE-2019-3823.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3823", - "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E", - "https://security.gentoo.org/glsa/201903-03", - "https://security.netapp.com/advisory/ntap-20190315-0001/", - "https://usn.ubuntu.com/3882-1/", - "https://usn.ubuntu.com/usn/usn-3882-1", - "https://www.debian.org/security/2019/dsa-4386", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" - ], - "PublishedDate": "2019-02-06T20:29:00Z", - "LastModifiedDate": "2019-07-23T23:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3817", - "PkgName": "libdnf", - "InstalledVersion": "0.22.5-5.0.2.el8", - "FixedVersion": "0.35.1-8.0.1.el8", - "Layer": { - "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3817", - "Title": "libcomps: use after free when merging two objmrtrees", - "Description": "A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious code.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3817.html", - "http://linux.oracle.com/errata/ELSA-2019-3583.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3817", - "https://github.com/rpm-software-management/libcomps/commit/e3a5d056633677959ad924a51758876d415e7046", - "https://github.com/rpm-software-management/libcomps/issues/41" - ], - "PublishedDate": "2019-03-27T13:29:00Z", - "LastModifiedDate": "2019-10-09T23:49:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20534", - "PkgName": "libdnf", - "InstalledVersion": "0.22.5-5.0.2.el8", - "FixedVersion": "0.35.1-8.0.1.el8", - "Layer": { - "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20534", - "Title": "libsolv: illegal address access in pool_whatprovides in src/pool.h", - "Description": "** DISPUTED ** There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real-world application.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-20534.html", - "http://linux.oracle.com/errata/ELSA-2019-3583.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00057.html", - "https://access.redhat.com/errata/RHSA-2019:2290", - "https://bugzilla.redhat.com/show_bug.cgi?id=1652604", - "https://bugzilla.suse.com/show_bug.cgi?id=1120631", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20534", - "https://github.com/openSUSE/libsolv/pull/291", - "https://usn.ubuntu.com/3916-1/", - "https://usn.ubuntu.com/usn/usn-3916-1" - ], - "PublishedDate": "2018-12-28T16:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3817", - "PkgName": "librepo", - "InstalledVersion": "1.9.2-1.el8", - "FixedVersion": "1.10.3-3.el8", - "Layer": { - "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3817", - "Title": "libcomps: use after free when merging two objmrtrees", - "Description": "A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious code.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3817.html", - "http://linux.oracle.com/errata/ELSA-2019-3583.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3817", - "https://github.com/rpm-software-management/libcomps/commit/e3a5d056633677959ad924a51758876d415e7046", - "https://github.com/rpm-software-management/libcomps/issues/41" - ], - "PublishedDate": "2019-03-27T13:29:00Z", - "LastModifiedDate": "2019-10-09T23:49:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20534", - "PkgName": "librepo", - "InstalledVersion": "1.9.2-1.el8", - "FixedVersion": "1.10.3-3.el8", - "Layer": { - "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20534", - "Title": "libsolv: illegal address access in pool_whatprovides in src/pool.h", - "Description": "** DISPUTED ** There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real-world application.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-20534.html", - "http://linux.oracle.com/errata/ELSA-2019-3583.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00057.html", - "https://access.redhat.com/errata/RHSA-2019:2290", - "https://bugzilla.redhat.com/show_bug.cgi?id=1652604", - "https://bugzilla.suse.com/show_bug.cgi?id=1120631", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20534", - "https://github.com/openSUSE/libsolv/pull/291", - "https://usn.ubuntu.com/3916-1/", - "https://usn.ubuntu.com/usn/usn-3916-1" - ], - "PublishedDate": "2018-12-28T16:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3817", - "PkgName": "libsolv", - "InstalledVersion": "0.6.35-6.el8", - "FixedVersion": "0.7.4-3.el8", - "Layer": { - "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3817", - "Title": "libcomps: use after free when merging two objmrtrees", - "Description": "A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious code.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3817.html", - "http://linux.oracle.com/errata/ELSA-2019-3583.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3817", - "https://github.com/rpm-software-management/libcomps/commit/e3a5d056633677959ad924a51758876d415e7046", - "https://github.com/rpm-software-management/libcomps/issues/41" - ], - "PublishedDate": "2019-03-27T13:29:00Z", - "LastModifiedDate": "2019-10-09T23:49:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20534", - "PkgName": "libsolv", - "InstalledVersion": "0.6.35-6.el8", - "FixedVersion": "0.7.4-3.el8", - "Layer": { - "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20534", - "Title": "libsolv: illegal address access in pool_whatprovides in src/pool.h", - "Description": "** DISPUTED ** There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real-world application.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-20534.html", - "http://linux.oracle.com/errata/ELSA-2019-3583.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00057.html", - "https://access.redhat.com/errata/RHSA-2019:2290", - "https://bugzilla.redhat.com/show_bug.cgi?id=1652604", - "https://bugzilla.suse.com/show_bug.cgi?id=1120631", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20534", - "https://github.com/openSUSE/libsolv/pull/291", - "https://usn.ubuntu.com/3916-1/", - "https://usn.ubuntu.com/usn/usn-3916-1" - ], - "PublishedDate": "2018-12-28T16:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-6706", - "PkgName": "lua-libs", - "InstalledVersion": "5.3.4-10.el8", - "FixedVersion": "5.3.4-11.el8", - "Layer": { - "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-6706", - "Title": "lua: use-after-free in lua_upvaluejoin in lapi.c resulting in denial of service", - "Description": "Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-6706.html", - "http://linux.oracle.com/errata/ELSA-2019-3706.html", - "http://lua.2524044.n2.nabble.com/Bug-Report-Use-after-free-in-debug-upvaluejoin-tc7685506.html", - "http://lua.2524044.n2.nabble.com/CVE-2019-6706-use-after-free-in-lua-upvaluejoin-function-tc7685575.html", - "https://access.redhat.com/errata/RHSA-2019:3706", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6706", - "https://usn.ubuntu.com/3941-1/", - "https://usn.ubuntu.com/usn/usn-3941-1", - "https://www.exploit-db.com/exploits/46246/" - ], - "PublishedDate": "2019-01-23T19:29:00Z", - "LastModifiedDate": "2019-11-06T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3817", - "PkgName": "microdnf", - "InstalledVersion": "3.0.1-1.el8", - "FixedVersion": "3.0.1-3.el8", - "Layer": { - "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3817", - "Title": "libcomps: use after free when merging two objmrtrees", - "Description": "A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious code.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3817.html", - "http://linux.oracle.com/errata/ELSA-2019-3583.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3817", - "https://github.com/rpm-software-management/libcomps/commit/e3a5d056633677959ad924a51758876d415e7046", - "https://github.com/rpm-software-management/libcomps/issues/41" - ], - "PublishedDate": "2019-03-27T13:29:00Z", - "LastModifiedDate": "2019-10-09T23:49:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20534", - "PkgName": "microdnf", - "InstalledVersion": "3.0.1-1.el8", - "FixedVersion": "3.0.1-3.el8", - "Layer": { - "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20534", - "Title": "libsolv: illegal address access in pool_whatprovides in src/pool.h", - "Description": "** DISPUTED ** There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real-world application.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-20534.html", - "http://linux.oracle.com/errata/ELSA-2019-3583.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00057.html", - "https://access.redhat.com/errata/RHSA-2019:2290", - "https://bugzilla.redhat.com/show_bug.cgi?id=1652604", - "https://bugzilla.suse.com/show_bug.cgi?id=1120631", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20534", - "https://github.com/openSUSE/libsolv/pull/291", - "https://usn.ubuntu.com/3916-1/", - "https://usn.ubuntu.com/usn/usn-3916-1" - ], - "PublishedDate": "2018-12-28T16:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1543", - "PkgName": "openssl-libs", - "InstalledVersion": "1:1.1.1-8.0.1.el8", - "FixedVersion": "1:1.1.1c-2.el8", - "Layer": { - "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1543", - "Title": "openssl: ChaCha20-Poly1305 with long nonces", - "Description": "ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12 bytes. However it also incorrectly allows a nonce to be set of up to 16 bytes. In this case only the last 12 bytes are significant and any additional leading bytes are ignored. It is a requirement of using this cipher that nonce values are unique. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks. If an application changes the default nonce length to be longer than 12 bytes and then makes a change to the leading bytes of the nonce expecting the new value to be a new unique nonce then such an application could inadvertently encrypt messages with a reused nonce. Additionally the ignored bytes in a long nonce are not covered by the integrity guarantee of this cipher. Any application that relies on the integrity of these ignored leading bytes of a long nonce may be further affected. Any OpenSSL internal use of this cipher, including in SSL/TLS, is safe because no such use sets such a long nonce value. However user applications that use this cipher directly and set a non-default nonce length to be longer than 12 bytes may be vulnerable. OpenSSL versions 1.1.1 and 1.1.0 are affected by this issue. Due to the limited scope of affected deployments this has been assessed as low severity and therefore we are not creating new releases at this time. Fixed in OpenSSL 1.1.1c (Affected 1.1.1-1.1.1b). Fixed in OpenSSL 1.1.0k (Affected 1.1.0-1.1.0j).", - "Severity": "HIGH", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", - "V2Score": 5.8, - "V3Score": 7.4 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V3Score": 2.9 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-1543.html", - "http://linux.oracle.com/errata/ELSA-2019-3700.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1543", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ee22257b1418438ebaf54df98af4e24f494d1809", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f426625b6ae9a7831010750490a5f0ad689c5ba3", - "https://www.openssl.org/news/secadv/20190306.txt" - ], - "PublishedDate": "2019-03-06T21:29:00Z", - "LastModifiedDate": "2019-06-03T20:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0734", - "PkgName": "openssl-libs", - "InstalledVersion": "1:1.1.1-8.0.1.el8", - "FixedVersion": "1:1.1.1c-2.el8", - "Layer": { - "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0734", - "Title": "openssl: timing side channel attack in the DSA signature algorithm", - "Description": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-320" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0734.html", - "http://linux.oracle.com/errata/ELSA-2019-3700.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html", - "http://www.securityfocus.com/bid/105758", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7", - "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", - "https://security.netapp.com/advisory/ntap-20181105-0002/", - "https://security.netapp.com/advisory/ntap-20190118-0002/", - "https://security.netapp.com/advisory/ntap-20190423-0002/", - "https://usn.ubuntu.com/3840-1/", - "https://usn.ubuntu.com/usn/usn-3840-1", - "https://www.debian.org/security/2018/dsa-4348", - "https://www.debian.org/security/2018/dsa-4355", - "https://www.openssl.org/news/secadv/20181030.txt", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "https://www.tenable.com/security/tns-2018-16", - "https://www.tenable.com/security/tns-2018-17" - ], - "PublishedDate": "2018-10-30T12:29:00Z", - "LastModifiedDate": "2019-06-11T22:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0735", - "PkgName": "openssl-libs", - "InstalledVersion": "1:1.1.1-8.0.1.el8", - "FixedVersion": "1:1.1.1c-2.el8", - "Layer": { - "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0735", - "Title": "openssl: timing side channel attack in the ECDSA signature generation", - "Description": "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-320" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0735.html", - "http://linux.oracle.com/errata/ELSA-2019-3700.html", - "http://www.securityfocus.com/bid/105750", - "http://www.securitytracker.com/id/1041986", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0735", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56fb454d281a023b3f950d969693553d3f3ceea1", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html", - "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", - "https://security.netapp.com/advisory/ntap-20181105-0002/", - "https://usn.ubuntu.com/3840-1/", - "https://usn.ubuntu.com/usn/usn-3840-1", - "https://www.debian.org/security/2018/dsa-4348", - "https://www.openssl.org/news/secadv/20181029.txt", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" - ], - "PublishedDate": "2018-10-29T13:29:00Z", - "LastModifiedDate": "2019-07-23T23:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13734", - "PkgName": "sqlite-libs", - "InstalledVersion": "3.26.0-3.el8", - "FixedVersion": "3.26.0-4.el8_1", - "Layer": { - "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13734", - "Title": "sqlite: fts3: improve shadow table corruption detection", - "Description": "Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 8.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-13734.html", - "http://linux.oracle.com/errata/ELSA-2020-0273.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html", - "https://access.redhat.com/errata/RHSA-2019:4238", - "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", - "https://crbug.com/1025466", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13734", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/" - ], - "PublishedDate": "2019-12-10T22:15:00Z", - "LastModifiedDate": "2019-12-16T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2020-1712", - "PkgName": "systemd-libs", - "InstalledVersion": "239-13.0.1.el8_0.5", - "FixedVersion": "239-18.0.2.el8_1.4", - "Layer": { - "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" - }, - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-1712", - "Title": "systemd: use-after-free when asynchronous polkit queries are performed", - "Description": "A heap use-after-free vulnerability was found in systemd, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.", - "Severity": "HIGH", - "CVSS": { - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2020-1712.html", - "http://linux.oracle.com/errata/ELSA-2020-0575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1712", - "https://usn.ubuntu.com/usn/usn-4269-1" +{ + "SchemaVersion": 2, + "ArtifactName": "testdata/fixtures/images/oraclelinux-8-slim.tar.gz", + "ArtifactType": "container_image", + "Metadata": { + "OS": { + "Family": "oracle", + "Name": "8.0" + }, + "ImageID": "sha256:73f821d86dfb84de2f3371288b1c28ff9f78913f7f61bf60eb652fafab548ea3", + "DiffIDs": [ + "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" + ], + "ImageConfig": { + "architecture": "amd64", + "author": "Oracle Linux Product Team \u003col-ovm-info_ww@oracle.com\u003e", + "container": "c00a901742ec3d7be814b0a90a11eb41c332c8ed5c9f49035af0e97c2a4b1114", + "created": "2019-10-15T21:23:40.950042801Z", + "docker_version": "18.06.1-ce", + "history": [ + { + "author": "Oracle Linux Product Team \u003col-ovm-info_ww@oracle.com\u003e", + "created": "2018-08-30T21:49:27.028879762Z", + "created_by": "/bin/sh -c #(nop) MAINTAINER Oracle Linux Product Team \u003col-ovm-info_ww@oracle.com\u003e", + "empty_layer": true + }, + { + "author": "Oracle Linux Product Team \u003col-ovm-info_ww@oracle.com\u003e", + "created": "2019-10-15T21:23:40.753460369Z", + "created_by": "/bin/sh -c #(nop) ADD file:4d6968487994b1c559af3fbb14644e32f15bf8c154b4db9209d05b434f691776 in / " + }, + { + "author": "Oracle Linux Product Team \u003col-ovm-info_ww@oracle.com\u003e", + "created": "2019-10-15T21:23:40.950042801Z", + "created_by": "/bin/sh -c #(nop) CMD [\"/bin/bash\"]", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" ] }, - { - "VulnerabilityID": "CVE-2019-15718", - "PkgName": "systemd-libs", - "InstalledVersion": "239-13.0.1.el8_0.5", - "FixedVersion": "239-18.0.1.el8", - "Layer": { - "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-15718", - "Title": "systemd: systemd-resolved allows unprivileged users to configure DNS", - "Description": "In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-284" + "config": { + "Cmd": [ + "/bin/bash" ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 2.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-15718.html", - "http://linux.oracle.com/errata/ELSA-2019-3592.html", - "http://www.openwall.com/lists/oss-security/2019/09/03/1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1746057", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15718", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRE5IS24XTF5WNZGH2L7GSQJKARBOEGL/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIKGKXZ5OEGOEYURHLJHEMFYNLEGAW5B/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2WNHRJW4XI6H5YMDG4BUFGPAXWUMUVG/", - "https://usn.ubuntu.com/usn/usn-4120-1" + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ], - "PublishedDate": "2019-09-04T12:15:00Z", - "LastModifiedDate": "2019-09-19T04:15:00Z" + "Image": "sha256:966f5e6fbcc4915f120935883ccc882ae0271e00917a2955cae3cca10fc899b9", + "ArgsEscaped": true } - ] - } -] \ No newline at end of file + } + }, + "Results": [ + { + "Target": "testdata/fixtures/images/oraclelinux-8-slim.tar.gz (oracle 8.0)", + "Class": "os-pkgs", + "Type": "oracle", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2019-3822", + "PkgName": "curl", + "InstalledVersion": "7.61.1-8.el8", + "FixedVersion": "7.61.1-11.el8", + "Layer": { + "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3822", + "Title": "curl: NTLMv2 type-3 header stack buffer overflow", + "Description": "libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-3822.html", + "http://linux.oracle.com/errata/ELSA-2019-3701.html", + "http://www.securityfocus.com/bid/106950", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3822", + "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf", + "https://curl.haxx.se/docs/CVE-2019-3822.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3822", + "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E", + "https://security.gentoo.org/glsa/201903-03", + "https://security.netapp.com/advisory/ntap-20190315-0001/", + "https://security.netapp.com/advisory/ntap-20190719-0004/", + "https://usn.ubuntu.com/3882-1/", + "https://usn.ubuntu.com/usn/usn-3882-1", + "https://www.debian.org/security/2019/dsa-4386", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + ], + "PublishedDate": "2019-02-06T20:29:00Z", + "LastModifiedDate": "2019-07-19T09:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16890", + "PkgName": "curl", + "InstalledVersion": "7.61.1-8.el8", + "FixedVersion": "7.61.1-11.el8", + "Layer": { + "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16890", + "Title": "curl: NTLM type-2 heap out-of-bounds buffer read", + "Description": "libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16890.html", + "http://linux.oracle.com/errata/ELSA-2019-3701.html", + "http://www.securityfocus.com/bid/106947", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890", + "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf", + "https://curl.haxx.se/docs/CVE-2018-16890.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16890", + "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E", + "https://security.netapp.com/advisory/ntap-20190315-0001/", + "https://usn.ubuntu.com/3882-1/", + "https://usn.ubuntu.com/usn/usn-3882-1", + "https://www.debian.org/security/2019/dsa-4386", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + ], + "PublishedDate": "2019-02-06T20:29:00Z", + "LastModifiedDate": "2019-07-23T23:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20483", + "PkgName": "curl", + "InstalledVersion": "7.61.1-8.el8", + "FixedVersion": "7.61.1-11.el8", + "Layer": { + "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20483", + "Title": "wget: Information exposure in set_file_metadata function in xattr.c", + "Description": "set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-255" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 2.1, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/wget.git/tree/NEWS", + "http://linux.oracle.com/cve/CVE-2018-20483.html", + "http://linux.oracle.com/errata/ELSA-2019-3701.html", + "http://www.securityfocus.com/bid/106358", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20483", + "https://security.gentoo.org/glsa/201903-08", + "https://security.netapp.com/advisory/ntap-20190321-0002/", + "https://twitter.com/marcan42/status/1077676739877232640", + "https://usn.ubuntu.com/3943-1/", + "https://usn.ubuntu.com/usn/usn-3943-1" + ], + "PublishedDate": "2018-12-26T18:29:00Z", + "LastModifiedDate": "2019-04-09T16:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3823", + "PkgName": "curl", + "InstalledVersion": "7.61.1-8.el8", + "FixedVersion": "7.61.1-11.el8", + "Layer": { + "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3823", + "Title": "curl: SMTP end-of-response out-of-bounds read", + "Description": "libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-3823.html", + "http://linux.oracle.com/errata/ELSA-2019-3701.html", + "http://www.securityfocus.com/bid/106950", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3823", + "https://curl.haxx.se/docs/CVE-2019-3823.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3823", + "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E", + "https://security.gentoo.org/glsa/201903-03", + "https://security.netapp.com/advisory/ntap-20190315-0001/", + "https://usn.ubuntu.com/3882-1/", + "https://usn.ubuntu.com/usn/usn-3882-1", + "https://www.debian.org/security/2019/dsa-4386", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + ], + "PublishedDate": "2019-02-06T20:29:00Z", + "LastModifiedDate": "2019-07-23T23:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7146", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.174-6.el8", + "FixedVersion": "0.176-5.el8", + "Layer": { + "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7146", + "Title": "elfutils: buffer over-read in the ebl_object_note function in eblobjnote.c in libebl", + "Description": "In elfutils 0.175, there is a buffer over-read in the ebl_object_note function in eblobjnote.c in libebl. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted elf file, as demonstrated by eu-readelf.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7146.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://access.redhat.com/errata/RHSA-2019:3575", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7146", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24075", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24081" + ], + "PublishedDate": "2019-01-29T00:29:00Z", + "LastModifiedDate": "2019-11-06T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7149", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.174-6.el8", + "FixedVersion": "0.176-5.el8", + "Layer": { + "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7149", + "Title": "elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw", + "Description": "A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7149.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7149", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24102", + "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2019-01-29T00:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7150", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.174-6.el8", + "FixedVersion": "0.176-5.el8", + "Layer": { + "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7150", + "Title": "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c", + "Description": "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7150.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24103", + "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2019-01-29T00:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7664", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.174-6.el8", + "FixedVersion": "0.176-5.el8", + "Layer": { + "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7664", + "Title": "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h", + "Description": "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7664.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://access.redhat.com/errata/RHSA-2019:2197", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24084" + ], + "PublishedDate": "2019-02-09T16:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7665", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.174-6.el8", + "FixedVersion": "0.176-5.el8", + "Layer": { + "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7665", + "Title": "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c", + "Description": "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-7665.html", + "http://linux.oracle.com/errata/ELSA-2019-3575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24089", + "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html", + "https://usn.ubuntu.com/4012-1/", + "https://usn.ubuntu.com/usn/usn-4012-1" + ], + "PublishedDate": "2019-02-09T16:29:00Z", + "LastModifiedDate": "2019-06-10T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-12450", + "PkgName": "glib2", + "InstalledVersion": "2.56.4-1.el8", + "FixedVersion": "2.56.4-7.el8", + "Layer": { + "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12450", + "Title": "glib2: file_copy_fallback in gio/gfile.c in GNOME GLib does not properly restrict file permissions while a copy operation is in progress", + "Description": "file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-275" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", + "V3Score": 6.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-12450.html", + "http://linux.oracle.com/errata/ELSA-2019-3530.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12450", + "https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00013.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2W4WIOAGO3M743M5KZLVQZM3NGHQDYLI/", + "https://security.netapp.com/advisory/ntap-20190606-0003/", + "https://usn.ubuntu.com/4014-1/", + "https://usn.ubuntu.com/4014-2/", + "https://usn.ubuntu.com/usn/usn-4014-1", + "https://usn.ubuntu.com/usn/usn-4014-2" + ], + "PublishedDate": "2019-05-29T17:29:00Z", + "LastModifiedDate": "2019-06-11T14:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10739", + "PkgName": "glibc", + "InstalledVersion": "2.28-42.0.1.el8_0.1", + "FixedVersion": "2.28-72.0.1.el8", + "Layer": { + "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10739", + "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 4.6, + "V3Score": 5.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-10739.html", + "http://linux.oracle.com/errata/ELSA-2019-3513.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html", + "http://www.securityfocus.com/bid/106672", + "https://access.redhat.com/errata/RHSA-2019:2118", + "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20018" + ], + "PublishedDate": "2019-01-21T19:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10739", + "PkgName": "glibc-common", + "InstalledVersion": "2.28-42.0.1.el8_0.1", + "FixedVersion": "2.28-72.0.1.el8", + "Layer": { + "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10739", + "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 4.6, + "V3Score": 5.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-10739.html", + "http://linux.oracle.com/errata/ELSA-2019-3513.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html", + "http://www.securityfocus.com/bid/106672", + "https://access.redhat.com/errata/RHSA-2019:2118", + "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20018" + ], + "PublishedDate": "2019-01-21T19:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10739", + "PkgName": "glibc-minimal-langpack", + "InstalledVersion": "2.28-42.0.1.el8_0.1", + "FixedVersion": "2.28-72.0.1.el8", + "Layer": { + "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10739", + "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 4.6, + "V3Score": 5.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-10739.html", + "http://linux.oracle.com/errata/ELSA-2019-3513.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html", + "http://www.securityfocus.com/bid/106672", + "https://access.redhat.com/errata/RHSA-2019:2118", + "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20018" + ], + "PublishedDate": "2019-01-21T19:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3829", + "PkgName": "gnutls", + "InstalledVersion": "3.6.5-2.el8", + "FixedVersion": "3.6.8-8.el8", + "Layer": { + "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3829", + "Title": "gnutls: use-after-free/double-free in certificate verification", + "Description": "A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-415", + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-3829.html", + "http://linux.oracle.com/errata/ELSA-2019-3600.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3829", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3829", + "https://gitlab.com/gnutls/gnutls/issues/694", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A3ETBUFBB4G7AITAOUYPGXVMBGVXKUAN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7TJIBRJWGWSH6XIO2MXIQ3W6ES4R6I4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WRSOL66LHP4SD3Y2ECJDOGT4K663ECDU/", + "https://lists.gnupg.org/pipermail/gnutls-help/2019-March/004497.html", + "https://security.gentoo.org/glsa/201904-14", + "https://usn.ubuntu.com/3999-1/", + "https://usn.ubuntu.com/usn/usn-3999-1", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27" + ], + "PublishedDate": "2019-03-27T18:29:00Z", + "LastModifiedDate": "2019-05-30T16:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3836", + "PkgName": "gnutls", + "InstalledVersion": "3.6.5-2.el8", + "FixedVersion": "3.6.8-8.el8", + "Layer": { + "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3836", + "Title": "gnutls: invalid pointer access upon receiving async handshake messages", + "Description": "It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-824" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-3836.html", + "http://linux.oracle.com/errata/ELSA-2019-3600.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3836", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3836", + "https://gitlab.com/gnutls/gnutls/issues/704", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A3ETBUFBB4G7AITAOUYPGXVMBGVXKUAN/", + "https://lists.gnupg.org/pipermail/gnutls-help/2019-March/004497.html", + "https://security.gentoo.org/glsa/201904-14", + "https://security.netapp.com/advisory/ntap-20190502-0005/", + "https://usn.ubuntu.com/3999-1/", + "https://usn.ubuntu.com/usn/usn-3999-1", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27" + ], + "PublishedDate": "2019-04-01T15:29:00Z", + "LastModifiedDate": "2019-05-30T16:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-14503", + "PkgName": "libarchive", + "InstalledVersion": "3.3.2-3.el8", + "FixedVersion": "3.3.2-7.el8", + "Layer": { + "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14503", + "Title": "libarchive: Out-of-bounds read in lha_read_data_none", + "Description": "libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2017-14503.html", + "http://linux.oracle.com/errata/ELSA-2019-3698.html", + "https://bugs.debian.org/875960", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14503", + "https://github.com/libarchive/libarchive/issues/948", + "https://lists.debian.org/debian-lts-announce/2018/11/msg00037.html", + "https://usn.ubuntu.com/3736-1/", + "https://usn.ubuntu.com/usn/usn-3736-1", + "https://www.debian.org/security/2018/dsa-4360" + ], + "PublishedDate": "2017-09-17T18:29:00Z", + "LastModifiedDate": "2018-12-28T16:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1000877", + "PkgName": "libarchive", + "InstalledVersion": "3.3.2-3.el8", + "FixedVersion": "3.3.2-7.el8", + "Layer": { + "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000877", + "Title": "libarchive: Double free in RAR decoder resulting in a denial of service", + "Description": "libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar-\u003elzss.window, new_size) with new_size = 0 that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted RAR archive.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-1000877.html", + "http://linux.oracle.com/errata/ELSA-2019-3698.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html", + "http://www.securityfocus.com/bid/106324", + "https://access.redhat.com/errata/RHSA-2019:2298", + "https://access.redhat.com/errata/RHSA-2019:3698", + "https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000877", + "https://github.com/libarchive/libarchive/pull/1105", + "https://github.com/libarchive/libarchive/pull/1105/commits/021efa522ad729ff0f5806c4ce53e4a6cc1daa31", + "https://lists.debian.org/debian-lts-announce/2018/12/msg00011.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBOCC2M6YGPZA6US43YK4INPSJZZHRTG/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W645KCLWFDBDGFJHG57WOVXGE62QSIJI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVXA7PHINVT6DFF6PRLTDTVTXKDLVHNF/", + "https://usn.ubuntu.com/3859-1/", + "https://usn.ubuntu.com/usn/usn-3859-1", + "https://www.debian.org/security/2018/dsa-4360" + ], + "PublishedDate": "2018-12-20T17:29:00Z", + "LastModifiedDate": "2019-11-06T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1000878", + "PkgName": "libarchive", + "InstalledVersion": "3.3.2-3.el8", + "FixedVersion": "3.3.2-7.el8", + "Layer": { + "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000878", + "Title": "libarchive: Use after free in RAR decoder resulting in a denial of service", + "Description": "libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a specially crafted RAR archive.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-1000878.html", + "http://linux.oracle.com/errata/ELSA-2019-3698.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html", + "http://www.securityfocus.com/bid/106324", + "https://access.redhat.com/errata/RHSA-2019:2298", + "https://access.redhat.com/errata/RHSA-2019:3698", + "https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000878", + "https://github.com/libarchive/libarchive/pull/1105", + "https://github.com/libarchive/libarchive/pull/1105/commits/bfcfe6f04ed20db2504db8a254d1f40a1d84eb28", + "https://lists.debian.org/debian-lts-announce/2018/12/msg00011.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBOCC2M6YGPZA6US43YK4INPSJZZHRTG/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W645KCLWFDBDGFJHG57WOVXGE62QSIJI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVXA7PHINVT6DFF6PRLTDTVTXKDLVHNF/", + "https://usn.ubuntu.com/3859-1/", + "https://usn.ubuntu.com/usn/usn-3859-1", + "https://www.debian.org/security/2018/dsa-4360" + ], + "PublishedDate": "2018-12-20T17:29:00Z", + "LastModifiedDate": "2019-11-06T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1000019", + "PkgName": "libarchive", + "InstalledVersion": "3.3.2-3.el8", + "FixedVersion": "3.3.2-7.el8", + "Layer": { + "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1000019", + "Title": "libarchive: Out of bounds read in archive_read_support_format_7zip.c resulting in a denial of service", + "Description": "libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-1000019.html", + "http://linux.oracle.com/errata/ELSA-2019-3698.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html", + "https://access.redhat.com/errata/RHSA-2019:2298", + "https://access.redhat.com/errata/RHSA-2019:3698", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1000019", + "https://github.com/libarchive/libarchive/pull/1120", + "https://github.com/libarchive/libarchive/pull/1120/commits/65a23f5dbee4497064e9bb467f81138a62b0dae1", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00013.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBOCC2M6YGPZA6US43YK4INPSJZZHRTG/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVXA7PHINVT6DFF6PRLTDTVTXKDLVHNF/", + "https://usn.ubuntu.com/3884-1/", + "https://usn.ubuntu.com/usn/usn-3884-1" + ], + "PublishedDate": "2019-02-04T21:29:00Z", + "LastModifiedDate": "2019-11-06T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1000020", + "PkgName": "libarchive", + "InstalledVersion": "3.3.2-3.el8", + "FixedVersion": "3.3.2-7.el8", + "Layer": { + "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1000020", + "Title": "libarchive: Infinite recursion in archive_read_support_format_iso9660.c resulting in denial of service", + "Description": "libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-400" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-1000020.html", + "http://linux.oracle.com/errata/ELSA-2019-3698.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html", + "https://access.redhat.com/errata/RHSA-2019:2298", + "https://access.redhat.com/errata/RHSA-2019:3698", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1000020", + "https://github.com/libarchive/libarchive/pull/1120", + "https://github.com/libarchive/libarchive/pull/1120/commits/8312eaa576014cd9b965012af51bc1f967b12423", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00013.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBOCC2M6YGPZA6US43YK4INPSJZZHRTG/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVXA7PHINVT6DFF6PRLTDTVTXKDLVHNF/", + "https://usn.ubuntu.com/3884-1/", + "https://usn.ubuntu.com/usn/usn-3884-1" + ], + "PublishedDate": "2019-02-04T21:29:00Z", + "LastModifiedDate": "2019-11-06T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-18408", + "PkgName": "libarchive", + "InstalledVersion": "3.3.2-3.el8", + "FixedVersion": "3.3.2-8.el8_1", + "Layer": { + "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18408", + "Title": "libarchive: use-after-free in archive_read_format_rar_read_data when there is an error in the decompression of an archive entry", + "Description": "archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-18408.html", + "http://linux.oracle.com/errata/ELSA-2020-0271.html", + "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18408", + "https://github.com/libarchive/libarchive/commit/b8592ecba2f9e451e1f5cb7ab6dcee8b8e7b3f60", + "https://github.com/libarchive/libarchive/compare/v3.3.3...v3.4.0", + "https://lists.debian.org/debian-lts-announce/2019/10/msg00034.html", + "https://seclists.org/bugtraq/2019/Nov/2", + "https://usn.ubuntu.com/4169-1/", + "https://usn.ubuntu.com/usn/usn-4169-1", + "https://www.debian.org/security/2019/dsa-4557" + ], + "PublishedDate": "2019-10-24T14:15:00Z", + "LastModifiedDate": "2019-11-01T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3822", + "PkgName": "libcurl", + "InstalledVersion": "7.61.1-8.el8", + "FixedVersion": "7.61.1-11.el8", + "Layer": { + "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3822", + "Title": "curl: NTLMv2 type-3 header stack buffer overflow", + "Description": "libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-3822.html", + "http://linux.oracle.com/errata/ELSA-2019-3701.html", + "http://www.securityfocus.com/bid/106950", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3822", + "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf", + "https://curl.haxx.se/docs/CVE-2019-3822.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3822", + "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E", + "https://security.gentoo.org/glsa/201903-03", + "https://security.netapp.com/advisory/ntap-20190315-0001/", + "https://security.netapp.com/advisory/ntap-20190719-0004/", + "https://usn.ubuntu.com/3882-1/", + "https://usn.ubuntu.com/usn/usn-3882-1", + "https://www.debian.org/security/2019/dsa-4386", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + ], + "PublishedDate": "2019-02-06T20:29:00Z", + "LastModifiedDate": "2019-07-19T09:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16890", + "PkgName": "libcurl", + "InstalledVersion": "7.61.1-8.el8", + "FixedVersion": "7.61.1-11.el8", + "Layer": { + "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16890", + "Title": "curl: NTLM type-2 heap out-of-bounds buffer read", + "Description": "libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16890.html", + "http://linux.oracle.com/errata/ELSA-2019-3701.html", + "http://www.securityfocus.com/bid/106947", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890", + "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf", + "https://curl.haxx.se/docs/CVE-2018-16890.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16890", + "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E", + "https://security.netapp.com/advisory/ntap-20190315-0001/", + "https://usn.ubuntu.com/3882-1/", + "https://usn.ubuntu.com/usn/usn-3882-1", + "https://www.debian.org/security/2019/dsa-4386", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + ], + "PublishedDate": "2019-02-06T20:29:00Z", + "LastModifiedDate": "2019-07-23T23:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20483", + "PkgName": "libcurl", + "InstalledVersion": "7.61.1-8.el8", + "FixedVersion": "7.61.1-11.el8", + "Layer": { + "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20483", + "Title": "wget: Information exposure in set_file_metadata function in xattr.c", + "Description": "set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-255" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 2.1, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/wget.git/tree/NEWS", + "http://linux.oracle.com/cve/CVE-2018-20483.html", + "http://linux.oracle.com/errata/ELSA-2019-3701.html", + "http://www.securityfocus.com/bid/106358", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20483", + "https://security.gentoo.org/glsa/201903-08", + "https://security.netapp.com/advisory/ntap-20190321-0002/", + "https://twitter.com/marcan42/status/1077676739877232640", + "https://usn.ubuntu.com/3943-1/", + "https://usn.ubuntu.com/usn/usn-3943-1" + ], + "PublishedDate": "2018-12-26T18:29:00Z", + "LastModifiedDate": "2019-04-09T16:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3823", + "PkgName": "libcurl", + "InstalledVersion": "7.61.1-8.el8", + "FixedVersion": "7.61.1-11.el8", + "Layer": { + "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3823", + "Title": "curl: SMTP end-of-response out-of-bounds read", + "Description": "libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-3823.html", + "http://linux.oracle.com/errata/ELSA-2019-3701.html", + "http://www.securityfocus.com/bid/106950", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3823", + "https://curl.haxx.se/docs/CVE-2019-3823.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3823", + "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E", + "https://security.gentoo.org/glsa/201903-03", + "https://security.netapp.com/advisory/ntap-20190315-0001/", + "https://usn.ubuntu.com/3882-1/", + "https://usn.ubuntu.com/usn/usn-3882-1", + "https://www.debian.org/security/2019/dsa-4386", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + ], + "PublishedDate": "2019-02-06T20:29:00Z", + "LastModifiedDate": "2019-07-23T23:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3817", + "PkgName": "libdnf", + "InstalledVersion": "0.22.5-5.0.2.el8", + "FixedVersion": "0.35.1-8.0.1.el8", + "Layer": { + "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3817", + "Title": "libcomps: use after free when merging two objmrtrees", + "Description": "A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious code.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-3817.html", + "http://linux.oracle.com/errata/ELSA-2019-3583.html", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3817", + "https://github.com/rpm-software-management/libcomps/commit/e3a5d056633677959ad924a51758876d415e7046", + "https://github.com/rpm-software-management/libcomps/issues/41" + ], + "PublishedDate": "2019-03-27T13:29:00Z", + "LastModifiedDate": "2019-10-09T23:49:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20534", + "PkgName": "libdnf", + "InstalledVersion": "0.22.5-5.0.2.el8", + "FixedVersion": "0.35.1-8.0.1.el8", + "Layer": { + "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20534", + "Title": "libsolv: illegal address access in pool_whatprovides in src/pool.h", + "Description": "** DISPUTED ** There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real-world application.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-20534.html", + "http://linux.oracle.com/errata/ELSA-2019-3583.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00057.html", + "https://access.redhat.com/errata/RHSA-2019:2290", + "https://bugzilla.redhat.com/show_bug.cgi?id=1652604", + "https://bugzilla.suse.com/show_bug.cgi?id=1120631", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20534", + "https://github.com/openSUSE/libsolv/pull/291", + "https://usn.ubuntu.com/3916-1/", + "https://usn.ubuntu.com/usn/usn-3916-1" + ], + "PublishedDate": "2018-12-28T16:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3817", + "PkgName": "librepo", + "InstalledVersion": "1.9.2-1.el8", + "FixedVersion": "1.10.3-3.el8", + "Layer": { + "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3817", + "Title": "libcomps: use after free when merging two objmrtrees", + "Description": "A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious code.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-3817.html", + "http://linux.oracle.com/errata/ELSA-2019-3583.html", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3817", + "https://github.com/rpm-software-management/libcomps/commit/e3a5d056633677959ad924a51758876d415e7046", + "https://github.com/rpm-software-management/libcomps/issues/41" + ], + "PublishedDate": "2019-03-27T13:29:00Z", + "LastModifiedDate": "2019-10-09T23:49:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20534", + "PkgName": "librepo", + "InstalledVersion": "1.9.2-1.el8", + "FixedVersion": "1.10.3-3.el8", + "Layer": { + "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20534", + "Title": "libsolv: illegal address access in pool_whatprovides in src/pool.h", + "Description": "** DISPUTED ** There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real-world application.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-20534.html", + "http://linux.oracle.com/errata/ELSA-2019-3583.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00057.html", + "https://access.redhat.com/errata/RHSA-2019:2290", + "https://bugzilla.redhat.com/show_bug.cgi?id=1652604", + "https://bugzilla.suse.com/show_bug.cgi?id=1120631", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20534", + "https://github.com/openSUSE/libsolv/pull/291", + "https://usn.ubuntu.com/3916-1/", + "https://usn.ubuntu.com/usn/usn-3916-1" + ], + "PublishedDate": "2018-12-28T16:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3817", + "PkgName": "libsolv", + "InstalledVersion": "0.6.35-6.el8", + "FixedVersion": "0.7.4-3.el8", + "Layer": { + "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3817", + "Title": "libcomps: use after free when merging two objmrtrees", + "Description": "A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious code.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-3817.html", + "http://linux.oracle.com/errata/ELSA-2019-3583.html", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3817", + "https://github.com/rpm-software-management/libcomps/commit/e3a5d056633677959ad924a51758876d415e7046", + "https://github.com/rpm-software-management/libcomps/issues/41" + ], + "PublishedDate": "2019-03-27T13:29:00Z", + "LastModifiedDate": "2019-10-09T23:49:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20534", + "PkgName": "libsolv", + "InstalledVersion": "0.6.35-6.el8", + "FixedVersion": "0.7.4-3.el8", + "Layer": { + "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20534", + "Title": "libsolv: illegal address access in pool_whatprovides in src/pool.h", + "Description": "** DISPUTED ** There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real-world application.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-20534.html", + "http://linux.oracle.com/errata/ELSA-2019-3583.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00057.html", + "https://access.redhat.com/errata/RHSA-2019:2290", + "https://bugzilla.redhat.com/show_bug.cgi?id=1652604", + "https://bugzilla.suse.com/show_bug.cgi?id=1120631", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20534", + "https://github.com/openSUSE/libsolv/pull/291", + "https://usn.ubuntu.com/3916-1/", + "https://usn.ubuntu.com/usn/usn-3916-1" + ], + "PublishedDate": "2018-12-28T16:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-6706", + "PkgName": "lua-libs", + "InstalledVersion": "5.3.4-10.el8", + "FixedVersion": "5.3.4-11.el8", + "Layer": { + "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-6706", + "Title": "lua: use-after-free in lua_upvaluejoin in lapi.c resulting in denial of service", + "Description": "Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-6706.html", + "http://linux.oracle.com/errata/ELSA-2019-3706.html", + "http://lua.2524044.n2.nabble.com/Bug-Report-Use-after-free-in-debug-upvaluejoin-tc7685506.html", + "http://lua.2524044.n2.nabble.com/CVE-2019-6706-use-after-free-in-lua-upvaluejoin-function-tc7685575.html", + "https://access.redhat.com/errata/RHSA-2019:3706", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6706", + "https://usn.ubuntu.com/3941-1/", + "https://usn.ubuntu.com/usn/usn-3941-1", + "https://www.exploit-db.com/exploits/46246/" + ], + "PublishedDate": "2019-01-23T19:29:00Z", + "LastModifiedDate": "2019-11-06T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3817", + "PkgName": "microdnf", + "InstalledVersion": "3.0.1-1.el8", + "FixedVersion": "3.0.1-3.el8", + "Layer": { + "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3817", + "Title": "libcomps: use after free when merging two objmrtrees", + "Description": "A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious code.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-3817.html", + "http://linux.oracle.com/errata/ELSA-2019-3583.html", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3817", + "https://github.com/rpm-software-management/libcomps/commit/e3a5d056633677959ad924a51758876d415e7046", + "https://github.com/rpm-software-management/libcomps/issues/41" + ], + "PublishedDate": "2019-03-27T13:29:00Z", + "LastModifiedDate": "2019-10-09T23:49:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20534", + "PkgName": "microdnf", + "InstalledVersion": "3.0.1-1.el8", + "FixedVersion": "3.0.1-3.el8", + "Layer": { + "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20534", + "Title": "libsolv: illegal address access in pool_whatprovides in src/pool.h", + "Description": "** DISPUTED ** There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real-world application.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-20534.html", + "http://linux.oracle.com/errata/ELSA-2019-3583.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00057.html", + "https://access.redhat.com/errata/RHSA-2019:2290", + "https://bugzilla.redhat.com/show_bug.cgi?id=1652604", + "https://bugzilla.suse.com/show_bug.cgi?id=1120631", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20534", + "https://github.com/openSUSE/libsolv/pull/291", + "https://usn.ubuntu.com/3916-1/", + "https://usn.ubuntu.com/usn/usn-3916-1" + ], + "PublishedDate": "2018-12-28T16:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1543", + "PkgName": "openssl-libs", + "InstalledVersion": "1:1.1.1-8.0.1.el8", + "FixedVersion": "1:1.1.1c-2.el8", + "Layer": { + "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1543", + "Title": "openssl: ChaCha20-Poly1305 with long nonces", + "Description": "ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12 bytes. However it also incorrectly allows a nonce to be set of up to 16 bytes. In this case only the last 12 bytes are significant and any additional leading bytes are ignored. It is a requirement of using this cipher that nonce values are unique. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks. If an application changes the default nonce length to be longer than 12 bytes and then makes a change to the leading bytes of the nonce expecting the new value to be a new unique nonce then such an application could inadvertently encrypt messages with a reused nonce. Additionally the ignored bytes in a long nonce are not covered by the integrity guarantee of this cipher. Any application that relies on the integrity of these ignored leading bytes of a long nonce may be further affected. Any OpenSSL internal use of this cipher, including in SSL/TLS, is safe because no such use sets such a long nonce value. However user applications that use this cipher directly and set a non-default nonce length to be longer than 12 bytes may be vulnerable. OpenSSL versions 1.1.1 and 1.1.0 are affected by this issue. Due to the limited scope of affected deployments this has been assessed as low severity and therefore we are not creating new releases at this time. Fixed in OpenSSL 1.1.1c (Affected 1.1.1-1.1.1b). Fixed in OpenSSL 1.1.0k (Affected 1.1.0-1.1.0j).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V2Score": 5.8, + "V3Score": 7.4 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 2.9 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-1543.html", + "http://linux.oracle.com/errata/ELSA-2019-3700.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1543", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ee22257b1418438ebaf54df98af4e24f494d1809", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f426625b6ae9a7831010750490a5f0ad689c5ba3", + "https://www.openssl.org/news/secadv/20190306.txt" + ], + "PublishedDate": "2019-03-06T21:29:00Z", + "LastModifiedDate": "2019-06-03T20:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-0734", + "PkgName": "openssl-libs", + "InstalledVersion": "1:1.1.1-8.0.1.el8", + "FixedVersion": "1:1.1.1c-2.el8", + "Layer": { + "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0734", + "Title": "openssl: timing side channel attack in the DSA signature algorithm", + "Description": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-320" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-0734.html", + "http://linux.oracle.com/errata/ELSA-2019-3700.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html", + "http://www.securityfocus.com/bid/105758", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7", + "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", + "https://security.netapp.com/advisory/ntap-20181105-0002/", + "https://security.netapp.com/advisory/ntap-20190118-0002/", + "https://security.netapp.com/advisory/ntap-20190423-0002/", + "https://usn.ubuntu.com/3840-1/", + "https://usn.ubuntu.com/usn/usn-3840-1", + "https://www.debian.org/security/2018/dsa-4348", + "https://www.debian.org/security/2018/dsa-4355", + "https://www.openssl.org/news/secadv/20181030.txt", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "https://www.tenable.com/security/tns-2018-16", + "https://www.tenable.com/security/tns-2018-17" + ], + "PublishedDate": "2018-10-30T12:29:00Z", + "LastModifiedDate": "2019-06-11T22:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-0735", + "PkgName": "openssl-libs", + "InstalledVersion": "1:1.1.1-8.0.1.el8", + "FixedVersion": "1:1.1.1c-2.el8", + "Layer": { + "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0735", + "Title": "openssl: timing side channel attack in the ECDSA signature generation", + "Description": "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-320" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-0735.html", + "http://linux.oracle.com/errata/ELSA-2019-3700.html", + "http://www.securityfocus.com/bid/105750", + "http://www.securitytracker.com/id/1041986", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0735", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56fb454d281a023b3f950d969693553d3f3ceea1", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4", + "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html", + "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", + "https://security.netapp.com/advisory/ntap-20181105-0002/", + "https://usn.ubuntu.com/3840-1/", + "https://usn.ubuntu.com/usn/usn-3840-1", + "https://www.debian.org/security/2018/dsa-4348", + "https://www.openssl.org/news/secadv/20181029.txt", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + ], + "PublishedDate": "2018-10-29T13:29:00Z", + "LastModifiedDate": "2019-07-23T23:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-13734", + "PkgName": "sqlite-libs", + "InstalledVersion": "3.26.0-3.el8", + "FixedVersion": "3.26.0-4.el8_1", + "Layer": { + "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13734", + "Title": "sqlite: fts3: improve shadow table corruption detection", + "Description": "Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-13734.html", + "http://linux.oracle.com/errata/ELSA-2020-0273.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html", + "https://access.redhat.com/errata/RHSA-2019:4238", + "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", + "https://crbug.com/1025466", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13734", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/" + ], + "PublishedDate": "2019-12-10T22:15:00Z", + "LastModifiedDate": "2019-12-16T12:15:00Z" + }, + { + "VulnerabilityID": "CVE-2020-1712", + "PkgName": "systemd-libs", + "InstalledVersion": "239-13.0.1.el8_0.5", + "FixedVersion": "239-18.0.2.el8_1.4", + "Layer": { + "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-1712", + "Title": "systemd: use-after-free when asynchronous polkit queries are performed", + "Description": "A heap use-after-free vulnerability was found in systemd, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.", + "Severity": "HIGH", + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2020-1712.html", + "http://linux.oracle.com/errata/ELSA-2020-0575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1712", + "https://usn.ubuntu.com/usn/usn-4269-1" + ] + }, + { + "VulnerabilityID": "CVE-2019-15718", + "PkgName": "systemd-libs", + "InstalledVersion": "239-13.0.1.el8_0.5", + "FixedVersion": "239-18.0.1.el8", + "Layer": { + "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-15718", + "Title": "systemd: systemd-resolved allows unprivileged users to configure DNS", + "Description": "In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-284" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 2.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-15718.html", + "http://linux.oracle.com/errata/ELSA-2019-3592.html", + "http://www.openwall.com/lists/oss-security/2019/09/03/1", + "https://bugzilla.redhat.com/show_bug.cgi?id=1746057", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15718", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRE5IS24XTF5WNZGH2L7GSQJKARBOEGL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIKGKXZ5OEGOEYURHLJHEMFYNLEGAW5B/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2WNHRJW4XI6H5YMDG4BUFGPAXWUMUVG/", + "https://usn.ubuntu.com/usn/usn-4120-1" + ], + "PublishedDate": "2019-09-04T12:15:00Z", + "LastModifiedDate": "2019-09-19T04:15:00Z" + } + ] + } + ] +} \ No newline at end of file diff --git a/integration/testdata/photon-10.json.golden b/integration/testdata/photon-10.json.golden index 294b4e2603..efc1e84dba 100644 --- a/integration/testdata/photon-10.json.golden +++ b/integration/testdata/photon-10.json.golden @@ -1,767 +1,826 @@ -[ - { - "Target": "testdata/fixtures/images/photon-10.tar.gz (photon 1.0)", - "Class": "os-pkgs", - "Type": "photon", - "Vulnerabilities": [ - { - "VulnerabilityID": "CVE-2019-18276", - "PkgName": "bash", - "InstalledVersion": "4.3.48-3.ph1", - "FixedVersion": "4.3.48-5.ph1", - "Layer": { - "DiffID": "sha256:9740df1ac227d21600b22524f869c9bec2d8c13446d1c8579a6195b6d855ae2b" +{ + "SchemaVersion": 2, + "ArtifactName": "testdata/fixtures/images/photon-10.tar.gz", + "ArtifactType": "container_image", + "Metadata": { + "OS": { + "Family": "photon", + "Name": "1.0" + }, + "ImageID": "sha256:91bae7d50a3697560a26c74d1ea2c89f93994d6cc820b0c45930b889ec8205e2", + "DiffIDs": [ + "sha256:9740df1ac227d21600b22524f869c9bec2d8c13446d1c8579a6195b6d855ae2b" + ], + "ImageConfig": { + "architecture": "amd64", + "container": "19c0561fb4fdbf192cf1c53382ed623d9df34ef12f3d6fceebc094a14cf0fbb3", + "created": "2019-08-23T22:27:03.861643679Z", + "docker_version": "18.06.1-ce", + "history": [ + { + "created": "2019-08-23T22:27:03.414237479Z", + "created_by": "/bin/sh -c #(nop) ADD file:f328b305cd347d88e1f2f11847075e42c746b557c465a93d468d7c20a9fdafa8 in / " }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18276", - "Title": "bash: when effective UID is not equal to its real UID the saved UID is not dropped", - "Description": "An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support \"saved UID\" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use \"enable -f\" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-273" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V2Score": 7.2 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } + { + "created": "2019-08-23T22:27:03.705737675Z", + "created_by": "/bin/sh -c #(nop) LABEL name=Photon OS 1.0 Base Image vendor=VMware build-date=20190823", + "empty_layer": true }, - "References": [ - "http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276", - "https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff", - "https://www.youtube.com/watch?v=-wGtxJ8opa8" - ], - "PublishedDate": "2019-11-28T01:15:00Z", - "LastModifiedDate": "2020-01-22T14:27:00Z" + { + "created": "2019-08-23T22:27:03.861643679Z", + "created_by": "/bin/sh -c #(nop) CMD [\"/bin/bash\"]", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:9740df1ac227d21600b22524f869c9bec2d8c13446d1c8579a6195b6d855ae2b" + ] }, - { - "VulnerabilityID": "CVE-2012-6711", - "PkgName": "bash", - "InstalledVersion": "4.3.48-3.ph1", - "FixedVersion": "4.3.48-4.ph1", - "Layer": { - "DiffID": "sha256:9740df1ac227d21600b22524f869c9bec2d8c13446d1c8579a6195b6d855ae2b" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2012-6711", - "Title": "bash: heap-based buffer overflow during echo of unsupported characters", - "Description": "A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to print through the \"echo -e\" built-in function, may use this flaw to crash a script or execute code with the privileges of the bash process. This occurs because ansicstr() in lib/sh/strtrans.c mishandles u32cconv().", - "Severity": "HIGH", - "CweIDs": [ - "CWE-119" + "config": { + "Cmd": [ + "/bin/bash" ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/bash.git/commit/?h=devel\u0026id=863d31ae775d56b785dc5b0105b6d251515d81d5", - "http://www.securityfocus.com/bid/108824", - "https://bugzilla.redhat.com/show_bug.cgi?id=1721071", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6711" + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ], - "PublishedDate": "2019-06-18T18:15:00Z", - "LastModifiedDate": "2019-06-20T09:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5481", - "PkgName": "curl", - "InstalledVersion": "7.59.0-8.ph1", - "FixedVersion": "7.59.0-9.ph1", - "Layer": { - "DiffID": "sha256:9740df1ac227d21600b22524f869c9bec2d8c13446d1c8579a6195b6d855ae2b" + "Image": "sha256:dfa479c1cd7faef668c299b52fbc775f4df904a392ccbc0d374bf52e4fa2e5be", + "Labels": { + "build-date": "20190823", + "name": "Photon OS 1.0 Base Image", + "vendor": "VMware" }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5481", - "Title": "curl: double free due to subsequent call of realloc()", - "Description": "Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", - "https://curl.haxx.se/docs/CVE-2019-5481.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5481", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", - "https://usn.ubuntu.com/usn/usn-4129-1" - ], - "PublishedDate": "2019-09-16T19:15:00Z", - "LastModifiedDate": "2019-09-18T00:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5482", - "PkgName": "curl", - "InstalledVersion": "7.59.0-8.ph1", - "FixedVersion": "7.59.0-9.ph1", - "Layer": { - "DiffID": "sha256:9740df1ac227d21600b22524f869c9bec2d8c13446d1c8579a6195b6d855ae2b" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5482", - "Title": "curl: heap buffer overflow in function tftp_receive_packet()", - "Description": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-120" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 6.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", - "https://curl.haxx.se/docs/CVE-2019-5482.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", - "https://usn.ubuntu.com/usn/usn-4129-1", - "https://usn.ubuntu.com/usn/usn-4129-2" - ], - "PublishedDate": "2019-09-16T19:15:00Z", - "LastModifiedDate": "2019-09-18T00:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-18218", - "PkgName": "file", - "InstalledVersion": "5.24-3.ph1", - "FixedVersion": "5.24-4.ph1", - "Layer": { - "DiffID": "sha256:9740df1ac227d21600b22524f869c9bec2d8c13446d1c8579a6195b6d855ae2b" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18218", - "Title": "file: heap-based buffer overflow in cdf_read_property_info in cdf.c", - "Description": "cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16780", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18218", - "https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84", - "https://lists.debian.org/debian-lts-announce/2019/10/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CV6PFCEYHYALMTT45QE2U5C5TEJZQPXJ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VBK6XOJR6OVWT2FUEBO7V7KCOSSLAP52/", - "https://usn.ubuntu.com/4172-1/", - "https://usn.ubuntu.com/4172-2/", - "https://usn.ubuntu.com/usn/usn-4172-1", - "https://usn.ubuntu.com/usn/usn-4172-2", - "https://www.debian.org/security/2019/dsa-4550" - ], - "PublishedDate": "2019-10-21T05:15:00Z", - "LastModifiedDate": "2019-10-26T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-20387", - "PkgName": "libsolv", - "InstalledVersion": "0.6.19-6.ph1", - "FixedVersion": "0.6.19-7.ph1", - "Layer": { - "DiffID": "sha256:9740df1ac227d21600b22524f869c9bec2d8c13446d1c8579a6195b6d855ae2b" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20387", - "Title": "libsolv: out-of-bounds read in repodata_schema2id in repodata.c", - "Description": "repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20387", - "https://github.com/openSUSE/libsolv/commit/fdb9c9c03508990e4583046b590c30d958f272da", - "https://github.com/openSUSE/libsolv/commit/fdb9c9c03508990e4583046b590c30d958f272da (0.7.6)", - "https://github.com/openSUSE/libsolv/compare/0.7.5...0.7.6", - "https://lists.debian.org/debian-lts-announce/2020/01/msg00034.html" - ], - "PublishedDate": "2020-01-21T23:15:00Z", - "LastModifiedDate": "2020-01-30T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17498", - "PkgName": "libssh2", - "InstalledVersion": "1.9.0-1.ph1", - "FixedVersion": "1.9.0-2.ph1", - "Layer": { - "DiffID": "sha256:9740df1ac227d21600b22524f869c9bec2d8c13446d1c8579a6195b6d855ae2b" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17498", - "Title": "libssh2: integer overflow in SSH_MSG_DISCONNECT logic in packet.c", - "Description": "In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html", - "https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17498", - "https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498", - "https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480", - "https://github.com/libssh2/libssh2/pull/402/commits/1c6fa92b77e34d089493fe6d3e2c6c8775858b94", - "https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/" - ], - "PublishedDate": "2019-10-21T22:15:00Z", - "LastModifiedDate": "2019-11-07T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1547", - "PkgName": "openssl", - "InstalledVersion": "1.0.2s-1.ph1", - "FixedVersion": "1.0.2t-1.ph1", - "Layer": { - "DiffID": "sha256:9740df1ac227d21600b22524f869c9bec2d8c13446d1c8579a6195b6d855ae2b" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1547", - "Title": "openssl: side-channel weak encryption vulnerability", - "Description": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-311" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 1.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.5 - } - }, - "References": [ - "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", - "https://arxiv.org/abs/1909.01785", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a", - "https://seclists.org/bugtraq/2019/Sep/25", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-12T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1551", - "PkgName": "openssl", - "InstalledVersion": "1.0.2s-1.ph1", - "FixedVersion": "1.0.2u-1.ph1", - "Layer": { - "DiffID": "sha256:9740df1ac227d21600b22524f869c9bec2d8c13446d1c8579a6195b6d855ae2b" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", - "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64", - "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.8 - } - }, - "References": [ - "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98", - "https://github.com/openssl/openssl/pull/10575", - "https://seclists.org/bugtraq/2019/Dec/39", - "https://seclists.org/bugtraq/2019/Dec/46", - "https://security.netapp.com/advisory/ntap-20191210-0001/", - "https://www.debian.org/security/2019/dsa-4594", - "https://www.openssl.org/news/secadv/20191206.txt", - "https://www.tenable.com/security/tns-2019-09" - ], - "PublishedDate": "2019-12-06T18:15:00Z", - "LastModifiedDate": "2019-12-25T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1563", - "PkgName": "openssl", - "InstalledVersion": "1.0.2s-1.ph1", - "FixedVersion": "1.0.2t-1.ph1", - "Layer": { - "DiffID": "sha256:9740df1ac227d21600b22524f869c9bec2d8c13446d1c8579a6195b6d855ae2b" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", - "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey", - "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", - "Severity": "LOW", - "CweIDs": [ - "CWE-311" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 3.7 - } - }, - "References": [ - "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", - "https://seclists.org/bugtraq/2019/Sep/25", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-12T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19317", - "PkgName": "sqlite-autoconf", - "InstalledVersion": "3.27.2-3.ph1", - "FixedVersion": "3.30.1-2.ph1", - "Layer": { - "DiffID": "sha256:9740df1ac227d21600b22524f869c9bec2d8c13446d1c8579a6195b6d855ae2b" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19317", - "Title": "sqlite: omits bits from the colUsed bitmask in the case of a generated column", - "Description": "lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://github.com/sqlite/sqlite/commit/522ebfa7cee96fb325a22ea3a2464a63485886a8", - "https://github.com/sqlite/sqlite/commit/73bacb7f93eab9f4bd5a65cbc4ae242acf63c9e3", - "https://security.netapp.com/advisory/ntap-20191223-0001/" - ], - "PublishedDate": "2019-12-05T14:15:00Z", - "LastModifiedDate": "2020-01-07T21:36:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19603", - "PkgName": "sqlite-autoconf", - "InstalledVersion": "3.27.2-3.ph1", - "FixedVersion": "3.30.1-2.ph1", - "Layer": { - "DiffID": "sha256:9740df1ac227d21600b22524f869c9bec2d8c13446d1c8579a6195b6d855ae2b" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19603", - "Title": "sqlite: mishandles certain SELECT statements with a nonexistent VIEW, leading to DoS", - "Description": "SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.", - "Severity": "CRITICAL", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19603", - "https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13", - "https://security.netapp.com/advisory/ntap-20191223-0001/", - "https://www.sqlite.org/" - ], - "PublishedDate": "2019-12-09T19:15:00Z", - "LastModifiedDate": "2020-02-03T14:22:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19646", - "PkgName": "sqlite-autoconf", - "InstalledVersion": "3.27.2-3.ph1", - "FixedVersion": "3.30.1-2.ph1", - "Layer": { - "DiffID": "sha256:9740df1ac227d21600b22524f869c9bec2d8c13446d1c8579a6195b6d855ae2b" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19646", - "Title": "sqlite: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns", - "Description": "pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-754" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 6.3 - } - }, - "References": [ - "https://github.com/sqlite/sqlite/commit/926f796e8feec15f3836aa0a060ed906f8ae04d3", - "https://github.com/sqlite/sqlite/commit/ebd70eedd5d6e6a890a670b5ee874a5eae86b4dd", - "https://security.netapp.com/advisory/ntap-20191223-0001/", - "https://www.sqlite.org/" - ], - "PublishedDate": "2019-12-09T19:15:00Z", - "LastModifiedDate": "2019-12-23T05:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-20218", - "PkgName": "sqlite-autoconf", - "InstalledVersion": "3.27.2-3.ph1", - "FixedVersion": "3.30.1-2.ph1", - "Layer": { - "DiffID": "sha256:9740df1ac227d21600b22524f869c9bec2d8c13446d1c8579a6195b6d855ae2b" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20218", - "Title": "sqlite: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error", - "Description": "selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-755" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20218", - "https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387" - ], - "PublishedDate": "2020-01-02T14:16:00Z", - "LastModifiedDate": "2020-01-16T20:35:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19244", - "PkgName": "sqlite-autoconf", - "InstalledVersion": "3.27.2-3.ph1", - "FixedVersion": "3.31.1-1.ph1", - "Layer": { - "DiffID": "sha256:9740df1ac227d21600b22524f869c9bec2d8c13446d1c8579a6195b6d855ae2b" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19244", - "Title": "sqlite: allows a crash if a sub-select uses both DISTINCT and window functions and also has certain ORDER BY usage", - "Description": "sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19244", - "https://github.com/sqlite/sqlite/commit/e59c562b3f6894f84c715772c4b116d7b5c01348", - "https://usn.ubuntu.com/4205-1/", - "https://usn.ubuntu.com/usn/usn-4205-1" - ], - "PublishedDate": "2019-11-25T20:15:00Z", - "LastModifiedDate": "2019-12-04T16:11:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19880", - "PkgName": "sqlite-autoconf", - "InstalledVersion": "3.27.2-3.ph1", - "FixedVersion": "3.30.1-2.ph1", - "Layer": { - "DiffID": "sha256:9740df1ac227d21600b22524f869c9bec2d8c13446d1c8579a6195b6d855ae2b" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19880", - "Title": "sqlite: invalid pointer dereference in exprListAppendList in window.c", - "Description": "exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19880", - "https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54", - "https://security.netapp.com/advisory/ntap-20200114-0001/" - ], - "PublishedDate": "2019-12-18T06:15:00Z", - "LastModifiedDate": "2020-01-14T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19923", - "PkgName": "sqlite-autoconf", - "InstalledVersion": "3.27.2-3.ph1", - "FixedVersion": "3.31.1-1.ph1", - "Layer": { - "DiffID": "sha256:9740df1ac227d21600b22524f869c9bec2d8c13446d1c8579a6195b6d855ae2b" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19923", - "Title": "sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference", - "Description": "flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).", - "Severity": "HIGH", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19923", - "https://github.com/sqlite/sqlite/commit/396afe6f6aa90a31303c183e11b2b2d4b7956b35", - "https://security.netapp.com/advisory/ntap-20200114-0003/" - ], - "PublishedDate": "2019-12-24T16:15:00Z", - "LastModifiedDate": "2020-01-14T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19925", - "PkgName": "sqlite-autoconf", - "InstalledVersion": "3.27.2-3.ph1", - "FixedVersion": "3.31.1-1.ph1", - "Layer": { - "DiffID": "sha256:9740df1ac227d21600b22524f869c9bec2d8c13446d1c8579a6195b6d855ae2b" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19925", - "Title": "sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive", - "Description": "zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-434" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19925", - "https://github.com/sqlite/sqlite/commit/54d501092d88c0cf89bec4279951f548fb0b8618", - "https://security.netapp.com/advisory/ntap-20200114-0003/" - ], - "PublishedDate": "2019-12-24T17:15:00Z", - "LastModifiedDate": "2020-01-14T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19926", - "PkgName": "sqlite-autoconf", - "InstalledVersion": "3.27.2-3.ph1", - "FixedVersion": "3.31.1-1.ph1", - "Layer": { - "DiffID": "sha256:9740df1ac227d21600b22524f869c9bec2d8c13446d1c8579a6195b6d855ae2b" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19926", - "Title": "sqlite: error mishandling because of incomplete fix of CVE-2019-19880", - "Description": "multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19926", - "https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089", - "https://security.netapp.com/advisory/ntap-20200114-0003/" - ], - "PublishedDate": "2019-12-23T01:15:00Z", - "LastModifiedDate": "2020-01-14T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19959", - "PkgName": "sqlite-autoconf", - "InstalledVersion": "3.27.2-3.ph1", - "FixedVersion": "3.31.1-1.ph1", - "Layer": { - "DiffID": "sha256:9740df1ac227d21600b22524f869c9bec2d8c13446d1c8579a6195b6d855ae2b" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19959", - "Title": "sqlite: mishandles certain uses of INSERT INTO in situations involving embedded '\\0' characters in filenames", - "Description": "ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.", - "Severity": "HIGH", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 7.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19959", - "https://github.com/sqlite/sqlite/commit/1e490c4ca6b43a9cf8637d695907888349f69bec", - "https://github.com/sqlite/sqlite/commit/d8f2d46cbc9925e034a68aaaf60aad788d9373c1", - "https://security.netapp.com/advisory/ntap-20200204-0001/" - ], - "PublishedDate": "2020-01-03T22:15:00Z", - "LastModifiedDate": "2020-02-04T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19645", - "PkgName": "sqlite-autoconf", - "InstalledVersion": "3.27.2-3.ph1", - "FixedVersion": "3.30.1-2.ph1", - "Layer": { - "DiffID": "sha256:9740df1ac227d21600b22524f869c9bec2d8c13446d1c8579a6195b6d855ae2b" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19645", - "Title": "sqlite: infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements", - "Description": "alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-674" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19645", - "https://github.com/sqlite/sqlite/commit/38096961c7cd109110ac21d3ed7dad7e0cb0ae06", - "https://security.netapp.com/advisory/ntap-20191223-0001/" - ], - "PublishedDate": "2019-12-09T16:15:00Z", - "LastModifiedDate": "2019-12-23T05:15:00Z" + "ArgsEscaped": true } - ] - } -] \ No newline at end of file + } + }, + "Results": [ + { + "Target": "testdata/fixtures/images/photon-10.tar.gz (photon 1.0)", + "Class": "os-pkgs", + "Type": "photon", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2019-18276", + "PkgName": "bash", + "InstalledVersion": "4.3.48-3.ph1", + "FixedVersion": "4.3.48-5.ph1", + "Layer": { + "DiffID": "sha256:9740df1ac227d21600b22524f869c9bec2d8c13446d1c8579a6195b6d855ae2b" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18276", + "Title": "bash: when effective UID is not equal to its real UID the saved UID is not dropped", + "Description": "An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support \"saved UID\" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use \"enable -f\" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-273" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V2Score": 7.2 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276", + "https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff", + "https://www.youtube.com/watch?v=-wGtxJ8opa8" + ], + "PublishedDate": "2019-11-28T01:15:00Z", + "LastModifiedDate": "2020-01-22T14:27:00Z" + }, + { + "VulnerabilityID": "CVE-2012-6711", + "PkgName": "bash", + "InstalledVersion": "4.3.48-3.ph1", + "FixedVersion": "4.3.48-4.ph1", + "Layer": { + "DiffID": "sha256:9740df1ac227d21600b22524f869c9bec2d8c13446d1c8579a6195b6d855ae2b" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2012-6711", + "Title": "bash: heap-based buffer overflow during echo of unsupported characters", + "Description": "A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to print through the \"echo -e\" built-in function, may use this flaw to crash a script or execute code with the privileges of the bash process. This occurs because ansicstr() in lib/sh/strtrans.c mishandles u32cconv().", + "Severity": "HIGH", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/bash.git/commit/?h=devel\u0026id=863d31ae775d56b785dc5b0105b6d251515d81d5", + "http://www.securityfocus.com/bid/108824", + "https://bugzilla.redhat.com/show_bug.cgi?id=1721071", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6711" + ], + "PublishedDate": "2019-06-18T18:15:00Z", + "LastModifiedDate": "2019-06-20T09:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5481", + "PkgName": "curl", + "InstalledVersion": "7.59.0-8.ph1", + "FixedVersion": "7.59.0-9.ph1", + "Layer": { + "DiffID": "sha256:9740df1ac227d21600b22524f869c9bec2d8c13446d1c8579a6195b6d855ae2b" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5481", + "Title": "curl: double free due to subsequent call of realloc()", + "Description": "Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.7 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", + "https://curl.haxx.se/docs/CVE-2019-5481.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5481", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", + "https://usn.ubuntu.com/usn/usn-4129-1" + ], + "PublishedDate": "2019-09-16T19:15:00Z", + "LastModifiedDate": "2019-09-18T00:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5482", + "PkgName": "curl", + "InstalledVersion": "7.59.0-8.ph1", + "FixedVersion": "7.59.0-9.ph1", + "Layer": { + "DiffID": "sha256:9740df1ac227d21600b22524f869c9bec2d8c13446d1c8579a6195b6d855ae2b" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5482", + "Title": "curl: heap buffer overflow in function tftp_receive_packet()", + "Description": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-120" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 6.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", + "https://curl.haxx.se/docs/CVE-2019-5482.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", + "https://usn.ubuntu.com/usn/usn-4129-1", + "https://usn.ubuntu.com/usn/usn-4129-2" + ], + "PublishedDate": "2019-09-16T19:15:00Z", + "LastModifiedDate": "2019-09-18T00:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-18218", + "PkgName": "file", + "InstalledVersion": "5.24-3.ph1", + "FixedVersion": "5.24-4.ph1", + "Layer": { + "DiffID": "sha256:9740df1ac227d21600b22524f869c9bec2d8c13446d1c8579a6195b6d855ae2b" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18218", + "Title": "file: heap-based buffer overflow in cdf_read_property_info in cdf.c", + "Description": "cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16780", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18218", + "https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84", + "https://lists.debian.org/debian-lts-announce/2019/10/msg00032.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CV6PFCEYHYALMTT45QE2U5C5TEJZQPXJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VBK6XOJR6OVWT2FUEBO7V7KCOSSLAP52/", + "https://usn.ubuntu.com/4172-1/", + "https://usn.ubuntu.com/4172-2/", + "https://usn.ubuntu.com/usn/usn-4172-1", + "https://usn.ubuntu.com/usn/usn-4172-2", + "https://www.debian.org/security/2019/dsa-4550" + ], + "PublishedDate": "2019-10-21T05:15:00Z", + "LastModifiedDate": "2019-10-26T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-20387", + "PkgName": "libsolv", + "InstalledVersion": "0.6.19-6.ph1", + "FixedVersion": "0.6.19-7.ph1", + "Layer": { + "DiffID": "sha256:9740df1ac227d21600b22524f869c9bec2d8c13446d1c8579a6195b6d855ae2b" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20387", + "Title": "libsolv: out-of-bounds read in repodata_schema2id in repodata.c", + "Description": "repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20387", + "https://github.com/openSUSE/libsolv/commit/fdb9c9c03508990e4583046b590c30d958f272da", + "https://github.com/openSUSE/libsolv/commit/fdb9c9c03508990e4583046b590c30d958f272da (0.7.6)", + "https://github.com/openSUSE/libsolv/compare/0.7.5...0.7.6", + "https://lists.debian.org/debian-lts-announce/2020/01/msg00034.html" + ], + "PublishedDate": "2020-01-21T23:15:00Z", + "LastModifiedDate": "2020-01-30T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17498", + "PkgName": "libssh2", + "InstalledVersion": "1.9.0-1.ph1", + "FixedVersion": "1.9.0-2.ph1", + "Layer": { + "DiffID": "sha256:9740df1ac227d21600b22524f869c9bec2d8c13446d1c8579a6195b6d855ae2b" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17498", + "Title": "libssh2: integer overflow in SSH_MSG_DISCONNECT logic in packet.c", + "Description": "In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V2Score": 5.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html", + "https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17498", + "https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498", + "https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480", + "https://github.com/libssh2/libssh2/pull/402/commits/1c6fa92b77e34d089493fe6d3e2c6c8775858b94", + "https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/" + ], + "PublishedDate": "2019-10-21T22:15:00Z", + "LastModifiedDate": "2019-11-07T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1547", + "PkgName": "openssl", + "InstalledVersion": "1.0.2s-1.ph1", + "FixedVersion": "1.0.2t-1.ph1", + "Layer": { + "DiffID": "sha256:9740df1ac227d21600b22524f869c9bec2d8c13446d1c8579a6195b6d855ae2b" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1547", + "Title": "openssl: side-channel weak encryption vulnerability", + "Description": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-311" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 1.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", + "https://arxiv.org/abs/1909.01785", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a", + "https://seclists.org/bugtraq/2019/Sep/25", + "https://security.netapp.com/advisory/ntap-20190919-0002/", + "https://www.openssl.org/news/secadv/20190910.txt" + ], + "PublishedDate": "2019-09-10T17:15:00Z", + "LastModifiedDate": "2019-09-12T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1551", + "PkgName": "openssl", + "InstalledVersion": "1.0.2s-1.ph1", + "FixedVersion": "1.0.2u-1.ph1", + "Layer": { + "DiffID": "sha256:9740df1ac227d21600b22524f869c9bec2d8c13446d1c8579a6195b6d855ae2b" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", + "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64", + "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98", + "https://github.com/openssl/openssl/pull/10575", + "https://seclists.org/bugtraq/2019/Dec/39", + "https://seclists.org/bugtraq/2019/Dec/46", + "https://security.netapp.com/advisory/ntap-20191210-0001/", + "https://www.debian.org/security/2019/dsa-4594", + "https://www.openssl.org/news/secadv/20191206.txt", + "https://www.tenable.com/security/tns-2019-09" + ], + "PublishedDate": "2019-12-06T18:15:00Z", + "LastModifiedDate": "2019-12-25T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1563", + "PkgName": "openssl", + "InstalledVersion": "1.0.2s-1.ph1", + "FixedVersion": "1.0.2t-1.ph1", + "Layer": { + "DiffID": "sha256:9740df1ac227d21600b22524f869c9bec2d8c13446d1c8579a6195b6d855ae2b" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", + "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey", + "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", + "Severity": "LOW", + "CweIDs": [ + "CWE-311" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", + "https://seclists.org/bugtraq/2019/Sep/25", + "https://security.netapp.com/advisory/ntap-20190919-0002/", + "https://www.openssl.org/news/secadv/20190910.txt" + ], + "PublishedDate": "2019-09-10T17:15:00Z", + "LastModifiedDate": "2019-09-12T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19317", + "PkgName": "sqlite-autoconf", + "InstalledVersion": "3.27.2-3.ph1", + "FixedVersion": "3.30.1-2.ph1", + "Layer": { + "DiffID": "sha256:9740df1ac227d21600b22524f869c9bec2d8c13446d1c8579a6195b6d855ae2b" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19317", + "Title": "sqlite: omits bits from the colUsed bitmask in the case of a generated column", + "Description": "lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/sqlite/sqlite/commit/522ebfa7cee96fb325a22ea3a2464a63485886a8", + "https://github.com/sqlite/sqlite/commit/73bacb7f93eab9f4bd5a65cbc4ae242acf63c9e3", + "https://security.netapp.com/advisory/ntap-20191223-0001/" + ], + "PublishedDate": "2019-12-05T14:15:00Z", + "LastModifiedDate": "2020-01-07T21:36:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19603", + "PkgName": "sqlite-autoconf", + "InstalledVersion": "3.27.2-3.ph1", + "FixedVersion": "3.30.1-2.ph1", + "Layer": { + "DiffID": "sha256:9740df1ac227d21600b22524f869c9bec2d8c13446d1c8579a6195b6d855ae2b" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19603", + "Title": "sqlite: mishandles certain SELECT statements with a nonexistent VIEW, leading to DoS", + "Description": "SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.", + "Severity": "CRITICAL", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19603", + "https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13", + "https://security.netapp.com/advisory/ntap-20191223-0001/", + "https://www.sqlite.org/" + ], + "PublishedDate": "2019-12-09T19:15:00Z", + "LastModifiedDate": "2020-02-03T14:22:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19646", + "PkgName": "sqlite-autoconf", + "InstalledVersion": "3.27.2-3.ph1", + "FixedVersion": "3.30.1-2.ph1", + "Layer": { + "DiffID": "sha256:9740df1ac227d21600b22524f869c9bec2d8c13446d1c8579a6195b6d855ae2b" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19646", + "Title": "sqlite: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns", + "Description": "pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-754" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 6.3 + } + }, + "References": [ + "https://github.com/sqlite/sqlite/commit/926f796e8feec15f3836aa0a060ed906f8ae04d3", + "https://github.com/sqlite/sqlite/commit/ebd70eedd5d6e6a890a670b5ee874a5eae86b4dd", + "https://security.netapp.com/advisory/ntap-20191223-0001/", + "https://www.sqlite.org/" + ], + "PublishedDate": "2019-12-09T19:15:00Z", + "LastModifiedDate": "2019-12-23T05:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-20218", + "PkgName": "sqlite-autoconf", + "InstalledVersion": "3.27.2-3.ph1", + "FixedVersion": "3.30.1-2.ph1", + "Layer": { + "DiffID": "sha256:9740df1ac227d21600b22524f869c9bec2d8c13446d1c8579a6195b6d855ae2b" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20218", + "Title": "sqlite: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error", + "Description": "selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-755" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20218", + "https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387" + ], + "PublishedDate": "2020-01-02T14:16:00Z", + "LastModifiedDate": "2020-01-16T20:35:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19244", + "PkgName": "sqlite-autoconf", + "InstalledVersion": "3.27.2-3.ph1", + "FixedVersion": "3.31.1-1.ph1", + "Layer": { + "DiffID": "sha256:9740df1ac227d21600b22524f869c9bec2d8c13446d1c8579a6195b6d855ae2b" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19244", + "Title": "sqlite: allows a crash if a sub-select uses both DISTINCT and window functions and also has certain ORDER BY usage", + "Description": "sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19244", + "https://github.com/sqlite/sqlite/commit/e59c562b3f6894f84c715772c4b116d7b5c01348", + "https://usn.ubuntu.com/4205-1/", + "https://usn.ubuntu.com/usn/usn-4205-1" + ], + "PublishedDate": "2019-11-25T20:15:00Z", + "LastModifiedDate": "2019-12-04T16:11:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19880", + "PkgName": "sqlite-autoconf", + "InstalledVersion": "3.27.2-3.ph1", + "FixedVersion": "3.30.1-2.ph1", + "Layer": { + "DiffID": "sha256:9740df1ac227d21600b22524f869c9bec2d8c13446d1c8579a6195b6d855ae2b" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19880", + "Title": "sqlite: invalid pointer dereference in exprListAppendList in window.c", + "Description": "exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19880", + "https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54", + "https://security.netapp.com/advisory/ntap-20200114-0001/" + ], + "PublishedDate": "2019-12-18T06:15:00Z", + "LastModifiedDate": "2020-01-14T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19923", + "PkgName": "sqlite-autoconf", + "InstalledVersion": "3.27.2-3.ph1", + "FixedVersion": "3.31.1-1.ph1", + "Layer": { + "DiffID": "sha256:9740df1ac227d21600b22524f869c9bec2d8c13446d1c8579a6195b6d855ae2b" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19923", + "Title": "sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference", + "Description": "flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19923", + "https://github.com/sqlite/sqlite/commit/396afe6f6aa90a31303c183e11b2b2d4b7956b35", + "https://security.netapp.com/advisory/ntap-20200114-0003/" + ], + "PublishedDate": "2019-12-24T16:15:00Z", + "LastModifiedDate": "2020-01-14T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19925", + "PkgName": "sqlite-autoconf", + "InstalledVersion": "3.27.2-3.ph1", + "FixedVersion": "3.31.1-1.ph1", + "Layer": { + "DiffID": "sha256:9740df1ac227d21600b22524f869c9bec2d8c13446d1c8579a6195b6d855ae2b" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19925", + "Title": "sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive", + "Description": "zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-434" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19925", + "https://github.com/sqlite/sqlite/commit/54d501092d88c0cf89bec4279951f548fb0b8618", + "https://security.netapp.com/advisory/ntap-20200114-0003/" + ], + "PublishedDate": "2019-12-24T17:15:00Z", + "LastModifiedDate": "2020-01-14T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19926", + "PkgName": "sqlite-autoconf", + "InstalledVersion": "3.27.2-3.ph1", + "FixedVersion": "3.31.1-1.ph1", + "Layer": { + "DiffID": "sha256:9740df1ac227d21600b22524f869c9bec2d8c13446d1c8579a6195b6d855ae2b" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19926", + "Title": "sqlite: error mishandling because of incomplete fix of CVE-2019-19880", + "Description": "multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19926", + "https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089", + "https://security.netapp.com/advisory/ntap-20200114-0003/" + ], + "PublishedDate": "2019-12-23T01:15:00Z", + "LastModifiedDate": "2020-01-14T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19959", + "PkgName": "sqlite-autoconf", + "InstalledVersion": "3.27.2-3.ph1", + "FixedVersion": "3.31.1-1.ph1", + "Layer": { + "DiffID": "sha256:9740df1ac227d21600b22524f869c9bec2d8c13446d1c8579a6195b6d855ae2b" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19959", + "Title": "sqlite: mishandles certain uses of INSERT INTO in situations involving embedded '\\0' characters in filenames", + "Description": "ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.", + "Severity": "HIGH", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19959", + "https://github.com/sqlite/sqlite/commit/1e490c4ca6b43a9cf8637d695907888349f69bec", + "https://github.com/sqlite/sqlite/commit/d8f2d46cbc9925e034a68aaaf60aad788d9373c1", + "https://security.netapp.com/advisory/ntap-20200204-0001/" + ], + "PublishedDate": "2020-01-03T22:15:00Z", + "LastModifiedDate": "2020-02-04T12:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19645", + "PkgName": "sqlite-autoconf", + "InstalledVersion": "3.27.2-3.ph1", + "FixedVersion": "3.30.1-2.ph1", + "Layer": { + "DiffID": "sha256:9740df1ac227d21600b22524f869c9bec2d8c13446d1c8579a6195b6d855ae2b" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19645", + "Title": "sqlite: infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements", + "Description": "alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-674" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19645", + "https://github.com/sqlite/sqlite/commit/38096961c7cd109110ac21d3ed7dad7e0cb0ae06", + "https://security.netapp.com/advisory/ntap-20191223-0001/" + ], + "PublishedDate": "2019-12-09T16:15:00Z", + "LastModifiedDate": "2019-12-23T05:15:00Z" + } + ] + } + ] +} \ No newline at end of file diff --git a/integration/testdata/photon-20.json.golden b/integration/testdata/photon-20.json.golden index a47e432b44..288725e075 100644 --- a/integration/testdata/photon-20.json.golden +++ b/integration/testdata/photon-20.json.golden @@ -1,1096 +1,1155 @@ -[ - { - "Target": "testdata/fixtures/images/photon-20.tar.gz (photon 2.0)", - "Class": "os-pkgs", - "Type": "photon", - "Vulnerabilities": [ - { - "VulnerabilityID": "CVE-2019-18276", - "PkgName": "bash", - "InstalledVersion": "4.4.12-3.ph2", - "FixedVersion": "4.4.18-1.ph2", - "Layer": { - "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" +{ + "SchemaVersion": 2, + "ArtifactName": "testdata/fixtures/images/photon-20.tar.gz", + "ArtifactType": "container_image", + "Metadata": { + "OS": { + "Family": "photon", + "Name": "2.0" + }, + "ImageID": "sha256:15bd3cb464a2746dfbb6c942022c7c666c349c0579ecc39bf7b7abae40bc18b7", + "DiffIDs": [ + "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" + ], + "ImageConfig": { + "architecture": "amd64", + "container": "fb859bb7c6f1a32b3c75be0d746f4c9fa2ad7c3072c903e90d220261a7abf240", + "created": "2019-07-27T00:22:18.482655014Z", + "docker_version": "18.06.1-ce", + "history": [ + { + "created": "2019-07-27T00:22:18.156548541Z", + "created_by": "/bin/sh -c #(nop) ADD file:ac5bd1051be53ef75116a4924e67f767ca29def6fb6b15405715f4b4ad3e039d in / " }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18276", - "Title": "bash: when effective UID is not equal to its real UID the saved UID is not dropped", - "Description": "An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support \"saved UID\" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use \"enable -f\" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-273" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V2Score": 7.2 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } + { + "created": "2019-07-27T00:22:18.307713726Z", + "created_by": "/bin/sh -c #(nop) LABEL name=Photon OS 2.0 Base Image vendor=VMware build-date=20190726", + "empty_layer": true }, - "References": [ - "http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276", - "https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff", - "https://www.youtube.com/watch?v=-wGtxJ8opa8" - ], - "PublishedDate": "2019-11-28T01:15:00Z", - "LastModifiedDate": "2020-01-22T14:27:00Z" + { + "created": "2019-07-27T00:22:18.482655014Z", + "created_by": "/bin/sh -c #(nop) CMD [\"/bin/bash\"]", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" + ] }, - { - "VulnerabilityID": "CVE-2019-5481", - "PkgName": "curl", - "InstalledVersion": "7.59.0-7.ph2", - "FixedVersion": "7.59.0-9.ph2", - "Layer": { - "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5481", - "Title": "curl: double free due to subsequent call of realloc()", - "Description": "Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-415" + "config": { + "Cmd": [ + "/bin/bash" ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", - "https://curl.haxx.se/docs/CVE-2019-5481.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5481", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", - "https://usn.ubuntu.com/usn/usn-4129-1" + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ], - "PublishedDate": "2019-09-16T19:15:00Z", - "LastModifiedDate": "2019-09-18T00:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5482", - "PkgName": "curl", - "InstalledVersion": "7.59.0-7.ph2", - "FixedVersion": "7.59.0-9.ph2", - "Layer": { - "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" + "Image": "sha256:f1ee8270ca15b34f868cc35b469cc95f83e712d5f5bf8b46d108928acf3aa05b", + "Labels": { + "build-date": "20190726", + "name": "Photon OS 2.0 Base Image", + "vendor": "VMware" }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5482", - "Title": "curl: heap buffer overflow in function tftp_receive_packet()", - "Description": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-120" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 6.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", - "https://curl.haxx.se/docs/CVE-2019-5482.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", - "https://usn.ubuntu.com/usn/usn-4129-1", - "https://usn.ubuntu.com/usn/usn-4129-2" - ], - "PublishedDate": "2019-09-16T19:15:00Z", - "LastModifiedDate": "2019-09-18T00:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16890", - "PkgName": "curl", - "InstalledVersion": "7.59.0-7.ph2", - "FixedVersion": "7.59.0-8.ph2", - "Layer": { - "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16890", - "Title": "curl: NTLM type-2 heap out-of-bounds buffer read", - "Description": "libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16890.html", - "http://linux.oracle.com/errata/ELSA-2019-3701.html", - "http://www.securityfocus.com/bid/106947", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890", - "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf", - "https://curl.haxx.se/docs/CVE-2018-16890.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16890", - "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E", - "https://security.netapp.com/advisory/ntap-20190315-0001/", - "https://usn.ubuntu.com/3882-1/", - "https://usn.ubuntu.com/usn/usn-3882-1", - "https://www.debian.org/security/2019/dsa-4386", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" - ], - "PublishedDate": "2019-02-06T20:29:00Z", - "LastModifiedDate": "2019-07-23T23:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5481", - "PkgName": "curl-libs", - "InstalledVersion": "7.59.0-7.ph2", - "FixedVersion": "7.59.0-9.ph2", - "Layer": { - "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5481", - "Title": "curl: double free due to subsequent call of realloc()", - "Description": "Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", - "https://curl.haxx.se/docs/CVE-2019-5481.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5481", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", - "https://usn.ubuntu.com/usn/usn-4129-1" - ], - "PublishedDate": "2019-09-16T19:15:00Z", - "LastModifiedDate": "2019-09-18T00:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5482", - "PkgName": "curl-libs", - "InstalledVersion": "7.59.0-7.ph2", - "FixedVersion": "7.59.0-9.ph2", - "Layer": { - "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5482", - "Title": "curl: heap buffer overflow in function tftp_receive_packet()", - "Description": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-120" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 6.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", - "https://curl.haxx.se/docs/CVE-2019-5482.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", - "https://usn.ubuntu.com/usn/usn-4129-1", - "https://usn.ubuntu.com/usn/usn-4129-2" - ], - "PublishedDate": "2019-09-16T19:15:00Z", - "LastModifiedDate": "2019-09-18T00:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16890", - "PkgName": "curl-libs", - "InstalledVersion": "7.59.0-7.ph2", - "FixedVersion": "7.59.0-8.ph2", - "Layer": { - "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16890", - "Title": "curl: NTLM type-2 heap out-of-bounds buffer read", - "Description": "libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16890.html", - "http://linux.oracle.com/errata/ELSA-2019-3701.html", - "http://www.securityfocus.com/bid/106947", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890", - "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf", - "https://curl.haxx.se/docs/CVE-2018-16890.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16890", - "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E", - "https://security.netapp.com/advisory/ntap-20190315-0001/", - "https://usn.ubuntu.com/3882-1/", - "https://usn.ubuntu.com/usn/usn-3882-1", - "https://www.debian.org/security/2019/dsa-4386", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" - ], - "PublishedDate": "2019-02-06T20:29:00Z", - "LastModifiedDate": "2019-07-23T23:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5094", - "PkgName": "e2fsprogs-libs", - "InstalledVersion": "1.43.4-2.ph2", - "FixedVersion": "1.43.4-3.ph2", - "Layer": { - "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", - "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", - "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 6.4 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", - "https://seclists.org/bugtraq/2019/Sep/58", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", - "https://usn.ubuntu.com/4142-2/", - "https://usn.ubuntu.com/usn/usn-4142-1", - "https://usn.ubuntu.com/usn/usn-4142-2", - "https://www.debian.org/security/2019/dsa-4535" - ], - "PublishedDate": "2019-09-24T22:15:00Z", - "LastModifiedDate": "2019-09-28T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5188", - "PkgName": "e2fsprogs-libs", - "InstalledVersion": "1.43.4-2.ph2", - "FixedVersion": "1.43.4-4.ph2", - "Layer": { - "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", - "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", - "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", - "https://usn.ubuntu.com/4249-1/", - "https://usn.ubuntu.com/usn/usn-4249-1" - ], - "PublishedDate": "2020-01-08T16:15:00Z", - "LastModifiedDate": "2020-01-28T06:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20843", - "PkgName": "expat-libs", - "InstalledVersion": "2.2.4-1.ph2", - "FixedVersion": "2.2.4-2.ph2", - "Layer": { - "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20843", - "Title": "expat: large number of colons in input makes parser consume high amount of resources, leading to DoS", - "Description": "In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).", - "Severity": "HIGH", - "CweIDs": [ - "CWE-611" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 7.8, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931031", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20843", - "https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes", - "https://github.com/libexpat/libexpat/issues/186", - "https://github.com/libexpat/libexpat/pull/262", - "https://github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00028.html", - "https://seclists.org/bugtraq/2019/Jun/39", - "https://security.netapp.com/advisory/ntap-20190703-0001/", - "https://usn.ubuntu.com/4040-1/", - "https://usn.ubuntu.com/4040-2/", - "https://usn.ubuntu.com/usn/usn-4040-1", - "https://usn.ubuntu.com/usn/usn-4040-2", - "https://www.debian.org/security/2019/dsa-4472" - ], - "PublishedDate": "2019-06-24T17:15:00Z", - "LastModifiedDate": "2019-06-26T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-20387", - "PkgName": "libsolv", - "InstalledVersion": "0.6.26-4.ph2", - "FixedVersion": "0.6.26-5.ph2", - "Layer": { - "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20387", - "Title": "libsolv: out-of-bounds read in repodata_schema2id in repodata.c", - "Description": "repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20387", - "https://github.com/openSUSE/libsolv/commit/fdb9c9c03508990e4583046b590c30d958f272da", - "https://github.com/openSUSE/libsolv/commit/fdb9c9c03508990e4583046b590c30d958f272da (0.7.6)", - "https://github.com/openSUSE/libsolv/compare/0.7.5...0.7.6", - "https://lists.debian.org/debian-lts-announce/2020/01/msg00034.html" - ], - "PublishedDate": "2020-01-21T23:15:00Z", - "LastModifiedDate": "2020-01-30T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13115", - "PkgName": "libssh2", - "InstalledVersion": "1.8.2-1.ph2", - "FixedVersion": "1.9.0-1.ph2", - "Layer": { - "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13115", - "Title": "libssh2: integer overflow in kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c leads to out-of-bounds write", - "Description": "In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in 1.8.1, such as CVE-2019-3855.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "V2Score": 5.8, - "V3Score": 8.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H", - "V3Score": 6.8 - } - }, - "References": [ - "https://blog.semmle.com/libssh2-integer-overflow/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13115", - "https://github.com/libssh2/libssh2/compare/02ecf17...42d37aa", - "https://github.com/libssh2/libssh2/pull/350", - "https://libssh2.org/changes.html", - "https://lists.debian.org/debian-lts-announce/2019/07/msg00024.html" - ], - "PublishedDate": "2019-07-16T18:15:00Z", - "LastModifiedDate": "2019-07-25T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17498", - "PkgName": "libssh2", - "InstalledVersion": "1.8.2-1.ph2", - "FixedVersion": "1.9.0-2.ph2", - "Layer": { - "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17498", - "Title": "libssh2: integer overflow in SSH_MSG_DISCONNECT logic in packet.c", - "Description": "In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html", - "https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17498", - "https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498", - "https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480", - "https://github.com/libssh2/libssh2/pull/402/commits/1c6fa92b77e34d089493fe6d3e2c6c8775858b94", - "https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/" - ], - "PublishedDate": "2019-10-21T22:15:00Z", - "LastModifiedDate": "2019-11-07T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17594", - "PkgName": "ncurses-libs", - "InstalledVersion": "6.0-14.ph2", - "FixedVersion": "6.1-1.ph2", - "Layer": { - "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", - "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-26T15:35:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17595", - "PkgName": "ncurses-libs", - "InstalledVersion": "6.0-14.ph2", - "FixedVersion": "6.1-1.ph2", - "Layer": { - "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", - "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-23T19:26:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1547", - "PkgName": "openssl", - "InstalledVersion": "1.0.2s-1.ph2", - "FixedVersion": "1.0.2t-1.ph2", - "Layer": { - "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1547", - "Title": "openssl: side-channel weak encryption vulnerability", - "Description": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-311" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 1.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.5 - } - }, - "References": [ - "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", - "https://arxiv.org/abs/1909.01785", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a", - "https://seclists.org/bugtraq/2019/Sep/25", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-12T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1563", - "PkgName": "openssl", - "InstalledVersion": "1.0.2s-1.ph2", - "FixedVersion": "1.0.2t-1.ph2", - "Layer": { - "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", - "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey", - "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", - "Severity": "LOW", - "CweIDs": [ - "CWE-311" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 3.7 - } - }, - "References": [ - "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", - "https://seclists.org/bugtraq/2019/Sep/25", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-12T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19317", - "PkgName": "sqlite-libs", - "InstalledVersion": "3.27.2-3.ph2", - "FixedVersion": "3.27.2-7.ph2", - "Layer": { - "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19317", - "Title": "sqlite: omits bits from the colUsed bitmask in the case of a generated column", - "Description": "lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://github.com/sqlite/sqlite/commit/522ebfa7cee96fb325a22ea3a2464a63485886a8", - "https://github.com/sqlite/sqlite/commit/73bacb7f93eab9f4bd5a65cbc4ae242acf63c9e3", - "https://security.netapp.com/advisory/ntap-20191223-0001/" - ], - "PublishedDate": "2019-12-05T14:15:00Z", - "LastModifiedDate": "2020-01-07T21:36:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19603", - "PkgName": "sqlite-libs", - "InstalledVersion": "3.27.2-3.ph2", - "FixedVersion": "3.27.2-7.ph2", - "Layer": { - "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19603", - "Title": "sqlite: mishandles certain SELECT statements with a nonexistent VIEW, leading to DoS", - "Description": "SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.", - "Severity": "CRITICAL", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19603", - "https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13", - "https://security.netapp.com/advisory/ntap-20191223-0001/", - "https://www.sqlite.org/" - ], - "PublishedDate": "2019-12-09T19:15:00Z", - "LastModifiedDate": "2020-02-03T14:22:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19646", - "PkgName": "sqlite-libs", - "InstalledVersion": "3.27.2-3.ph2", - "FixedVersion": "3.27.2-7.ph2", - "Layer": { - "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19646", - "Title": "sqlite: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns", - "Description": "pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-754" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 6.3 - } - }, - "References": [ - "https://github.com/sqlite/sqlite/commit/926f796e8feec15f3836aa0a060ed906f8ae04d3", - "https://github.com/sqlite/sqlite/commit/ebd70eedd5d6e6a890a670b5ee874a5eae86b4dd", - "https://security.netapp.com/advisory/ntap-20191223-0001/", - "https://www.sqlite.org/" - ], - "PublishedDate": "2019-12-09T19:15:00Z", - "LastModifiedDate": "2019-12-23T05:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-20218", - "PkgName": "sqlite-libs", - "InstalledVersion": "3.27.2-3.ph2", - "FixedVersion": "3.30.1-1.ph2", - "Layer": { - "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20218", - "Title": "sqlite: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error", - "Description": "selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-755" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20218", - "https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387" - ], - "PublishedDate": "2020-01-02T14:16:00Z", - "LastModifiedDate": "2020-01-16T20:35:00Z" - }, - { - "VulnerabilityID": "CVE-2019-16168", - "PkgName": "sqlite-libs", - "InstalledVersion": "3.27.2-3.ph2", - "FixedVersion": "3.27.2-5.ph2", - "Layer": { - "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16168", - "Title": "sqlite: division by zero in whereLoopAddBtreeIndex in sqlite3.c", - "Description": "In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a \"severe division by zero in the query planner.\"", - "Severity": "HIGH", - "CweIDs": [ - "CWE-369" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00032.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00033.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16168", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XZARJHJJDBHI7CE5PZEBXS5HKK6HXKW2/", - "https://security.netapp.com/advisory/ntap-20190926-0003/", - "https://security.netapp.com/advisory/ntap-20200122-0003/", - "https://usn.ubuntu.com/4205-1/", - "https://usn.ubuntu.com/usn/usn-4205-1", - "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg116312.html", - "https://www.oracle.com/security-alerts/cpujan2020.html", - "https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62", - "https://www.sqlite.org/src/timeline?c=98357d8c1263920b" - ], - "PublishedDate": "2019-09-09T17:15:00Z", - "LastModifiedDate": "2020-01-15T20:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19244", - "PkgName": "sqlite-libs", - "InstalledVersion": "3.27.2-3.ph2", - "FixedVersion": "3.31.1-1.ph2", - "Layer": { - "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19244", - "Title": "sqlite: allows a crash if a sub-select uses both DISTINCT and window functions and also has certain ORDER BY usage", - "Description": "sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19244", - "https://github.com/sqlite/sqlite/commit/e59c562b3f6894f84c715772c4b116d7b5c01348", - "https://usn.ubuntu.com/4205-1/", - "https://usn.ubuntu.com/usn/usn-4205-1" - ], - "PublishedDate": "2019-11-25T20:15:00Z", - "LastModifiedDate": "2019-12-04T16:11:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19880", - "PkgName": "sqlite-libs", - "InstalledVersion": "3.27.2-3.ph2", - "FixedVersion": "3.30.1-1.ph2", - "Layer": { - "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19880", - "Title": "sqlite: invalid pointer dereference in exprListAppendList in window.c", - "Description": "exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19880", - "https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54", - "https://security.netapp.com/advisory/ntap-20200114-0001/" - ], - "PublishedDate": "2019-12-18T06:15:00Z", - "LastModifiedDate": "2020-01-14T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19923", - "PkgName": "sqlite-libs", - "InstalledVersion": "3.27.2-3.ph2", - "FixedVersion": "3.31.1-1.ph2", - "Layer": { - "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19923", - "Title": "sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference", - "Description": "flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).", - "Severity": "HIGH", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19923", - "https://github.com/sqlite/sqlite/commit/396afe6f6aa90a31303c183e11b2b2d4b7956b35", - "https://security.netapp.com/advisory/ntap-20200114-0003/" - ], - "PublishedDate": "2019-12-24T16:15:00Z", - "LastModifiedDate": "2020-01-14T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19925", - "PkgName": "sqlite-libs", - "InstalledVersion": "3.27.2-3.ph2", - "FixedVersion": "3.31.1-1.ph2", - "Layer": { - "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19925", - "Title": "sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive", - "Description": "zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-434" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19925", - "https://github.com/sqlite/sqlite/commit/54d501092d88c0cf89bec4279951f548fb0b8618", - "https://security.netapp.com/advisory/ntap-20200114-0003/" - ], - "PublishedDate": "2019-12-24T17:15:00Z", - "LastModifiedDate": "2020-01-14T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19926", - "PkgName": "sqlite-libs", - "InstalledVersion": "3.27.2-3.ph2", - "FixedVersion": "3.31.1-1.ph2", - "Layer": { - "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19926", - "Title": "sqlite: error mishandling because of incomplete fix of CVE-2019-19880", - "Description": "multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19926", - "https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089", - "https://security.netapp.com/advisory/ntap-20200114-0003/" - ], - "PublishedDate": "2019-12-23T01:15:00Z", - "LastModifiedDate": "2020-01-14T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19959", - "PkgName": "sqlite-libs", - "InstalledVersion": "3.27.2-3.ph2", - "FixedVersion": "3.31.1-1.ph2", - "Layer": { - "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19959", - "Title": "sqlite: mishandles certain uses of INSERT INTO in situations involving embedded '\\0' characters in filenames", - "Description": "ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.", - "Severity": "HIGH", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 7.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19959", - "https://github.com/sqlite/sqlite/commit/1e490c4ca6b43a9cf8637d695907888349f69bec", - "https://github.com/sqlite/sqlite/commit/d8f2d46cbc9925e034a68aaaf60aad788d9373c1", - "https://security.netapp.com/advisory/ntap-20200204-0001/" - ], - "PublishedDate": "2020-01-03T22:15:00Z", - "LastModifiedDate": "2020-02-04T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19645", - "PkgName": "sqlite-libs", - "InstalledVersion": "3.27.2-3.ph2", - "FixedVersion": "3.30.1-1.ph2", - "Layer": { - "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19645", - "Title": "sqlite: infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements", - "Description": "alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-674" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19645", - "https://github.com/sqlite/sqlite/commit/38096961c7cd109110ac21d3ed7dad7e0cb0ae06", - "https://security.netapp.com/advisory/ntap-20191223-0001/" - ], - "PublishedDate": "2019-12-09T16:15:00Z", - "LastModifiedDate": "2019-12-23T05:15:00Z" + "ArgsEscaped": true } - ] - } -] \ No newline at end of file + } + }, + "Results": [ + { + "Target": "testdata/fixtures/images/photon-20.tar.gz (photon 2.0)", + "Class": "os-pkgs", + "Type": "photon", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2019-18276", + "PkgName": "bash", + "InstalledVersion": "4.4.12-3.ph2", + "FixedVersion": "4.4.18-1.ph2", + "Layer": { + "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18276", + "Title": "bash: when effective UID is not equal to its real UID the saved UID is not dropped", + "Description": "An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support \"saved UID\" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use \"enable -f\" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-273" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V2Score": 7.2 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276", + "https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff", + "https://www.youtube.com/watch?v=-wGtxJ8opa8" + ], + "PublishedDate": "2019-11-28T01:15:00Z", + "LastModifiedDate": "2020-01-22T14:27:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5481", + "PkgName": "curl", + "InstalledVersion": "7.59.0-7.ph2", + "FixedVersion": "7.59.0-9.ph2", + "Layer": { + "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5481", + "Title": "curl: double free due to subsequent call of realloc()", + "Description": "Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.7 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", + "https://curl.haxx.se/docs/CVE-2019-5481.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5481", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", + "https://usn.ubuntu.com/usn/usn-4129-1" + ], + "PublishedDate": "2019-09-16T19:15:00Z", + "LastModifiedDate": "2019-09-18T00:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5482", + "PkgName": "curl", + "InstalledVersion": "7.59.0-7.ph2", + "FixedVersion": "7.59.0-9.ph2", + "Layer": { + "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5482", + "Title": "curl: heap buffer overflow in function tftp_receive_packet()", + "Description": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-120" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 6.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", + "https://curl.haxx.se/docs/CVE-2019-5482.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", + "https://usn.ubuntu.com/usn/usn-4129-1", + "https://usn.ubuntu.com/usn/usn-4129-2" + ], + "PublishedDate": "2019-09-16T19:15:00Z", + "LastModifiedDate": "2019-09-18T00:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16890", + "PkgName": "curl", + "InstalledVersion": "7.59.0-7.ph2", + "FixedVersion": "7.59.0-8.ph2", + "Layer": { + "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16890", + "Title": "curl: NTLM type-2 heap out-of-bounds buffer read", + "Description": "libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16890.html", + "http://linux.oracle.com/errata/ELSA-2019-3701.html", + "http://www.securityfocus.com/bid/106947", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890", + "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf", + "https://curl.haxx.se/docs/CVE-2018-16890.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16890", + "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E", + "https://security.netapp.com/advisory/ntap-20190315-0001/", + "https://usn.ubuntu.com/3882-1/", + "https://usn.ubuntu.com/usn/usn-3882-1", + "https://www.debian.org/security/2019/dsa-4386", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + ], + "PublishedDate": "2019-02-06T20:29:00Z", + "LastModifiedDate": "2019-07-23T23:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5481", + "PkgName": "curl-libs", + "InstalledVersion": "7.59.0-7.ph2", + "FixedVersion": "7.59.0-9.ph2", + "Layer": { + "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5481", + "Title": "curl: double free due to subsequent call of realloc()", + "Description": "Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.7 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", + "https://curl.haxx.se/docs/CVE-2019-5481.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5481", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", + "https://usn.ubuntu.com/usn/usn-4129-1" + ], + "PublishedDate": "2019-09-16T19:15:00Z", + "LastModifiedDate": "2019-09-18T00:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5482", + "PkgName": "curl-libs", + "InstalledVersion": "7.59.0-7.ph2", + "FixedVersion": "7.59.0-9.ph2", + "Layer": { + "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5482", + "Title": "curl: heap buffer overflow in function tftp_receive_packet()", + "Description": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-120" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 6.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", + "https://curl.haxx.se/docs/CVE-2019-5482.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", + "https://usn.ubuntu.com/usn/usn-4129-1", + "https://usn.ubuntu.com/usn/usn-4129-2" + ], + "PublishedDate": "2019-09-16T19:15:00Z", + "LastModifiedDate": "2019-09-18T00:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16890", + "PkgName": "curl-libs", + "InstalledVersion": "7.59.0-7.ph2", + "FixedVersion": "7.59.0-8.ph2", + "Layer": { + "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16890", + "Title": "curl: NTLM type-2 heap out-of-bounds buffer read", + "Description": "libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16890.html", + "http://linux.oracle.com/errata/ELSA-2019-3701.html", + "http://www.securityfocus.com/bid/106947", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890", + "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf", + "https://curl.haxx.se/docs/CVE-2018-16890.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16890", + "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E", + "https://security.netapp.com/advisory/ntap-20190315-0001/", + "https://usn.ubuntu.com/3882-1/", + "https://usn.ubuntu.com/usn/usn-3882-1", + "https://www.debian.org/security/2019/dsa-4386", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + ], + "PublishedDate": "2019-02-06T20:29:00Z", + "LastModifiedDate": "2019-07-23T23:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5094", + "PkgName": "e2fsprogs-libs", + "InstalledVersion": "1.43.4-2.ph2", + "FixedVersion": "1.43.4-3.ph2", + "Layer": { + "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", + "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", + "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", + "https://seclists.org/bugtraq/2019/Sep/58", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", + "https://usn.ubuntu.com/4142-2/", + "https://usn.ubuntu.com/usn/usn-4142-1", + "https://usn.ubuntu.com/usn/usn-4142-2", + "https://www.debian.org/security/2019/dsa-4535" + ], + "PublishedDate": "2019-09-24T22:15:00Z", + "LastModifiedDate": "2019-09-28T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5188", + "PkgName": "e2fsprogs-libs", + "InstalledVersion": "1.43.4-2.ph2", + "FixedVersion": "1.43.4-4.ph2", + "Layer": { + "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", + "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", + "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", + "https://usn.ubuntu.com/4249-1/", + "https://usn.ubuntu.com/usn/usn-4249-1" + ], + "PublishedDate": "2020-01-08T16:15:00Z", + "LastModifiedDate": "2020-01-28T06:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20843", + "PkgName": "expat-libs", + "InstalledVersion": "2.2.4-1.ph2", + "FixedVersion": "2.2.4-2.ph2", + "Layer": { + "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20843", + "Title": "expat: large number of colons in input makes parser consume high amount of resources, leading to DoS", + "Description": "In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-611" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 7.8, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931031", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20843", + "https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes", + "https://github.com/libexpat/libexpat/issues/186", + "https://github.com/libexpat/libexpat/pull/262", + "https://github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00028.html", + "https://seclists.org/bugtraq/2019/Jun/39", + "https://security.netapp.com/advisory/ntap-20190703-0001/", + "https://usn.ubuntu.com/4040-1/", + "https://usn.ubuntu.com/4040-2/", + "https://usn.ubuntu.com/usn/usn-4040-1", + "https://usn.ubuntu.com/usn/usn-4040-2", + "https://www.debian.org/security/2019/dsa-4472" + ], + "PublishedDate": "2019-06-24T17:15:00Z", + "LastModifiedDate": "2019-06-26T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-20387", + "PkgName": "libsolv", + "InstalledVersion": "0.6.26-4.ph2", + "FixedVersion": "0.6.26-5.ph2", + "Layer": { + "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20387", + "Title": "libsolv: out-of-bounds read in repodata_schema2id in repodata.c", + "Description": "repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20387", + "https://github.com/openSUSE/libsolv/commit/fdb9c9c03508990e4583046b590c30d958f272da", + "https://github.com/openSUSE/libsolv/commit/fdb9c9c03508990e4583046b590c30d958f272da (0.7.6)", + "https://github.com/openSUSE/libsolv/compare/0.7.5...0.7.6", + "https://lists.debian.org/debian-lts-announce/2020/01/msg00034.html" + ], + "PublishedDate": "2020-01-21T23:15:00Z", + "LastModifiedDate": "2020-01-30T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-13115", + "PkgName": "libssh2", + "InstalledVersion": "1.8.2-1.ph2", + "FixedVersion": "1.9.0-1.ph2", + "Layer": { + "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13115", + "Title": "libssh2: integer overflow in kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c leads to out-of-bounds write", + "Description": "In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in 1.8.1, such as CVE-2019-3855.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "V2Score": 5.8, + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H", + "V3Score": 6.8 + } + }, + "References": [ + "https://blog.semmle.com/libssh2-integer-overflow/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13115", + "https://github.com/libssh2/libssh2/compare/02ecf17...42d37aa", + "https://github.com/libssh2/libssh2/pull/350", + "https://libssh2.org/changes.html", + "https://lists.debian.org/debian-lts-announce/2019/07/msg00024.html" + ], + "PublishedDate": "2019-07-16T18:15:00Z", + "LastModifiedDate": "2019-07-25T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17498", + "PkgName": "libssh2", + "InstalledVersion": "1.8.2-1.ph2", + "FixedVersion": "1.9.0-2.ph2", + "Layer": { + "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17498", + "Title": "libssh2: integer overflow in SSH_MSG_DISCONNECT logic in packet.c", + "Description": "In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V2Score": 5.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html", + "https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17498", + "https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498", + "https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480", + "https://github.com/libssh2/libssh2/pull/402/commits/1c6fa92b77e34d089493fe6d3e2c6c8775858b94", + "https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/" + ], + "PublishedDate": "2019-10-21T22:15:00Z", + "LastModifiedDate": "2019-11-07T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17594", + "PkgName": "ncurses-libs", + "InstalledVersion": "6.0-14.ph2", + "FixedVersion": "6.1-1.ph2", + "Layer": { + "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", + "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-26T15:35:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17595", + "PkgName": "ncurses-libs", + "InstalledVersion": "6.0-14.ph2", + "FixedVersion": "6.1-1.ph2", + "Layer": { + "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", + "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V2Score": 5.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 5.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-23T19:26:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1547", + "PkgName": "openssl", + "InstalledVersion": "1.0.2s-1.ph2", + "FixedVersion": "1.0.2t-1.ph2", + "Layer": { + "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1547", + "Title": "openssl: side-channel weak encryption vulnerability", + "Description": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-311" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 1.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", + "https://arxiv.org/abs/1909.01785", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a", + "https://seclists.org/bugtraq/2019/Sep/25", + "https://security.netapp.com/advisory/ntap-20190919-0002/", + "https://www.openssl.org/news/secadv/20190910.txt" + ], + "PublishedDate": "2019-09-10T17:15:00Z", + "LastModifiedDate": "2019-09-12T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1563", + "PkgName": "openssl", + "InstalledVersion": "1.0.2s-1.ph2", + "FixedVersion": "1.0.2t-1.ph2", + "Layer": { + "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", + "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey", + "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", + "Severity": "LOW", + "CweIDs": [ + "CWE-311" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", + "https://seclists.org/bugtraq/2019/Sep/25", + "https://security.netapp.com/advisory/ntap-20190919-0002/", + "https://www.openssl.org/news/secadv/20190910.txt" + ], + "PublishedDate": "2019-09-10T17:15:00Z", + "LastModifiedDate": "2019-09-12T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19317", + "PkgName": "sqlite-libs", + "InstalledVersion": "3.27.2-3.ph2", + "FixedVersion": "3.27.2-7.ph2", + "Layer": { + "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19317", + "Title": "sqlite: omits bits from the colUsed bitmask in the case of a generated column", + "Description": "lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/sqlite/sqlite/commit/522ebfa7cee96fb325a22ea3a2464a63485886a8", + "https://github.com/sqlite/sqlite/commit/73bacb7f93eab9f4bd5a65cbc4ae242acf63c9e3", + "https://security.netapp.com/advisory/ntap-20191223-0001/" + ], + "PublishedDate": "2019-12-05T14:15:00Z", + "LastModifiedDate": "2020-01-07T21:36:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19603", + "PkgName": "sqlite-libs", + "InstalledVersion": "3.27.2-3.ph2", + "FixedVersion": "3.27.2-7.ph2", + "Layer": { + "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19603", + "Title": "sqlite: mishandles certain SELECT statements with a nonexistent VIEW, leading to DoS", + "Description": "SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.", + "Severity": "CRITICAL", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19603", + "https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13", + "https://security.netapp.com/advisory/ntap-20191223-0001/", + "https://www.sqlite.org/" + ], + "PublishedDate": "2019-12-09T19:15:00Z", + "LastModifiedDate": "2020-02-03T14:22:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19646", + "PkgName": "sqlite-libs", + "InstalledVersion": "3.27.2-3.ph2", + "FixedVersion": "3.27.2-7.ph2", + "Layer": { + "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19646", + "Title": "sqlite: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns", + "Description": "pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-754" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 6.3 + } + }, + "References": [ + "https://github.com/sqlite/sqlite/commit/926f796e8feec15f3836aa0a060ed906f8ae04d3", + "https://github.com/sqlite/sqlite/commit/ebd70eedd5d6e6a890a670b5ee874a5eae86b4dd", + "https://security.netapp.com/advisory/ntap-20191223-0001/", + "https://www.sqlite.org/" + ], + "PublishedDate": "2019-12-09T19:15:00Z", + "LastModifiedDate": "2019-12-23T05:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-20218", + "PkgName": "sqlite-libs", + "InstalledVersion": "3.27.2-3.ph2", + "FixedVersion": "3.30.1-1.ph2", + "Layer": { + "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20218", + "Title": "sqlite: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error", + "Description": "selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-755" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20218", + "https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387" + ], + "PublishedDate": "2020-01-02T14:16:00Z", + "LastModifiedDate": "2020-01-16T20:35:00Z" + }, + { + "VulnerabilityID": "CVE-2019-16168", + "PkgName": "sqlite-libs", + "InstalledVersion": "3.27.2-3.ph2", + "FixedVersion": "3.27.2-5.ph2", + "Layer": { + "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16168", + "Title": "sqlite: division by zero in whereLoopAddBtreeIndex in sqlite3.c", + "Description": "In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a \"severe division by zero in the query planner.\"", + "Severity": "HIGH", + "CweIDs": [ + "CWE-369" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00032.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00033.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16168", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XZARJHJJDBHI7CE5PZEBXS5HKK6HXKW2/", + "https://security.netapp.com/advisory/ntap-20190926-0003/", + "https://security.netapp.com/advisory/ntap-20200122-0003/", + "https://usn.ubuntu.com/4205-1/", + "https://usn.ubuntu.com/usn/usn-4205-1", + "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg116312.html", + "https://www.oracle.com/security-alerts/cpujan2020.html", + "https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62", + "https://www.sqlite.org/src/timeline?c=98357d8c1263920b" + ], + "PublishedDate": "2019-09-09T17:15:00Z", + "LastModifiedDate": "2020-01-15T20:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19244", + "PkgName": "sqlite-libs", + "InstalledVersion": "3.27.2-3.ph2", + "FixedVersion": "3.31.1-1.ph2", + "Layer": { + "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19244", + "Title": "sqlite: allows a crash if a sub-select uses both DISTINCT and window functions and also has certain ORDER BY usage", + "Description": "sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19244", + "https://github.com/sqlite/sqlite/commit/e59c562b3f6894f84c715772c4b116d7b5c01348", + "https://usn.ubuntu.com/4205-1/", + "https://usn.ubuntu.com/usn/usn-4205-1" + ], + "PublishedDate": "2019-11-25T20:15:00Z", + "LastModifiedDate": "2019-12-04T16:11:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19880", + "PkgName": "sqlite-libs", + "InstalledVersion": "3.27.2-3.ph2", + "FixedVersion": "3.30.1-1.ph2", + "Layer": { + "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19880", + "Title": "sqlite: invalid pointer dereference in exprListAppendList in window.c", + "Description": "exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19880", + "https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54", + "https://security.netapp.com/advisory/ntap-20200114-0001/" + ], + "PublishedDate": "2019-12-18T06:15:00Z", + "LastModifiedDate": "2020-01-14T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19923", + "PkgName": "sqlite-libs", + "InstalledVersion": "3.27.2-3.ph2", + "FixedVersion": "3.31.1-1.ph2", + "Layer": { + "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19923", + "Title": "sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference", + "Description": "flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19923", + "https://github.com/sqlite/sqlite/commit/396afe6f6aa90a31303c183e11b2b2d4b7956b35", + "https://security.netapp.com/advisory/ntap-20200114-0003/" + ], + "PublishedDate": "2019-12-24T16:15:00Z", + "LastModifiedDate": "2020-01-14T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19925", + "PkgName": "sqlite-libs", + "InstalledVersion": "3.27.2-3.ph2", + "FixedVersion": "3.31.1-1.ph2", + "Layer": { + "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19925", + "Title": "sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive", + "Description": "zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-434" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19925", + "https://github.com/sqlite/sqlite/commit/54d501092d88c0cf89bec4279951f548fb0b8618", + "https://security.netapp.com/advisory/ntap-20200114-0003/" + ], + "PublishedDate": "2019-12-24T17:15:00Z", + "LastModifiedDate": "2020-01-14T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19926", + "PkgName": "sqlite-libs", + "InstalledVersion": "3.27.2-3.ph2", + "FixedVersion": "3.31.1-1.ph2", + "Layer": { + "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19926", + "Title": "sqlite: error mishandling because of incomplete fix of CVE-2019-19880", + "Description": "multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19926", + "https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089", + "https://security.netapp.com/advisory/ntap-20200114-0003/" + ], + "PublishedDate": "2019-12-23T01:15:00Z", + "LastModifiedDate": "2020-01-14T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19959", + "PkgName": "sqlite-libs", + "InstalledVersion": "3.27.2-3.ph2", + "FixedVersion": "3.31.1-1.ph2", + "Layer": { + "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19959", + "Title": "sqlite: mishandles certain uses of INSERT INTO in situations involving embedded '\\0' characters in filenames", + "Description": "ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.", + "Severity": "HIGH", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19959", + "https://github.com/sqlite/sqlite/commit/1e490c4ca6b43a9cf8637d695907888349f69bec", + "https://github.com/sqlite/sqlite/commit/d8f2d46cbc9925e034a68aaaf60aad788d9373c1", + "https://security.netapp.com/advisory/ntap-20200204-0001/" + ], + "PublishedDate": "2020-01-03T22:15:00Z", + "LastModifiedDate": "2020-02-04T12:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19645", + "PkgName": "sqlite-libs", + "InstalledVersion": "3.27.2-3.ph2", + "FixedVersion": "3.30.1-1.ph2", + "Layer": { + "DiffID": "sha256:41cdb0d109d6a7cf33d6a439c3d6e586d7dba0be84606066693ea4573a4a9b66" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19645", + "Title": "sqlite: infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements", + "Description": "alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-674" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19645", + "https://github.com/sqlite/sqlite/commit/38096961c7cd109110ac21d3ed7dad7e0cb0ae06", + "https://security.netapp.com/advisory/ntap-20191223-0001/" + ], + "PublishedDate": "2019-12-09T16:15:00Z", + "LastModifiedDate": "2019-12-23T05:15:00Z" + } + ] + } + ] +} \ No newline at end of file diff --git a/integration/testdata/photon-30.json.golden b/integration/testdata/photon-30.json.golden index c33f2fc8ff..6384f71e7b 100644 --- a/integration/testdata/photon-30.json.golden +++ b/integration/testdata/photon-30.json.golden @@ -1,649 +1,708 @@ -[ - { - "Target": "testdata/fixtures/images/photon-30.tar.gz (photon 3.0)", - "Class": "os-pkgs", - "Type": "photon", - "Vulnerabilities": [ - { - "VulnerabilityID": "CVE-2019-18276", - "PkgName": "bash", - "InstalledVersion": "4.4.18-1.ph3", - "FixedVersion": "4.4.18-2.ph3", - "Layer": { - "DiffID": "sha256:0f379947a276b7b051643960392fa66c2f0cb493bc1dcd471abb5545005949fd" +{ + "SchemaVersion": 2, + "ArtifactName": "testdata/fixtures/images/photon-30.tar.gz", + "ArtifactType": "container_image", + "Metadata": { + "OS": { + "Family": "photon", + "Name": "3.0" + }, + "ImageID": "sha256:5ccb5186b75cd13ff0d028f5b5b2bdf7ef7ca2b3d56eb2c6eb6c136077a6991a", + "DiffIDs": [ + "sha256:0f379947a276b7b051643960392fa66c2f0cb493bc1dcd471abb5545005949fd" + ], + "ImageConfig": { + "architecture": "amd64", + "container": "ed27e7f1fbd8ef9d3ea89947f682907e9a65a8e51bbe2e0eba60db6e69213848", + "created": "2019-08-23T22:26:32.857588774Z", + "docker_version": "18.06.1-ce", + "history": [ + { + "created": "2019-08-23T22:26:32.53400229Z", + "created_by": "/bin/sh -c #(nop) ADD file:0d19c0b1adc18a00f073eeb1a9d6e5e4fdde392b20a3229ec0ef88642549b2df in / " }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18276", - "Title": "bash: when effective UID is not equal to its real UID the saved UID is not dropped", - "Description": "An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support \"saved UID\" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use \"enable -f\" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-273" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V2Score": 7.2 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } + { + "created": "2019-08-23T22:26:32.689364313Z", + "created_by": "/bin/sh -c #(nop) LABEL name=Photon OS x86_64/3.0 Base Image vendor=VMware build-date=20190823", + "empty_layer": true }, - "References": [ - "http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276", - "https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff", - "https://www.youtube.com/watch?v=-wGtxJ8opa8" - ], - "PublishedDate": "2019-11-28T01:15:00Z", - "LastModifiedDate": "2020-01-22T14:27:00Z" + { + "created": "2019-08-23T22:26:32.857588774Z", + "created_by": "/bin/sh -c #(nop) CMD [\"/bin/bash\"]", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:0f379947a276b7b051643960392fa66c2f0cb493bc1dcd471abb5545005949fd" + ] }, - { - "VulnerabilityID": "CVE-2019-5481", - "PkgName": "curl", - "InstalledVersion": "7.61.1-4.ph3", - "FixedVersion": "7.61.1-5.ph3", - "Layer": { - "DiffID": "sha256:0f379947a276b7b051643960392fa66c2f0cb493bc1dcd471abb5545005949fd" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5481", - "Title": "curl: double free due to subsequent call of realloc()", - "Description": "Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-415" + "config": { + "Cmd": [ + "/bin/bash" ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", - "https://curl.haxx.se/docs/CVE-2019-5481.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5481", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", - "https://usn.ubuntu.com/usn/usn-4129-1" + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ], - "PublishedDate": "2019-09-16T19:15:00Z", - "LastModifiedDate": "2019-09-18T00:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5482", - "PkgName": "curl", - "InstalledVersion": "7.61.1-4.ph3", - "FixedVersion": "7.61.1-5.ph3", - "Layer": { - "DiffID": "sha256:0f379947a276b7b051643960392fa66c2f0cb493bc1dcd471abb5545005949fd" + "Image": "sha256:e7cbb54381cebcd7eea8e391127352224e1d8268fd14bfa5c7dd53e507299f60", + "Labels": { + "build-date": "20190823", + "name": "Photon OS x86_64/3.0 Base Image", + "vendor": "VMware" }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5482", - "Title": "curl: heap buffer overflow in function tftp_receive_packet()", - "Description": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-120" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 6.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", - "https://curl.haxx.se/docs/CVE-2019-5482.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", - "https://usn.ubuntu.com/usn/usn-4129-1", - "https://usn.ubuntu.com/usn/usn-4129-2" - ], - "PublishedDate": "2019-09-16T19:15:00Z", - "LastModifiedDate": "2019-09-18T00:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5481", - "PkgName": "curl-libs", - "InstalledVersion": "7.61.1-4.ph3", - "FixedVersion": "7.61.1-5.ph3", - "Layer": { - "DiffID": "sha256:0f379947a276b7b051643960392fa66c2f0cb493bc1dcd471abb5545005949fd" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5481", - "Title": "curl: double free due to subsequent call of realloc()", - "Description": "Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", - "https://curl.haxx.se/docs/CVE-2019-5481.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5481", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", - "https://usn.ubuntu.com/usn/usn-4129-1" - ], - "PublishedDate": "2019-09-16T19:15:00Z", - "LastModifiedDate": "2019-09-18T00:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5482", - "PkgName": "curl-libs", - "InstalledVersion": "7.61.1-4.ph3", - "FixedVersion": "7.61.1-5.ph3", - "Layer": { - "DiffID": "sha256:0f379947a276b7b051643960392fa66c2f0cb493bc1dcd471abb5545005949fd" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5482", - "Title": "curl: heap buffer overflow in function tftp_receive_packet()", - "Description": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.", - "Severity": "CRITICAL", - "CweIDs": [ - "CWE-120" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 6.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", - "https://curl.haxx.se/docs/CVE-2019-5482.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", - "https://usn.ubuntu.com/usn/usn-4129-1", - "https://usn.ubuntu.com/usn/usn-4129-2" - ], - "PublishedDate": "2019-09-16T19:15:00Z", - "LastModifiedDate": "2019-09-18T00:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5094", - "PkgName": "e2fsprogs-libs", - "InstalledVersion": "1.44.3-2.ph3", - "FixedVersion": "1.44.3-3.ph3", - "Layer": { - "DiffID": "sha256:0f379947a276b7b051643960392fa66c2f0cb493bc1dcd471abb5545005949fd" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", - "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", - "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 6.4 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", - "https://seclists.org/bugtraq/2019/Sep/58", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", - "https://usn.ubuntu.com/4142-2/", - "https://usn.ubuntu.com/usn/usn-4142-1", - "https://usn.ubuntu.com/usn/usn-4142-2", - "https://www.debian.org/security/2019/dsa-4535" - ], - "PublishedDate": "2019-09-24T22:15:00Z", - "LastModifiedDate": "2019-09-28T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5188", - "PkgName": "e2fsprogs-libs", - "InstalledVersion": "1.44.3-2.ph3", - "FixedVersion": "1.45.5-1.ph3", - "Layer": { - "DiffID": "sha256:0f379947a276b7b051643960392fa66c2f0cb493bc1dcd471abb5545005949fd" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", - "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", - "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", - "https://usn.ubuntu.com/4249-1/", - "https://usn.ubuntu.com/usn/usn-4249-1" - ], - "PublishedDate": "2020-01-08T16:15:00Z", - "LastModifiedDate": "2020-01-28T06:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-20387", - "PkgName": "libsolv", - "InstalledVersion": "0.6.26-5.ph3", - "FixedVersion": "0.6.35-2.ph3", - "Layer": { - "DiffID": "sha256:0f379947a276b7b051643960392fa66c2f0cb493bc1dcd471abb5545005949fd" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20387", - "Title": "libsolv: out-of-bounds read in repodata_schema2id in repodata.c", - "Description": "repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20387", - "https://github.com/openSUSE/libsolv/commit/fdb9c9c03508990e4583046b590c30d958f272da", - "https://github.com/openSUSE/libsolv/commit/fdb9c9c03508990e4583046b590c30d958f272da (0.7.6)", - "https://github.com/openSUSE/libsolv/compare/0.7.5...0.7.6", - "https://lists.debian.org/debian-lts-announce/2020/01/msg00034.html" - ], - "PublishedDate": "2020-01-21T23:15:00Z", - "LastModifiedDate": "2020-01-30T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17498", - "PkgName": "libssh2", - "InstalledVersion": "1.9.0-1.ph3", - "FixedVersion": "1.9.0-2.ph3", - "Layer": { - "DiffID": "sha256:0f379947a276b7b051643960392fa66c2f0cb493bc1dcd471abb5545005949fd" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17498", - "Title": "libssh2: integer overflow in SSH_MSG_DISCONNECT logic in packet.c", - "Description": "In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html", - "https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17498", - "https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498", - "https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480", - "https://github.com/libssh2/libssh2/pull/402/commits/1c6fa92b77e34d089493fe6d3e2c6c8775858b94", - "https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/" - ], - "PublishedDate": "2019-10-21T22:15:00Z", - "LastModifiedDate": "2019-11-07T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1547", - "PkgName": "openssl", - "InstalledVersion": "1.0.2s-1.ph3", - "FixedVersion": "1.0.2t-1.ph3", - "Layer": { - "DiffID": "sha256:0f379947a276b7b051643960392fa66c2f0cb493bc1dcd471abb5545005949fd" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1547", - "Title": "openssl: side-channel weak encryption vulnerability", - "Description": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-311" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 1.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.5 - } - }, - "References": [ - "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", - "https://arxiv.org/abs/1909.01785", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a", - "https://seclists.org/bugtraq/2019/Sep/25", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-12T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1551", - "PkgName": "openssl", - "InstalledVersion": "1.0.2s-1.ph3", - "FixedVersion": "1.0.2u-1.ph3", - "Layer": { - "DiffID": "sha256:0f379947a276b7b051643960392fa66c2f0cb493bc1dcd471abb5545005949fd" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", - "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64", - "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.8 - } - }, - "References": [ - "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98", - "https://github.com/openssl/openssl/pull/10575", - "https://seclists.org/bugtraq/2019/Dec/39", - "https://seclists.org/bugtraq/2019/Dec/46", - "https://security.netapp.com/advisory/ntap-20191210-0001/", - "https://www.debian.org/security/2019/dsa-4594", - "https://www.openssl.org/news/secadv/20191206.txt", - "https://www.tenable.com/security/tns-2019-09" - ], - "PublishedDate": "2019-12-06T18:15:00Z", - "LastModifiedDate": "2019-12-25T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1563", - "PkgName": "openssl", - "InstalledVersion": "1.0.2s-1.ph3", - "FixedVersion": "1.0.2t-1.ph3", - "Layer": { - "DiffID": "sha256:0f379947a276b7b051643960392fa66c2f0cb493bc1dcd471abb5545005949fd" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", - "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey", - "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", - "Severity": "LOW", - "CweIDs": [ - "CWE-311" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 3.7 - } - }, - "References": [ - "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", - "https://seclists.org/bugtraq/2019/Sep/25", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-12T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-16168", - "PkgName": "sqlite-libs", - "InstalledVersion": "3.27.2-3.ph3", - "FixedVersion": "3.27.2-5.ph3", - "Layer": { - "DiffID": "sha256:0f379947a276b7b051643960392fa66c2f0cb493bc1dcd471abb5545005949fd" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16168", - "Title": "sqlite: division by zero in whereLoopAddBtreeIndex in sqlite3.c", - "Description": "In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a \"severe division by zero in the query planner.\"", - "Severity": "HIGH", - "CweIDs": [ - "CWE-369" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00032.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00033.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16168", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XZARJHJJDBHI7CE5PZEBXS5HKK6HXKW2/", - "https://security.netapp.com/advisory/ntap-20190926-0003/", - "https://security.netapp.com/advisory/ntap-20200122-0003/", - "https://usn.ubuntu.com/4205-1/", - "https://usn.ubuntu.com/usn/usn-4205-1", - "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg116312.html", - "https://www.oracle.com/security-alerts/cpujan2020.html", - "https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62", - "https://www.sqlite.org/src/timeline?c=98357d8c1263920b" - ], - "PublishedDate": "2019-09-09T17:15:00Z", - "LastModifiedDate": "2020-01-15T20:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19244", - "PkgName": "sqlite-libs", - "InstalledVersion": "3.27.2-3.ph3", - "FixedVersion": "3.31.1-1.ph3", - "Layer": { - "DiffID": "sha256:0f379947a276b7b051643960392fa66c2f0cb493bc1dcd471abb5545005949fd" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19244", - "Title": "sqlite: allows a crash if a sub-select uses both DISTINCT and window functions and also has certain ORDER BY usage", - "Description": "sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19244", - "https://github.com/sqlite/sqlite/commit/e59c562b3f6894f84c715772c4b116d7b5c01348", - "https://usn.ubuntu.com/4205-1/", - "https://usn.ubuntu.com/usn/usn-4205-1" - ], - "PublishedDate": "2019-11-25T20:15:00Z", - "LastModifiedDate": "2019-12-04T16:11:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19923", - "PkgName": "sqlite-libs", - "InstalledVersion": "3.27.2-3.ph3", - "FixedVersion": "3.31.1-1.ph3", - "Layer": { - "DiffID": "sha256:0f379947a276b7b051643960392fa66c2f0cb493bc1dcd471abb5545005949fd" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19923", - "Title": "sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference", - "Description": "flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).", - "Severity": "HIGH", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19923", - "https://github.com/sqlite/sqlite/commit/396afe6f6aa90a31303c183e11b2b2d4b7956b35", - "https://security.netapp.com/advisory/ntap-20200114-0003/" - ], - "PublishedDate": "2019-12-24T16:15:00Z", - "LastModifiedDate": "2020-01-14T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19926", - "PkgName": "sqlite-libs", - "InstalledVersion": "3.27.2-3.ph3", - "FixedVersion": "3.31.1-1.ph3", - "Layer": { - "DiffID": "sha256:0f379947a276b7b051643960392fa66c2f0cb493bc1dcd471abb5545005949fd" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19926", - "Title": "sqlite: error mishandling because of incomplete fix of CVE-2019-19880", - "Description": "multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19926", - "https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089", - "https://security.netapp.com/advisory/ntap-20200114-0003/" - ], - "PublishedDate": "2019-12-23T01:15:00Z", - "LastModifiedDate": "2020-01-14T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19959", - "PkgName": "sqlite-libs", - "InstalledVersion": "3.27.2-3.ph3", - "FixedVersion": "3.31.1-1.ph3", - "Layer": { - "DiffID": "sha256:0f379947a276b7b051643960392fa66c2f0cb493bc1dcd471abb5545005949fd" - }, - "SeveritySource": "photon", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19959", - "Title": "sqlite: mishandles certain uses of INSERT INTO in situations involving embedded '\\0' characters in filenames", - "Description": "ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.", - "Severity": "HIGH", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 7.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19959", - "https://github.com/sqlite/sqlite/commit/1e490c4ca6b43a9cf8637d695907888349f69bec", - "https://github.com/sqlite/sqlite/commit/d8f2d46cbc9925e034a68aaaf60aad788d9373c1", - "https://security.netapp.com/advisory/ntap-20200204-0001/" - ], - "PublishedDate": "2020-01-03T22:15:00Z", - "LastModifiedDate": "2020-02-04T12:15:00Z" + "ArgsEscaped": true } - ] - } -] \ No newline at end of file + } + }, + "Results": [ + { + "Target": "testdata/fixtures/images/photon-30.tar.gz (photon 3.0)", + "Class": "os-pkgs", + "Type": "photon", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2019-18276", + "PkgName": "bash", + "InstalledVersion": "4.4.18-1.ph3", + "FixedVersion": "4.4.18-2.ph3", + "Layer": { + "DiffID": "sha256:0f379947a276b7b051643960392fa66c2f0cb493bc1dcd471abb5545005949fd" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18276", + "Title": "bash: when effective UID is not equal to its real UID the saved UID is not dropped", + "Description": "An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support \"saved UID\" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use \"enable -f\" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-273" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V2Score": 7.2 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276", + "https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff", + "https://www.youtube.com/watch?v=-wGtxJ8opa8" + ], + "PublishedDate": "2019-11-28T01:15:00Z", + "LastModifiedDate": "2020-01-22T14:27:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5481", + "PkgName": "curl", + "InstalledVersion": "7.61.1-4.ph3", + "FixedVersion": "7.61.1-5.ph3", + "Layer": { + "DiffID": "sha256:0f379947a276b7b051643960392fa66c2f0cb493bc1dcd471abb5545005949fd" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5481", + "Title": "curl: double free due to subsequent call of realloc()", + "Description": "Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.7 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", + "https://curl.haxx.se/docs/CVE-2019-5481.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5481", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", + "https://usn.ubuntu.com/usn/usn-4129-1" + ], + "PublishedDate": "2019-09-16T19:15:00Z", + "LastModifiedDate": "2019-09-18T00:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5482", + "PkgName": "curl", + "InstalledVersion": "7.61.1-4.ph3", + "FixedVersion": "7.61.1-5.ph3", + "Layer": { + "DiffID": "sha256:0f379947a276b7b051643960392fa66c2f0cb493bc1dcd471abb5545005949fd" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5482", + "Title": "curl: heap buffer overflow in function tftp_receive_packet()", + "Description": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-120" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 6.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", + "https://curl.haxx.se/docs/CVE-2019-5482.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", + "https://usn.ubuntu.com/usn/usn-4129-1", + "https://usn.ubuntu.com/usn/usn-4129-2" + ], + "PublishedDate": "2019-09-16T19:15:00Z", + "LastModifiedDate": "2019-09-18T00:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5481", + "PkgName": "curl-libs", + "InstalledVersion": "7.61.1-4.ph3", + "FixedVersion": "7.61.1-5.ph3", + "Layer": { + "DiffID": "sha256:0f379947a276b7b051643960392fa66c2f0cb493bc1dcd471abb5545005949fd" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5481", + "Title": "curl: double free due to subsequent call of realloc()", + "Description": "Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.7 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", + "https://curl.haxx.se/docs/CVE-2019-5481.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5481", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", + "https://usn.ubuntu.com/usn/usn-4129-1" + ], + "PublishedDate": "2019-09-16T19:15:00Z", + "LastModifiedDate": "2019-09-18T00:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5482", + "PkgName": "curl-libs", + "InstalledVersion": "7.61.1-4.ph3", + "FixedVersion": "7.61.1-5.ph3", + "Layer": { + "DiffID": "sha256:0f379947a276b7b051643960392fa66c2f0cb493bc1dcd471abb5545005949fd" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5482", + "Title": "curl: heap buffer overflow in function tftp_receive_packet()", + "Description": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-120" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 6.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", + "https://curl.haxx.se/docs/CVE-2019-5482.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", + "https://usn.ubuntu.com/usn/usn-4129-1", + "https://usn.ubuntu.com/usn/usn-4129-2" + ], + "PublishedDate": "2019-09-16T19:15:00Z", + "LastModifiedDate": "2019-09-18T00:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5094", + "PkgName": "e2fsprogs-libs", + "InstalledVersion": "1.44.3-2.ph3", + "FixedVersion": "1.44.3-3.ph3", + "Layer": { + "DiffID": "sha256:0f379947a276b7b051643960392fa66c2f0cb493bc1dcd471abb5545005949fd" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", + "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", + "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", + "https://seclists.org/bugtraq/2019/Sep/58", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", + "https://usn.ubuntu.com/4142-2/", + "https://usn.ubuntu.com/usn/usn-4142-1", + "https://usn.ubuntu.com/usn/usn-4142-2", + "https://www.debian.org/security/2019/dsa-4535" + ], + "PublishedDate": "2019-09-24T22:15:00Z", + "LastModifiedDate": "2019-09-28T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5188", + "PkgName": "e2fsprogs-libs", + "InstalledVersion": "1.44.3-2.ph3", + "FixedVersion": "1.45.5-1.ph3", + "Layer": { + "DiffID": "sha256:0f379947a276b7b051643960392fa66c2f0cb493bc1dcd471abb5545005949fd" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", + "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", + "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", + "https://usn.ubuntu.com/4249-1/", + "https://usn.ubuntu.com/usn/usn-4249-1" + ], + "PublishedDate": "2020-01-08T16:15:00Z", + "LastModifiedDate": "2020-01-28T06:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-20387", + "PkgName": "libsolv", + "InstalledVersion": "0.6.26-5.ph3", + "FixedVersion": "0.6.35-2.ph3", + "Layer": { + "DiffID": "sha256:0f379947a276b7b051643960392fa66c2f0cb493bc1dcd471abb5545005949fd" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20387", + "Title": "libsolv: out-of-bounds read in repodata_schema2id in repodata.c", + "Description": "repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20387", + "https://github.com/openSUSE/libsolv/commit/fdb9c9c03508990e4583046b590c30d958f272da", + "https://github.com/openSUSE/libsolv/commit/fdb9c9c03508990e4583046b590c30d958f272da (0.7.6)", + "https://github.com/openSUSE/libsolv/compare/0.7.5...0.7.6", + "https://lists.debian.org/debian-lts-announce/2020/01/msg00034.html" + ], + "PublishedDate": "2020-01-21T23:15:00Z", + "LastModifiedDate": "2020-01-30T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17498", + "PkgName": "libssh2", + "InstalledVersion": "1.9.0-1.ph3", + "FixedVersion": "1.9.0-2.ph3", + "Layer": { + "DiffID": "sha256:0f379947a276b7b051643960392fa66c2f0cb493bc1dcd471abb5545005949fd" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17498", + "Title": "libssh2: integer overflow in SSH_MSG_DISCONNECT logic in packet.c", + "Description": "In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V2Score": 5.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html", + "https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17498", + "https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498", + "https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480", + "https://github.com/libssh2/libssh2/pull/402/commits/1c6fa92b77e34d089493fe6d3e2c6c8775858b94", + "https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/" + ], + "PublishedDate": "2019-10-21T22:15:00Z", + "LastModifiedDate": "2019-11-07T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1547", + "PkgName": "openssl", + "InstalledVersion": "1.0.2s-1.ph3", + "FixedVersion": "1.0.2t-1.ph3", + "Layer": { + "DiffID": "sha256:0f379947a276b7b051643960392fa66c2f0cb493bc1dcd471abb5545005949fd" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1547", + "Title": "openssl: side-channel weak encryption vulnerability", + "Description": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-311" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 1.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", + "https://arxiv.org/abs/1909.01785", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a", + "https://seclists.org/bugtraq/2019/Sep/25", + "https://security.netapp.com/advisory/ntap-20190919-0002/", + "https://www.openssl.org/news/secadv/20190910.txt" + ], + "PublishedDate": "2019-09-10T17:15:00Z", + "LastModifiedDate": "2019-09-12T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1551", + "PkgName": "openssl", + "InstalledVersion": "1.0.2s-1.ph3", + "FixedVersion": "1.0.2u-1.ph3", + "Layer": { + "DiffID": "sha256:0f379947a276b7b051643960392fa66c2f0cb493bc1dcd471abb5545005949fd" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", + "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64", + "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98", + "https://github.com/openssl/openssl/pull/10575", + "https://seclists.org/bugtraq/2019/Dec/39", + "https://seclists.org/bugtraq/2019/Dec/46", + "https://security.netapp.com/advisory/ntap-20191210-0001/", + "https://www.debian.org/security/2019/dsa-4594", + "https://www.openssl.org/news/secadv/20191206.txt", + "https://www.tenable.com/security/tns-2019-09" + ], + "PublishedDate": "2019-12-06T18:15:00Z", + "LastModifiedDate": "2019-12-25T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1563", + "PkgName": "openssl", + "InstalledVersion": "1.0.2s-1.ph3", + "FixedVersion": "1.0.2t-1.ph3", + "Layer": { + "DiffID": "sha256:0f379947a276b7b051643960392fa66c2f0cb493bc1dcd471abb5545005949fd" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", + "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey", + "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", + "Severity": "LOW", + "CweIDs": [ + "CWE-311" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", + "https://seclists.org/bugtraq/2019/Sep/25", + "https://security.netapp.com/advisory/ntap-20190919-0002/", + "https://www.openssl.org/news/secadv/20190910.txt" + ], + "PublishedDate": "2019-09-10T17:15:00Z", + "LastModifiedDate": "2019-09-12T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-16168", + "PkgName": "sqlite-libs", + "InstalledVersion": "3.27.2-3.ph3", + "FixedVersion": "3.27.2-5.ph3", + "Layer": { + "DiffID": "sha256:0f379947a276b7b051643960392fa66c2f0cb493bc1dcd471abb5545005949fd" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16168", + "Title": "sqlite: division by zero in whereLoopAddBtreeIndex in sqlite3.c", + "Description": "In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a \"severe division by zero in the query planner.\"", + "Severity": "HIGH", + "CweIDs": [ + "CWE-369" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00032.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00033.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16168", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XZARJHJJDBHI7CE5PZEBXS5HKK6HXKW2/", + "https://security.netapp.com/advisory/ntap-20190926-0003/", + "https://security.netapp.com/advisory/ntap-20200122-0003/", + "https://usn.ubuntu.com/4205-1/", + "https://usn.ubuntu.com/usn/usn-4205-1", + "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg116312.html", + "https://www.oracle.com/security-alerts/cpujan2020.html", + "https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62", + "https://www.sqlite.org/src/timeline?c=98357d8c1263920b" + ], + "PublishedDate": "2019-09-09T17:15:00Z", + "LastModifiedDate": "2020-01-15T20:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19244", + "PkgName": "sqlite-libs", + "InstalledVersion": "3.27.2-3.ph3", + "FixedVersion": "3.31.1-1.ph3", + "Layer": { + "DiffID": "sha256:0f379947a276b7b051643960392fa66c2f0cb493bc1dcd471abb5545005949fd" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19244", + "Title": "sqlite: allows a crash if a sub-select uses both DISTINCT and window functions and also has certain ORDER BY usage", + "Description": "sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19244", + "https://github.com/sqlite/sqlite/commit/e59c562b3f6894f84c715772c4b116d7b5c01348", + "https://usn.ubuntu.com/4205-1/", + "https://usn.ubuntu.com/usn/usn-4205-1" + ], + "PublishedDate": "2019-11-25T20:15:00Z", + "LastModifiedDate": "2019-12-04T16:11:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19923", + "PkgName": "sqlite-libs", + "InstalledVersion": "3.27.2-3.ph3", + "FixedVersion": "3.31.1-1.ph3", + "Layer": { + "DiffID": "sha256:0f379947a276b7b051643960392fa66c2f0cb493bc1dcd471abb5545005949fd" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19923", + "Title": "sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference", + "Description": "flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19923", + "https://github.com/sqlite/sqlite/commit/396afe6f6aa90a31303c183e11b2b2d4b7956b35", + "https://security.netapp.com/advisory/ntap-20200114-0003/" + ], + "PublishedDate": "2019-12-24T16:15:00Z", + "LastModifiedDate": "2020-01-14T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19926", + "PkgName": "sqlite-libs", + "InstalledVersion": "3.27.2-3.ph3", + "FixedVersion": "3.31.1-1.ph3", + "Layer": { + "DiffID": "sha256:0f379947a276b7b051643960392fa66c2f0cb493bc1dcd471abb5545005949fd" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19926", + "Title": "sqlite: error mishandling because of incomplete fix of CVE-2019-19880", + "Description": "multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19926", + "https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089", + "https://security.netapp.com/advisory/ntap-20200114-0003/" + ], + "PublishedDate": "2019-12-23T01:15:00Z", + "LastModifiedDate": "2020-01-14T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19959", + "PkgName": "sqlite-libs", + "InstalledVersion": "3.27.2-3.ph3", + "FixedVersion": "3.31.1-1.ph3", + "Layer": { + "DiffID": "sha256:0f379947a276b7b051643960392fa66c2f0cb493bc1dcd471abb5545005949fd" + }, + "SeveritySource": "photon", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19959", + "Title": "sqlite: mishandles certain uses of INSERT INTO in situations involving embedded '\\0' characters in filenames", + "Description": "ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.", + "Severity": "HIGH", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19959", + "https://github.com/sqlite/sqlite/commit/1e490c4ca6b43a9cf8637d695907888349f69bec", + "https://github.com/sqlite/sqlite/commit/d8f2d46cbc9925e034a68aaaf60aad788d9373c1", + "https://security.netapp.com/advisory/ntap-20200204-0001/" + ], + "PublishedDate": "2020-01-03T22:15:00Z", + "LastModifiedDate": "2020-02-04T12:15:00Z" + } + ] + } + ] +} \ No newline at end of file diff --git a/integration/testdata/pip.json.golden b/integration/testdata/pip.json.golden index 1f03452523..514ff1b687 100644 --- a/integration/testdata/pip.json.golden +++ b/integration/testdata/pip.json.golden @@ -1,121 +1,138 @@ -[ - { - "Target": "requirements.txt", - "Class": "lang-pkgs", - "Type": "pip", - "Vulnerabilities": [ - { - "VulnerabilityID": "CVE-2019-14806", - "PkgName": "Werkzeug", - "InstalledVersion": "0.11", - "FixedVersion": "0.15.3", - "Layer": { - "DiffID": "sha256:6393f36bbbee0b53834ba0f9f585194d9e5ab56b555a2910551254fc8a2aec19" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14806", - "Title": "python-werkzeug: insufficient debugger PIN randomness vulnerability", - "Description": "Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-331" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 +{ + "SchemaVersion": 2, + "ArtifactName": "testdata/fixtures/fs/pip", + "ArtifactType": "filesystem", + "Metadata": { + "ImageConfig": { + "architecture": "", + "created": "0001-01-01T00:00:00Z", + "os": "", + "rootfs": { + "type": "", + "diff_ids": null + }, + "config": {} + } + }, + "Results": [ + { + "Target": "requirements.txt", + "Class": "lang-pkgs", + "Type": "pip", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2019-14806", + "PkgName": "Werkzeug", + "InstalledVersion": "0.11", + "FixedVersion": "0.15.3", + "Layer": { + "DiffID": "sha256:6393f36bbbee0b53834ba0f9f585194d9e5ab56b555a2910551254fc8a2aec19" }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 7.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00034.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00047.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14806", - "https://github.com/pallets/werkzeug/blob/7fef41b120327d3912fbe12fb64f1951496fcf3e/src/werkzeug/debug/__init__.py#L168", - "https://github.com/pallets/werkzeug/commit/00bc43b1672e662e5e3b8cecd79e67fc968fa246", - "https://nvd.nist.gov/vuln/detail/CVE-2019-14806", - "https://palletsprojects.com/blog/werkzeug-0-15-3-released/" - ], - "PublishedDate": "2019-08-09T15:15:00Z", - "LastModifiedDate": "2019-09-11T00:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10516", - "PkgName": "Werkzeug", - "InstalledVersion": "0.11", - "FixedVersion": "0.11.11", - "Layer": { - "DiffID": "sha256:6393f36bbbee0b53834ba0f9f585194d9e5ab56b555a2910551254fc8a2aec19" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10516", - "Title": "python-werkzeug: Cross-site scripting in render_full function in debug/tbtools.py", - "Description": "Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used in Pallets Flask and other products) allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-79" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V2Score": 4.3, - "V3Score": 6.1 + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14806", + "Title": "python-werkzeug: insufficient debugger PIN randomness vulnerability", + "Description": "Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-331" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + } }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", - "V3Score": 7.1 - } + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00034.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00047.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14806", + "https://github.com/pallets/werkzeug/blob/7fef41b120327d3912fbe12fb64f1951496fcf3e/src/werkzeug/debug/__init__.py#L168", + "https://github.com/pallets/werkzeug/commit/00bc43b1672e662e5e3b8cecd79e67fc968fa246", + "https://nvd.nist.gov/vuln/detail/CVE-2019-14806", + "https://palletsprojects.com/blog/werkzeug-0-15-3-released/" + ], + "PublishedDate": "2019-08-09T15:15:00Z", + "LastModifiedDate": "2019-09-11T00:15:00Z" }, - "References": [ - "http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10516", - "https://github.com/pallets/werkzeug/pull/1001", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00037.html", - "https://usn.ubuntu.com/usn/usn-3463-1" - ], - "PublishedDate": "2017-10-23T16:29:00Z", - "LastModifiedDate": "2018-02-04T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2020-28724", - "PkgName": "Werkzeug", - "InstalledVersion": "0.11", - "FixedVersion": "0.11.6", - "Layer": { - "DiffID": "sha256:6393f36bbbee0b53834ba0f9f585194d9e5ab56b555a2910551254fc8a2aec19" + { + "VulnerabilityID": "CVE-2016-10516", + "PkgName": "Werkzeug", + "InstalledVersion": "0.11", + "FixedVersion": "0.11.11", + "Layer": { + "DiffID": "sha256:6393f36bbbee0b53834ba0f9f585194d9e5ab56b555a2910551254fc8a2aec19" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10516", + "Title": "python-werkzeug: Cross-site scripting in render_full function in debug/tbtools.py", + "Description": "Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used in Pallets Flask and other products) allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V2Score": 4.3, + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "V3Score": 7.1 + } + }, + "References": [ + "http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10516", + "https://github.com/pallets/werkzeug/pull/1001", + "https://lists.debian.org/debian-lts-announce/2017/11/msg00037.html", + "https://usn.ubuntu.com/usn/usn-3463-1" + ], + "PublishedDate": "2017-10-23T16:29:00Z", + "LastModifiedDate": "2018-02-04T02:29:00Z" }, - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-28724", - "Title": "Werkzeug before 0.11.6 includes an open redirect vulnerability via a double slash in the URL. See CVE-2020-28724.", - "Severity": "UNKNOWN" - }, - { - "VulnerabilityID": "pyup.io-26435", - "PkgName": "Werkzeug", - "InstalledVersion": "0.11", - "FixedVersion": "0.12", - "Layer": { - "DiffID": "sha256:6393f36bbbee0b53834ba0f9f585194d9e5ab56b555a2910551254fc8a2aec19" + { + "VulnerabilityID": "CVE-2020-28724", + "PkgName": "Werkzeug", + "InstalledVersion": "0.11", + "FixedVersion": "0.11.6", + "Layer": { + "DiffID": "sha256:6393f36bbbee0b53834ba0f9f585194d9e5ab56b555a2910551254fc8a2aec19" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-28724", + "Title": "Werkzeug before 0.11.6 includes an open redirect vulnerability via a double slash in the URL. See CVE-2020-28724.", + "Severity": "UNKNOWN" }, - "Title": "The defaults of ``generate_password_hash`` in werkzeug 0.12 have been changed to more secure ones, see pull request ``#753``.", - "Severity": "UNKNOWN" - }, - { - "VulnerabilityID": "pyup.io-36967", - "PkgName": "Werkzeug", - "InstalledVersion": "0.11", - "FixedVersion": "0.15.0", - "Layer": { - "DiffID": "sha256:6393f36bbbee0b53834ba0f9f585194d9e5ab56b555a2910551254fc8a2aec19" + { + "VulnerabilityID": "pyup.io-26435", + "PkgName": "Werkzeug", + "InstalledVersion": "0.11", + "FixedVersion": "0.12", + "Layer": { + "DiffID": "sha256:6393f36bbbee0b53834ba0f9f585194d9e5ab56b555a2910551254fc8a2aec19" + }, + "Title": "The defaults of ``generate_password_hash`` in werkzeug 0.12 have been changed to more secure ones, see pull request ``#753``.", + "Severity": "UNKNOWN" }, - "Title": "Werkzeug 0.15.0 refactors class:`~middleware.proxy_fix.ProxyFix` to support more headers, multiple values, and a more secure configuration.", - "Severity": "UNKNOWN" - } - ] - } -] \ No newline at end of file + { + "VulnerabilityID": "pyup.io-36967", + "PkgName": "Werkzeug", + "InstalledVersion": "0.11", + "FixedVersion": "0.15.0", + "Layer": { + "DiffID": "sha256:6393f36bbbee0b53834ba0f9f585194d9e5ab56b555a2910551254fc8a2aec19" + }, + "Title": "Werkzeug 0.15.0 refactors class:`~middleware.proxy_fix.ProxyFix` to support more headers, multiple values, and a more secure configuration.", + "Severity": "UNKNOWN" + } + ] + } + ] +} \ No newline at end of file diff --git a/integration/testdata/ubi-7.json.golden b/integration/testdata/ubi-7.json.golden index b19d50636e..b248187a88 100644 --- a/integration/testdata/ubi-7.json.golden +++ b/integration/testdata/ubi-7.json.golden @@ -1,25607 +1,25679 @@ -[ - { - "Target": "testdata/fixtures/images/ubi-7.tar.gz (redhat 7.7)", - "Class": "os-pkgs", - "Type": "redhat", - "Vulnerabilities": [ - { - "VulnerabilityID": "CVE-2015-5186", - "PkgName": "audit-libs", - "InstalledVersion": "2.8.5-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5186", - "Title": "Audit: log terminal emulator escape sequences handling", - "Description": "Audit before 2.4.4 in Linux does not sanitize escape characters in filenames.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2015/08/13/9", - "http://www.securityfocus.com/bid/76840", - "https://bugzilla.redhat.com/show_bug.cgi?id=1251621", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5186", - "https://people.redhat.com/sgrubb/audit/ChangeLog" - ], - "PublishedDate": "2017-09-06T21:29:00Z", - "LastModifiedDate": "2017-09-13T11:17:00Z" - }, - { - "VulnerabilityID": "CVE-2012-6711", - "PkgName": "bash", - "InstalledVersion": "4.2.46-33.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2012-6711", - "Title": "bash: heap-based buffer overflow during echo of unsupported characters", - "Description": "A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to print through the \"echo -e\" built-in function, may use this flaw to crash a script or execute code with the privileges of the bash process. This occurs because ansicstr() in lib/sh/strtrans.c mishandles u32cconv().", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/bash.git/commit/?h=devel\u0026id=863d31ae775d56b785dc5b0105b6d251515d81d5", - "http://www.securityfocus.com/bid/108824", - "https://bugzilla.redhat.com/show_bug.cgi?id=1721071", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6711" - ], - "PublishedDate": "2019-06-18T18:15:00Z", - "LastModifiedDate": "2019-06-20T09:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9924", - "PkgName": "bash", - "InstalledVersion": "4.2.46-33.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9924", - "Title": "bash: BASH_CMD is writable in restricted bash shells", - "Description": "rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/bash.git/tree/CHANGES?h=bash-4.4-testing#n65", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00049.html", - "https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1803441", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9924", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00028.html", - "https://lists.gnu.org/archive/html/bug-bash/2017-03/msg00077.html", - "https://security.netapp.com/advisory/ntap-20190411-0001/", - "https://usn.ubuntu.com/usn/usn-4058-1", - "https://usn.ubuntu.com/usn/usn-4058-2" - ], - "PublishedDate": "2019-03-22T08:29:00Z", - "LastModifiedDate": "2019-04-11T22:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-18276", - "PkgName": "bash", - "InstalledVersion": "4.2.46-33.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18276", - "Title": "bash: when effective UID is not equal to its real UID the saved UID is not dropped", - "Description": "An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support \"saved UID\" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use \"enable -f\" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.", - "Severity": "LOW", - "CweIDs": [ - "CWE-273" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V2Score": 7.2 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276", - "https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff", - "https://www.youtube.com/watch?v=-wGtxJ8opa8" - ], - "PublishedDate": "2019-11-28T01:15:00Z", - "LastModifiedDate": "2020-01-22T14:27:00Z" - }, - { - "VulnerabilityID": "CVE-2017-6965", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6965", - "Title": "binutils: Heap-based buffer overflow in target_specific_reloc_handling in readelf", - "Description": "readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6965", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21137" - ], - "PublishedDate": "2017-03-17T09:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-6966", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6966", - "Title": "binutils: Use-after-free in target_specific_reloc_handling in readelf", - "Description": "readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6966", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21139" - ], - "PublishedDate": "2017-03-17T09:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20673", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20673", - "Title": "libiberty: Integer overflow in demangle_template() function", - "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106454", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24039" - ], - "PublishedDate": "2019-01-04T18:29:00Z", - "LastModifiedDate": "2019-01-15T14:36:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9074", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9074", - "Title": "binutils: out-of-bound read in function bfd_getl32 in libbfd.c", - "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "https://security.netapp.com/advisory/ntap-20190314-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24235", - "https://support.f5.com/csp/article/K09092524" - ], - "PublishedDate": "2019-02-24T00:29:00Z", - "LastModifiedDate": "2019-05-23T23:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9075", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9075", - "Title": "binutils: heap-based buffer overflow in function _bfd_archive_64_bit_slurp_armap in archive64.c", - "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "https://security.netapp.com/advisory/ntap-20190314-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24236", - "https://support.f5.com/csp/article/K42059040" - ], - "PublishedDate": "2019-02-24T00:29:00Z", - "LastModifiedDate": "2019-05-23T23:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9077", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9077", - "Title": "binutils: heap-based buffer overflow in function process_mips_specific in readelf.c", - "Description": "An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107139", - "https://security.netapp.com/advisory/ntap-20190314-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24243", - "https://support.f5.com/csp/article/K00056379" - ], - "PublishedDate": "2019-02-24T00:29:00Z", - "LastModifiedDate": "2019-05-24T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9939", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9939", - "Title": "binutils: buffer overflow in ihex.c", - "Description": "ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 1.2 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2015/07/31/6", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9939", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18750", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e27a9d5f22f9f7ead11738b1546d0b5c737266b", - "https://usn.ubuntu.com/usn/usn-3367-1" - ], - "PublishedDate": "2017-03-21T06:59:00Z", - "LastModifiedDate": "2017-03-22T19:12:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8538", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8538", - "Title": "libdwarf: Out-of-bounds read in dwarf_leb.c", - "Description": "dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV).", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", - "V2Score": 1.7 - } - }, - "References": [ - "http://sourceforge.net/p/libdwarf/code/ci/da724a0bc5eec8e9ec0b0cb0c238a80e34466459/", - "http://www.openwall.com/lists/oss-security/2015/12/09/2", - "http://www.openwall.com/lists/oss-security/2015/12/10/3", - "https://bugzilla.redhat.com/show_bug.cgi?id=1289385", - "https://bugzilla.redhat.com/show_bug.cgi?id=1291299", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8538" - ], - "PublishedDate": "2017-06-07T20:29:00Z", - "LastModifiedDate": "2017-06-14T18:17:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2226", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2226", - "Title": "gcc: Exploitable buffer overflow", - "Description": "Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190", - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V2Score": 6.8, - "V3Score": 3.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90103", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1", - "https://www.exploit-db.com/exploits/42386/" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-08-12T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4487", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4487", - "Title": "gcc: Invalid write due to a use-after-free to array btypevec", - "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"btypevec.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90025", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", - "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4488", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4488", - "Title": "gcc: Invalid write due to a use-after-free to array ktypevec", - "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"ktypevec.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 5.1, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90025", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", - "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4489", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4489", - "Title": "gcc: Invalid write due to integer overflow", - "Description": "Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the \"demangling of virtual tables.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90017", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4490", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4490", - "Title": "gcc: Write access violation", - "Description": "Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90019", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4491", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4491", - "Title": "gcc: Stack overflow due to infinite recursion in d_print_comp", - "Description": "The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90016", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4492", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4492", - "Title": "gcc: Read access violations", - "Description": "Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 4.4 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90014", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4493", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4493", - "Title": "gcc: Read access violations", - "Description": "The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90014", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12449", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12449", - "Title": "binutils: out of bounds heap read in _bfd_vms_save_sized_string function", - "Description": "The _bfd_vms_save_sized_string function in vms-misc.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12449", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21840" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2017-08-07T18:39:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12451", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12451", - "Title": "binutils: out of bounds stack read in _bfd_xcoff_read_ar_hdr function", - "Description": "The _bfd_xcoff_read_ar_hdr function in bfd/coff-rs6000.c and bfd/coff64-rs6000.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds stack read via a crafted COFF image file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12451", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21786" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2017-08-07T18:37:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12452", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12452", - "Title": "binutils: out of bounds heap read in bfd_mach_o_i386_canonicalize_one_reloc function", - "Description": "The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted mach-o file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12452", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21813" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2017-08-07T18:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12453", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12453", - "Title": "binutils: out of bounds heap read in __bfd_vms_slurp_eeom function", - "Description": "The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12453", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21813" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2017-08-07T18:35:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12454", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12454", - "Title": "binutils: Arbitrary memory read in _bfd_vms_slurp_egs function", - "Description": "The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an arbitrary memory read via a crafted vms alpha file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12454", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21813" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2017-08-07T13:05:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12455", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12455", - "Title": "binutils: out of bounds heap read in evax_bfd_print_emh function", - "Description": "The evax_bfd_print_emh function in vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12455", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21840" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2017-08-07T13:05:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12456", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12456", - "Title": "binutils: out of bounds heap read in read_symbol_stabs_debugging_inf function", - "Description": "The read_symbol_stabs_debugging_info function in rddbg.c in GNU Binutils 2.29 and earlier allows remote attackers to cause an out of bounds heap read via a crafted binary file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12456", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21813" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12457", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12457", - "Title": "binutils: NULL pointer dereference in bfd_make_section_with_flags function", - "Description": "The bfd_make_section_with_flags function in section.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a NULL dereference via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12457", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21840" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2017-08-07T13:20:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12458", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12458", - "Title": "binutils: out of bounds heap read in nlm_swap_auxiliary_headers_in function", - "Description": "The nlm_swap_auxiliary_headers_in function in bfd/nlmcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted nlm file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12458", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21840" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2017-08-07T14:23:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12799", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12799", - "Title": "binutils: Heap-based 1 byte buffer over-write in elf_read_notes function in bfd/elf.c", - "Description": "The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100292", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12799", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21933" - ], - "PublishedDate": "2017-08-10T18:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12967", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12967", - "Title": "binutils: Stack-based buffer over-read in getsym function in tekhex.c", - "Description": "The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100462", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12967", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21962" - ], - "PublishedDate": "2017-08-19T16:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13710", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13710", - "Title": "binutils: NULL pointer dereference in the setup_group function", - "Description": "The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a group section that is too small.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100499", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13710", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0c54f69295208331faab9bc5e995111a35672f9b", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d6f8dea6798528de0fc762409595251eeeb1f547" - ], - "PublishedDate": "2017-08-27T16:29:00Z", - "LastModifiedDate": "2017-08-30T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13716", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13716", - "Title": "binutils: Memory leak with the C++ symbol demangler routine in libiberty", - "Description": "The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).", - "Severity": "LOW", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 7.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13716", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22009" - ], - "PublishedDate": "2017-08-28T21:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13757", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13757", - "Title": "binutils: heap-based buffer over-read in elf_i386_get_synthetic_symtab in elf32-i386.c and elf_x86_64_get_synthetic_symtab in elf64-x86-64.c", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the PLT section size, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to elf_i386_get_synthetic_symtab in elf32-i386.c and elf_x86_64_get_synthetic_symtab in elf64-x86-64.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100532", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13757", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22018", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=90efb6422939ca031804266fba669f77c22a274a" - ], - "PublishedDate": "2017-08-29T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14128", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14128", - "Title": "binutils: Heap-based buffer over-read in the decode_line_info function", - "Description": "The decode_line_info function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (read_1_byte heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100623", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14128", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22059", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e8b60085eb3e6f2c41bc0c00c0d759fa7f72780" - ], - "PublishedDate": "2017-09-04T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14129", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14129", - "Title": "binutils: Heap-based buffer over-read in the read_section function", - "Description": "The read_section function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (parse_comp_unit heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100624", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14129", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22047", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e4f2723003859dc6b33ca0dadbc4a7659ebf1643" - ], - "PublishedDate": "2017-09-04T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14130", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14130", - "Title": "binutils: Heap-based buffer over-read in the _bfd_elf_parse_attributes function", - "Description": "The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (_bfd_elf_attr_strdup heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100625", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14130", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22058", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=2a143b99fc4a5094a9cf128f3184d8e6818c8229" - ], - "PublishedDate": "2017-09-04T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14529", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14529", - "Title": "binutils: heap-based buffer over-read in bfd_getl16 function in peXXigen.c", - "Description": "The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PE file, related to the bfd_getl16 function.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14529", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22113", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4d465c689a8fb27212ef358d0aee89d60dee69a6", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dcaaca89e8618eba35193c27afcb1cfa54f74582" - ], - "PublishedDate": "2017-09-18T00:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14729", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14729", - "Title": "binutils: Heap buffer overflow in the *_get_synthetic_symtab functions", - "Description": "The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/09/25/binutils-heap-based-buffer-overflow-in-_bfd_x86_elf_get_synthetic_symtab-elfxx-x86-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14729", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22170", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=56933f9e3e90eebf1018ed7417d6c1184b91db6b", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=61e3bf5f83f7e505b6bc51ef65426e5b31e6e360" - ], - "PublishedDate": "2017-09-25T16:29:00Z", - "LastModifiedDate": "2017-09-28T16:51:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14745", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14745", - "Title": "binutils: Integer overflow in the *_get_synthetic_symtab functions", - "Description": "The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, interpret a -1 value as a sorting count instead of an error flag, which allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14745", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22148" - ], - "PublishedDate": "2017-09-26T16:29:00Z", - "LastModifiedDate": "2017-09-29T18:37:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14930", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14930", - "Title": "binutils: Memory leak in decode_line_info", - "Description": "Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 7.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14930", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22191" - ], - "PublishedDate": "2017-09-30T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14932", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14932", - "Title": "binutils: Infinite loop in the decode_line_info", - "Description": "decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14932", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22204", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e338894dc2e603683bed2172e8e9f25b29051005" - ], - "PublishedDate": "2017-09-30T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14933", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14933", - "Title": "binutils: Infinite loop in read_formatted_entries", - "Description": "read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101203", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14933", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22210", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=30d0157a2ad64e64e5ff9fcc0dbe78a3e682f573", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=33e0a9a056bd23e923b929a4f2ab049ade0b1c32" - ], - "PublishedDate": "2017-09-30T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14934", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14934", - "Title": "binutils: Infinite loop in process_debug_info", - "Description": "process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-131", - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101204", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14934", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22219", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=19485196044b2521af979f1e5c4a89bfb90fba0b" - ], - "PublishedDate": "2017-09-30T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14938", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14938", - "Title": "binutils: Excessive memory allocation in _bfd_elf_slurp_version_tables", - "Description": "_bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101212", - "https://blogs.gentoo.org/ago/2017/09/26/binutils-memory-allocation-failure-in-_bfd_elf_slurp_version_tables-elf-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14938", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22166", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bd61e135492ecf624880e6b78e5fcde3c9716df6" - ], - "PublishedDate": "2017-09-30T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14939", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14939", - "Title": "binutils: Heap-based buffer over-read in the decode_line_info", - "Description": "decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to read_1_byte.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101216", - "https://blogs.gentoo.org/ago/2017/09/26/binutils-heap-based-buffer-overflow-in-read_1_byte-dwarf2-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14939", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22169", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=515f23e63c0074ab531bc954f84ca40c6281a724", - "https://www.exploit-db.com/exploits/42970/" - ], - "PublishedDate": "2017-09-30T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14940", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14940", - "Title": "binutils: NULL pointer dereference in the scan_unit_for_symbols", - "Description": "scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/09/26/binutils-null-pointer-dereference-in-scan_unit_for_symbols-dwarf2-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14940", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22166", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0d76029f92182c3682d8be2c833d45bc9a2068fe" - ], - "PublishedDate": "2017-09-30T01:29:00Z", - "LastModifiedDate": "2017-10-03T17:37:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14974", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14974", - "Title": "binutils: NULL pointer dereference in the *_get_synthetic_symtab functions", - "Description": "The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14974", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22163", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e70c19e3a4c26e9c1ebf0c9170d105039b56d7cf" - ], - "PublishedDate": "2017-10-02T01:29:00Z", - "LastModifiedDate": "2017-10-05T16:23:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15020", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15020", - "Title": "binutils: Heap-based buffer overflow in parse_die", - "Description": "dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles pointers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file, related to parse_die and parse_line_table, as demonstrated by a parse_die heap-based buffer over-read.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-parse_die-dwarf1-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15020", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22202", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1da5c9a485f3dcac4c45e96ef4b7dae5948314b5" - ], - "PublishedDate": "2017-10-05T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15021", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15021", - "Title": "binutils: Heap-based buffer over-read in bfd_get_debug_link_info_1", - "Description": "bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to bfd_getl32.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-bfd_getl32-opncls-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15021", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22197", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=52b36c51e5bf6d7600fdc6ba115b170b0e78e31d" - ], - "PublishedDate": "2017-10-05T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15022", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15022", - "Title": "binutils: NULL pointer dereference in dwarf2.c", - "Description": "dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of service (bfd_hash_hash NULL pointer dereference, or out-of-bounds access, and application crash) via a crafted ELF file, related to scan_unit_for_symbols and parse_comp_unit.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-bfd_hash_hash-hash-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15022", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22201", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=11855d8a1f11b102a702ab76e95b22082cccf2f8" - ], - "PublishedDate": "2017-10-05T01:29:00Z", - "LastModifiedDate": "2017-10-11T17:37:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15023", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15023", - "Title": "binutils: NULL pointer dereference in read_formatted_entries", - "Description": "read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101611", - "https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15023", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22200", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c361faae8d964db951b7100cada4dcdc983df1bf" - ], - "PublishedDate": "2017-10-05T01:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15024", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15024", - "Title": "binutils: Infinite recursion in find_abstract_instance_name", - "Description": "find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/10/03/binutils-infinite-loop-in-find_abstract_instance_name-dwarf2-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15024", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22187", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=52a93b95ec0771c97e26f0bb28630a271a667bd2" - ], - "PublishedDate": "2017-10-05T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15025", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15025", - "Title": "binutils: Divide-by-zero in decode_line_info", - "Description": "decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-369" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/10/03/binutils-divide-by-zero-in-decode_line_info-dwarf2-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15025", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22186", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d8010d3e75ec7194a4703774090b27486b742d48" - ], - "PublishedDate": "2017-10-05T01:29:00Z", - "LastModifiedDate": "2017-10-11T17:38:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15225", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15225", - "Title": "binutils: Memory leak in _bfd_dwarf2_cleanup_debug_info", - "Description": "_bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15225", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22212", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b55ec8b676ed05d93ee49d6c79ae0403616c4fb0" - ], - "PublishedDate": "2017-10-10T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15938", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15938", - "Title": "binutils: Invalid memory read in find_abstract_instance_name", - "Description": "dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash).", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101610", - "https://blogs.gentoo.org/ago/2017/10/24/binutils-invalid-memory-read-in-find_abstract_instance_name-dwarf2-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15938", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22209", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1b86808a86077722ee4f42ff97f836b12420bb2a" - ], - "PublishedDate": "2017-10-27T21:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15939", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15939", - "Title": "binutils: NULL pointer dereference in the concat_filename", - "Description": "dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. NOTE: this issue is caused by an incomplete fix for CVE-2017-15023.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101613", - "https://blogs.gentoo.org/ago/2017/10/24/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c-incomplete-fix-for-cve-2017-15023/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15939", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22205", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a54018b72d75abf2e74bf36016702da06399c1d9" - ], - "PublishedDate": "2017-10-27T21:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15996", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15996", - "Title": "binutils: Excessive memory allocation in elfcomm.c", - "Description": "elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a \"buffer overflow on fuzzed archive header,\" related to an uninitialized variable, an improper conditional jump, and the get_archive_member_name, process_archive_index_and_symbols, and setup_archive functions.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101608", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15996", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22361", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d91f0b20e561e326ee91a09a76206257bde8438b" - ], - "PublishedDate": "2017-10-29T17:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16826", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16826", - "Title": "binutils: Invalid memory access in the coff_slurp_line_table function", - "Description": "The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16826", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22376", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a67d66eb97e7613a38ffe6622d837303b3ecd31d" - ], - "PublishedDate": "2017-11-15T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16827", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16827", - "Title": "binutils: Invalid free in the aout_get_external_symbols function", - "Description": "The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16827", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22306", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0301ce1486b1450f219202677f30d0fa97335419" - ], - "PublishedDate": "2017-11-15T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16828", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16828", - "Title": "binutils: Integer overflow in the display_debug_frames function", - "Description": "The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file, related to print_debug_frame.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16828", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22386", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bf59c5d5f4f5b8b4da1f5f605cfa546f8029b43d" - ], - "PublishedDate": "2017-11-15T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16829", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16829", - "Title": "binutils: Out-of-bounds read in the _bfd_elf_parse_gnu_properties function", - "Description": "The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16829", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22307", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cf54ebff3b7361989712fd9c0128a9b255578163" - ], - "PublishedDate": "2017-11-15T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16830", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16830", - "Title": "binutils: Segmentation fault in the print_gnu_property_note function", - "Description": "The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101941", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16830", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22384", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6ab2c4ed51f9c4243691755e1b1d2149c6a426f4" - ], - "PublishedDate": "2017-11-15T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16831", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16831", - "Title": "binutils: Integer overflow in coffgen.c", - "Description": "coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16831", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22385", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6cee897971d4d7cd37d2a686bb6d2aa3e759c8ca" - ], - "PublishedDate": "2017-11-15T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16832", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16832", - "Title": "binutils: Segmentation fault in the pe_bfd_read_buildid function", - "Description": "The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16832", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22373", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0bb6961f18b8e832d88b490d421ca56cea16c45b" - ], - "PublishedDate": "2017-11-15T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17080", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17080", - "Title": "binutils: Heap-based buffer over-read in bfd_getl32", - "Description": "elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate sizes of core notes, which allows remote attackers to cause a denial of service (bfd_getl32 heap-based buffer over-read and application crash) via a crafted object file, related to elfcore_grok_netbsd_procinfo, elfcore_grok_openbsd_procinfo, and elfcore_grok_nto_status.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17080", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22421" - ], - "PublishedDate": "2017-11-30T21:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17121", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17121", - "Title": "binutils: Memory access violation via a crafted COFF binary", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location after the end of the to-be-relocated section.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17121", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22506", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b23dc97fe237a1d9e850d7cbeee066183a00630b" - ], - "PublishedDate": "2017-12-04T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17122", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17122", - "Title": "binutils: Excessive memory allocation in the dump_relocs_in_section function", - "Description": "The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to cause a denial of service (excessive memory allocation, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PE file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17122", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22508", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d785b7d4b877ed465d04072e17ca19d0f47d840f" - ], - "PublishedDate": "2017-12-04T08:29:00Z", - "LastModifiedDate": "2019-03-14T02:32:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17123", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17123", - "Title": "binutils: NULL pointer dereference in the coff_slurp_reloc_table function", - "Description": "The coff_slurp_reloc_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted COFF based file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17123", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22509", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4581a1c7d304ce14e714b27522ebf3d0188d6543" - ], - "PublishedDate": "2017-12-04T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17124", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17124", - "Title": "binutils: Heap buffer overflow in the _bfd_coff_read_string_table function", - "Description": "The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not properly validate the size of the external string table, which allows remote attackers to cause a denial of service (excessive memory consumption, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted COFF binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17124", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22507", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b0029dce6867de1a2828293177b0e030d2f0f03c" - ], - "PublishedDate": "2017-12-04T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17125", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17125", - "Title": "binutils: Buffer over-read in the _bfd_elf_get_symbol_version_string function", - "Description": "nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global symbols, which allows remote attackers to cause a denial of service (_bfd_elf_get_symbol_version_string buffer over-read and application crash) or possibly have unspecified other impact via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17125", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22443", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=160b1a618ad94988410dc81fce9189fcda5b7ff4" - ], - "PublishedDate": "2017-12-04T08:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17126", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17126", - "Title": "binutils: Invalid memory access in the load_debug_section function", - "Description": "The load_debug_section function in readelf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via an ELF file that lacks section headers.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17126", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22510", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f425ec6600b69e39eb605f3128806ff688137ea8" - ], - "PublishedDate": "2017-12-04T08:29:00Z", - "LastModifiedDate": "2019-03-13T19:31:00Z" - }, - { - "VulnerabilityID": "CVE-2017-6969", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6969", - "Title": "binutils: Heap-based buffer over-read in readelf when processing corrupt RL78 binaries", - "Description": "readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "V3Score": 4.4 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/03/16/8", - "http://www.securityfocus.com/bid/97065", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6969", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21156" - ], - "PublishedDate": "2017-03-17T09:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7209", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7209", - "Title": "binutils: Null pointer dereference in dump_section_as_bytes function in readelf", - "Description": "The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/96994", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7209", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21135" - ], - "PublishedDate": "2017-03-21T06:59:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7210", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7210", - "Title": "binutils: Heap-based buffer over-reads in objdump", - "Description": "objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/96992", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7210", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21157" - ], - "PublishedDate": "2017-03-21T06:59:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7223", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7223", - "Title": "binutils: Global buffer overflow when attempting to unget EOF character", - "Description": "GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7223", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20898" - ], - "PublishedDate": "2017-03-22T16:59:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7224", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7224", - "Title": "binutils: Invalid write in find_nearest_line function", - "Description": "The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97277", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7224", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20892" - ], - "PublishedDate": "2017-03-22T16:59:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7225", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7225", - "Title": "binutils: Null pointer dereference and invalid write in find_nearest_line function in addr2line", - "Description": "The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97275", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7225", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20891" - ], - "PublishedDate": "2017-03-22T16:59:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7226", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7226", - "Title": "binutils: Heap-based buffer over-read in pe_ILF_object_p function in libbfd", - "Description": "The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "V3Score": 4.4 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7226", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20905" - ], - "PublishedDate": "2017-03-22T16:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7227", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7227", - "Title": "binutils: Heap-based buffer overflow in ld due to missing null termination", - "Description": "GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of '\\0' termination of a name field in ldlex.l.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97209", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7227", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20906" - ], - "PublishedDate": "2017-03-22T16:59:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7299", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7299", - "Title": "binutils: Out-of-bounds read in bfd_elf_final_link function", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) does not check the format of the input file before trying to read the ELF reloc section header. The vulnerability leads to a GNU linker (ld) program crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97217", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7299", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20908" - ], - "PublishedDate": "2017-03-29T15:59:00Z", - "LastModifiedDate": "2017-03-31T16:28:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7300", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7300", - "Title": "binutils: Heap-buffer overflow in aout_link_add_symbols function", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97219", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7300", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20909" - ], - "PublishedDate": "2017-03-29T15:59:00Z", - "LastModifiedDate": "2017-03-31T17:00:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7301", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7301", - "Title": "binutils: Off-by-one error in aout_link_add_symbols function", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully check the string offset. The vulnerability could lead to a GNU linker (ld) program crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97218", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7301", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20924" - ], - "PublishedDate": "2017-03-29T15:59:00Z", - "LastModifiedDate": "2017-03-31T17:02:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7302", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7302", - "Title": "binutils: Out-of-bounds read in wap_std_reloc_out function", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability causes Binutils utilities like strip to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97216", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7302", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20921" - ], - "PublishedDate": "2017-03-29T15:59:00Z", - "LastModifiedDate": "2017-03-31T16:28:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7303", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7303", - "Title": "binutils: Out-of-bounds read in find_link function", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers before attempting to match them. This vulnerability causes Binutils utilities like strip to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97213", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7303", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20922" - ], - "PublishedDate": "2017-03-29T15:59:00Z", - "LastModifiedDate": "2017-03-31T17:00:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7304", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7304", - "Title": "binutils: Out-of-bounds read in copy_special_section_fields function", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field before attempting to follow it. This vulnerability causes Binutils utilities like strip to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97215", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7304", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20931" - ], - "PublishedDate": "2017-03-29T15:59:00Z", - "LastModifiedDate": "2017-03-31T17:06:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7614", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7614", - "Title": "binutils: NULL pointer dereference in bfd_elf_final_link function", - "Description": "elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a \"member access within null pointer\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an \"int main() {return 0;}\" program.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/04/05/binutils-two-null-pointer-dereference-in-elflink-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7614", - "https://security.gentoo.org/glsa/201709-02" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8392", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8392", - "Title": "binutils: NULL pointer dereference in the _bfd_dwarf2_find_nearest_line function", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21409" - ], - "PublishedDate": "2017-05-01T18:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8393", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8393", - "Title": "binutils: Out-of-bounds read due to wrong assumption for objcopy and strip", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy and strip, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8393", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21412" - ], - "PublishedDate": "2017-05-01T18:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8394", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8394", - "Title": "binutils: NULL pointer dereference in the _bfd_elf_large_com_section", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8394", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21414" - ], - "PublishedDate": "2017-05-01T18:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8395", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8395", - "Title": "binutils: Out-of-bounds write in the _bfd_generic_get_section_contents function", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid write of size 8 because of missing a malloc() return-value check to see if memory had actually been allocated in the _bfd_generic_get_section_contents function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8395", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21431" - ], - "PublishedDate": "2017-05-01T18:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8396", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8396", - "Title": "binutils: Out-of-bounds read in the existing reloc offset range tests", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8396", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21432" - ], - "PublishedDate": "2017-05-01T18:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8397", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8397", - "Title": "binutils: Out-of-bounds read and write while processing binary containing reloc(s) with negative addresses", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 and an invalid write of size 1 during processing of a corrupt binary containing reloc(s) with negative addresses. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8397", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21434" - ], - "PublishedDate": "2017-05-01T18:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8398", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8398", - "Title": "binutils: Out-of-bounds read while dumping the debug information from a corrupt binary", - "Description": "dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8398", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21438" - ], - "PublishedDate": "2017-05-01T18:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8421", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8421", - "Title": "binutils: Memory exhaustion in objdump via a crafted PE file", - "Description": "The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file. Additional validation in dump_relocs_in_section in objdump.c can resolve this.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 7.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8421", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21440" - ], - "PublishedDate": "2017-05-02T17:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9038", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9038", - "Title": "binutils: Heap-buffer overflow in the byte_get_little_endian", - "Description": "GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to the byte_get_little_endian function in elfcomm.c, the get_unwind_section_word function in readelf.c, and ARM unwind information that contains invalid word offsets.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98589", - "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9038", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f32ba72991d2406b21ab17edc234a2f3fa7fb23d" - ], - "PublishedDate": "2017-05-18T01:29:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9039", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9039", - "Title": "binutils: Memory consumption via many program headers", - "Description": "GNU Binutils 2.28 allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file with many program headers, related to the get_program_headers function in readelf.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98580", - "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9039", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=82156ab704b08b124d319c0decdbd48b3ca2dac5" - ], - "PublishedDate": "2017-05-18T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9040", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9040", - "Title": "binutils: NULL pointer dereference in the process_mips_specific_function", - "Description": "GNU Binutils 2017-04-03 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash), related to the process_mips_specific function in readelf.c, via a crafted ELF file that triggers a large memory-allocation attempt.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98579", - "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9040", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf" - ], - "PublishedDate": "2017-05-18T01:29:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9041", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9041", - "Title": "binutils: Heap buffer overflow in the process_mips_specific function", - "Description": "GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to MIPS GOT mishandling in the process_mips_specific function in readelf.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98598", - "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9041", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75ec1fdbb797a389e4fe4aaf2e15358a070dcc19", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c4ab9505b53cdc899506ed421fddb7e1f8faf7a3" - ], - "PublishedDate": "2017-05-18T01:29:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9042", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9042", - "Title": "binutils: Invalid variable type in readelf.c", - "Description": "readelf.c in GNU Binutils 2017-04-12 has a \"cannot be represented in type long\" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-704" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9042", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf" - ], - "PublishedDate": "2017-05-18T01:29:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9043", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9043", - "Title": "binutils: Shift exponent too large for type unsigned long in readelf.c", - "Description": "readelf.c in GNU Binutils 2017-04-12 has a \"shift exponent too large for type unsigned long\" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98591", - "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9043", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ddef72cdc10d82ba011a7ff81cafbbd3466acf54" - ], - "PublishedDate": "2017-05-18T01:29:00Z", - "LastModifiedDate": "2017-05-25T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9044", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9044", - "Title": "binutils: Out-of-bounds read in the print_symbol_for_build_attribute function", - "Description": "The print_symbol_for_build_attribute function in readelf.c in GNU Binutils 2017-04-12 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98587", - "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9044" - ], - "PublishedDate": "2017-05-18T01:29:00Z", - "LastModifiedDate": "2017-05-25T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9742", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9742", - "Title": "binutils: Global buffer over-read in print_insn_score16 function while disassembling corrupt score binary", - "Description": "The score_opcodes function in opcodes/score7-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99105", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9742", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21576", - "https://www.exploit-db.com/exploits/42203/" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9743", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9743", - "Title": "binutils: Global buffer over-read in print_insn_score32 function while disassembling corrupt score binary", - "Description": "The print_insn_score32 function in opcodes/score7-dis.c:552 in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99106", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9743", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21577" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9744", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9744", - "Title": "binutils: Address violation in sh_elf_set_mach_from_flags function when disassembling a corrupt SH binary", - "Description": "The sh_elf_set_mach_from_flags function in bfd/elf32-sh.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99108", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9744", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21578" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2017-06-26T16:10:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9745", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9745", - "Title": "binutils: Heap buffer over-read in _bfd_vms_slurp_etir function when handling VMS alpha binaries", - "Description": "The _bfd_vms_slurp_etir function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99109", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9745", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21579" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2017-06-26T16:13:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9746", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9746", - "Title": "binutils: Heap buffer over-read in disassemble_bytes function when disassembling a corrupt binary", - "Description": "The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing for this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99117", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9746", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21580", - "https://www.exploit-db.com/exploits/42199/" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9747", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9747", - "Title": "binutils: Stack-based buffer over-read in ieee_archive_p function while disassembling corrupt IEEE binary", - "Description": "The ieee_archive_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution. NOTE: this may be related to a compiler bug.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99114", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9747", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21581", - "https://www.exploit-db.com/exploits/42200/" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2017-08-13T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9748", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9748", - "Title": "binutils: Stack-based buffer over-read in ieee_object_p function", - "Description": "The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution. NOTE: this may be related to a compiler bug.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99110", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9748", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21582", - "https://www.exploit-db.com/exploits/42202/" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2017-08-12T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9749", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9749", - "Title": "binutils: Global buffer over-read in *regs* macros when disassembling corrupt bfin binary", - "Description": "The *regs* macros in opcodes/bfin-dis.c in GNU Binutils 2.28 allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99113", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9749", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21586", - "https://www.exploit-db.com/exploits/42201/" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9750", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9750", - "Title": "binutils: Global buffer over-read in opcodes/rx-decode.opc when disassembling a corrupt RX binary", - "Description": "opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain scale arrays, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99118", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9750", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21587", - "https://www.exploit-db.com/exploits/42198/" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9751", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9751", - "Title": "binutils: Stack-based buffer over-read in opcodes/rl78-decode.opc when disassembling a corrupt RL78 binary", - "Description": "opcodes/rl78-decode.opc in GNU Binutils 2.28 has an unbounded GETBYTE macro, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99111", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9751", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21588" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9752", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9752", - "Title": "binutils: Heap buffer over-read in f_bfd_vms_get_value function when processing a corrupt Alpha VMA binary", - "Description": "bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file in the _bfd_vms_get_value and _bfd_vms_slurp_etir functions during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99122", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9752", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21589" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2017-06-26T16:20:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9753", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9753", - "Title": "binutils: Address violation in versados_mkobject function when disassembling a corrupt versados binary", - "Description": "The versados_mkobject function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not initialize a certain data structure, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99116", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9753", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21591" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2017-06-26T16:20:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9754", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9754", - "Title": "binutils: Stack-based buffer over-read in process_otr function", - "Description": "The process_otr function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not validate a certain offset, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99125", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9754", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21591" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2017-06-26T16:21:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9755", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9755", - "Title": "binutils: Global buffer over-read in opcodes/i386-dis.c while checking invalid registers", - "Description": "opcodes/i386-dis.c in GNU Binutils 2.28 does not consider the number of registers for bnd mode, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99124", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9755", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21594" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9756", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9756", - "Title": "binutils: Address violation in aarch64_ext_ldst_reglist function when disassembling corrupt aarch64 binary", - "Description": "The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99103", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9756", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21595", - "https://www.exploit-db.com/exploits/42204/" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9954", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9954", - "Title": "binutils: stack-based buffer over-read in getvalue function", - "Description": "The getvalue function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted tekhex file, as demonstrated by mishandling within the nm program.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99307", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9954", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21670" - ], - "PublishedDate": "2017-06-26T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9955", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9955", - "Title": "binutils: heap buffer over-read in get_build_id function", - "Description": "The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file in which a certain size field is larger than a corresponding data field, as demonstrated by mishandling within the objdump program.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99573", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9955", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21665" - ], - "PublishedDate": "2017-06-26T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12698", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12698", - "Title": "binutils: excessive memory consumption in demangle_template in cplus-dem.c", - "Description": "demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the \"Create an array for saving the template argument values\" XNEWVEC call. This can occur during execution of objdump.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/104539", - "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12698", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454", - "https://security.gentoo.org/glsa/201908-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23057" - ], - "PublishedDate": "2018-06-23T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12699", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12699", - "Title": "binutils: heap-based buffer overflow in finish_stab in stabs.c", - "Description": "finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump.", - "Severity": "LOW", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/104540", - "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12699", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454", - "https://security.gentoo.org/glsa/201908-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23057" - ], - "PublishedDate": "2018-06-23T23:29:00Z", - "LastModifiedDate": "2019-08-03T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12700", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12700", - "Title": "binutils: Stack Exhaustion in debug_write_type in debug.c", - "Description": "A Stack Exhaustion issue was discovered in debug_write_type in debug.c in GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/104541", - "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12700", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454", - "https://security.gentoo.org/glsa/201908-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23057" - ], - "PublishedDate": "2018-06-23T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12934", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12934", - "Title": "binutils: Uncontrolled Resource Consumption in remember_Ktype in cplus-dem.c", - "Description": "remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.", - "Severity": "LOW", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763101", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85453", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23059" - ], - "PublishedDate": "2018-06-28T14:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-17794", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17794", - "Title": "binutils: NULL pointer dereference in libiberty/cplus-dem.c:work_stuff_copy_to_from() via crafted input", - "Description": "An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in work_stuff_copy_to_from when called from iterate_demangle_function.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17794", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87350" - ], - "PublishedDate": "2018-09-30T20:29:00Z", - "LastModifiedDate": "2018-11-28T15:06:00Z" - }, - { - "VulnerabilityID": "CVE-2018-17985", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17985", - "Title": "binutils: Stack consumption problem caused by the cplus_demangle_type", - "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls to itself in certain scenarios involving many 'P' characters.", - "Severity": "LOW", - "CweIDs": [ - "CWE-400" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17985", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87335" - ], - "PublishedDate": "2018-10-04T23:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18483", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18483", - "Title": "binutils: Integer overflow in cplus-dem.c:get_count() allows for denial of service", - "Description": "The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/105689", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87602", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23767" - ], - "PublishedDate": "2018-10-18T21:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18484", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18484", - "Title": "binutils: Stack exhaustion in cp-demangle.c allows for denial of service", - "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplus_demangle_type, d_bare_function_type, d_function_type.", - "Severity": "LOW", - "CweIDs": [ - "CWE-400" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/105693", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18484", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87636" - ], - "PublishedDate": "2018-10-18T21:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18605", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18605", - "Title": "binutils: heap-based buffer over-read in sec_merge_hash_lookup in merge.c", - "Description": "A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/105754", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18605", - "https://deb.freexian.com/extended-lts/tracker/CVE-2018-18605", - "https://security.netapp.com/advisory/ntap-20190307-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23804", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ab419ddbb2cdd17ca83618990f2cacf904ce1d61" - ], - "PublishedDate": "2018-10-23T17:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18606", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18606", - "Title": "binutils: NULL pointer dereference in _bfd_add_merge_section in merge_strings function in merge.c", - "Description": "An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/105754", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18606", - "https://deb.freexian.com/extended-lts/tracker/CVE-2018-18606", - "https://security.netapp.com/advisory/ntap-20190307-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23806", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=45a0eaf77022963d639d6d19871dbab7b79703fc" - ], - "PublishedDate": "2018-10-23T17:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18607", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18607", - "Title": "binutils: NULL pointer dereference in elf_link_input_bfd in elflink.c", - "Description": "An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/105754", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18607", - "https://deb.freexian.com/extended-lts/tracker/CVE-2018-18607", - "https://security.netapp.com/advisory/ntap-20190307-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23805", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=102def4da826b3d9e169741421e5e67e8731909a" - ], - "PublishedDate": "2018-10-23T17:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18700", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18700", - "Title": "binutils: Recursive Stack Overflow within function d_name, d_encoding, and d_local_name in cp-demangle.c", - "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions d_name(), d_encoding(), and d_local_name() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18700", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87681" - ], - "PublishedDate": "2018-10-29T12:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18701", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18701", - "Title": "binutils: infinite recursion in next_is_type_qual and cplus_demangle_type functions in cp-demangle.c", - "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18701", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87675" - ], - "PublishedDate": "2018-10-29T12:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19932", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19932", - "Title": "binutils: Integer overflow due to the IS_CONTAINED_BY_LMA macro resulting in a denial of service", - "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106144", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19932", - "https://security.gentoo.org/glsa/201908-01", - "https://security.netapp.com/advisory/ntap-20190221-0004/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23932", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=beab453223769279cc1cef68a1622ab8978641f7" - ], - "PublishedDate": "2018-12-07T07:29:00Z", - "LastModifiedDate": "2019-08-03T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20002", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20002", - "Title": "binutils: memory leak in _bfd_generic_read_minisymbols function in syms.c", - "Description": "The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106142", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20002", - "https://security.gentoo.org/glsa/201908-01", - "https://security.netapp.com/advisory/ntap-20190221-0004/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23952", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c2f5dc30afa34696f2da0081c4ac50b958ecb0e9", - "https://support.f5.com/csp/article/K62602089" - ], - "PublishedDate": "2018-12-10T02:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20657", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20657", - "Title": "libiberty: Memory leak in demangle_template function resulting in a denial of service", - "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-20657.html", - "http://linux.oracle.com/errata/ELSA-2019-3352.html", - "http://www.securityfocus.com/bid/106444", - "https://access.redhat.com/errata/RHSA-2019:3352", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539", - "https://support.f5.com/csp/article/K62602089" - ], - "PublishedDate": "2019-01-02T14:29:00Z", - "LastModifiedDate": "2019-11-06T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6323", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6323", - "Title": "binutils: Integer overflow in elf_object_p function in elfcode.h", - "Description": "The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/102821", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6323", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22746", - "https://www.exploit-db.com/exploits/44035/" - ], - "PublishedDate": "2018-01-26T08:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6759", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6759", - "Title": "binutils: Unchecked strnlen in opncls.c:bfd_get_debug_link_info_1() can allow lead to denial of service", - "Description": "The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/103030", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6759", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22794" - ], - "PublishedDate": "2018-02-06T21:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6872", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6872", - "Title": "binutils: out of bounds read in elf_parse_notes function in elf.c file in libbfd library", - "Description": "The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/103103", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6872", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22788", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=ef135d4314fd4c2d7da66b9d7b59af4a85b0f7e6" - ], - "PublishedDate": "2018-02-09T06:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010204", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010204", - "Title": "binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service", - "Description": "GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125", - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "https://security.netapp.com/advisory/ntap-20190822-0001/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23765" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-08-22T07:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-14250", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14250", - "Title": "binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow", - "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/109354", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90924", - "https://gcc.gnu.org/ml/gcc-patches/2019-07/msg01003.html", - "https://security.netapp.com/advisory/ntap-20190822-0002/" - ], - "PublishedDate": "2019-07-24T04:15:00Z", - "LastModifiedDate": "2019-08-22T07:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17450", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17450", - "Title": "binutils: denial of service via crafted ELF file", - "Description": "find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-674" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "https://security.netapp.com/advisory/ntap-20191024-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=25078" - ], - "PublishedDate": "2019-10-10T17:15:00Z", - "LastModifiedDate": "2019-10-24T06:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17451", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17451", - "Title": "binutils: integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c", - "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", - "V3Score": 4.4 - } - }, - "References": [ - "https://security.netapp.com/advisory/ntap-20191024-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=25070", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=336bfbeb1848f4b9558456fdcf283ee8a32d7fd1" - ], - "PublishedDate": "2019-10-10T17:15:00Z", - "LastModifiedDate": "2019-10-24T06:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-3189", - "PkgName": "bzip2-libs", - "InstalledVersion": "1.0.6-13.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-3189", - "Title": "bzip2: heap use after free in bzip2recover", - "Description": "Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/06/20/1", - "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", - "http://www.securityfocus.com/bid/91297", - "http://www.securitytracker.com/id/1036132", - "https://bugzilla.redhat.com/show_bug.cgi?id=1319648", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3189", - "https://marc.info/?l=oss-security\u0026m=146642106322396\u0026w=2", - "https://security.gentoo.org/glsa/201708-08", - "https://usn.ubuntu.com/usn/usn-4038-1", - "https://usn.ubuntu.com/usn/usn-4038-2" - ], - "PublishedDate": "2016-06-30T17:59:00Z", - "LastModifiedDate": "2017-08-22T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-12900", - "PkgName": "bzip2-libs", - "InstalledVersion": "1.0.6-13.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12900", - "Title": "bzip2: out-of-bounds write in function BZ2_decompress", - "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", - "Severity": "LOW", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 4 - } - }, - "References": [ - "https://bugs.launchpad.net/ubuntu/+source/bzip2/+bug/1834494", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12900", - "https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html", - "https://usn.ubuntu.com/4038-1/", - "https://usn.ubuntu.com/4038-2/", - "https://usn.ubuntu.com/usn/usn-4038-1", - "https://usn.ubuntu.com/usn/usn-4038-2", - "https://usn.ubuntu.com/usn/usn-4038-3", - "https://usn.ubuntu.com/usn/usn-4038-4", - "https://usn.ubuntu.com/usn/usn-4146-1", - "https://usn.ubuntu.com/usn/usn-4146-2" - ], - "PublishedDate": "2019-06-19T23:15:00Z", - "LastModifiedDate": "2019-06-24T23:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2781", - "PkgName": "coreutils", - "InstalledVersion": "8.22-24.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2781", - "Title": "coreutils: Non-privileged session can escape to the parent session in chroot", - "Description": "chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", - "V2Score": 2.1, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 6.2, - "V3Score": 8.6 - } - }, - "References": [ - "http://seclists.org/oss-sec/2016/q1/452", - "http://www.openwall.com/lists/oss-security/2016/02/28/2", - "http://www.openwall.com/lists/oss-security/2016/02/28/3", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2781" - ], - "PublishedDate": "2017-02-07T15:59:00Z", - "LastModifiedDate": "2017-02-27T19:32:00Z" - }, - { - "VulnerabilityID": "CVE-2017-18018", - "PkgName": "coreutils", - "InstalledVersion": "8.22-24.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18018", - "Title": "coreutils: race condition vulnerability in chown and chgrp", - "Description": "In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX \"-R -L\" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-362" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 4.2 - } - }, - "References": [ - "http://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html" - ], - "PublishedDate": "2018-01-04T04:29:00Z", - "LastModifiedDate": "2018-01-19T15:46:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9471", - "PkgName": "coreutils", - "InstalledVersion": "8.22-24.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9471", - "Title": "coreutils: memory corruption flaw in parse_datetime()", - "Description": "The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the \"--date=TZ=\"123\"345\" @1\" string to the touch or date command.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2015-0029.html", - "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16872", - "http://debbugs.gnu.org/cgi/bugreport.cgi?msg=11;filename=date-tz-crash.patch;att=1;bug=16872", - "http://debbugs.gnu.org/cgi/bugreport.cgi?msg=19;filename=coreutils-date-crash.patch;att=1;bug=16872", - "http://secunia.com/advisories/62226", - "http://ubuntu.com/usn/usn-2473-1", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:179", - "http://www.openwall.com/lists/oss-security/2014/11/25/1", - "http://www.openwall.com/lists/oss-security/2014/11/25/4", - "http://www.openwall.com/lists/oss-security/2015/01/03/11", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766147", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9471", - "https://security.gentoo.org/glsa/201612-22", - "https://usn.ubuntu.com/usn/usn-2473-1" - ], - "PublishedDate": "2015-01-16T16:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-4041", - "PkgName": "coreutils", - "InstalledVersion": "8.22-24.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-4041", - "Title": "coreutils: heap buffer overflow in sort(1) keycompare_mb()", - "Description": "The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings.", - "Severity": "LOW", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2015/05/15/1", - "https://bugzilla.suse.com/show_bug.cgi?id=928749", - "https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940" - ], - "PublishedDate": "2020-01-24T17:15:00Z", - "LastModifiedDate": "2020-02-01T17:33:00Z" - }, - { - "VulnerabilityID": "CVE-2015-4042", - "PkgName": "coreutils", - "InstalledVersion": "8.22-24.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-4042", - "Title": "coreutils: possible buffer overflow in keycompare_mb()", - "Description": "Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2015/05/15/1", - "https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940" - ], - "PublishedDate": "2020-01-24T17:15:00Z", - "LastModifiedDate": "2020-02-01T17:33:00Z" - }, - { - "VulnerabilityID": "CVE-2019-14866", - "PkgName": "cpio", - "InstalledVersion": "2.11-27.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14866", - "Title": "cpio: improper input validation when writing tar header fields leads to unexpect tar generation", - "Description": "In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have access to. Extracting those archives from a high-privilege user without carefully reviewing them may lead to the compromise of the system.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", - "V2Score": 6.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 6.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14866", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14866", - "https://lists.gnu.org/archive/html/bug-cpio/2019-08/msg00003.html", - "https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00000.html", - "https://usn.ubuntu.com/usn/usn-4176-1" - ], - "PublishedDate": "2020-01-07T17:15:00Z", - "LastModifiedDate": "2020-01-10T14:27:00Z" - }, - { - "VulnerabilityID": "CVE-2015-1197", - "PkgName": "cpio", - "InstalledVersion": "2.11-27.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1197", - "Title": "cpio: directory traversal through symlinks", - "Description": "cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 1.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2015-0080.html", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:066", - "http://www.openwall.com/lists/oss-security/2015/01/07/5", - "http://www.openwall.com/lists/oss-security/2015/01/18/7", - "http://www.securityfocus.com/bid/71914", - "http://www.ubuntu.com/usn/USN-2906-1", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774669", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1197", - "https://lists.gnu.org/archive/html/bug-cpio/2015-01/msg00000.html", - "https://usn.ubuntu.com/usn/usn-2906-1" - ], - "PublishedDate": "2015-02-19T15:59:00Z", - "LastModifiedDate": "2016-12-06T02:59:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2037", - "PkgName": "cpio", - "InstalledVersion": "2.11-27.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2037", - "Title": "cpio: out of bounds write", - "Description": "The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V2Score": 4.3, - "V3Score": 4.3 - } - }, - "References": [ - "http://www.debian.org/security/2016/dsa-3483", - "http://www.openwall.com/lists/oss-security/2016/01/19/4", - "http://www.openwall.com/lists/oss-security/2016/01/22/4", - "http://www.securityfocus.com/bid/82293", - "http://www.securitytracker.com/id/1035067", - "http://www.ubuntu.com/usn/USN-2906-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2037", - "https://usn.ubuntu.com/usn/usn-2906-1" - ], - "PublishedDate": "2016-02-22T15:59:00Z", - "LastModifiedDate": "2016-12-06T03:07:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6318", - "PkgName": "cracklib", - "InstalledVersion": "2.9.0-11.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6318", - "Title": "cracklib: Stack-based buffer overflow when parsing large GECOS field", - "Description": "Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V2Score": 1.9, - "V3Score": 4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00122.html", - "http://seclists.org/oss-sec/2016/q3/290", - "http://www.openwall.com/lists/oss-security/2016/08/16/2", - "http://www.securityfocus.com/bid/92478", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6318", - "https://security.gentoo.org/glsa/201612-25" - ], - "PublishedDate": "2016-09-07T19:28:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6318", - "PkgName": "cracklib-dicts", - "InstalledVersion": "2.9.0-11.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6318", - "Title": "cracklib: Stack-based buffer overflow when parsing large GECOS field", - "Description": "Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V2Score": 1.9, - "V3Score": 4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00122.html", - "http://seclists.org/oss-sec/2016/q3/290", - "http://www.openwall.com/lists/oss-security/2016/08/16/2", - "http://www.securityfocus.com/bid/92478", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6318", - "https://security.gentoo.org/glsa/201612-25" - ], - "PublishedDate": "2016-09-07T19:28:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2015-3153", - "PkgName": "curl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-3153", - "Title": "curl: sensitive HTTP server headers also sent to proxies", - "Description": "The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://curl.haxx.se/docs/adv_20150429.html", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743", - "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", - "http://lists.opensuse.org/opensuse-updates/2015-05/msg00017.html", - "http://www.debian.org/security/2015/dsa-3240", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", - "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", - "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "http://www.securityfocus.com/bid/74408", - "http://www.securitytracker.com/id/1032233", - "http://www.ubuntu.com/usn/USN-2591-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3153", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10131", - "https://support.apple.com/kb/HT205031", - "https://usn.ubuntu.com/usn/usn-2591-1" - ], - "PublishedDate": "2015-05-01T15:59:00Z", - "LastModifiedDate": "2018-10-17T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8615", - "PkgName": "curl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8615", - "Title": "curl: Cookie injection for other servers", - "Description": "A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8615.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94096", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8615", - "https://curl.haxx.se/CVE-2016-8615.patch", - "https://curl.haxx.se/docs/adv_20161102A.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8617", - "PkgName": "curl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8617", - "Title": "curl: Out-of-bounds write via unchecked multiplication", - "Description": "The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.4, - "V3Score": 7 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8617.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94097", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8617", - "https://curl.haxx.se/CVE-2016-8617.patch", - "https://curl.haxx.se/docs/adv_20161102C.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T22:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8618", - "PkgName": "curl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8618", - "Title": "curl: Double-free in curl_maprintf", - "Description": "The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8618.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94098", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8618", - "https://curl.haxx.se/docs/adv_20161102D.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T21:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8619", - "PkgName": "curl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8619", - "Title": "curl: Double-free in krb5 code", - "Description": "The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8619.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94100", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8619", - "https://curl.haxx.se/CVE-2016-8619.patch", - "https://curl.haxx.se/docs/adv_20161102E.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8624", - "PkgName": "curl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8624", - "Title": "curl: Invalid URL parsing with '#'", - "Description": "curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8624.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94103", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8624", - "https://curl.haxx.se/docs/adv_20161102J.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T21:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8625", - "PkgName": "curl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8625", - "Title": "curl: IDNA 2003 makes curl use wrong host", - "Description": "curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8625.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.securityfocus.com/bid/94107", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8625", - "https://curl.haxx.se/CVE-2016-8625.patch", - "https://curl.haxx.se/docs/adv_20161102K.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8625", - "https://security.gentoo.org/glsa/201701-47", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2017-1000254", - "PkgName": "curl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000254", - "Title": "curl: FTP PWD response parser out of bounds read", - "Description": "libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3992", - "http://www.securityfocus.com/bid/101115", - "http://www.securitytracker.com/id/1039509", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/673d0cd8.patch", - "https://curl.haxx.se/docs/adv_20171004.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000254", - "https://security.gentoo.org/glsa/201712-04", - "https://support.apple.com/HT208331", - "https://usn.ubuntu.com/usn/usn-3441-1", - "https://usn.ubuntu.com/usn/usn-3441-2" - ], - "PublishedDate": "2017-10-06T13:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8817", - "PkgName": "curl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8817", - "Title": "curl: FTP wildcard out of bounds read", - "Description": "The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", - "V3Score": 3.1 - } - }, - "References": [ - "http://security.cucumberlinux.com/security/details.php?id=162", - "http://www.securityfocus.com/bid/102057", - "http://www.securitytracker.com/id/1039897", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/docs/adv_2017-ae72.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8817", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00040.html", - "https://security.gentoo.org/glsa/201712-04", - "https://usn.ubuntu.com/usn/usn-3498-1", - "https://usn.ubuntu.com/usn/usn-3498-2", - "https://www.debian.org/security/2017/dsa-4051" - ], - "PublishedDate": "2017-11-29T18:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20483", - "PkgName": "curl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20483", - "Title": "wget: Information exposure in set_file_metadata function in xattr.c", - "Description": "set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 2.1, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V3Score": 5.5 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/wget.git/tree/NEWS", - "http://linux.oracle.com/cve/CVE-2018-20483.html", - "http://linux.oracle.com/errata/ELSA-2019-3701.html", - "http://www.securityfocus.com/bid/106358", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20483", - "https://security.gentoo.org/glsa/201903-08", - "https://security.netapp.com/advisory/ntap-20190321-0002/", - "https://twitter.com/marcan42/status/1077676739877232640", - "https://usn.ubuntu.com/3943-1/", - "https://usn.ubuntu.com/usn/usn-3943-1" - ], - "PublishedDate": "2018-12-26T18:29:00Z", - "LastModifiedDate": "2019-04-09T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5482", - "PkgName": "curl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5482", - "Title": "curl: heap buffer overflow in function tftp_receive_packet()", - "Description": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-120" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 6.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", - "https://curl.haxx.se/docs/CVE-2019-5482.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", - "https://usn.ubuntu.com/usn/usn-4129-1", - "https://usn.ubuntu.com/usn/usn-4129-2" - ], - "PublishedDate": "2019-09-16T19:15:00Z", - "LastModifiedDate": "2019-09-18T00:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-0755", - "PkgName": "curl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-0755", - "Title": "curl: NTLM credentials not-checked for proxy connection re-use", - "Description": "The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.", - "Severity": "LOW", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 5, - "V3Score": 7.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", - "V2Score": 4 - } - }, - "References": [ - "http://curl.haxx.se/docs/adv_20160127A.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176546.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177342.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177383.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176413.html", - "http://lists.opensuse.org/opensuse-updates/2016-02/msg00031.html", - "http://lists.opensuse.org/opensuse-updates/2016-02/msg00044.html", - "http://lists.opensuse.org/opensuse-updates/2016-02/msg00047.html", - "http://packetstormsecurity.com/files/135695/Slackware-Security-Advisory-curl-Updates.html", - "http://www.debian.org/security/2016/dsa-3455", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/82307", - "http://www.securitytracker.com/id/1034882", - "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.519965", - "http://www.ubuntu.com/usn/USN-2882-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0755", - "https://security.gentoo.org/glsa/201701-47", - "https://support.apple.com/HT207170", - "https://usn.ubuntu.com/usn/usn-2882-1" - ], - "PublishedDate": "2016-01-29T20:59:00Z", - "LastModifiedDate": "2018-10-17T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8616", - "PkgName": "curl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8616", - "Title": "curl: Case insensitive password comparison", - "Description": "A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.", - "Severity": "LOW", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 2.6, - "V3Score": 3.7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8616.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94094", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8616", - "https://curl.haxx.se/CVE-2016-8616.patch", - "https://curl.haxx.se/docs/adv_20161102B.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8621", - "PkgName": "curl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8621", - "Title": "curl: curl_getdate out-of-bounds read", - "Description": "The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8621.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94101", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8621", - "https://curl.haxx.se/CVE-2016-8621.patch", - "https://curl.haxx.se/docs/adv_20161102G.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T22:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8622", - "PkgName": "curl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8622", - "Title": "curl: URL unescape heap overflow via integer truncation", - "Description": "The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer.", - "Severity": "LOW", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 2.6, - "V3Score": 3.7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8622.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94105", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8622", - "https://curl.haxx.se/docs/adv_20161102H.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T21:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8623", - "PkgName": "curl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8623", - "Title": "curl: Use-after-free via shared cookies", - "Description": "A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8623.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94106", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8623", - "https://curl.haxx.se/CVE-2016-8623.patch", - "https://curl.haxx.se/docs/adv_20161102I.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9586", - "PkgName": "curl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9586", - "Title": "curl: printf floating point buffer overflow", - "Description": "curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 2.6, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/95019", - "http://www.securitytracker.com/id/1037515", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9586", - "https://curl.haxx.se/docs/adv_20161221A.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9586", - "https://github.com/curl/curl/commit/curl-7_51_0-162-g3ab3c16", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3441-1", - "https://usn.ubuntu.com/usn/usn-3441-2" - ], - "PublishedDate": "2018-04-23T18:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-1000100", - "PkgName": "curl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000100", - "Title": "curl: TFTP sends more than buffer size", - "Description": "When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 4.8 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3992", - "http://www.securityfocus.com/bid/100286", - "http://www.securitytracker.com/id/1039118", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/docs/adv_20170809B.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000100", - "https://security.gentoo.org/glsa/201709-14", - "https://support.apple.com/HT208221", - "https://usn.ubuntu.com/usn/usn-3441-1", - "https://usn.ubuntu.com/usn/usn-3441-2" - ], - "PublishedDate": "2017-10-05T01:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7407", - "PkgName": "curl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7407", - "Title": "curl: --write-out out of bounds read", - "Description": "The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 2.1, - "V3Score": 2.4 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", - "V3Score": 1.8 - } - }, - "References": [ - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/docs/adv_20170403.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7407", - "https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13", - "https://security.gentoo.org/glsa/201709-14", - "https://usn.ubuntu.com/usn/usn-3441-1", - "https://usn.ubuntu.com/usn/usn-3441-2" - ], - "PublishedDate": "2017-04-03T20:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5436", - "PkgName": "curl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5436", - "Title": "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function", - "Description": "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html", - "https://curl.haxx.se/docs/CVE-2019-5436.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/", - "https://security.netapp.com/advisory/ntap-20190606-0004/", - "https://usn.ubuntu.com/usn/usn-3993-1", - "https://usn.ubuntu.com/usn/usn-3993-2" - ], - "PublishedDate": "2019-05-28T19:29:00Z", - "LastModifiedDate": "2019-06-09T05:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19906", - "PkgName": "cyrus-sasl-lib", - "InstalledVersion": "2.1.26-23.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19906", - "Title": "cyrus-sasl: denial of service in _sasl_add_string function", - "Description": "cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19906", - "https://github.com/cyrusimap/cyrus-sasl/issues/587", - "https://lists.debian.org/debian-lts-announce/2019/12/msg00027.html", - "https://seclists.org/bugtraq/2019/Dec/42", - "https://usn.ubuntu.com/4256-1/", - "https://usn.ubuntu.com/usn/usn-4256-1", - "https://www.debian.org/security/2019/dsa-4591", - "https://www.openldap.org/its/index.cgi/Incoming?id=9123" - ], - "PublishedDate": "2019-12-19T18:15:00Z", - "LastModifiedDate": "2020-01-30T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-12749", - "PkgName": "dbus", - "InstalledVersion": "1:1.10.24-13.el7_6", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12749", - "Title": "dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass", - "Description": "dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", - "V2Score": 3.6, - "V3Score": 7.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-12749.html", - "http://linux.oracle.com/errata/ELSA-2019-3707.html", - "http://www.openwall.com/lists/oss-security/2019/06/11/2", - "http://www.securityfocus.com/bid/108751", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12749", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00005.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2CQF37O73VH2JDVX2ILX2KD2KLXLQOU/", - "https://seclists.org/bugtraq/2019/Jun/16", - "https://usn.ubuntu.com/4015-1/", - "https://usn.ubuntu.com/4015-2/", - "https://usn.ubuntu.com/usn/usn-4015-1", - "https://usn.ubuntu.com/usn/usn-4015-2", - "https://www.debian.org/security/2019/dsa-4462", - "https://www.openwall.com/lists/oss-security/2019/06/11/2" - ], - "PublishedDate": "2019-06-11T17:29:00Z", - "LastModifiedDate": "2019-06-14T14:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3477", - "PkgName": "dbus", - "InstalledVersion": "1:1.10.24-13.el7_6", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3477", - "Title": "dbus: denial of service flaw in dbus-daemon", - "Description": "The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P", - "V2Score": 3.6 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0266.html", - "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8\u0026id=24c590703ca47eb71ddef453de43126b90954567", - "http://lists.opensuse.org/opensuse-updates/2014-06/msg00042.html", - "http://lists.opensuse.org/opensuse-updates/2014-07/msg00012.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://seclists.org/oss-sec/2014/q2/509", - "http://secunia.com/advisories/59428", - "http://secunia.com/advisories/59611", - "http://secunia.com/advisories/59798", - "http://www.debian.org/security/2014/dsa-2971", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.securityfocus.com/bid/67986", - "https://bugs.freedesktop.org/show_bug.cgi?id=78979", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3477", - "https://usn.ubuntu.com/usn/usn-2275-1" - ], - "PublishedDate": "2014-07-01T17:55:00Z", - "LastModifiedDate": "2015-04-15T02:00:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3532", - "PkgName": "dbus", - "InstalledVersion": "1:1.10.24-13.el7_6", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3532", - "Title": "dbus: denial of service in file descriptor passing feature", - "Description": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0294.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://openwall.com/lists/oss-security/2014/07/02/4", - "http://secunia.com/advisories/59611", - "http://secunia.com/advisories/59798", - "http://secunia.com/advisories/60236", - "http://www.debian.org/security/2014/dsa-2971", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", - "https://bugs.freedesktop.org/show_bug.cgi?id=80163", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3532", - "https://usn.ubuntu.com/usn/usn-2275-1" - ], - "PublishedDate": "2014-07-19T19:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3533", - "PkgName": "dbus", - "InstalledVersion": "1:1.10.24-13.el7_6", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3533", - "Title": "dbus: denial of service when forwarding invalid file descriptors", - "Description": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0294.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://openwall.com/lists/oss-security/2014/07/02/4", - "http://secunia.com/advisories/59611", - "http://secunia.com/advisories/59798", - "http://secunia.com/advisories/60236", - "http://www.debian.org/security/2014/dsa-2971", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", - "https://bugs.freedesktop.org/show_bug.cgi?id=79694", - "https://bugs.freedesktop.org/show_bug.cgi?id=80469", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3533", - "https://usn.ubuntu.com/usn/usn-2275-1" - ], - "PublishedDate": "2014-07-19T19:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3635", - "PkgName": "dbus", - "InstalledVersion": "1:1.10.24-13.el7_6", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3635", - "Title": "dbus: heap-based buffer overflow flaw in file descriptor passing", - "Description": "Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 4.4 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0395.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://secunia.com/advisories/61378", - "http://www.debian.org/security/2014/dsa-3026", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2014/09/16/9", - "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "http://www.securitytracker.com/id/1030864", - "http://www.ubuntu.com/usn/USN-2352-1", - "https://bugs.freedesktop.org/show_bug.cgi?id=83622", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3635", - "https://usn.ubuntu.com/usn/usn-2352-1" - ], - "PublishedDate": "2014-09-22T15:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3636", - "PkgName": "dbus", - "InstalledVersion": "1:1.10.24-13.el7_6", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3636", - "Title": "dbus: denial of service by queuing or splitting file descriptors", - "Description": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0395.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://secunia.com/advisories/61378", - "http://www.debian.org/security/2014/dsa-3026", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2014/09/16/9", - "http://www.securitytracker.com/id/1030864", - "http://www.ubuntu.com/usn/USN-2352-1", - "https://bugs.freedesktop.org/show_bug.cgi?id=82820", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3636", - "https://usn.ubuntu.com/usn/usn-2352-1" - ], - "PublishedDate": "2014-10-25T20:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3637", - "PkgName": "dbus", - "InstalledVersion": "1:1.10.24-13.el7_6", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3637", - "Title": "dbus: denial of service by creating unkillable D-Bus connections", - "Description": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.", - "Severity": "LOW", - "CweIDs": [ - "CWE-17" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0395.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://secunia.com/advisories/61378", - "http://www.debian.org/security/2014/dsa-3026", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2014/09/16/9", - "http://www.openwall.com/lists/oss-security/2019/06/24/13", - "http://www.openwall.com/lists/oss-security/2019/06/24/14", - "http://www.securitytracker.com/id/1030864", - "http://www.ubuntu.com/usn/USN-2352-1", - "https://bugs.freedesktop.org/show_bug.cgi?id=80559", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3637", - "https://usn.ubuntu.com/usn/usn-2352-1" - ], - "PublishedDate": "2014-09-22T15:55:00Z", - "LastModifiedDate": "2019-06-24T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3638", - "PkgName": "dbus", - "InstalledVersion": "1:1.10.24-13.el7_6", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3638", - "Title": "dbus: denial of service in method call handling", - "Description": "The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0395.html", - "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://secunia.com/advisories/61378", - "http://secunia.com/advisories/61431", - "http://www.debian.org/security/2014/dsa-3026", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2014/09/16/9", - "http://www.securitytracker.com/id/1030864", - "http://www.ubuntu.com/usn/USN-2352-1", - "https://bugs.freedesktop.org/show_bug.cgi?id=81053", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3638", - "https://usn.ubuntu.com/usn/usn-2352-1" - ], - "PublishedDate": "2014-09-22T15:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3639", - "PkgName": "dbus", - "InstalledVersion": "1:1.10.24-13.el7_6", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3639", - "Title": "dbus: denial of service flaw in incomplete connection handling", - "Description": "The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0395.html", - "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://secunia.com/advisories/61378", - "http://secunia.com/advisories/61431", - "http://www.debian.org/security/2014/dsa-3026", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2014/09/16/9", - "http://www.securitytracker.com/id/1030864", - "http://www.ubuntu.com/usn/USN-2352-1", - "https://bugs.freedesktop.org/show_bug.cgi?id=80919", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3639", - "https://usn.ubuntu.com/usn/usn-2352-1" - ], - "PublishedDate": "2014-09-22T15:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2015-0245", - "PkgName": "dbus", - "InstalledVersion": "1:1.10.24-13.el7_6", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-0245", - "Title": "dbus: denial of service in dbus systemd activation", - "Description": "D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds.", - "Severity": "LOW", - "CweIDs": [ - "CWE-362" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2015-0071.html", - "http://lists.opensuse.org/opensuse-updates/2015-02/msg00066.html", - "http://www.debian.org/security/2015/dsa-3161", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2015/02/09/6", - "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0245", - "https://usn.ubuntu.com/usn/usn-3116-1" - ], - "PublishedDate": "2015-02-13T15:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2019-12749", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.10.24-13.el7_6", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12749", - "Title": "dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass", - "Description": "dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", - "V2Score": 3.6, - "V3Score": 7.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-12749.html", - "http://linux.oracle.com/errata/ELSA-2019-3707.html", - "http://www.openwall.com/lists/oss-security/2019/06/11/2", - "http://www.securityfocus.com/bid/108751", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12749", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00005.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2CQF37O73VH2JDVX2ILX2KD2KLXLQOU/", - "https://seclists.org/bugtraq/2019/Jun/16", - "https://usn.ubuntu.com/4015-1/", - "https://usn.ubuntu.com/4015-2/", - "https://usn.ubuntu.com/usn/usn-4015-1", - "https://usn.ubuntu.com/usn/usn-4015-2", - "https://www.debian.org/security/2019/dsa-4462", - "https://www.openwall.com/lists/oss-security/2019/06/11/2" - ], - "PublishedDate": "2019-06-11T17:29:00Z", - "LastModifiedDate": "2019-06-14T14:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3477", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.10.24-13.el7_6", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3477", - "Title": "dbus: denial of service flaw in dbus-daemon", - "Description": "The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P", - "V2Score": 3.6 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0266.html", - "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8\u0026id=24c590703ca47eb71ddef453de43126b90954567", - "http://lists.opensuse.org/opensuse-updates/2014-06/msg00042.html", - "http://lists.opensuse.org/opensuse-updates/2014-07/msg00012.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://seclists.org/oss-sec/2014/q2/509", - "http://secunia.com/advisories/59428", - "http://secunia.com/advisories/59611", - "http://secunia.com/advisories/59798", - "http://www.debian.org/security/2014/dsa-2971", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.securityfocus.com/bid/67986", - "https://bugs.freedesktop.org/show_bug.cgi?id=78979", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3477", - "https://usn.ubuntu.com/usn/usn-2275-1" - ], - "PublishedDate": "2014-07-01T17:55:00Z", - "LastModifiedDate": "2015-04-15T02:00:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3532", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.10.24-13.el7_6", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3532", - "Title": "dbus: denial of service in file descriptor passing feature", - "Description": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0294.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://openwall.com/lists/oss-security/2014/07/02/4", - "http://secunia.com/advisories/59611", - "http://secunia.com/advisories/59798", - "http://secunia.com/advisories/60236", - "http://www.debian.org/security/2014/dsa-2971", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", - "https://bugs.freedesktop.org/show_bug.cgi?id=80163", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3532", - "https://usn.ubuntu.com/usn/usn-2275-1" - ], - "PublishedDate": "2014-07-19T19:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3533", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.10.24-13.el7_6", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3533", - "Title": "dbus: denial of service when forwarding invalid file descriptors", - "Description": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0294.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://openwall.com/lists/oss-security/2014/07/02/4", - "http://secunia.com/advisories/59611", - "http://secunia.com/advisories/59798", - "http://secunia.com/advisories/60236", - "http://www.debian.org/security/2014/dsa-2971", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", - "https://bugs.freedesktop.org/show_bug.cgi?id=79694", - "https://bugs.freedesktop.org/show_bug.cgi?id=80469", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3533", - "https://usn.ubuntu.com/usn/usn-2275-1" - ], - "PublishedDate": "2014-07-19T19:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3635", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.10.24-13.el7_6", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3635", - "Title": "dbus: heap-based buffer overflow flaw in file descriptor passing", - "Description": "Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 4.4 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0395.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://secunia.com/advisories/61378", - "http://www.debian.org/security/2014/dsa-3026", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2014/09/16/9", - "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "http://www.securitytracker.com/id/1030864", - "http://www.ubuntu.com/usn/USN-2352-1", - "https://bugs.freedesktop.org/show_bug.cgi?id=83622", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3635", - "https://usn.ubuntu.com/usn/usn-2352-1" - ], - "PublishedDate": "2014-09-22T15:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3636", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.10.24-13.el7_6", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3636", - "Title": "dbus: denial of service by queuing or splitting file descriptors", - "Description": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0395.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://secunia.com/advisories/61378", - "http://www.debian.org/security/2014/dsa-3026", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2014/09/16/9", - "http://www.securitytracker.com/id/1030864", - "http://www.ubuntu.com/usn/USN-2352-1", - "https://bugs.freedesktop.org/show_bug.cgi?id=82820", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3636", - "https://usn.ubuntu.com/usn/usn-2352-1" - ], - "PublishedDate": "2014-10-25T20:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3637", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.10.24-13.el7_6", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3637", - "Title": "dbus: denial of service by creating unkillable D-Bus connections", - "Description": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.", - "Severity": "LOW", - "CweIDs": [ - "CWE-17" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0395.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://secunia.com/advisories/61378", - "http://www.debian.org/security/2014/dsa-3026", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2014/09/16/9", - "http://www.openwall.com/lists/oss-security/2019/06/24/13", - "http://www.openwall.com/lists/oss-security/2019/06/24/14", - "http://www.securitytracker.com/id/1030864", - "http://www.ubuntu.com/usn/USN-2352-1", - "https://bugs.freedesktop.org/show_bug.cgi?id=80559", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3637", - "https://usn.ubuntu.com/usn/usn-2352-1" - ], - "PublishedDate": "2014-09-22T15:55:00Z", - "LastModifiedDate": "2019-06-24T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3638", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.10.24-13.el7_6", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3638", - "Title": "dbus: denial of service in method call handling", - "Description": "The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0395.html", - "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://secunia.com/advisories/61378", - "http://secunia.com/advisories/61431", - "http://www.debian.org/security/2014/dsa-3026", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2014/09/16/9", - "http://www.securitytracker.com/id/1030864", - "http://www.ubuntu.com/usn/USN-2352-1", - "https://bugs.freedesktop.org/show_bug.cgi?id=81053", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3638", - "https://usn.ubuntu.com/usn/usn-2352-1" - ], - "PublishedDate": "2014-09-22T15:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3639", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.10.24-13.el7_6", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3639", - "Title": "dbus: denial of service flaw in incomplete connection handling", - "Description": "The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0395.html", - "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://secunia.com/advisories/61378", - "http://secunia.com/advisories/61431", - "http://www.debian.org/security/2014/dsa-3026", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2014/09/16/9", - "http://www.securitytracker.com/id/1030864", - "http://www.ubuntu.com/usn/USN-2352-1", - "https://bugs.freedesktop.org/show_bug.cgi?id=80919", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3639", - "https://usn.ubuntu.com/usn/usn-2352-1" - ], - "PublishedDate": "2014-09-22T15:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2015-0245", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.10.24-13.el7_6", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-0245", - "Title": "dbus: denial of service in dbus systemd activation", - "Description": "D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds.", - "Severity": "LOW", - "CweIDs": [ - "CWE-362" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2015-0071.html", - "http://lists.opensuse.org/opensuse-updates/2015-02/msg00066.html", - "http://www.debian.org/security/2015/dsa-3161", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2015/02/09/6", - "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0245", - "https://usn.ubuntu.com/usn/usn-3116-1" - ], - "PublishedDate": "2015-02-13T15:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4484", - "PkgName": "dracut", - "InstalledVersion": "033-564.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4484", - "Title": "dracut: Brute force attack on LUKS password decryption via initramfs", - "Description": "The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 6.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 6.8 - } - }, - "References": [ - "http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html", - "http://www.openwall.com/lists/oss-security/2016/11/14/13", - "http://www.openwall.com/lists/oss-security/2016/11/15/1", - "http://www.openwall.com/lists/oss-security/2016/11/15/4", - "http://www.openwall.com/lists/oss-security/2016/11/16/6", - "http://www.securityfocus.com/bid/94315", - "https://access.redhat.com/articles/2786581", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4484", - "https://gitlab.com/cryptsetup/cryptsetup/commit/ef8a7d82d8d3716ae9b58179590f7908981fa0cb" - ], - "PublishedDate": "2017-01-23T21:59:00Z", - "LastModifiedDate": "2017-01-26T02:59:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10254", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10254", - "Title": "elfutils: Memory allocation failure in allocate_elf", - "Description": "The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/03/22/2", - "https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-allocate_elf-common-h/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10254", - "https://lists.fedorahosted.org/archives/list/elfutils-devel@lists.fedorahosted.org/message/EJWVY7TMRDEMWPAPNVU3V4MZYG5HANF2/", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-03-23T16:59:00Z", - "LastModifiedDate": "2018-06-07T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10255", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10255", - "Title": "elfutils: Memory allocation failure in __libelf_set_rawdata_wrlock (elf_getdata.c)", - "Description": "The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/03/22/1", - "https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-__libelf_set_rawdata_wrlock-elf_getdata-c/", - "https://bugzilla.redhat.com/show_bug.cgi?id=1387584", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10255", - "https://lists.fedorahosted.org/archives/list/elfutils-devel@lists.fedorahosted.org/thread/Q4LE47FPEVRZANMV6JE2NMHYO4H5MHGJ/", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-03-23T16:59:00Z", - "LastModifiedDate": "2018-06-07T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7607", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7607", - "Title": "elfutils: Heap-buffer overflow in the handle_gnu_hash function", - "Description": "The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "http://www.securityfocus.com/bid/98608", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7607", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7608", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7608", - "Title": "elfutils: Heap-buffer overflow in the ebl_object_note_type_name function", - "Description": "The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "http://www.securityfocus.com/bid/98609", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7608", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7609", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7609", - "Title": "elfutils: Memory allocation failure in elf_compress.c", - "Description": "elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7609", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2018-06-07T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7610", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7610", - "Title": "elfutils: Heap-buffer overflow in the check_group function", - "Description": "The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7610", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7611", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7611", - "Title": "elfutils: Heap-buffer overflow in the check_symtab_shndx function", - "Description": "The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7611", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7612", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7612", - "Title": "elfutils: Heap-buffer overflow in the check_sysv_hash function", - "Description": "The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7612", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7613", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7613", - "Title": "elfutils: elflint.c does not validate the number of sections and segments", - "Description": "elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7613", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-06-20T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10254", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10254", - "Title": "elfutils: Memory allocation failure in allocate_elf", - "Description": "The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/03/22/2", - "https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-allocate_elf-common-h/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10254", - "https://lists.fedorahosted.org/archives/list/elfutils-devel@lists.fedorahosted.org/message/EJWVY7TMRDEMWPAPNVU3V4MZYG5HANF2/", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-03-23T16:59:00Z", - "LastModifiedDate": "2018-06-07T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10255", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10255", - "Title": "elfutils: Memory allocation failure in __libelf_set_rawdata_wrlock (elf_getdata.c)", - "Description": "The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/03/22/1", - "https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-__libelf_set_rawdata_wrlock-elf_getdata-c/", - "https://bugzilla.redhat.com/show_bug.cgi?id=1387584", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10255", - "https://lists.fedorahosted.org/archives/list/elfutils-devel@lists.fedorahosted.org/thread/Q4LE47FPEVRZANMV6JE2NMHYO4H5MHGJ/", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-03-23T16:59:00Z", - "LastModifiedDate": "2018-06-07T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7607", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7607", - "Title": "elfutils: Heap-buffer overflow in the handle_gnu_hash function", - "Description": "The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "http://www.securityfocus.com/bid/98608", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7607", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7608", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7608", - "Title": "elfutils: Heap-buffer overflow in the ebl_object_note_type_name function", - "Description": "The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "http://www.securityfocus.com/bid/98609", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7608", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7609", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7609", - "Title": "elfutils: Memory allocation failure in elf_compress.c", - "Description": "elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7609", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2018-06-07T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7610", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7610", - "Title": "elfutils: Heap-buffer overflow in the check_group function", - "Description": "The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7610", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7611", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7611", - "Title": "elfutils: Heap-buffer overflow in the check_symtab_shndx function", - "Description": "The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7611", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7612", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7612", - "Title": "elfutils: Heap-buffer overflow in the check_sysv_hash function", - "Description": "The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7612", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7613", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7613", - "Title": "elfutils: elflint.c does not validate the number of sections and segments", - "Description": "elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7613", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-06-20T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10254", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10254", - "Title": "elfutils: Memory allocation failure in allocate_elf", - "Description": "The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/03/22/2", - "https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-allocate_elf-common-h/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10254", - "https://lists.fedorahosted.org/archives/list/elfutils-devel@lists.fedorahosted.org/message/EJWVY7TMRDEMWPAPNVU3V4MZYG5HANF2/", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-03-23T16:59:00Z", - "LastModifiedDate": "2018-06-07T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10255", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10255", - "Title": "elfutils: Memory allocation failure in __libelf_set_rawdata_wrlock (elf_getdata.c)", - "Description": "The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/03/22/1", - "https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-__libelf_set_rawdata_wrlock-elf_getdata-c/", - "https://bugzilla.redhat.com/show_bug.cgi?id=1387584", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10255", - "https://lists.fedorahosted.org/archives/list/elfutils-devel@lists.fedorahosted.org/thread/Q4LE47FPEVRZANMV6JE2NMHYO4H5MHGJ/", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-03-23T16:59:00Z", - "LastModifiedDate": "2018-06-07T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7607", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7607", - "Title": "elfutils: Heap-buffer overflow in the handle_gnu_hash function", - "Description": "The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "http://www.securityfocus.com/bid/98608", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7607", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7608", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7608", - "Title": "elfutils: Heap-buffer overflow in the ebl_object_note_type_name function", - "Description": "The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "http://www.securityfocus.com/bid/98609", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7608", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7609", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7609", - "Title": "elfutils: Memory allocation failure in elf_compress.c", - "Description": "elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7609", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2018-06-07T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7610", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7610", - "Title": "elfutils: Heap-buffer overflow in the check_group function", - "Description": "The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7610", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7611", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7611", - "Title": "elfutils: Heap-buffer overflow in the check_symtab_shndx function", - "Description": "The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7611", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7612", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7612", - "Title": "elfutils: Heap-buffer overflow in the check_sysv_hash function", - "Description": "The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7612", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7613", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7613", - "Title": "elfutils: elflint.c does not validate the number of sections and segments", - "Description": "elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7613", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-06-20T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2012-6702", - "PkgName": "expat", - "InstalledVersion": "2.1.0-10.el7_3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2012-6702", - "Title": "expat: Using XML_Parse before rand() results into non-random output", - "Description": "Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://seclists.org/oss-sec/2016/q2/468", - "http://www.debian.org/security/2016/dsa-3597", - "http://www.openwall.com/lists/oss-security/2016/06/03/8", - "http://www.openwall.com/lists/oss-security/2016/06/04/1", - "http://www.securityfocus.com/bid/91483", - "http://www.ubuntu.com/usn/USN-3010-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6702", - "https://security.gentoo.org/glsa/201701-21", - "https://source.android.com/security/bulletin/2016-11-01.html", - "https://usn.ubuntu.com/usn/usn-3010-1", - "https://usn.ubuntu.com/usn/usn-3013-1", - "https://www.tenable.com/security/tns-2016-20" - ], - "PublishedDate": "2016-06-16T18:59:00Z", - "LastModifiedDate": "2019-01-18T17:55:00Z" - }, - { - "VulnerabilityID": "CVE-2013-0340", - "PkgName": "expat", - "InstalledVersion": "2.1.0-10.el7_3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-0340", - "Title": "expat: internal entity expansion", - "Description": "expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2013/02/22/3", - "http://securitytracker.com/id?1028213", - "http://www.openwall.com/lists/oss-security/2013/04/12/6", - "http://www.osvdb.org/90634", - "http://www.securityfocus.com/bid/58233", - "https://security.gentoo.org/glsa/201701-21" - ], - "PublishedDate": "2014-01-21T18:55:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2716", - "PkgName": "expat", - "InstalledVersion": "2.1.0-10.el7_3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2716", - "Title": "Mozilla: Buffer overflow when parsing compressed XML (MFSA 2015-54)", - "Description": "Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-2716.html", - "http://linux.oracle.com/errata/ELSA-2015-1012.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html", - "http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html", - "http://rhn.redhat.com/errata/RHSA-2015-0988.html", - "http://rhn.redhat.com/errata/RHSA-2015-1012.html", - "http://www.debian.org/security/2015/dsa-3260", - "http://www.debian.org/security/2015/dsa-3264", - "http://www.mozilla.org/security/announce/2015/mfsa2015-54.html", - "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "http://www.securityfocus.com/bid/74611", - "http://www.ubuntu.com/usn/USN-2602-1", - "http://www.ubuntu.com/usn/USN-2603-1", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1140537", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2716", - "https://hg.mozilla.org/releases/mozilla-esr31/rev/2f3e78643f5c", - "https://security.gentoo.org/glsa/201605-06", - "https://usn.ubuntu.com/usn/usn-2602-1", - "https://usn.ubuntu.com/usn/usn-2603-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2015-54/", - "https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7", - "https://www.tenable.com/security/tns-2016-20" - ], - "PublishedDate": "2015-05-14T10:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4472", - "PkgName": "expat", - "InstalledVersion": "2.1.0-10.el7_3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4472", - "Title": "expat: Undefined behavior and pointer overflows", - "Description": "The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 5.1 - } - }, - "References": [ - "http://www.securityfocus.com/bid/91528", - "http://www.ubuntu.com/usn/USN-3013-1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1344251", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4472", - "https://security.gentoo.org/glsa/201701-21", - "https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde", - "https://usn.ubuntu.com/usn/usn-3013-1", - "https://www.tenable.com/security/tns-2016-20" - ], - "PublishedDate": "2016-06-30T17:59:00Z", - "LastModifiedDate": "2017-11-03T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-5300", - "PkgName": "expat", - "InstalledVersion": "2.1.0-10.el7_3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5300", - "Title": "expat: Little entropy used for hash initialization", - "Description": "The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 7.8, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://seclists.org/oss-sec/2016/q2/468", - "http://www.debian.org/security/2016/dsa-3597", - "http://www.openwall.com/lists/oss-security/2016/06/04/4", - "http://www.openwall.com/lists/oss-security/2016/06/04/5", - "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", - "http://www.securityfocus.com/bid/91159", - "http://www.ubuntu.com/usn/USN-3010-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5300", - "https://security.gentoo.org/glsa/201701-21", - "https://source.android.com/security/bulletin/2016-11-01.html", - "https://usn.ubuntu.com/usn/usn-3010-1", - "https://usn.ubuntu.com/usn/usn-3013-1", - "https://www.tenable.com/security/tns-2016-20" - ], - "PublishedDate": "2016-06-16T18:59:00Z", - "LastModifiedDate": "2019-01-23T12:59:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9233", - "PkgName": "expat", - "InstalledVersion": "2.1.0-10.el7_3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9233", - "Title": "expat: Inifinite loop due to invalid XML in external entity", - "Description": "XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-611", - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3898", - "http://www.openwall.com/lists/oss-security/2017/06/17/7", - "http://www.securityfocus.com/bid/99276", - "http://www.securitytracker.com/id/1039427", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9233", - "https://github.com/libexpat/libexpat/blob/master/expat/Changes", - "https://libexpat.github.io/doc/cve-2017-9233/", - "https://support.apple.com/HT208112", - "https://support.apple.com/HT208113", - "https://support.apple.com/HT208115", - "https://support.apple.com/HT208144", - "https://support.f5.com/csp/article/K03244804", - "https://usn.ubuntu.com/usn/usn-3356-1", - "https://usn.ubuntu.com/usn/usn-3356-2" - ], - "PublishedDate": "2017-07-25T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20843", - "PkgName": "expat", - "InstalledVersion": "2.1.0-10.el7_3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20843", - "Title": "expat: large number of colons in input makes parser consume high amount of resources, leading to DoS", - "Description": "In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-611" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 7.8, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931031", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20843", - "https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes", - "https://github.com/libexpat/libexpat/issues/186", - "https://github.com/libexpat/libexpat/pull/262", - "https://github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00028.html", - "https://seclists.org/bugtraq/2019/Jun/39", - "https://security.netapp.com/advisory/ntap-20190703-0001/", - "https://usn.ubuntu.com/4040-1/", - "https://usn.ubuntu.com/4040-2/", - "https://usn.ubuntu.com/usn/usn-4040-1", - "https://usn.ubuntu.com/usn/usn-4040-2", - "https://www.debian.org/security/2019/dsa-4472" - ], - "PublishedDate": "2019-06-24T17:15:00Z", - "LastModifiedDate": "2019-06-26T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9063", - "PkgName": "expat", - "InstalledVersion": "2.1.0-10.el7_3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9063", - "Title": "firefox: Possible integer overflow to fix inside XML_Parse in Expat", - "Description": "An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox \u003c 50.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V2Score": 4.3, - "V3Score": 3.1 - } - }, - "References": [ - "http://www.securityfocus.com/bid/94337", - "http://www.securitytracker.com/id/1037298", - "http://www.securitytracker.com/id/1039427", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1274777", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063", - "https://usn.ubuntu.com/usn/usn-3124-1", - "https://www.debian.org/security/2017/dsa-3898", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9063", - "https://www.mozilla.org/security/advisories/mfsa2016-89/" - ], - "PublishedDate": "2018-06-11T21:29:00Z", - "LastModifiedDate": "2018-07-30T18:31:00Z" - }, - { - "VulnerabilityID": "CVE-2019-15903", - "PkgName": "expat", - "InstalledVersion": "2.1.0-10.el7_3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-15903", - "Title": "expat: heap-based buffer over-read via crafted XML input", - "Description": "In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.", - "Severity": "LOW", - "CweIDs": [ - "CWE-611" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-15903.html", - "http://linux.oracle.com/errata/ELSA-2019-3237.html", - "http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903", - "https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43", - "https://github.com/libexpat/libexpat/issues/317", - "https://github.com/libexpat/libexpat/issues/342", - "https://github.com/libexpat/libexpat/pull/318", - "https://seclists.org/bugtraq/2019/Sep/30", - "https://usn.ubuntu.com/4132-1/", - "https://usn.ubuntu.com/4132-2/", - "https://usn.ubuntu.com/usn/usn-4132-1", - "https://usn.ubuntu.com/usn/usn-4132-2", - "https://usn.ubuntu.com/usn/usn-4165-1", - "https://usn.ubuntu.com/usn/usn-4202-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-15903" - ], - "PublishedDate": "2019-09-04T06:15:00Z", - "LastModifiedDate": "2019-09-12T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9620", - "PkgName": "file-libs", - "InstalledVersion": "5.11-35.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9620", - "Title": "file: limit the number of ELF notes processed", - "Description": "The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2015-0040.html", - "http://linux.oracle.com/cve/CVE-2014-9620.html", - "http://linux.oracle.com/errata/ELSA-2016-0760.html", - "http://mx.gw.com/pipermail/file/2014/001653.html", - "http://mx.gw.com/pipermail/file/2015/001660.html", - "http://rhn.redhat.com/errata/RHSA-2016-0760.html", - "http://www.debian.org/security/2015/dsa-3121", - "http://www.openwall.com/lists/oss-security/2015/01/17/9", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/71715", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9620", - "https://github.com/file/file/commit/ce90e05774dd77d86cfc8dfa6da57b32816841c4", - "https://security.gentoo.org/glsa/201503-08", - "https://usn.ubuntu.com/3686-1/", - "https://usn.ubuntu.com/usn/usn-3686-1" - ], - "PublishedDate": "2015-01-21T18:59:00Z", - "LastModifiedDate": "2018-06-16T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8865", - "PkgName": "file-libs", - "InstalledVersion": "5.11-35.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8865", - "Title": "file: Buffer over-write in finfo_open with malformed magic file", - "Description": "The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 7.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 5.1, - "V3Score": 5.6 - } - }, - "References": [ - "http://bugs.gw.com/view.php?id=522", - "http://git.php.net/?p=php-src.git;a=commit;h=fe13566c93f118a15a96320a546c7878fd0cfc5e", - "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://www.debian.org/security/2016/dsa-3560", - "http://www.openwall.com/lists/oss-security/2016/04/11/7", - "http://www.openwall.com/lists/oss-security/2016/04/24/1", - "http://www.php.net/ChangeLog-5.php", - "http://www.php.net/ChangeLog-7.php", - "http://www.securityfocus.com/bid/85802", - "http://www.ubuntu.com/usn/USN-2952-1", - "http://www.ubuntu.com/usn/USN-2952-2", - "https://bugs.php.net/bug.php?id=71527", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8865", - "https://github.com/file/file/commit/6713ca45e7757297381f4b4cdb9cf5e624a9ad36", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201611-22", - "https://security.gentoo.org/glsa/201701-42", - "https://support.apple.com/HT206567", - "https://usn.ubuntu.com/3686-1/", - "https://usn.ubuntu.com/3686-2/", - "https://usn.ubuntu.com/usn/usn-2952-1", - "https://usn.ubuntu.com/usn/usn-2984-1", - "https://usn.ubuntu.com/usn/usn-3686-1", - "https://usn.ubuntu.com/usn/usn-3686-2" - ], - "PublishedDate": "2016-05-20T10:59:00Z", - "LastModifiedDate": "2018-06-30T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-10360", - "PkgName": "file-libs", - "InstalledVersion": "5.11-35.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-10360", - "Title": "file: out-of-bounds read via a crafted ELF file", - "Description": "The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10360", - "https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22", - "https://security.gentoo.org/glsa/201806-08", - "https://usn.ubuntu.com/3686-1/", - "https://usn.ubuntu.com/3686-2/", - "https://usn.ubuntu.com/usn/usn-3686-1", - "https://usn.ubuntu.com/usn/usn-3686-2" - ], - "PublishedDate": "2018-06-11T10:29:00Z", - "LastModifiedDate": "2019-05-02T14:40:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010180", - "PkgName": "gdb-gdbserver", - "InstalledVersion": "7.6.1-115.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010180", - "Title": "gdb: buffer overflow while opening an ELF for debugging leads to Dos, information dislosure and code execution", - "Description": "GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L", - "V3Score": 6.1 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/109367", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010180", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23657" - ], - "PublishedDate": "2019-07-24T13:15:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2226", - "PkgName": "gdb-gdbserver", - "InstalledVersion": "7.6.1-115.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2226", - "Title": "gcc: Exploitable buffer overflow", - "Description": "Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190", - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V2Score": 6.8, - "V3Score": 3.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90103", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1", - "https://www.exploit-db.com/exploits/42386/" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-08-12T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4487", - "PkgName": "gdb-gdbserver", - "InstalledVersion": "7.6.1-115.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4487", - "Title": "gcc: Invalid write due to a use-after-free to array btypevec", - "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"btypevec.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90025", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", - "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4488", - "PkgName": "gdb-gdbserver", - "InstalledVersion": "7.6.1-115.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4488", - "Title": "gcc: Invalid write due to a use-after-free to array ktypevec", - "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"ktypevec.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 5.1, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90025", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", - "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4489", - "PkgName": "gdb-gdbserver", - "InstalledVersion": "7.6.1-115.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4489", - "Title": "gcc: Invalid write due to integer overflow", - "Description": "Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the \"demangling of virtual tables.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90017", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4490", - "PkgName": "gdb-gdbserver", - "InstalledVersion": "7.6.1-115.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4490", - "Title": "gcc: Write access violation", - "Description": "Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90019", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4491", - "PkgName": "gdb-gdbserver", - "InstalledVersion": "7.6.1-115.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4491", - "Title": "gcc: Stack overflow due to infinite recursion in d_print_comp", - "Description": "The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90016", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4492", - "PkgName": "gdb-gdbserver", - "InstalledVersion": "7.6.1-115.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4492", - "Title": "gcc: Read access violations", - "Description": "Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 4.4 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90014", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4493", - "PkgName": "gdb-gdbserver", - "InstalledVersion": "7.6.1-115.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4493", - "Title": "gcc: Read access violations", - "Description": "The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90014", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9778", - "PkgName": "gdb-gdbserver", - "InstalledVersion": "7.6.1-115.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9778", - "Title": "gdb: Malformed section in an ELF binary or a core file can cause memory exhaustion", - "Description": "GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20", - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99244", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9778", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21600" - ], - "PublishedDate": "2017-06-21T07:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20657", - "PkgName": "gdb-gdbserver", - "InstalledVersion": "7.6.1-115.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20657", - "Title": "libiberty: Memory leak in demangle_template function resulting in a denial of service", - "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-20657.html", - "http://linux.oracle.com/errata/ELSA-2019-3352.html", - "http://www.securityfocus.com/bid/106444", - "https://access.redhat.com/errata/RHSA-2019:3352", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539", - "https://support.f5.com/csp/article/K62602089" - ], - "PublishedDate": "2019-01-02T14:29:00Z", - "LastModifiedDate": "2019-11-06T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8385", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8385", - "Title": "pcre: buffer overflow caused by named forward reference to duplicate group number (8.38/30)", - "Description": "PCRE before 8.38 mishandles the /(?|(\\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-8385.html", - "http://linux.oracle.com/errata/ELSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/85572", - "https://access.redhat.com/errata/RHSA-2016:1132", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8385", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2019-12-27T16:08:00Z" - }, - { - "VulnerabilityID": "CVE-2016-3191", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-3191", - "Title": "pcre: workspace overflow for (*ACCEPT) with deeply nested parentheses (8.39/13, 10.22/12)", - "Description": "The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-3191.html", - "http://linux.oracle.com/errata/ELSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-1025.html", - "http://vcs.pcre.org/pcre2?view=revision\u0026revision=489", - "http://vcs.pcre.org/pcre?view=revision\u0026revision=1631", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/84810", - "https://access.redhat.com/errata/RHSA-2016:1132", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://bugs.debian.org/815920", - "https://bugs.debian.org/815921", - "https://bugs.exim.org/show_bug.cgi?id=1791", - "https://bugzilla.redhat.com/show_bug.cgi?id=1311503", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3191", - "https://usn.ubuntu.com/usn/usn-2943-1", - "https://www.tenable.com/security/tns-2016-18" - ], - "PublishedDate": "2016-03-17T23:59:00Z", - "LastModifiedDate": "2018-01-05T02:30:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2327", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2327", - "Title": "pcre: infinite recursion compiling pattern with zero-repeated groups that include recursive back reference (8.36/19)", - "Description": "PCRE before 8.36 mishandles the /(((a\\2)|(a*)\\g\u003c-1\u003e))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.fortiguard.com/advisory/FG-VD-15-010/", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/74924", - "https://bugs.exim.org/show_bug.cgi?id=1503", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2327", - "https://jira.mongodb.org/browse/SERVER-17252", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2018-01-05T02:30:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2328", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2328", - "Title": "pcre: infinite recursion compiling pattern with recursive reference in a group with indefinite repeat (8.36/20)", - "Description": "PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-2328.html", - "http://linux.oracle.com/errata/ELSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "http://www.fortiguard.com/advisory/FG-VD-15-014/", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/74924", - "https://bugs.exim.org/show_bug.cgi?id=1515", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2328", - "https://jira.mongodb.org/browse/SERVER-17252", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2019-12-27T16:08:00Z" - }, - { - "VulnerabilityID": "CVE-2015-3217", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-3217", - "Title": "pcre: stack overflow caused by mishandled group empty match (8.38/11)", - "Description": "PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\\\.|([^\\\\\\\\W_])?)+)+$/.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-3217.html", - "http://linux.oracle.com/errata/ELSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://vcs.pcre.org/pcre?view=revision\u0026revision=1566", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "http://www.openwall.com/lists/oss-security/2015/06/03/7", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/75018", - "https://access.redhat.com/errata/RHSA-2016:1132", - "https://bugs.exim.org/show_bug.cgi?id=1638", - "https://bugzilla.redhat.com/show_bug.cgi?id=1228283", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3217" - ], - "PublishedDate": "2016-12-13T16:59:00Z", - "LastModifiedDate": "2018-05-18T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5073", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5073", - "Title": "CVE-2015-8388 pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18)", - "Description": "Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119", - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-5073.html", - "http://linux.oracle.com/errata/ELSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?revision=1609\u0026view=markup", - "http://vcs.pcre.org/pcre?view=revision\u0026revision=1571", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "http://www.openwall.com/lists/oss-security/2015/06/26/1", - "http://www.openwall.com/lists/oss-security/2015/06/26/3", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/75430", - "http://www.securitytracker.com/id/1033154", - "https://access.redhat.com/errata/RHSA-2016:1132", - "https://bugs.exim.org/show_bug.cgi?id=1651", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5073", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2694-1", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2016-12-13T16:59:00Z", - "LastModifiedDate": "2018-05-18T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8387", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8387", - "Title": "pcre: Integer overflow in subroutine calls (8.38/8)", - "Description": "PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-189" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/82990", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8387", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8388", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8388", - "Title": "CVE-2015-5073 CVE-2015-8388 pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18)", - "Description": "PCRE before 8.38 mishandles the /(?=di(?\u003c=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119", - "CWE-185" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-8388.html", - "http://linux.oracle.com/errata/ELSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/85576", - "https://access.redhat.com/errata/RHSA-2016:1132", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8388", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2019-12-27T16:08:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8390", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8390", - "Title": "pcre: uninitialized memory read triggered by malformed posix character class (8.38/22)", - "Description": "PCRE before 8.38 mishandles the [: and \\\\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/82990", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8390", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8391", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8391", - "Title": "pcre: inefficient posix character class syntax check (8.38/16)", - "Description": "The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:C", - "V2Score": 9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-8391.html", - "http://linux.oracle.com/errata/ELSA-2016-1025.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://rhn.redhat.com/errata/RHSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/82990", - "https://access.redhat.com/errata/RHSA-2016:1132", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8391", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2018-01-05T02:30:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8394", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8394", - "Title": "pcre: Integer overflow caused by missing check for certain conditions (8.38/31)", - "Description": "PCRE before 8.38 mishandles the (?(\u003cdigits\u003e) and (?(R\u003cdigits\u003e) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-189" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/82990", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8394", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-12450", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12450", - "Title": "glib2: file_copy_fallback in gio/gfile.c in GNOME GLib does not properly restrict file permissions while a copy operation is in progress", - "Description": "file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-275" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", - "V3Score": 6.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-12450.html", - "http://linux.oracle.com/errata/ELSA-2019-3530.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12450", - "https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00013.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2W4WIOAGO3M743M5KZLVQZM3NGHQDYLI/", - "https://security.netapp.com/advisory/ntap-20190606-0003/", - "https://usn.ubuntu.com/4014-1/", - "https://usn.ubuntu.com/4014-2/", - "https://usn.ubuntu.com/usn/usn-4014-1", - "https://usn.ubuntu.com/usn/usn-4014-2" - ], - "PublishedDate": "2019-05-29T17:29:00Z", - "LastModifiedDate": "2019-06-11T14:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9633", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9633", - "Title": "glib: g_socket_client_connected_callback in gio/gsocketclient.c allows to cause denial of service", - "Description": "gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mishandling and application crash) via a crafted web site, as demonstrated by GNOME Web (aka Epiphany).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", - "V3Score": 8.2 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107391", - "https://gitlab.gnome.org/GNOME/glib/issues/1649" - ], - "PublishedDate": "2019-03-08T08:29:00Z", - "LastModifiedDate": "2019-03-14T18:16:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8386", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8386", - "Title": "pcre: Buffer overflow caused by lookbehind assertion (8.38/6)", - "Description": "PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-8386.html", - "http://linux.oracle.com/errata/ELSA-2016-1025.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://rhn.redhat.com/errata/RHSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/82990", - "https://access.redhat.com/errata/RHSA-2016:1132", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8386", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2019-12-27T16:08:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11164", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11164", - "Title": "pcre: OP_KETRMAX feature in the match function in pcre_exec.c", - "Description": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.", - "Severity": "LOW", - "CweIDs": [ - "CWE-674" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 7.8, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2017/07/11/3", - "http://www.securityfocus.com/bid/99575", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164" - ], - "PublishedDate": "2017-07-11T03:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7244", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7244", - "Title": "pcre: invalid memory read in _pcre32_xclass (pcre_xclass.c)", - "Description": "The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97067", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7244", - "https://security.gentoo.org/glsa/201710-25" - ], - "PublishedDate": "2017-03-23T21:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7245", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7245", - "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", - "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97067", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7245", - "https://security.gentoo.org/glsa/201710-25" - ], - "PublishedDate": "2017-03-23T21:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7246", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7246", - "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", - "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97067", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7246", - "https://security.gentoo.org/glsa/201710-25" - ], - "PublishedDate": "2017-03-23T21:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16428", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16428", - "Title": "glib2: NULL pointer dereference in g_markup_parse_context_end_parse() function in gmarkup.c", - "Description": "In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 5.1 - } - }, - "References": [ - "http://www.securityfocus.com/bid/105210", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16428", - "https://gitlab.gnome.org/GNOME/glib/commit/fccef3cc822af74699cca84cd202719ae61ca3b9", - "https://gitlab.gnome.org/GNOME/glib/issues/1364", - "https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html", - "https://usn.ubuntu.com/3767-1/", - "https://usn.ubuntu.com/3767-2/", - "https://usn.ubuntu.com/usn/usn-3767-1", - "https://usn.ubuntu.com/usn/usn-3767-2" - ], - "PublishedDate": "2018-09-04T00:29:00Z", - "LastModifiedDate": "2019-07-31T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16429", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16429", - "Title": "glib2: Out-of-bounds read in g_markup_parse_context_parse() in gmarkup.c", - "Description": "GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str().", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16429", - "https://gitlab.gnome.org/GNOME/glib/commit/cec71705406f0b2790422f0c1aa0ff3b4b464b1b", - "https://gitlab.gnome.org/GNOME/glib/issues/1361", - "https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html", - "https://usn.ubuntu.com/3767-1/", - "https://usn.ubuntu.com/3767-2/", - "https://usn.ubuntu.com/usn/usn-3767-1", - "https://usn.ubuntu.com/usn/usn-3767-2" - ], - "PublishedDate": "2018-09-04T00:29:00Z", - "LastModifiedDate": "2019-07-31T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13012", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13012", - "Title": "glib2: insecure permissions for files and directories", - "Description": "The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb-\u003edir, NULL, NULL) and files using g_file_replace_contents (kfsb-\u003efile, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450.", - "Severity": "LOW", - "CweIDs": [ - "CWE-275" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00022.html", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931234#12", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13012", - "https://gitlab.gnome.org/GNOME/glib/commit/5e4da714f00f6bfb2ccd6d73d61329c6f3a08429", - "https://gitlab.gnome.org/GNOME/glib/issues/1658", - "https://gitlab.gnome.org/GNOME/glib/merge_requests/450", - "https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html", - "https://lists.debian.org/debian-lts-announce/2019/08/msg00004.html", - "https://security.netapp.com/advisory/ntap-20190806-0003/", - "https://usn.ubuntu.com/4049-1/", - "https://usn.ubuntu.com/4049-2/", - "https://usn.ubuntu.com/usn/usn-4049-1", - "https://usn.ubuntu.com/usn/usn-4049-2", - "https://usn.ubuntu.com/usn/usn-4049-3", - "https://usn.ubuntu.com/usn/usn-4049-4" - ], - "PublishedDate": "2019-06-28T15:15:00Z", - "LastModifiedDate": "2019-07-29T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2009-5155", - "PkgName": "glibc", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2009-5155", - "Title": "glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result", - "Description": "In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5155", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=11053", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18986", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672", - "https://support.f5.com/csp/article/K64119434" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-03-25T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8983", - "PkgName": "glibc", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8983", - "Title": "glibc: _IO_wstr_overflow integer overflow", - "Description": "Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 4.4 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2015/02/22/15", - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/72740", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8983", - "https://sourceware.org/bugzilla/show_bug.cgi?id=17269", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bdf1ff052a8e23d637f2c838fa5642d78fcedc33", - "https://usn.ubuntu.com/usn/usn-3239-1", - "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html" - ], - "PublishedDate": "2017-03-20T16:59:00Z", - "LastModifiedDate": "2017-03-22T19:12:00Z" - }, - { - "VulnerabilityID": "CVE-2016-1234", - "PkgName": "glibc", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1234", - "Title": "glibc: Stack-based buffer overflow in glob with GLOB_ALTDIRFUNC and crafted directory", - "Description": "Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 4.6, - "V3Score": 4.8 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html", - "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html", - "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html", - "http://www.openwall.com/lists/oss-security/2016/03/07/16", - "http://www.securityfocus.com/bid/84204", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1234", - "https://security.gentoo.org/glsa/201702-11", - "https://sourceware.org/bugzilla/show_bug.cgi?id=19779", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5171f3079f2cc53e0548fc4967361f4d1ce9d7ea", - "https://usn.ubuntu.com/usn/usn-3239-1" - ], - "PublishedDate": "2016-06-01T20:59:00Z", - "LastModifiedDate": "2019-05-31T18:16:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8804", - "PkgName": "glibc", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8804", - "Title": "glibc: memory leak in sunrpc when decoding malformed XDR", - "Description": "The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-502" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 7.8, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/05/05/2", - "http://www.securityfocus.com/bid/98339", - "https://bugzilla.suse.com/show_bug.cgi?id=1037559#c7", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21461", - "https://sourceware.org/ml/libc-alpha/2017-05/msg00105.html" - ], - "PublishedDate": "2017-05-07T18:29:00Z", - "LastModifiedDate": "2017-05-16T01:34:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010022", - "PkgName": "glibc", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010022", - "Title": "glibc: stack guard protection bypass", - "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850" - ], - "PublishedDate": "2019-07-15T04:15:00Z", - "LastModifiedDate": "2019-07-18T15:44:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9169", - "PkgName": "glibc", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9169", - "Title": "glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24114", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9", - "https://support.f5.com/csp/article/K54823184" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-04-16T05:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-4043", - "PkgName": "glibc", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-4043", - "Title": "glibc: posix_spawn_file_actions_addopen fails to copy the path argument", - "Description": "The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.", - "Severity": "LOW", - "CweIDs": [ - "CWE-94" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:S/C:P/I:N/A:N", - "V2Score": 1 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00012.html", - "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", - "http://seclists.org/fulldisclosure/2019/Jun/18", - "http://www.mandriva.com/security/advisories?name=MDVSA-2014:152", - "http://www.openwall.com/lists/oss-security/2014/06/13/2", - "http://www.securityfocus.com/bid/68006", - "https://bugzilla.redhat.com/show_bug.cgi?id=1109263", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/93784", - "https://seclists.org/bugtraq/2019/Jun/14", - "https://security.gentoo.org/glsa/201503-04", - "https://sourceware.org/bugzilla/show_bug.cgi?id=17048", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=ChangeLog;h=3020b9ac232315df362521aeaf85f21cb9926db8;hp=d86e73963dd9fb5e21b1a28326630337226812aa;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=posix/spawn_faction_addopen.c;h=40800b8e6e81341501c0fb8a91009529e2048dec;hp=47f62425b696a4fdd511b2a057746322eb6518db;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=89e435f3559c53084498e9baad22172b64429362", - "https://usn.ubuntu.com/usn/usn-2306-1" - ], - "PublishedDate": "2014-10-06T23:55:00Z", - "LastModifiedDate": "2019-06-13T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8982", - "PkgName": "glibc", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8982", - "Title": "glibc: multiple overflows in strxfrm()", - "Description": "Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:N", - "V2Score": 2.6 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2015/09/08/2", - "http://www.openwall.com/lists/oss-security/2015/02/13/3", - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/72602", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8982", - "https://sourceware.org/bugzilla/show_bug.cgi?id=16009", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=0f9e585480ed", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0f9e585480ed", - "https://usn.ubuntu.com/usn/usn-3239-1" - ], - "PublishedDate": "2017-03-15T19:59:00Z", - "LastModifiedDate": "2017-03-17T12:26:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8984", - "PkgName": "glibc", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8984", - "Title": "glibc: potential denial of service in internal_fnmatch()", - "Description": "The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 1.2 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2015/02/26/5", - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/72789", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8984", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18032", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a28f4d55a6cc33474c0792fe93b5942d81bf185", - "https://usn.ubuntu.com/usn/usn-3239-1", - "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html" - ], - "PublishedDate": "2017-03-20T16:59:00Z", - "LastModifiedDate": "2017-03-22T19:12:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8985", - "PkgName": "glibc", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8985", - "Title": "glibc: potential denial of service in pop_fail_stack()", - "Description": "The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.", - "Severity": "LOW", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/76916", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8985", - "https://security.gentoo.org/glsa/201908-06" - ], - "PublishedDate": "2017-03-20T16:59:00Z", - "LastModifiedDate": "2019-08-15T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10228", - "PkgName": "glibc", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228", - "Title": "glibc: iconv program can hang when invoked with the -c option", - "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2017/03/01/10", - "http://www.securityfocus.com/bid/96525", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228", - "https://sourceware.org/bugzilla/show_bug.cgi?id=19519" - ], - "PublishedDate": "2017-03-02T01:59:00Z", - "LastModifiedDate": "2017-03-04T02:59:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4429", - "PkgName": "glibc", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4429", - "Title": "glibc: libtirpc: stack (frame) overflow in Sun RPC clntudp_call()", - "Description": "Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html", - "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html", - "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "http://www.securityfocus.com/bid/102073", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4429", - "https://source.android.com/security/bulletin/2017-12-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20112", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bc779a1a5b3035133024b21e2f339fe4219fb11c", - "https://usn.ubuntu.com/3759-1/", - "https://usn.ubuntu.com/3759-2/", - "https://usn.ubuntu.com/usn/usn-3239-1", - "https://usn.ubuntu.com/usn/usn-3759-1", - "https://usn.ubuntu.com/usn/usn-3759-2" - ], - "PublishedDate": "2016-06-10T15:59:00Z", - "LastModifiedDate": "2019-03-22T17:32:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15671", - "PkgName": "glibc", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15671", - "Title": "glibc: Memory leak in glob with GLOB_TILDE", - "Description": "The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101517", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15671", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22325" - ], - "PublishedDate": "2017-10-20T17:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010023", - "PkgName": "glibc", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010023", - "Title": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", - "Description": "GNU Libc current is affected by: Re-mapping current loaded libray with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://www.securityfocus.com/bid/109167", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", - "https://support.f5.com/csp/article/K11932200?utm_source=f5support\u0026amp;utm_medium=RSS" - ], - "PublishedDate": "2019-07-15T04:15:00Z", - "LastModifiedDate": "2019-10-09T20:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19126", - "PkgName": "glibc", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19126", - "Title": "glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries", - "Description": "On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 2.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 2.9 - } - }, - "References": [ - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFJ5E7NWOL6ROE5QVICHKIOUGCPFJVUH/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=25204" - ], - "PublishedDate": "2019-11-19T22:15:00Z", - "LastModifiedDate": "2020-01-21T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2009-5155", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2009-5155", - "Title": "glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result", - "Description": "In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5155", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=11053", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18986", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672", - "https://support.f5.com/csp/article/K64119434" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-03-25T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8983", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8983", - "Title": "glibc: _IO_wstr_overflow integer overflow", - "Description": "Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 4.4 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2015/02/22/15", - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/72740", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8983", - "https://sourceware.org/bugzilla/show_bug.cgi?id=17269", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bdf1ff052a8e23d637f2c838fa5642d78fcedc33", - "https://usn.ubuntu.com/usn/usn-3239-1", - "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html" - ], - "PublishedDate": "2017-03-20T16:59:00Z", - "LastModifiedDate": "2017-03-22T19:12:00Z" - }, - { - "VulnerabilityID": "CVE-2016-1234", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1234", - "Title": "glibc: Stack-based buffer overflow in glob with GLOB_ALTDIRFUNC and crafted directory", - "Description": "Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 4.6, - "V3Score": 4.8 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html", - "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html", - "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html", - "http://www.openwall.com/lists/oss-security/2016/03/07/16", - "http://www.securityfocus.com/bid/84204", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1234", - "https://security.gentoo.org/glsa/201702-11", - "https://sourceware.org/bugzilla/show_bug.cgi?id=19779", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5171f3079f2cc53e0548fc4967361f4d1ce9d7ea", - "https://usn.ubuntu.com/usn/usn-3239-1" - ], - "PublishedDate": "2016-06-01T20:59:00Z", - "LastModifiedDate": "2019-05-31T18:16:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8804", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8804", - "Title": "glibc: memory leak in sunrpc when decoding malformed XDR", - "Description": "The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-502" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 7.8, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/05/05/2", - "http://www.securityfocus.com/bid/98339", - "https://bugzilla.suse.com/show_bug.cgi?id=1037559#c7", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21461", - "https://sourceware.org/ml/libc-alpha/2017-05/msg00105.html" - ], - "PublishedDate": "2017-05-07T18:29:00Z", - "LastModifiedDate": "2017-05-16T01:34:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010022", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010022", - "Title": "glibc: stack guard protection bypass", - "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850" - ], - "PublishedDate": "2019-07-15T04:15:00Z", - "LastModifiedDate": "2019-07-18T15:44:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9169", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9169", - "Title": "glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24114", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9", - "https://support.f5.com/csp/article/K54823184" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-04-16T05:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-4043", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-4043", - "Title": "glibc: posix_spawn_file_actions_addopen fails to copy the path argument", - "Description": "The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.", - "Severity": "LOW", - "CweIDs": [ - "CWE-94" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:S/C:P/I:N/A:N", - "V2Score": 1 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00012.html", - "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", - "http://seclists.org/fulldisclosure/2019/Jun/18", - "http://www.mandriva.com/security/advisories?name=MDVSA-2014:152", - "http://www.openwall.com/lists/oss-security/2014/06/13/2", - "http://www.securityfocus.com/bid/68006", - "https://bugzilla.redhat.com/show_bug.cgi?id=1109263", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/93784", - "https://seclists.org/bugtraq/2019/Jun/14", - "https://security.gentoo.org/glsa/201503-04", - "https://sourceware.org/bugzilla/show_bug.cgi?id=17048", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=ChangeLog;h=3020b9ac232315df362521aeaf85f21cb9926db8;hp=d86e73963dd9fb5e21b1a28326630337226812aa;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=posix/spawn_faction_addopen.c;h=40800b8e6e81341501c0fb8a91009529e2048dec;hp=47f62425b696a4fdd511b2a057746322eb6518db;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=89e435f3559c53084498e9baad22172b64429362", - "https://usn.ubuntu.com/usn/usn-2306-1" - ], - "PublishedDate": "2014-10-06T23:55:00Z", - "LastModifiedDate": "2019-06-13T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8982", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8982", - "Title": "glibc: multiple overflows in strxfrm()", - "Description": "Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:N", - "V2Score": 2.6 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2015/09/08/2", - "http://www.openwall.com/lists/oss-security/2015/02/13/3", - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/72602", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8982", - "https://sourceware.org/bugzilla/show_bug.cgi?id=16009", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=0f9e585480ed", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0f9e585480ed", - "https://usn.ubuntu.com/usn/usn-3239-1" - ], - "PublishedDate": "2017-03-15T19:59:00Z", - "LastModifiedDate": "2017-03-17T12:26:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8984", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8984", - "Title": "glibc: potential denial of service in internal_fnmatch()", - "Description": "The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 1.2 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2015/02/26/5", - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/72789", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8984", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18032", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a28f4d55a6cc33474c0792fe93b5942d81bf185", - "https://usn.ubuntu.com/usn/usn-3239-1", - "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html" - ], - "PublishedDate": "2017-03-20T16:59:00Z", - "LastModifiedDate": "2017-03-22T19:12:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8985", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8985", - "Title": "glibc: potential denial of service in pop_fail_stack()", - "Description": "The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.", - "Severity": "LOW", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/76916", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8985", - "https://security.gentoo.org/glsa/201908-06" - ], - "PublishedDate": "2017-03-20T16:59:00Z", - "LastModifiedDate": "2019-08-15T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10228", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228", - "Title": "glibc: iconv program can hang when invoked with the -c option", - "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2017/03/01/10", - "http://www.securityfocus.com/bid/96525", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228", - "https://sourceware.org/bugzilla/show_bug.cgi?id=19519" - ], - "PublishedDate": "2017-03-02T01:59:00Z", - "LastModifiedDate": "2017-03-04T02:59:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4429", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4429", - "Title": "glibc: libtirpc: stack (frame) overflow in Sun RPC clntudp_call()", - "Description": "Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html", - "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html", - "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "http://www.securityfocus.com/bid/102073", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4429", - "https://source.android.com/security/bulletin/2017-12-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20112", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bc779a1a5b3035133024b21e2f339fe4219fb11c", - "https://usn.ubuntu.com/3759-1/", - "https://usn.ubuntu.com/3759-2/", - "https://usn.ubuntu.com/usn/usn-3239-1", - "https://usn.ubuntu.com/usn/usn-3759-1", - "https://usn.ubuntu.com/usn/usn-3759-2" - ], - "PublishedDate": "2016-06-10T15:59:00Z", - "LastModifiedDate": "2019-03-22T17:32:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15671", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15671", - "Title": "glibc: Memory leak in glob with GLOB_TILDE", - "Description": "The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101517", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15671", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22325" - ], - "PublishedDate": "2017-10-20T17:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010023", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010023", - "Title": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", - "Description": "GNU Libc current is affected by: Re-mapping current loaded libray with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://www.securityfocus.com/bid/109167", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", - "https://support.f5.com/csp/article/K11932200?utm_source=f5support\u0026amp;utm_medium=RSS" - ], - "PublishedDate": "2019-07-15T04:15:00Z", - "LastModifiedDate": "2019-10-09T20:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19126", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19126", - "Title": "glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries", - "Description": "On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 2.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 2.9 - } - }, - "References": [ - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFJ5E7NWOL6ROE5QVICHKIOUGCPFJVUH/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=25204" - ], - "PublishedDate": "2019-11-19T22:15:00Z", - "LastModifiedDate": "2020-01-21T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2014-4617", - "PkgName": "gnupg2", - "InstalledVersion": "2.0.22-5.el7_5", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-4617", - "Title": "gnupg: infinite loop when decompressing data packets", - "Description": "The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=014b2103fcb12f261135e3954f26e9e07b39e342", - "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=11fdfcf82bd8d2b5bc38292a29876e10770f4b0a", - "http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html", - "http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html", - "http://lists.opensuse.org/opensuse-updates/2014-07/msg00010.html", - "http://secunia.com/advisories/59213", - "http://secunia.com/advisories/59351", - "http://secunia.com/advisories/59534", - "http://secunia.com/advisories/59578", - "http://www.debian.org/security/2014/dsa-2967", - "http://www.debian.org/security/2014/dsa-2968", - "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", - "http://www.ubuntu.com/usn/USN-2258-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4617", - "https://usn.ubuntu.com/usn/usn-2258-1" - ], - "PublishedDate": "2014-06-25T11:19:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13050", - "PkgName": "gnupg2", - "InstalledVersion": "2.0.22-5.el7_5", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13050", - "Title": "GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack which leads to persistent DoS", - "Description": "Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-297" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "https://access.redhat.com/articles/4264021", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13050", - "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f", - "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html", - "https://twitter.com/lambdafu/status/1147162583969009664" - ], - "PublishedDate": "2019-06-29T17:15:00Z", - "LastModifiedDate": "2019-07-09T20:15:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3591", - "PkgName": "gnupg2", - "InstalledVersion": "2.0.22-5.el7_5", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3591", - "Title": "libgcrypt: use ciphertext blinding for Elgamal decryption (new side-channel attack)", - "Description": "Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 1.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 1.2 - } - }, - "References": [ - "http://www.cs.tau.ac.il/~tromer/radioexp/", - "http://www.debian.org/security/2015/dsa-3184", - "http://www.debian.org/security/2015/dsa-3185", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3591", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html", - "https://usn.ubuntu.com/usn/usn-2554-1", - "https://usn.ubuntu.com/usn/usn-2555-1" - ], - "PublishedDate": "2019-11-29T22:15:00Z", - "LastModifiedDate": "2019-12-05T18:06:00Z" - }, - { - "VulnerabilityID": "CVE-2015-0837", - "PkgName": "gnupg2", - "InstalledVersion": "2.0.22-5.el7_5", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-0837", - "Title": "libgcrypt: last-level cache side-channel attack", - "Description": "The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a \"Last-Level Cache Side-Channel Attack.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-203" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 1.2 - } - }, - "References": [ - "http://www.debian.org/security/2015/dsa-3184", - "http://www.debian.org/security/2015/dsa-3185", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0837", - "https://ieeexplore.ieee.org/document/7163050", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html", - "https://usn.ubuntu.com/usn/usn-2554-1", - "https://usn.ubuntu.com/usn/usn-2555-1" - ], - "PublishedDate": "2019-11-29T22:15:00Z", - "LastModifiedDate": "2019-12-14T13:59:00Z" - }, - { - "VulnerabilityID": "CVE-2015-1606", - "PkgName": "gnupg2", - "InstalledVersion": "2.0.22-5.el7_5", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1606", - "Title": "gnupg2: invalid memory read using a garbled keyring", - "Description": "The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 1.2 - } - }, - "References": [ - "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=f0f71a721ccd7ab9e40b8b6b028b59632c0cc648", - "http://www.debian.org/security/2015/dsa-3184", - "http://www.openwall.com/lists/oss-security/2015/02/13/14", - "http://www.openwall.com/lists/oss-security/2015/02/14/6", - "http://www.securitytracker.com/id/1031876", - "https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1606", - "https://usn.ubuntu.com/usn/usn-2554-1" - ], - "PublishedDate": "2019-11-20T19:15:00Z", - "LastModifiedDate": "2019-11-22T16:33:00Z" - }, - { - "VulnerabilityID": "CVE-2015-1607", - "PkgName": "gnupg2", - "InstalledVersion": "2.0.22-5.el7_5", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1607", - "Title": "gnupg2: memcpy with overlapping ranges (keybox_search.c)", - "Description": "kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and \"memcpy with overlapping ranges.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 1.2 - } - }, - "References": [ - "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=2183683bd633818dd031b090b5530951de76f392", - "http://www.openwall.com/lists/oss-security/2015/02/13/14", - "http://www.openwall.com/lists/oss-security/2015/02/14/6", - "http://www.securityfocus.com/bid/72610", - "http://www.ubuntu.com/usn/usn-2554-1/", - "https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1607", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000361.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000362.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", - "https://usn.ubuntu.com/usn/usn-2554-1" - ], - "PublishedDate": "2019-11-20T19:15:00Z", - "LastModifiedDate": "2019-11-22T16:19:00Z" - }, - { - "VulnerabilityID": "CVE-2018-9234", - "PkgName": "gnupg2", - "InstalledVersion": "2.0.22-5.el7_5", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-9234", - "Title": "GnuPG: Unenforced configuration allows for apparently valid certifications actually signed by signing subkeys", - "Description": "GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.", - "Severity": "LOW", - "CweIDs": [ - "CWE-320" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", - "V3Score": 2.2 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9234", - "https://dev.gnupg.org/T3844", - "https://usn.ubuntu.com/3675-1/", - "https://usn.ubuntu.com/usn/usn-3675-1" - ], - "PublishedDate": "2018-04-04T00:29:00Z", - "LastModifiedDate": "2019-02-27T19:37:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3564", - "PkgName": "gpgme", - "InstalledVersion": "1.3.2-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3564", - "Title": "gpgme: heap-based buffer overflow in gpgsm status handler", - "Description": "Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to \"different line lengths in a specific order.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 5.1 - } - }, - "References": [ - "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f7911fc215845e89b50d6af5ff4a83dd77", - "http://seclists.org/oss-sec/2014/q3/266", - "http://www.debian.org/security/2014/dsa-3005", - "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "http://www.osvdb.org/109699", - "http://www.securityfocus.com/bid/68990", - "https://bugzilla.redhat.com/show_bug.cgi?id=1113267", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3564", - "https://usn.ubuntu.com/usn/usn-2307-1" - ], - "PublishedDate": "2014-10-20T17:55:00Z", - "LastModifiedDate": "2016-10-18T03:44:00Z" - }, - { - "VulnerabilityID": "CVE-2014-5351", - "PkgName": "krb5-libs", - "InstalledVersion": "1.15.1-37.el7_7.2", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-5351", - "Title": "krb5: current keys returned when randomizing the keys for a service principal", - "Description": "The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:H/Au:S/C:P/I:N/A:N", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:S/C:P/I:N/A:N", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0477.html", - "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8018", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140132.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html", - "http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html", - "http://security.gentoo.org/glsa/glsa-201412-53.xml", - "http://www.mandriva.com/security/advisories?name=MDVSA-2014:224", - "http://www.securityfocus.com/bid/70380", - "http://www.securitytracker.com/id/1031003", - "http://www.ubuntu.com/usn/USN-2498-1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1145425", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5351", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/97028", - "https://github.com/krb5/krb5/commit/af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6ca", - "https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html", - "https://usn.ubuntu.com/usn/usn-2498-1" - ], - "PublishedDate": "2014-10-10T01:55:00Z", - "LastModifiedDate": "2020-01-21T15:46:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2695", - "PkgName": "krb5-libs", - "InstalledVersion": "1.15.1-37.el7_7.2", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2695", - "Title": "krb5: SPNEGO context aliasing bugs", - "Description": "lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-18" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", - "V2Score": 7.1 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8244", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00007.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html", - "http://www.debian.org/security/2015/dsa-3395", - "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "http://www.securityfocus.com/bid/90687", - "http://www.securitytracker.com/id/1034084", - "http://www.ubuntu.com/usn/USN-2810-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2695", - "https://github.com/krb5/krb5/commit/b51b33f2bc5d1497ddf5bd107f791c101695000d", - "https://security.gentoo.org/glsa/201611-14", - "https://usn.ubuntu.com/usn/usn-2810-1" - ], - "PublishedDate": "2015-11-09T03:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2696", - "PkgName": "krb5-libs", - "InstalledVersion": "1.15.1-37.el7_7.2", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2696", - "Title": "krb5: IAKERB context aliasing flaw", - "Description": "lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-18" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", - "V2Score": 7.1 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8244", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html", - "http://www.debian.org/security/2015/dsa-3395", - "http://www.securityfocus.com/bid/90675", - "http://www.securitytracker.com/id/1034084", - "http://www.ubuntu.com/usn/USN-2810-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2696", - "https://github.com/krb5/krb5/commit/e04f0283516e80d2f93366e0d479d13c9b5c8c2a", - "https://security.gentoo.org/glsa/201611-14", - "https://usn.ubuntu.com/usn/usn-2810-1" - ], - "PublishedDate": "2015-11-09T03:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2697", - "PkgName": "krb5-libs", - "InstalledVersion": "1.15.1-37.el7_7.2", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2697", - "Title": "krb5: build_principal() memory flaw", - "Description": "The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\\0' character in a long realm field within a TGS request.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C", - "V2Score": 6.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "V2Score": 4 - } - }, - "References": [ - "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8252", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html", - "http://www.debian.org/security/2015/dsa-3395", - "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "http://www.securityfocus.com/bid/77581", - "http://www.securitytracker.com/id/1034084", - "http://www.ubuntu.com/usn/USN-2810-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2697", - "https://github.com/krb5/krb5/commit/f0c094a1b745d91ef2f9a4eae2149aac026a5789", - "https://security.gentoo.org/glsa/201611-14", - "https://usn.ubuntu.com/usn/usn-2810-1" - ], - "PublishedDate": "2015-11-09T03:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15088", - "PkgName": "krb5-libs", - "InstalledVersion": "1.15.1-37.el7_7.2", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15088", - "Title": "krb5: Buffer overflow in get_matching_data()", - "Description": "plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_oneline_ex functions. NOTE: this has security relevance only in use cases outside of the MIT Kerberos distribution, e.g., the use of get_matching_data in KDC certauth plugin code that is specific to Red Hat.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.1 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101594", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871698", - "https://bugzilla.redhat.com/show_bug.cgi?id=1504045", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15088", - "https://github.com/krb5/krb5/commit/fbb687db1088ddd894d975996e5f6a4252b9a2b4", - "https://github.com/krb5/krb5/pull/707" - ], - "PublishedDate": "2017-11-23T17:29:00Z", - "LastModifiedDate": "2019-10-09T23:24:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20217", - "PkgName": "krb5-libs", - "InstalledVersion": "1.15.1-37.el7_7.2", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20217", - "Title": "krb5: Reachable assertion in the KDC using S4U2Self requests", - "Description": "A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-617" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 3.5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 5.3 - } - }, - "References": [ - "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20217", - "https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086", - "https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2KNHELH4YHNT6H2ESJWX2UIDXLBNGB2O/", - "https://security.netapp.com/advisory/ntap-20190416-0006/" - ], - "PublishedDate": "2018-12-26T21:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11462", - "PkgName": "krb5-libs", - "InstalledVersion": "1.15.1-37.el7_7.2", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11462", - "Title": "krb5: Automatic sec context deletion could lead to double-free", - "Description": "Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.", - "Severity": "LOW", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V3Score": 3.7 - } - }, - "References": [ - "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598", - "https://bugzilla.redhat.com/show_bug.cgi?id=1488873", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11462", - "https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2FPRUP4YVOEBGEROUYWZFEQ64HTMGNED/" - ], - "PublishedDate": "2017-09-13T16:29:00Z", - "LastModifiedDate": "2020-01-21T15:47:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9114", - "PkgName": "libblkid", - "InstalledVersion": "2.23.2-61.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9114", - "Title": "util-linux: command injection flaw in blkid", - "Description": "Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-77" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V2Score": 6.2 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146229.html", - "http://lists.opensuse.org/opensuse-updates/2015-01/msg00035.html", - "http://www.openwall.com/lists/oss-security/2014/11/26/21", - "http://www.securityfocus.com/bid/71327", - "https://bugzilla.redhat.com/show_bug.cgi?id=1168485", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9114", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/98993", - "https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc", - "https://security.gentoo.org/glsa/201612-14" - ], - "PublishedDate": "2017-03-31T16:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2779", - "PkgName": "libblkid", - "InstalledVersion": "2.23.2-61.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", - "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", - "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 6.2, - "V3Score": 8.6 - } - }, - "References": [ - "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", - "http://www.openwall.com/lists/oss-security/2016/02/27/1", - "http://www.openwall.com/lists/oss-security/2016/02/27/2", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" - ], - "PublishedDate": "2017-02-07T15:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5218", - "PkgName": "libblkid", - "InstalledVersion": "2.23.2-61.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5218", - "Title": "colcrt: global-buffer-overflow", - "Description": "Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2015-11/msg00035.html", - "http://www.spinics.net/lists/util-linux-ng/msg11873.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=1259322", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5218", - "https://github.com/kerolasa/lelux-utiliteetit/commit/70e3fcf293c1827a2655a86584ab13075124a8a8", - "https://github.com/kerolasa/lelux-utiliteetit/commit/d883d64d96ab9bef510745d064a351145b9babec", - "https://www.kernel.org/pub/linux/utils/util-linux/v2.27/v2.27-ReleaseNotes" - ], - "PublishedDate": "2015-11-09T16:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2015-0247", - "PkgName": "libcom_err", - "InstalledVersion": "1.42.9-16.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-0247", - "Title": "e2fsprogs: ext2fs_open2() missing first_meta_bg boundary check leading to heap buffer overflow (oCERT-015-002)", - "Description": "Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", - "V2Score": 6.9 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2015-0061.html", - "http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149434.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150606.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150805.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00019.html", - "http://lists.opensuse.org/opensuse-updates/2015-06/msg00010.html", - "http://packetstormsecurity.com/files/130283/e2fsprogs-Input-Sanitization.html", - "http://www.debian.org/security/2015/dsa-3166", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:045", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:067", - "http://www.ocert.org/advisories/ocert-2015-002.html", - "http://www.securityfocus.com/archive/1/534633/100/0/threaded", - "http://www.securityfocus.com/bid/72520", - "http://www.ubuntu.com/usn/USN-2507-1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1187032", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0247", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/100740", - "https://security.gentoo.org/glsa/201701-06", - "https://usn.ubuntu.com/usn/usn-2507-1" - ], - "PublishedDate": "2015-02-17T15:59:00Z", - "LastModifiedDate": "2018-10-09T19:55:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5094", - "PkgName": "libcom_err", - "InstalledVersion": "1.42.9-16.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", - "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", - "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 6.4 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", - "https://seclists.org/bugtraq/2019/Sep/58", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", - "https://usn.ubuntu.com/4142-2/", - "https://usn.ubuntu.com/usn/usn-4142-1", - "https://usn.ubuntu.com/usn/usn-4142-2", - "https://www.debian.org/security/2019/dsa-4535" - ], - "PublishedDate": "2019-09-24T22:15:00Z", - "LastModifiedDate": "2019-09-28T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5188", - "PkgName": "libcom_err", - "InstalledVersion": "1.42.9-16.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", - "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", - "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", - "https://usn.ubuntu.com/4249-1/", - "https://usn.ubuntu.com/usn/usn-4249-1" - ], - "PublishedDate": "2020-01-08T16:15:00Z", - "LastModifiedDate": "2020-01-28T06:15:00Z" - }, - { - "VulnerabilityID": "CVE-2015-1572", - "PkgName": "libcom_err", - "InstalledVersion": "1.42.9-16.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1572", - "Title": "e2fsprogs: potential buffer overflow in closefs() (incomplete CVE-2015-0247 fix)", - "Description": "Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V2Score": 6.2 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2015-0088.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150606.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150805.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00019.html", - "http://lists.opensuse.org/opensuse-updates/2015-06/msg00006.html", - "http://lists.opensuse.org/opensuse-updates/2015-06/msg00010.html", - "http://www.debian.org/security/2015/dsa-3166", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:067", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:068", - "http://www.securityfocus.com/bid/72709", - "http://www.ubuntu.com/usn/USN-2507-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1572", - "https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=49d0fe2a14f2a23da2fe299643379b8c1d37df73", - "https://security.gentoo.org/glsa/201507-22", - "https://usn.ubuntu.com/usn/usn-2507-1" - ], - "PublishedDate": "2015-02-24T15:59:00Z", - "LastModifiedDate": "2017-11-08T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-3153", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-3153", - "Title": "curl: sensitive HTTP server headers also sent to proxies", - "Description": "The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://curl.haxx.se/docs/adv_20150429.html", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743", - "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", - "http://lists.opensuse.org/opensuse-updates/2015-05/msg00017.html", - "http://www.debian.org/security/2015/dsa-3240", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", - "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", - "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "http://www.securityfocus.com/bid/74408", - "http://www.securitytracker.com/id/1032233", - "http://www.ubuntu.com/usn/USN-2591-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3153", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10131", - "https://support.apple.com/kb/HT205031", - "https://usn.ubuntu.com/usn/usn-2591-1" - ], - "PublishedDate": "2015-05-01T15:59:00Z", - "LastModifiedDate": "2018-10-17T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8615", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8615", - "Title": "curl: Cookie injection for other servers", - "Description": "A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8615.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94096", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8615", - "https://curl.haxx.se/CVE-2016-8615.patch", - "https://curl.haxx.se/docs/adv_20161102A.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8617", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8617", - "Title": "curl: Out-of-bounds write via unchecked multiplication", - "Description": "The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.4, - "V3Score": 7 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8617.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94097", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8617", - "https://curl.haxx.se/CVE-2016-8617.patch", - "https://curl.haxx.se/docs/adv_20161102C.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T22:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8618", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8618", - "Title": "curl: Double-free in curl_maprintf", - "Description": "The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8618.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94098", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8618", - "https://curl.haxx.se/docs/adv_20161102D.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T21:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8619", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8619", - "Title": "curl: Double-free in krb5 code", - "Description": "The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8619.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94100", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8619", - "https://curl.haxx.se/CVE-2016-8619.patch", - "https://curl.haxx.se/docs/adv_20161102E.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8624", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8624", - "Title": "curl: Invalid URL parsing with '#'", - "Description": "curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8624.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94103", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8624", - "https://curl.haxx.se/docs/adv_20161102J.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T21:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8625", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8625", - "Title": "curl: IDNA 2003 makes curl use wrong host", - "Description": "curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8625.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.securityfocus.com/bid/94107", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8625", - "https://curl.haxx.se/CVE-2016-8625.patch", - "https://curl.haxx.se/docs/adv_20161102K.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8625", - "https://security.gentoo.org/glsa/201701-47", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2017-1000254", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000254", - "Title": "curl: FTP PWD response parser out of bounds read", - "Description": "libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3992", - "http://www.securityfocus.com/bid/101115", - "http://www.securitytracker.com/id/1039509", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/673d0cd8.patch", - "https://curl.haxx.se/docs/adv_20171004.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000254", - "https://security.gentoo.org/glsa/201712-04", - "https://support.apple.com/HT208331", - "https://usn.ubuntu.com/usn/usn-3441-1", - "https://usn.ubuntu.com/usn/usn-3441-2" - ], - "PublishedDate": "2017-10-06T13:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8817", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8817", - "Title": "curl: FTP wildcard out of bounds read", - "Description": "The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", - "V3Score": 3.1 - } - }, - "References": [ - "http://security.cucumberlinux.com/security/details.php?id=162", - "http://www.securityfocus.com/bid/102057", - "http://www.securitytracker.com/id/1039897", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/docs/adv_2017-ae72.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8817", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00040.html", - "https://security.gentoo.org/glsa/201712-04", - "https://usn.ubuntu.com/usn/usn-3498-1", - "https://usn.ubuntu.com/usn/usn-3498-2", - "https://www.debian.org/security/2017/dsa-4051" - ], - "PublishedDate": "2017-11-29T18:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20483", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20483", - "Title": "wget: Information exposure in set_file_metadata function in xattr.c", - "Description": "set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 2.1, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V3Score": 5.5 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/wget.git/tree/NEWS", - "http://linux.oracle.com/cve/CVE-2018-20483.html", - "http://linux.oracle.com/errata/ELSA-2019-3701.html", - "http://www.securityfocus.com/bid/106358", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20483", - "https://security.gentoo.org/glsa/201903-08", - "https://security.netapp.com/advisory/ntap-20190321-0002/", - "https://twitter.com/marcan42/status/1077676739877232640", - "https://usn.ubuntu.com/3943-1/", - "https://usn.ubuntu.com/usn/usn-3943-1" - ], - "PublishedDate": "2018-12-26T18:29:00Z", - "LastModifiedDate": "2019-04-09T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5482", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5482", - "Title": "curl: heap buffer overflow in function tftp_receive_packet()", - "Description": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-120" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 6.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", - "https://curl.haxx.se/docs/CVE-2019-5482.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", - "https://usn.ubuntu.com/usn/usn-4129-1", - "https://usn.ubuntu.com/usn/usn-4129-2" - ], - "PublishedDate": "2019-09-16T19:15:00Z", - "LastModifiedDate": "2019-09-18T00:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-0755", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-0755", - "Title": "curl: NTLM credentials not-checked for proxy connection re-use", - "Description": "The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.", - "Severity": "LOW", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 5, - "V3Score": 7.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", - "V2Score": 4 - } - }, - "References": [ - "http://curl.haxx.se/docs/adv_20160127A.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176546.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177342.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177383.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176413.html", - "http://lists.opensuse.org/opensuse-updates/2016-02/msg00031.html", - "http://lists.opensuse.org/opensuse-updates/2016-02/msg00044.html", - "http://lists.opensuse.org/opensuse-updates/2016-02/msg00047.html", - "http://packetstormsecurity.com/files/135695/Slackware-Security-Advisory-curl-Updates.html", - "http://www.debian.org/security/2016/dsa-3455", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/82307", - "http://www.securitytracker.com/id/1034882", - "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.519965", - "http://www.ubuntu.com/usn/USN-2882-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0755", - "https://security.gentoo.org/glsa/201701-47", - "https://support.apple.com/HT207170", - "https://usn.ubuntu.com/usn/usn-2882-1" - ], - "PublishedDate": "2016-01-29T20:59:00Z", - "LastModifiedDate": "2018-10-17T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8616", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8616", - "Title": "curl: Case insensitive password comparison", - "Description": "A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.", - "Severity": "LOW", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 2.6, - "V3Score": 3.7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8616.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94094", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8616", - "https://curl.haxx.se/CVE-2016-8616.patch", - "https://curl.haxx.se/docs/adv_20161102B.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8621", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8621", - "Title": "curl: curl_getdate out-of-bounds read", - "Description": "The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8621.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94101", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8621", - "https://curl.haxx.se/CVE-2016-8621.patch", - "https://curl.haxx.se/docs/adv_20161102G.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T22:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8622", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8622", - "Title": "curl: URL unescape heap overflow via integer truncation", - "Description": "The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer.", - "Severity": "LOW", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 2.6, - "V3Score": 3.7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8622.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94105", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8622", - "https://curl.haxx.se/docs/adv_20161102H.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T21:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8623", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8623", - "Title": "curl: Use-after-free via shared cookies", - "Description": "A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8623.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94106", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8623", - "https://curl.haxx.se/CVE-2016-8623.patch", - "https://curl.haxx.se/docs/adv_20161102I.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9586", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9586", - "Title": "curl: printf floating point buffer overflow", - "Description": "curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 2.6, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/95019", - "http://www.securitytracker.com/id/1037515", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9586", - "https://curl.haxx.se/docs/adv_20161221A.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9586", - "https://github.com/curl/curl/commit/curl-7_51_0-162-g3ab3c16", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3441-1", - "https://usn.ubuntu.com/usn/usn-3441-2" - ], - "PublishedDate": "2018-04-23T18:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-1000100", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000100", - "Title": "curl: TFTP sends more than buffer size", - "Description": "When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 4.8 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3992", - "http://www.securityfocus.com/bid/100286", - "http://www.securitytracker.com/id/1039118", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/docs/adv_20170809B.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000100", - "https://security.gentoo.org/glsa/201709-14", - "https://support.apple.com/HT208221", - "https://usn.ubuntu.com/usn/usn-3441-1", - "https://usn.ubuntu.com/usn/usn-3441-2" - ], - "PublishedDate": "2017-10-05T01:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7407", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7407", - "Title": "curl: --write-out out of bounds read", - "Description": "The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 2.1, - "V3Score": 2.4 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", - "V3Score": 1.8 - } - }, - "References": [ - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/docs/adv_20170403.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7407", - "https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13", - "https://security.gentoo.org/glsa/201709-14", - "https://usn.ubuntu.com/usn/usn-3441-1", - "https://usn.ubuntu.com/usn/usn-3441-2" - ], - "PublishedDate": "2017-04-03T20:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5436", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5436", - "Title": "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function", - "Description": "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html", - "https://curl.haxx.se/docs/CVE-2019-5436.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/", - "https://security.netapp.com/advisory/ntap-20190606-0004/", - "https://usn.ubuntu.com/usn/usn-3993-1", - "https://usn.ubuntu.com/usn/usn-3993-2" - ], - "PublishedDate": "2019-05-28T19:29:00Z", - "LastModifiedDate": "2019-06-09T05:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10140", - "PkgName": "libdb", - "InstalledVersion": "5.3.21-25.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10140", - "Title": "libdb: Reads DB_CONFIG from the current working directory", - "Description": "Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 4.5 - } - }, - "References": [ - "http://seclists.org/oss-sec/2017/q3/285", - "http://www.openwall.com/lists/oss-security/2017/08/12/1", - "http://www.postfix.org/announcements/postfix-3.2.2.html", - "https://access.redhat.com/errata/RHSA-2019:0366", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10140", - "https://usn.ubuntu.com/usn/usn-3489-1", - "https://usn.ubuntu.com/usn/usn-3489-2" - ], - "PublishedDate": "2018-04-16T17:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10140", - "PkgName": "libdb-utils", - "InstalledVersion": "5.3.21-25.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10140", - "Title": "libdb: Reads DB_CONFIG from the current working directory", - "Description": "Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 4.5 - } - }, - "References": [ - "http://seclists.org/oss-sec/2017/q3/285", - "http://www.openwall.com/lists/oss-security/2017/08/12/1", - "http://www.postfix.org/announcements/postfix-3.2.2.html", - "https://access.redhat.com/errata/RHSA-2019:0366", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10140", - "https://usn.ubuntu.com/usn/usn-3489-1", - "https://usn.ubuntu.com/usn/usn-3489-2" - ], - "PublishedDate": "2018-04-16T17:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2014-5044", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-5044", - "Title": "gcc: integer overflow flaws in libgfortran", - "Description": "Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2014/07/23/7", - "http://www.openwall.com/lists/oss-security/2014/07/24/1", - "http://www.openwall.com/lists/oss-security/2014/07/31/6", - "https://bugzilla.redhat.com/show_bug.cgi?id=1122812", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5044", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/94849", - "https://gcc.gnu.org/viewcvs/gcc/trunk/libgfortran/ChangeLog?limit_changes=0\u0026view=markup\u0026pathrev=211721", - "https://gcc.gnu.org/viewcvs/gcc?limit_changes=0\u0026view=revision\u0026revision=211721" - ], - "PublishedDate": "2018-03-07T15:29:00Z", - "LastModifiedDate": "2018-03-27T23:48:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20673", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20673", - "Title": "libiberty: Integer overflow in demangle_template() function", - "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106454", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24039" - ], - "PublishedDate": "2019-01-04T18:29:00Z", - "LastModifiedDate": "2019-01-15T14:36:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5276", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5276", - "Title": "gcc: Predictable randomness from std::random_device", - "Description": "The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2015-11/msg00054.html", - "http://lists.opensuse.org/opensuse-updates/2016-04/msg00052.html", - "http://www.securitytracker.com/id/1034375", - "https://bugzilla.redhat.com/show_bug.cgi?id=1262846", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5276", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65142", - "https://gcc.gnu.org/ml/gcc-patches/2015-09/msg01050.html" - ], - "PublishedDate": "2015-11-17T15:59:00Z", - "LastModifiedDate": "2019-02-12T19:05:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2226", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2226", - "Title": "gcc: Exploitable buffer overflow", - "Description": "Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190", - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V2Score": 6.8, - "V3Score": 3.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90103", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1", - "https://www.exploit-db.com/exploits/42386/" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-08-12T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4487", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4487", - "Title": "gcc: Invalid write due to a use-after-free to array btypevec", - "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"btypevec.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90025", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", - "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4488", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4488", - "Title": "gcc: Invalid write due to a use-after-free to array ktypevec", - "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"ktypevec.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 5.1, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90025", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", - "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4489", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4489", - "Title": "gcc: Invalid write due to integer overflow", - "Description": "Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the \"demangling of virtual tables.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90017", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4490", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4490", - "Title": "gcc: Write access violation", - "Description": "Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90019", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4491", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4491", - "Title": "gcc: Stack overflow due to infinite recursion in d_print_comp", - "Description": "The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90016", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4492", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4492", - "Title": "gcc: Read access violations", - "Description": "Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 4.4 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90014", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4493", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4493", - "Title": "gcc: Read access violations", - "Description": "The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90014", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20657", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20657", - "Title": "libiberty: Memory leak in demangle_template function resulting in a denial of service", - "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-20657.html", - "http://linux.oracle.com/errata/ELSA-2019-3352.html", - "http://www.securityfocus.com/bid/106444", - "https://access.redhat.com/errata/RHSA-2019:3352", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539", - "https://support.f5.com/csp/article/K62602089" - ], - "PublishedDate": "2019-01-02T14:29:00Z", - "LastModifiedDate": "2019-11-06T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-14250", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14250", - "Title": "binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow", - "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/109354", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90924", - "https://gcc.gnu.org/ml/gcc-patches/2019-07/msg01003.html", - "https://security.netapp.com/advisory/ntap-20190822-0002/" - ], - "PublishedDate": "2019-07-24T04:15:00Z", - "LastModifiedDate": "2019-08-22T07:15:00Z" - }, - { - "VulnerabilityID": "CVE-2014-5270", - "PkgName": "libgcrypt", - "InstalledVersion": "1.5.3-14.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-5270", - "Title": "libgcrypt: ELGAMAL side-channel attack", - "Description": "Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 1.9 - } - }, - "References": [ - "http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000352.html", - "http://openwall.com/lists/oss-security/2014/08/16/2", - "http://www.cs.tau.ac.il/~tromer/handsoff/", - "http://www.debian.org/security/2014/dsa-3024", - "http://www.debian.org/security/2014/dsa-3073", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5270", - "https://usn.ubuntu.com/usn/usn-2339-1", - "https://usn.ubuntu.com/usn/usn-2339-2" - ], - "PublishedDate": "2014-10-10T01:55:00Z", - "LastModifiedDate": "2017-11-04T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7526", - "PkgName": "libgcrypt", - "InstalledVersion": "1.5.3-14.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7526", - "Title": "libgcrypt: Use of left-to-right sliding window method allows full RSA key recovery", - "Description": "libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", - "V3Score": 6.1 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99338", - "http://www.securitytracker.com/id/1038915", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7526", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7526", - "https://eprint.iacr.org/2017/627", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=78130828e9a140a9de4dafadbc844dbb64cb709a", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=8725c99ffa41778f382ca97233183bcd687bb0ce", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=e6a3dc9900433bbc8ad362a595a3837318c28fa9", - "https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html", - "https://usn.ubuntu.com/3733-1/", - "https://usn.ubuntu.com/3733-2/", - "https://usn.ubuntu.com/usn/usn-3347-1", - "https://usn.ubuntu.com/usn/usn-3347-2", - "https://usn.ubuntu.com/usn/usn-3733-1", - "https://usn.ubuntu.com/usn/usn-3733-2", - "https://www.debian.org/security/2017/dsa-3901", - "https://www.debian.org/security/2017/dsa-3960" - ], - "PublishedDate": "2018-07-26T13:29:00Z", - "LastModifiedDate": "2019-10-09T23:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-12904", - "PkgName": "libgcrypt", - "InstalledVersion": "1.5.3-14.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12904", - "Title": "Libgcrypt: physical addresses being available to other processes leads to a flush-and-reload side-channel attack", - "Description": "In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.)", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00049.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12904", - "https://dev.gnupg.org/T4541", - "https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020", - "https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762", - "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html" - ], - "PublishedDate": "2019-06-20T00:15:00Z", - "LastModifiedDate": "2019-07-23T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3591", - "PkgName": "libgcrypt", - "InstalledVersion": "1.5.3-14.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3591", - "Title": "libgcrypt: use ciphertext blinding for Elgamal decryption (new side-channel attack)", - "Description": "Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 1.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 1.2 - } - }, - "References": [ - "http://www.cs.tau.ac.il/~tromer/radioexp/", - "http://www.debian.org/security/2015/dsa-3184", - "http://www.debian.org/security/2015/dsa-3185", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3591", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html", - "https://usn.ubuntu.com/usn/usn-2554-1", - "https://usn.ubuntu.com/usn/usn-2555-1" - ], - "PublishedDate": "2019-11-29T22:15:00Z", - "LastModifiedDate": "2019-12-05T18:06:00Z" - }, - { - "VulnerabilityID": "CVE-2015-0837", - "PkgName": "libgcrypt", - "InstalledVersion": "1.5.3-14.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-0837", - "Title": "libgcrypt: last-level cache side-channel attack", - "Description": "The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a \"Last-Level Cache Side-Channel Attack.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-203" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 1.2 - } - }, - "References": [ - "http://www.debian.org/security/2015/dsa-3184", - "http://www.debian.org/security/2015/dsa-3185", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0837", - "https://ieeexplore.ieee.org/document/7163050", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html", - "https://usn.ubuntu.com/usn/usn-2554-1", - "https://usn.ubuntu.com/usn/usn-2555-1" - ], - "PublishedDate": "2019-11-29T22:15:00Z", - "LastModifiedDate": "2019-12-14T13:59:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2059", - "PkgName": "libidn", - "InstalledVersion": "1.28-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2059", - "Title": "libidn: out-of-bounds read with stringprep on invalid UTF-8", - "Description": "The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 2.6 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=2e97c279", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162537.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162549.html", - "http://lists.opensuse.org/opensuse-updates/2015-07/msg00042.html", - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html", - "http://www.debian.org/security/2016/dsa-3578", - "http://www.openwall.com/lists/oss-security/2015/02/23/25", - "http://www.securityfocus.com/bid/72736", - "http://www.ubuntu.com/usn/USN-3068-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2059", - "https://github.com/jabberd2/jabberd2/issues/85", - "https://lists.gnu.org/archive/html/help-libidn/2015-07/msg00026.html (regression)", - "https://usn.ubuntu.com/usn/usn-3068-1" - ], - "PublishedDate": "2015-08-12T14:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8948", - "PkgName": "libidn", - "InstalledVersion": "1.28-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8948", - "Title": "libidn: Out-of-bounds read due to use of fgets with fixed-size buffer", - "Description": "idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 2.6, - "V3Score": 3.7 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=570e68886c41c2e765e6218cb317d9a9a447a041", - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html", - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html", - "http://www.debian.org/security/2016/dsa-3658", - "http://www.openwall.com/lists/oss-security/2016/07/20/6", - "http://www.openwall.com/lists/oss-security/2016/07/21/4", - "http://www.securityfocus.com/bid/92070", - "http://www.ubuntu.com/usn/USN-3068-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8948", - "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html", - "https://marc.info/?l=oss-security\u0026m=146910769415616\u0026w=2", - "https://usn.ubuntu.com/usn/usn-3068-1" - ], - "PublishedDate": "2016-09-07T20:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6261", - "PkgName": "libidn", - "InstalledVersion": "1.28-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6261", - "Title": "libidn: Out of bounds stack read in idna_to_ascii_4i", - "Description": "The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 2.6, - "V3Score": 3.7 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d", - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html", - "http://www.debian.org/security/2016/dsa-3658", - "http://www.openwall.com/lists/oss-security/2016/07/20/6", - "http://www.openwall.com/lists/oss-security/2016/07/21/4", - "http://www.securityfocus.com/bid/92070", - "http://www.ubuntu.com/usn/USN-3068-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6261", - "https://lists.gnu.org/archive/html/help-libidn/2015-07/msg00016.html", - "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html", - "https://usn.ubuntu.com/usn/usn-3068-1" - ], - "PublishedDate": "2016-09-07T20:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6262", - "PkgName": "libidn", - "InstalledVersion": "1.28-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6262", - "Title": "libidn: Out-of-bounds read when reading zero byte as input", - "Description": "idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V2Score": 2.6, - "V3Score": 3.7 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60", - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html", - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html", - "http://www.openwall.com/lists/oss-security/2016/07/20/6", - "http://www.openwall.com/lists/oss-security/2016/07/21/4", - "http://www.securityfocus.com/bid/92070", - "http://www.ubuntu.com/usn/USN-3068-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6262", - "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html", - "https://usn.ubuntu.com/usn/usn-3068-1" - ], - "PublishedDate": "2016-09-07T20:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6263", - "PkgName": "libidn", - "InstalledVersion": "1.28-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6263", - "Title": "libidn: Crash when given invalid UTF-8 data on input", - "Description": "The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V2Score": 2.6, - "V3Score": 3.7 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f425555", - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html", - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html", - "http://www.debian.org/security/2016/dsa-3658", - "http://www.openwall.com/lists/oss-security/2016/07/20/6", - "http://www.openwall.com/lists/oss-security/2016/07/21/4", - "http://www.securityfocus.com/bid/92070", - "http://www.ubuntu.com/usn/USN-3068-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6263", - "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html", - "https://usn.ubuntu.com/usn/usn-3068-1" - ], - "PublishedDate": "2016-09-07T20:59:00Z", - "LastModifiedDate": "2016-11-28T20:31:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14062", - "PkgName": "libidn", - "InstalledVersion": "1.28-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14062", - "Title": "libidn2: Integer overflow in puny_decode.c/decode_digit", - "Description": "Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3988", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14062", - "https://gitlab.com/libidn/libidn2/blob/master/NEWS", - "https://gitlab.com/libidn/libidn2/commit/3284eb342cd0ed1a18786e3fcdf0cdd7e76676bd", - "https://lists.debian.org/debian-lts-announce/2018/07/msg00040.html", - "https://usn.ubuntu.com/usn/usn-3421-1", - "https://usn.ubuntu.com/usn/usn-3434-1", - "https://usn.ubuntu.com/usn/usn-3434-2" - ], - "PublishedDate": "2017-08-31T16:29:00Z", - "LastModifiedDate": "2020-02-18T19:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9114", - "PkgName": "libmount", - "InstalledVersion": "2.23.2-61.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9114", - "Title": "util-linux: command injection flaw in blkid", - "Description": "Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-77" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V2Score": 6.2 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146229.html", - "http://lists.opensuse.org/opensuse-updates/2015-01/msg00035.html", - "http://www.openwall.com/lists/oss-security/2014/11/26/21", - "http://www.securityfocus.com/bid/71327", - "https://bugzilla.redhat.com/show_bug.cgi?id=1168485", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9114", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/98993", - "https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc", - "https://security.gentoo.org/glsa/201612-14" - ], - "PublishedDate": "2017-03-31T16:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2779", - "PkgName": "libmount", - "InstalledVersion": "2.23.2-61.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", - "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", - "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 6.2, - "V3Score": 8.6 - } - }, - "References": [ - "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", - "http://www.openwall.com/lists/oss-security/2016/02/27/1", - "http://www.openwall.com/lists/oss-security/2016/02/27/2", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" - ], - "PublishedDate": "2017-02-07T15:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5218", - "PkgName": "libmount", - "InstalledVersion": "2.23.2-61.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5218", - "Title": "colcrt: global-buffer-overflow", - "Description": "Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2015-11/msg00035.html", - "http://www.spinics.net/lists/util-linux-ng/msg11873.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=1259322", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5218", - "https://github.com/kerolasa/lelux-utiliteetit/commit/70e3fcf293c1827a2655a86584ab13075124a8a8", - "https://github.com/kerolasa/lelux-utiliteetit/commit/d883d64d96ab9bef510745d064a351145b9babec", - "https://www.kernel.org/pub/linux/utils/util-linux/v2.27/v2.27-ReleaseNotes" - ], - "PublishedDate": "2015-11-09T16:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2017-0553", - "PkgName": "libnl", - "InstalledVersion": "1.1.4-3.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-0553", - "Title": "libnl: Integer overflow in nlmsg_reserve()", - "Description": "An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32342065. NOTE: this issue also exists in the upstream libnl before 3.3.0 library.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 7.6, - "V3Score": 7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://git.infradead.org/users/tgr/libnl.git/commit/3e18948f17148e6a3c4255bdeaaf01ef6081ceeb", - "http://linux.oracle.com/cve/CVE-2017-0553.html", - "http://linux.oracle.com/errata/ELSA-2017-2299.html", - "http://lists.infradead.org/pipermail/libnl/2017-May/002313.html", - "http://www.securityfocus.com/bid/97340", - "http://www.securitytracker.com/id/1038201", - "http://www.ubuntu.com/usn/USN-3311-2", - "https://access.redhat.com/errata/RHSA-2017:2299", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0553", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6VCF5KS6HOJZLFIY2ZSXSVSDQX65A2PU/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KIHASXRQO2YTQPKVP4VGIB2XHPANG6YX/", - "https://source.android.com/security/bulletin/2017-04-01", - "https://usn.ubuntu.com/usn/usn-3311-1", - "https://usn.ubuntu.com/usn/usn-3311-1/", - "https://usn.ubuntu.com/usn/usn-3311-2" - ], - "PublishedDate": "2017-04-07T22:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9114", - "PkgName": "libsmartcols", - "InstalledVersion": "2.23.2-61.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9114", - "Title": "util-linux: command injection flaw in blkid", - "Description": "Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-77" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V2Score": 6.2 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146229.html", - "http://lists.opensuse.org/opensuse-updates/2015-01/msg00035.html", - "http://www.openwall.com/lists/oss-security/2014/11/26/21", - "http://www.securityfocus.com/bid/71327", - "https://bugzilla.redhat.com/show_bug.cgi?id=1168485", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9114", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/98993", - "https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc", - "https://security.gentoo.org/glsa/201612-14" - ], - "PublishedDate": "2017-03-31T16:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2779", - "PkgName": "libsmartcols", - "InstalledVersion": "2.23.2-61.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", - "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", - "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 6.2, - "V3Score": 8.6 - } - }, - "References": [ - "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", - "http://www.openwall.com/lists/oss-security/2016/02/27/1", - "http://www.openwall.com/lists/oss-security/2016/02/27/2", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" - ], - "PublishedDate": "2017-02-07T15:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5218", - "PkgName": "libsmartcols", - "InstalledVersion": "2.23.2-61.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5218", - "Title": "colcrt: global-buffer-overflow", - "Description": "Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2015-11/msg00035.html", - "http://www.spinics.net/lists/util-linux-ng/msg11873.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=1259322", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5218", - "https://github.com/kerolasa/lelux-utiliteetit/commit/70e3fcf293c1827a2655a86584ab13075124a8a8", - "https://github.com/kerolasa/lelux-utiliteetit/commit/d883d64d96ab9bef510745d064a351145b9babec", - "https://www.kernel.org/pub/linux/utils/util-linux/v2.27/v2.27-ReleaseNotes" - ], - "PublishedDate": "2015-11-09T16:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13115", - "PkgName": "libssh2", - "InstalledVersion": "1.8.0-3.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13115", - "Title": "libssh2: integer overflow in kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c leads to out-of-bounds write", - "Description": "In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in 1.8.1, such as CVE-2019-3855.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "V2Score": 5.8, - "V3Score": 8.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H", - "V3Score": 6.8 - } - }, - "References": [ - "https://blog.semmle.com/libssh2-integer-overflow/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13115", - "https://github.com/libssh2/libssh2/compare/02ecf17...42d37aa", - "https://github.com/libssh2/libssh2/pull/350", - "https://libssh2.org/changes.html", - "https://lists.debian.org/debian-lts-announce/2019/07/msg00024.html" - ], - "PublishedDate": "2019-07-16T18:15:00Z", - "LastModifiedDate": "2019-07-25T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17498", - "PkgName": "libssh2", - "InstalledVersion": "1.8.0-3.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17498", - "Title": "libssh2: integer overflow in SSH_MSG_DISCONNECT logic in packet.c", - "Description": "In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html", - "https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17498", - "https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498", - "https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480", - "https://github.com/libssh2/libssh2/pull/402/commits/1c6fa92b77e34d089493fe6d3e2c6c8775858b94", - "https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/" - ], - "PublishedDate": "2019-10-21T22:15:00Z", - "LastModifiedDate": "2019-11-07T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3859", - "PkgName": "libssh2", - "InstalledVersion": "1.8.0-3.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3859", - "Title": "libssh2: Unchecked use of _libssh2_packet_require and _libssh2_packet_requirev resulting in out-of-bounds read", - "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00102.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00103.html", - "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", - "http://www.openwall.com/lists/oss-security/2019/03/18/3", - "http://www.securityfocus.com/bid/107485", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3859", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3859", - "https://github.com/libssh2/libssh2/pull/315", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.debian.org/debian-lts-announce/2019/04/msg00006.html", - "https://lists.debian.org/debian-lts-announce/2019/07/msg00024.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", - "https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00102.html", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://seclists.org/bugtraq/2019/Mar/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3859.html" - ], - "PublishedDate": "2019-03-21T16:01:00Z", - "LastModifiedDate": "2019-07-25T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3860", - "PkgName": "libssh2", - "InstalledVersion": "1.8.0-3.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3860", - "Title": "libssh2: Out-of-bounds reads with specially crafted SFTP packets", - "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3860", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3860", - "https://github.com/libssh2/libssh2/pull/316", - "https://libssh2.org/CVE-2019-3860.html", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3860.html" - ], - "PublishedDate": "2019-03-25T19:29:00Z", - "LastModifiedDate": "2019-04-15T12:31:00Z" - }, - { - "VulnerabilityID": "CVE-2014-5044", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-5044", - "Title": "gcc: integer overflow flaws in libgfortran", - "Description": "Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2014/07/23/7", - "http://www.openwall.com/lists/oss-security/2014/07/24/1", - "http://www.openwall.com/lists/oss-security/2014/07/31/6", - "https://bugzilla.redhat.com/show_bug.cgi?id=1122812", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5044", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/94849", - "https://gcc.gnu.org/viewcvs/gcc/trunk/libgfortran/ChangeLog?limit_changes=0\u0026view=markup\u0026pathrev=211721", - "https://gcc.gnu.org/viewcvs/gcc?limit_changes=0\u0026view=revision\u0026revision=211721" - ], - "PublishedDate": "2018-03-07T15:29:00Z", - "LastModifiedDate": "2018-03-27T23:48:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20673", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20673", - "Title": "libiberty: Integer overflow in demangle_template() function", - "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106454", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24039" - ], - "PublishedDate": "2019-01-04T18:29:00Z", - "LastModifiedDate": "2019-01-15T14:36:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5276", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5276", - "Title": "gcc: Predictable randomness from std::random_device", - "Description": "The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2015-11/msg00054.html", - "http://lists.opensuse.org/opensuse-updates/2016-04/msg00052.html", - "http://www.securitytracker.com/id/1034375", - "https://bugzilla.redhat.com/show_bug.cgi?id=1262846", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5276", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65142", - "https://gcc.gnu.org/ml/gcc-patches/2015-09/msg01050.html" - ], - "PublishedDate": "2015-11-17T15:59:00Z", - "LastModifiedDate": "2019-02-12T19:05:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2226", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2226", - "Title": "gcc: Exploitable buffer overflow", - "Description": "Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190", - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V2Score": 6.8, - "V3Score": 3.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90103", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1", - "https://www.exploit-db.com/exploits/42386/" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-08-12T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4487", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4487", - "Title": "gcc: Invalid write due to a use-after-free to array btypevec", - "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"btypevec.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90025", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", - "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4488", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4488", - "Title": "gcc: Invalid write due to a use-after-free to array ktypevec", - "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"ktypevec.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 5.1, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90025", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", - "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4489", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4489", - "Title": "gcc: Invalid write due to integer overflow", - "Description": "Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the \"demangling of virtual tables.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90017", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4490", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4490", - "Title": "gcc: Write access violation", - "Description": "Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90019", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4491", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4491", - "Title": "gcc: Stack overflow due to infinite recursion in d_print_comp", - "Description": "The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90016", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4492", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4492", - "Title": "gcc: Read access violations", - "Description": "Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 4.4 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90014", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4493", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4493", - "Title": "gcc: Read access violations", - "Description": "The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90014", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20657", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20657", - "Title": "libiberty: Memory leak in demangle_template function resulting in a denial of service", - "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-20657.html", - "http://linux.oracle.com/errata/ELSA-2019-3352.html", - "http://www.securityfocus.com/bid/106444", - "https://access.redhat.com/errata/RHSA-2019:3352", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539", - "https://support.f5.com/csp/article/K62602089" - ], - "PublishedDate": "2019-01-02T14:29:00Z", - "LastModifiedDate": "2019-11-06T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-14250", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14250", - "Title": "binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow", - "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/109354", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90924", - "https://gcc.gnu.org/ml/gcc-patches/2019-07/msg01003.html", - "https://security.netapp.com/advisory/ntap-20190822-0002/" - ], - "PublishedDate": "2019-07-24T04:15:00Z", - "LastModifiedDate": "2019-08-22T07:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4008", - "PkgName": "libtasn1", - "InstalledVersion": "4.10-1.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4008", - "Title": "libtasn1: infinite loop while parsing DER certificates", - "Description": "The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=a6e0a0b58f5cdaf4e9beca5bce69c09808cbb625", - "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=f435825c0f527a8e52e6ffbc3ad0bc60531d537e", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182299.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182907.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183221.html", - "http://lists.opensuse.org/opensuse-updates/2016-06/msg00047.html", - "http://lists.opensuse.org/opensuse-updates/2016-06/msg00097.html", - "http://www.debian.org/security/2016/dsa-3568", - "http://www.openwall.com/lists/oss-security/2016/04/11/3", - "http://www.ubuntu.com/usn/USN-2957-1", - "http://www.ubuntu.com/usn/USN-2957-2", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4008", - "https://lists.gnu.org/archive/html/help-libtasn1/2016-04/msg00009.html", - "https://security.gentoo.org/glsa/201703-05", - "https://usn.ubuntu.com/usn/usn-2957-1", - "https://usn.ubuntu.com/usn/usn-2957-2" - ], - "PublishedDate": "2016-05-05T18:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6003", - "PkgName": "libtasn1", - "InstalledVersion": "4.10-1.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6003", - "Title": "libtasn1: Stack exhaustion due to indefinite recursion during BER decoding", - "Description": "An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-674" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=c593ae84cfcde8fea45787e53950e0ac71e9ca97", - "https://bugzilla.redhat.com/show_bug.cgi?id=1535926", - "https://bugzilla.suse.com/show_bug.cgi?id=1076832", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6003", - "https://gitlab.com/gnutls/libtasn1/commit/946565d8eb05fbf7970ea366e817581bb5a90910", - "https://usn.ubuntu.com/usn/usn-3547-1", - "https://www.debian.org/security/2018/dsa-4106" - ], - "PublishedDate": "2018-01-22T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10790", - "PkgName": "libtasn1", - "InstalledVersion": "4.10-1.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10790", - "Title": "libtasn1: NULL pointer dereference in the _asn1_check_identifier function", - "Description": "The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464141", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10790", - "https://security.gentoo.org/glsa/201710-11", - "https://usn.ubuntu.com/3547-1/", - "https://usn.ubuntu.com/usn/usn-3547-1", - "https://www.debian.org/security/2018/dsa-4106" - ], - "PublishedDate": "2017-07-02T03:29:00Z", - "LastModifiedDate": "2018-03-16T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-6891", - "PkgName": "libtasn1", - "InstalledVersion": "4.10-1.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6891", - "Title": "libtasn1: Stack-based buffer overflow in asn1_find_node()", - "Description": "Two errors in the \"asn1_find_node()\" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=5520704d075802df25ce4ffccc010ba1641bd484", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html", - "http://www.debian.org/security/2017/dsa-3861", - "http://www.securityfocus.com/bid/98641", - "http://www.securitytracker.com/id/1038619", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6891", - "https://secuniaresearch.flexerasoftware.com/advisories/76125/", - "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/", - "https://security.gentoo.org/glsa/201710-11", - "https://usn.ubuntu.com/usn/usn-3309-1", - "https://usn.ubuntu.com/usn/usn-3309-2" - ], - "PublishedDate": "2017-05-22T19:29:00Z", - "LastModifiedDate": "2019-06-05T15:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1000654", - "PkgName": "libtasn1", - "InstalledVersion": "4.10-1.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000654", - "Title": "libtasn1: Infinite loop in _asn1_expand_object_id(ptree) leads to memory exhaustion", - "Description": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 7.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html", - "http://www.securityfocus.com/bid/105151", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000654", - "https://gitlab.com/gnutls/libtasn1/issues/4" - ], - "PublishedDate": "2018-08-20T19:31:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9114", - "PkgName": "libuuid", - "InstalledVersion": "2.23.2-61.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9114", - "Title": "util-linux: command injection flaw in blkid", - "Description": "Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-77" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V2Score": 6.2 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146229.html", - "http://lists.opensuse.org/opensuse-updates/2015-01/msg00035.html", - "http://www.openwall.com/lists/oss-security/2014/11/26/21", - "http://www.securityfocus.com/bid/71327", - "https://bugzilla.redhat.com/show_bug.cgi?id=1168485", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9114", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/98993", - "https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc", - "https://security.gentoo.org/glsa/201612-14" - ], - "PublishedDate": "2017-03-31T16:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2779", - "PkgName": "libuuid", - "InstalledVersion": "2.23.2-61.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", - "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", - "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 6.2, - "V3Score": 8.6 - } - }, - "References": [ - "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", - "http://www.openwall.com/lists/oss-security/2016/02/27/1", - "http://www.openwall.com/lists/oss-security/2016/02/27/2", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" - ], - "PublishedDate": "2017-02-07T15:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5218", - "PkgName": "libuuid", - "InstalledVersion": "2.23.2-61.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5218", - "Title": "colcrt: global-buffer-overflow", - "Description": "Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2015-11/msg00035.html", - "http://www.spinics.net/lists/util-linux-ng/msg11873.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=1259322", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5218", - "https://github.com/kerolasa/lelux-utiliteetit/commit/70e3fcf293c1827a2655a86584ab13075124a8a8", - "https://github.com/kerolasa/lelux-utiliteetit/commit/d883d64d96ab9bef510745d064a351145b9babec", - "https://www.kernel.org/pub/linux/utils/util-linux/v2.27/v2.27-ReleaseNotes" - ], - "PublishedDate": "2015-11-09T16:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-5131", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5131", - "Title": "libxml2: use after free triggered by XPointer paths beginning with range-to", - "Description": "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - } - }, - "References": [ - "http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html", - "http://rhn.redhat.com/errata/RHSA-2016-1485.html", - "http://www.debian.org/security/2016/dsa-3637", - "http://www.securityfocus.com/bid/92053", - "http://www.securitytracker.com/id/1036428", - "http://www.securitytracker.com/id/1038623", - "http://www.ubuntu.com/usn/USN-3041-1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1358641", - "https://codereview.chromium.org/2127493002", - "https://crbug.com/623378", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131", - "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", - "https://security.gentoo.org/glsa/201610-09", - "https://security.gentoo.org/glsa/201701-37", - "https://source.android.com/security/bulletin/2017-05-01", - "https://support.apple.com/HT207141", - "https://support.apple.com/HT207142", - "https://support.apple.com/HT207143", - "https://support.apple.com/HT207170", - "https://usn.ubuntu.com/usn/usn-3041-1", - "https://usn.ubuntu.com/usn/usn-3235-1" - ], - "PublishedDate": "2016-07-23T19:59:00Z", - "LastModifiedDate": "2019-03-26T17:14:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15412", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15412", - "Title": "chromium-browser: use after free in libxml", - "Description": "Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 8.8 - } - }, - "References": [ - "http://www.securitytracker.com/id/1040348", - "https://access.redhat.com/errata/RHSA-2017:3401", - "https://access.redhat.com/errata/RHSA-2018:0287", - "https://bugzilla.gnome.org/show_bug.cgi?id=783160", - "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html", - "https://crbug.com/727039", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412", - "https://github.com/sparklemotion/nokogiri/issues/1714", - "https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15412.html", - "https://security.gentoo.org/glsa/201801-03", - "https://usn.ubuntu.com/usn/usn-3513-1", - "https://usn.ubuntu.com/usn/usn-3513-1/", - "https://usn.ubuntu.com/usn/usn-3513-2", - "https://www.debian.org/security/2018/dsa-4086" - ], - "PublishedDate": "2018-08-28T19:29:00Z", - "LastModifiedDate": "2018-10-25T11:35:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8035", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8035", - "Title": "libxml2: DoS when parsing specially crafted XML document if XZ support is enabled", - "Description": "The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 2.6 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html", - "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html", - "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html", - "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html", - "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html", - "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html", - "http://rhn.redhat.com/errata/RHSA-2016-1089.html", - "http://www.debian.org/security/2015/dsa-3430", - "http://www.openwall.com/lists/oss-security/2015/11/02/2", - "http://www.openwall.com/lists/oss-security/2015/11/02/4", - "http://www.openwall.com/lists/oss-security/2015/11/03/1", - "http://www.securityfocus.com/bid/77390", - "http://www.securitytracker.com/id/1034243", - "http://www.ubuntu.com/usn/USN-2812-1", - "http://xmlsoft.org/news.html", - "https://bugzilla.gnome.org/show_bug.cgi?id=757466", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", - "https://security.gentoo.org/glsa/201701-37", - "https://support.apple.com/HT206166", - "https://support.apple.com/HT206167", - "https://support.apple.com/HT206168", - "https://support.apple.com/HT206169", - "https://usn.ubuntu.com/usn/usn-2812-1" - ], - "PublishedDate": "2015-11-18T16:59:00Z", - "LastModifiedDate": "2019-03-08T16:06:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4483", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4483", - "Title": "libxml2: out-of-bounds read", - "Description": "The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://rhn.redhat.com/errata/RHSA-2016-2957.html", - "http://www.debian.org/security/2016/dsa-3593", - "http://www.openwall.com/lists/oss-security/2016/05/03/8", - "http://www.openwall.com/lists/oss-security/2016/05/04/7", - "http://www.openwall.com/lists/oss-security/2016/06/07/4", - "http://www.openwall.com/lists/oss-security/2016/06/07/5", - "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", - "http://www.securityfocus.com/bid/90013", - "http://www.securitytracker.com/id/1036348", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483", - "https://git.gnome.org/browse/libxml2/commit/?id=c97750d11bb8b6f3303e7131fe526a61ac65bcfd", - "https://security.gentoo.org/glsa/201701-37", - "https://usn.ubuntu.com/usn/usn-2994-1", - "https://www.tenable.com/security/tns-2016-18" - ], - "PublishedDate": "2017-04-11T16:59:00Z", - "LastModifiedDate": "2018-01-05T02:30:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4658", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4658", - "Title": "libxml2: Use after free via namespace node in XPointer ranges", - "Description": "xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 10, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html", - "http://www.securityfocus.com/bid/93054", - "http://www.securitytracker.com/id/1036858", - "http://www.securitytracker.com/id/1038623", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658", - "https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b", - "https://github.com/sparklemotion/nokogiri/issues/1615", - "https://nvd.nist.gov/vuln/detail/CVE-2016-4658", - "https://security.gentoo.org/glsa/201701-37", - "https://support.apple.com/HT207141", - "https://support.apple.com/HT207142", - "https://support.apple.com/HT207143", - "https://support.apple.com/HT207170", - "https://usn.ubuntu.com/usn/usn-3235-1" - ], - "PublishedDate": "2016-09-25T10:59:00Z", - "LastModifiedDate": "2019-03-13T14:05:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9318", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9318", - "Title": "libxml2: XML External Entity vulnerability", - "Description": "libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-611" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L", - "V2Score": 5.8, - "V3Score": 6.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/94347", - "https://bugzilla.gnome.org/show_bug.cgi?id=772726", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9318", - "https://github.com/lsh123/xmlsec/issues/43", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/3739-1/", - "https://usn.ubuntu.com/3739-2/", - "https://usn.ubuntu.com/usn/usn-3739-1", - "https://usn.ubuntu.com/usn/usn-3739-2" - ], - "PublishedDate": "2016-11-16T00:59:00Z", - "LastModifiedDate": "2018-08-15T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-0663", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-0663", - "Title": "libxml2: Heap buffer overflow in xmlAddID", - "Description": "A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.securityfocus.com/bid/98877", - "http://www.securitytracker.com/id/1038623", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663", - "https://security.gentoo.org/glsa/201711-01", - "https://source.android.com/security/bulletin/2017-06-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-06-14T13:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16931", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16931", - "Title": "libxml2: Mishandling parameter-entity references", - "Description": "parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://xmlsoft.org/news.html", - "https://bugzilla.gnome.org/show_bug.cgi?id=766956", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16931", - "https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html" - ], - "PublishedDate": "2017-11-23T21:29:00Z", - "LastModifiedDate": "2018-02-04T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16932", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16932", - "Title": "libxml2: Infinite recursion in parameter entities", - "Description": "parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://xmlsoft.org/news.html", - "https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html", - "https://bugzilla.gnome.org/show_bug.cgi?id=759579", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932", - "https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961", - "https://github.com/sparklemotion/nokogiri/issues/1714", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16932.html", - "https://usn.ubuntu.com/3739-1/", - "https://usn.ubuntu.com/usn/usn-3504-1", - "https://usn.ubuntu.com/usn/usn-3504-1/", - "https://usn.ubuntu.com/usn/usn-3504-2", - "https://usn.ubuntu.com/usn/usn-3739-1" - ], - "PublishedDate": "2017-11-23T21:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7375", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7375", - "Title": "libxml2: Missing validation for external entities in xmlParsePEReference", - "Description": "A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-611" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98877", - "http://www.securitytracker.com/id/1038623", - "https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa", - "https://bugzilla.redhat.com/show_bug.cgi?id=1462203", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375", - "https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e", - "https://security.gentoo.org/glsa/201711-01", - "https://source.android.com/security/bulletin/2017-06-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2", - "https://www.debian.org/security/2017/dsa-3952" - ], - "PublishedDate": "2018-02-19T19:29:00Z", - "LastModifiedDate": "2018-03-18T14:17:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9047", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9047", - "Title": "libxml2: Buffer overflow in function xmlSnprintfElementContent", - "Description": "A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content-\u003etype is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content-\u003eprefix is appended to buf (if it actually fits) whereupon (ii) content-\u003ename is written to the buffer. However, the check for whether the content-\u003ename actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about \"size\" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.openwall.com/lists/oss-security/2017/05/15/1", - "http://www.securityfocus.com/bid/98599", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-05-18T06:29:00Z", - "LastModifiedDate": "2017-11-11T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9049", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9049", - "Title": "libxml2: Heap-based buffer over-read in function xmlDictComputeFastKey", - "Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.openwall.com/lists/oss-security/2017/05/15/1", - "http://www.securityfocus.com/bid/98601", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-05-18T06:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9050", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9050", - "Title": "libxml2: Heap-based buffer over-read in function xmlDictAddString", - "Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.openwall.com/lists/oss-security/2017/05/15/1", - "http://www.securityfocus.com/bid/98568", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050", - "https://github.com/sparklemotion/nokogiri/issues/1673", - "https://nvd.nist.gov/vuln/detail/CVE-2017-9050", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0663.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7375.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7376.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9047.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9048.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9049.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9050.html", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-1/", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-05-18T06:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-14404", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14404", - "Title": "libxml2: NULL pointer dereference in xpath.c:xmlXPathCompOpEval() can allow attackers to cause a denial of service", - "Description": "A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817", - "https://bugzilla.redhat.com/show_bug.cgi?id=1595985", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14404", - "https://github.com/sparklemotion/nokogiri/issues/1785", - "https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74", - "https://gitlab.gnome.org/GNOME/libxml2/commit/a436374994c47b12d5de1b8b1d191a098fa23594", - "https://gitlab.gnome.org/GNOME/libxml2/issues/10", - "https://groups.google.com/forum/#!msg/ruby-security-ann/uVrmO2HjqQw/Fw3ocLI0BQAJ", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", - "https://nvd.nist.gov/vuln/detail/CVE-2018-14404", - "https://usn.ubuntu.com/3739-1/", - "https://usn.ubuntu.com/3739-2/", - "https://usn.ubuntu.com/usn/usn-3739-1", - "https://usn.ubuntu.com/usn/usn-3739-2" - ], - "PublishedDate": "2018-07-19T13:29:00Z", - "LastModifiedDate": "2018-09-28T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19956", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19956", - "Title": "libxml2: There's a memory leak in xmlParseBalancedChunkMemoryRecover in parser.c that could result in a crash", - "Description": "xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc-\u003eoldNs.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19956", - "https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549", - "https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html", - "https://security.netapp.com/advisory/ntap-20200114-0002/", - "https://usn.ubuntu.com/usn/usn-4274-1" - ], - "PublishedDate": "2019-12-24T16:15:00Z", - "LastModifiedDate": "2020-01-14T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2017-18258", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18258", - "Title": "libxml2: denial of service in xz_head function in xzlib.c", - "Description": "The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18258", - "https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10284", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", - "https://nvd.nist.gov/vuln/detail/CVE-2017-18258", - "https://security.netapp.com/advisory/ntap-20190719-0001/", - "https://usn.ubuntu.com/3739-1/", - "https://usn.ubuntu.com/usn/usn-3739-1" - ], - "PublishedDate": "2018-04-08T17:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-5969", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-5969", - "Title": "libxml2: Null pointer dereference in xmlSaveDoc implementation", - "Description": "** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states \"I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 2.6, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/11/05/3", - "http://www.openwall.com/lists/oss-security/2017/02/13/1", - "http://www.securityfocus.com/bid/96188", - "https://bugzilla.gnome.org/show_bug.cgi?id=778519", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5969", - "https://security.gentoo.org/glsa/201711-01" - ], - "PublishedDate": "2017-04-11T16:59:00Z", - "LastModifiedDate": "2017-11-11T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8872", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8872", - "Title": "libxml2: Out-of-bounds read in htmlParseTryOrFinish", - "Description": "The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "https://bugzilla.gnome.org/show_bug.cgi?id=775200", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8872" - ], - "PublishedDate": "2017-05-10T05:29:00Z", - "LastModifiedDate": "2017-05-15T18:37:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9048", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9048", - "Title": "libxml2: Stack-based buffer overflow in function xmlSnprintfElementContent", - "Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 \u003c size. This vulnerability causes programs that use libxml2, such as PHP, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", - "V3Score": 4.8 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.openwall.com/lists/oss-security/2017/05/15/1", - "http://www.securityfocus.com/bid/98556", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-05-18T06:29:00Z", - "LastModifiedDate": "2017-11-11T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-14567", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14567", - "Title": "libxml2: Infinite loop when --with-lzma is used allows for denial of service via crafted XML file", - "Description": "libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/105198", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14567", - "https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", - "https://usn.ubuntu.com/3739-1/", - "https://usn.ubuntu.com/usn/usn-3739-1" - ], - "PublishedDate": "2018-08-16T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2016-5131", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5131", - "Title": "libxml2: use after free triggered by XPointer paths beginning with range-to", - "Description": "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - } - }, - "References": [ - "http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html", - "http://rhn.redhat.com/errata/RHSA-2016-1485.html", - "http://www.debian.org/security/2016/dsa-3637", - "http://www.securityfocus.com/bid/92053", - "http://www.securitytracker.com/id/1036428", - "http://www.securitytracker.com/id/1038623", - "http://www.ubuntu.com/usn/USN-3041-1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1358641", - "https://codereview.chromium.org/2127493002", - "https://crbug.com/623378", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131", - "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", - "https://security.gentoo.org/glsa/201610-09", - "https://security.gentoo.org/glsa/201701-37", - "https://source.android.com/security/bulletin/2017-05-01", - "https://support.apple.com/HT207141", - "https://support.apple.com/HT207142", - "https://support.apple.com/HT207143", - "https://support.apple.com/HT207170", - "https://usn.ubuntu.com/usn/usn-3041-1", - "https://usn.ubuntu.com/usn/usn-3235-1" - ], - "PublishedDate": "2016-07-23T19:59:00Z", - "LastModifiedDate": "2019-03-26T17:14:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15412", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15412", - "Title": "chromium-browser: use after free in libxml", - "Description": "Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 8.8 - } - }, - "References": [ - "http://www.securitytracker.com/id/1040348", - "https://access.redhat.com/errata/RHSA-2017:3401", - "https://access.redhat.com/errata/RHSA-2018:0287", - "https://bugzilla.gnome.org/show_bug.cgi?id=783160", - "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html", - "https://crbug.com/727039", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412", - "https://github.com/sparklemotion/nokogiri/issues/1714", - "https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15412.html", - "https://security.gentoo.org/glsa/201801-03", - "https://usn.ubuntu.com/usn/usn-3513-1", - "https://usn.ubuntu.com/usn/usn-3513-1/", - "https://usn.ubuntu.com/usn/usn-3513-2", - "https://www.debian.org/security/2018/dsa-4086" - ], - "PublishedDate": "2018-08-28T19:29:00Z", - "LastModifiedDate": "2018-10-25T11:35:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8035", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8035", - "Title": "libxml2: DoS when parsing specially crafted XML document if XZ support is enabled", - "Description": "The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 2.6 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html", - "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html", - "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html", - "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html", - "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html", - "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html", - "http://rhn.redhat.com/errata/RHSA-2016-1089.html", - "http://www.debian.org/security/2015/dsa-3430", - "http://www.openwall.com/lists/oss-security/2015/11/02/2", - "http://www.openwall.com/lists/oss-security/2015/11/02/4", - "http://www.openwall.com/lists/oss-security/2015/11/03/1", - "http://www.securityfocus.com/bid/77390", - "http://www.securitytracker.com/id/1034243", - "http://www.ubuntu.com/usn/USN-2812-1", - "http://xmlsoft.org/news.html", - "https://bugzilla.gnome.org/show_bug.cgi?id=757466", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", - "https://security.gentoo.org/glsa/201701-37", - "https://support.apple.com/HT206166", - "https://support.apple.com/HT206167", - "https://support.apple.com/HT206168", - "https://support.apple.com/HT206169", - "https://usn.ubuntu.com/usn/usn-2812-1" - ], - "PublishedDate": "2015-11-18T16:59:00Z", - "LastModifiedDate": "2019-03-08T16:06:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4483", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4483", - "Title": "libxml2: out-of-bounds read", - "Description": "The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://rhn.redhat.com/errata/RHSA-2016-2957.html", - "http://www.debian.org/security/2016/dsa-3593", - "http://www.openwall.com/lists/oss-security/2016/05/03/8", - "http://www.openwall.com/lists/oss-security/2016/05/04/7", - "http://www.openwall.com/lists/oss-security/2016/06/07/4", - "http://www.openwall.com/lists/oss-security/2016/06/07/5", - "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", - "http://www.securityfocus.com/bid/90013", - "http://www.securitytracker.com/id/1036348", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483", - "https://git.gnome.org/browse/libxml2/commit/?id=c97750d11bb8b6f3303e7131fe526a61ac65bcfd", - "https://security.gentoo.org/glsa/201701-37", - "https://usn.ubuntu.com/usn/usn-2994-1", - "https://www.tenable.com/security/tns-2016-18" - ], - "PublishedDate": "2017-04-11T16:59:00Z", - "LastModifiedDate": "2018-01-05T02:30:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4658", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4658", - "Title": "libxml2: Use after free via namespace node in XPointer ranges", - "Description": "xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 10, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html", - "http://www.securityfocus.com/bid/93054", - "http://www.securitytracker.com/id/1036858", - "http://www.securitytracker.com/id/1038623", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658", - "https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b", - "https://github.com/sparklemotion/nokogiri/issues/1615", - "https://nvd.nist.gov/vuln/detail/CVE-2016-4658", - "https://security.gentoo.org/glsa/201701-37", - "https://support.apple.com/HT207141", - "https://support.apple.com/HT207142", - "https://support.apple.com/HT207143", - "https://support.apple.com/HT207170", - "https://usn.ubuntu.com/usn/usn-3235-1" - ], - "PublishedDate": "2016-09-25T10:59:00Z", - "LastModifiedDate": "2019-03-13T14:05:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9318", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9318", - "Title": "libxml2: XML External Entity vulnerability", - "Description": "libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-611" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L", - "V2Score": 5.8, - "V3Score": 6.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/94347", - "https://bugzilla.gnome.org/show_bug.cgi?id=772726", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9318", - "https://github.com/lsh123/xmlsec/issues/43", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/3739-1/", - "https://usn.ubuntu.com/3739-2/", - "https://usn.ubuntu.com/usn/usn-3739-1", - "https://usn.ubuntu.com/usn/usn-3739-2" - ], - "PublishedDate": "2016-11-16T00:59:00Z", - "LastModifiedDate": "2018-08-15T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-0663", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-0663", - "Title": "libxml2: Heap buffer overflow in xmlAddID", - "Description": "A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.securityfocus.com/bid/98877", - "http://www.securitytracker.com/id/1038623", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663", - "https://security.gentoo.org/glsa/201711-01", - "https://source.android.com/security/bulletin/2017-06-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-06-14T13:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16931", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16931", - "Title": "libxml2: Mishandling parameter-entity references", - "Description": "parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://xmlsoft.org/news.html", - "https://bugzilla.gnome.org/show_bug.cgi?id=766956", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16931", - "https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html" - ], - "PublishedDate": "2017-11-23T21:29:00Z", - "LastModifiedDate": "2018-02-04T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16932", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16932", - "Title": "libxml2: Infinite recursion in parameter entities", - "Description": "parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://xmlsoft.org/news.html", - "https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html", - "https://bugzilla.gnome.org/show_bug.cgi?id=759579", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932", - "https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961", - "https://github.com/sparklemotion/nokogiri/issues/1714", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16932.html", - "https://usn.ubuntu.com/3739-1/", - "https://usn.ubuntu.com/usn/usn-3504-1", - "https://usn.ubuntu.com/usn/usn-3504-1/", - "https://usn.ubuntu.com/usn/usn-3504-2", - "https://usn.ubuntu.com/usn/usn-3739-1" - ], - "PublishedDate": "2017-11-23T21:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7375", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7375", - "Title": "libxml2: Missing validation for external entities in xmlParsePEReference", - "Description": "A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-611" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98877", - "http://www.securitytracker.com/id/1038623", - "https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa", - "https://bugzilla.redhat.com/show_bug.cgi?id=1462203", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375", - "https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e", - "https://security.gentoo.org/glsa/201711-01", - "https://source.android.com/security/bulletin/2017-06-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2", - "https://www.debian.org/security/2017/dsa-3952" - ], - "PublishedDate": "2018-02-19T19:29:00Z", - "LastModifiedDate": "2018-03-18T14:17:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9047", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9047", - "Title": "libxml2: Buffer overflow in function xmlSnprintfElementContent", - "Description": "A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content-\u003etype is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content-\u003eprefix is appended to buf (if it actually fits) whereupon (ii) content-\u003ename is written to the buffer. However, the check for whether the content-\u003ename actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about \"size\" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.openwall.com/lists/oss-security/2017/05/15/1", - "http://www.securityfocus.com/bid/98599", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-05-18T06:29:00Z", - "LastModifiedDate": "2017-11-11T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9049", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9049", - "Title": "libxml2: Heap-based buffer over-read in function xmlDictComputeFastKey", - "Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.openwall.com/lists/oss-security/2017/05/15/1", - "http://www.securityfocus.com/bid/98601", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-05-18T06:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9050", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9050", - "Title": "libxml2: Heap-based buffer over-read in function xmlDictAddString", - "Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.openwall.com/lists/oss-security/2017/05/15/1", - "http://www.securityfocus.com/bid/98568", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050", - "https://github.com/sparklemotion/nokogiri/issues/1673", - "https://nvd.nist.gov/vuln/detail/CVE-2017-9050", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0663.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7375.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7376.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9047.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9048.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9049.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9050.html", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-1/", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-05-18T06:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-14404", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14404", - "Title": "libxml2: NULL pointer dereference in xpath.c:xmlXPathCompOpEval() can allow attackers to cause a denial of service", - "Description": "A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817", - "https://bugzilla.redhat.com/show_bug.cgi?id=1595985", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14404", - "https://github.com/sparklemotion/nokogiri/issues/1785", - "https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74", - "https://gitlab.gnome.org/GNOME/libxml2/commit/a436374994c47b12d5de1b8b1d191a098fa23594", - "https://gitlab.gnome.org/GNOME/libxml2/issues/10", - "https://groups.google.com/forum/#!msg/ruby-security-ann/uVrmO2HjqQw/Fw3ocLI0BQAJ", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", - "https://nvd.nist.gov/vuln/detail/CVE-2018-14404", - "https://usn.ubuntu.com/3739-1/", - "https://usn.ubuntu.com/3739-2/", - "https://usn.ubuntu.com/usn/usn-3739-1", - "https://usn.ubuntu.com/usn/usn-3739-2" - ], - "PublishedDate": "2018-07-19T13:29:00Z", - "LastModifiedDate": "2018-09-28T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19956", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19956", - "Title": "libxml2: There's a memory leak in xmlParseBalancedChunkMemoryRecover in parser.c that could result in a crash", - "Description": "xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc-\u003eoldNs.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19956", - "https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549", - "https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html", - "https://security.netapp.com/advisory/ntap-20200114-0002/", - "https://usn.ubuntu.com/usn/usn-4274-1" - ], - "PublishedDate": "2019-12-24T16:15:00Z", - "LastModifiedDate": "2020-01-14T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2017-18258", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18258", - "Title": "libxml2: denial of service in xz_head function in xzlib.c", - "Description": "The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18258", - "https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10284", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", - "https://nvd.nist.gov/vuln/detail/CVE-2017-18258", - "https://security.netapp.com/advisory/ntap-20190719-0001/", - "https://usn.ubuntu.com/3739-1/", - "https://usn.ubuntu.com/usn/usn-3739-1" - ], - "PublishedDate": "2018-04-08T17:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-5969", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-5969", - "Title": "libxml2: Null pointer dereference in xmlSaveDoc implementation", - "Description": "** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states \"I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 2.6, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/11/05/3", - "http://www.openwall.com/lists/oss-security/2017/02/13/1", - "http://www.securityfocus.com/bid/96188", - "https://bugzilla.gnome.org/show_bug.cgi?id=778519", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5969", - "https://security.gentoo.org/glsa/201711-01" - ], - "PublishedDate": "2017-04-11T16:59:00Z", - "LastModifiedDate": "2017-11-11T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8872", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8872", - "Title": "libxml2: Out-of-bounds read in htmlParseTryOrFinish", - "Description": "The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "https://bugzilla.gnome.org/show_bug.cgi?id=775200", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8872" - ], - "PublishedDate": "2017-05-10T05:29:00Z", - "LastModifiedDate": "2017-05-15T18:37:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9048", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9048", - "Title": "libxml2: Stack-based buffer overflow in function xmlSnprintfElementContent", - "Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 \u003c size. This vulnerability causes programs that use libxml2, such as PHP, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", - "V3Score": 4.8 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.openwall.com/lists/oss-security/2017/05/15/1", - "http://www.securityfocus.com/bid/98556", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-05-18T06:29:00Z", - "LastModifiedDate": "2017-11-11T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-14567", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14567", - "Title": "libxml2: Infinite loop when --with-lzma is used allows for denial of service via crafted XML file", - "Description": "libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/105198", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14567", - "https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", - "https://usn.ubuntu.com/3739-1/", - "https://usn.ubuntu.com/usn/usn-3739-1" - ], - "PublishedDate": "2018-08-16T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2014-5461", - "PkgName": "lua", - "InstalledVersion": "5.1.4-15.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-5461", - "Title": "lua: overflow flaw in vararg functions", - "Description": "Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 4.4 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0414.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00030.html", - "http://secunia.com/advisories/59890", - "http://secunia.com/advisories/60869", - "http://secunia.com/advisories/61411", - "http://www.debian.org/security/2014/dsa-3015", - "http://www.debian.org/security/2014/dsa-3016", - "http://www.lua.org/bugs.html#5.2.2-1", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:144", - "http://www.openwall.com/lists/oss-security/2014/08/21/1", - "http://www.openwall.com/lists/oss-security/2014/08/21/4", - "http://www.openwall.com/lists/oss-security/2014/08/27/2", - "http://www.securityfocus.com/bid/69342", - "http://www.ubuntu.com/usn/USN-2338-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5461", - "https://security.gentoo.org/glsa/201701-53", - "https://usn.ubuntu.com/usn/usn-2338-1" - ], - "PublishedDate": "2014-09-04T17:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17543", - "PkgName": "lz4", - "InstalledVersion": "1.7.5-3.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17543", - "Title": "lz4: heap-based buffer overflow in LZ4_write32", - "Description": "LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states \"only a few specific / uncommon usages of the API are at risk.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-120" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00069.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00070.html", - "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15941", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17543", - "https://github.com/lz4/lz4/compare/v1.9.1...v1.9.2", - "https://github.com/lz4/lz4/issues/801", - "https://github.com/lz4/lz4/pull/756", - "https://github.com/lz4/lz4/pull/760", - "https://lists.apache.org/thread.html/25015588b770d67470b7ba7ea49a305d6735dd7f00eabe7d50ec1e17@%3Cissues.arrow.apache.org%3E", - "https://lists.apache.org/thread.html/793012683dc0fa6819b7c2560e6cf990811014c40c7d75412099c357@%3Cissues.arrow.apache.org%3E", - "https://lists.apache.org/thread.html/9ff0606d16be2ab6a81619e1c9e23c3e251756638e36272c8c8b7fa3@%3Cissues.arrow.apache.org%3E", - "https://lists.apache.org/thread.html/f0038c4fab2ee25aee849ebeff6b33b3aa89e07ccfb06b5c87b36316@%3Cissues.arrow.apache.org%3E", - "https://lists.apache.org/thread.html/f506bc371d4a068d5d84d7361293568f61167d3a1c3e91f0def2d7d3@%3Cdev.arrow.apache.org%3E" - ], - "PublishedDate": "2019-10-14T02:15:00Z", - "LastModifiedDate": "2019-10-24T15:15:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10684", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10684", - "Title": "ncurses: Stack-based buffer overflow in fmt_entry function in dump_entry.c", - "Description": "In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", - "V3Score": 5.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464687", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10684", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-06-29T23:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10685", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10685", - "Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function", - "Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-134" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464692", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-06-29T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17594", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", - "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-26T15:35:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17595", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", - "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-23T19:26:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11112", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11112", - "Title": "ncurses: Illegal address access in append_acs function", - "Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464686", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11113", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11113", - "Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function", - "Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464691", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2019-05-06T15:00:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13728", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13728", - "Title": "ncurses: Infinite loop in the next_char function", - "Description": "There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484274", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13729", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13729", - "Title": "ncurses: Illegal address access in the _nc_save_str function", - "Description": "There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13729", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13730", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13730", - "Title": "ncurses: Illegal address access in the function _nc_read_entry_source()", - "Description": "There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484284", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13730", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13731", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13731", - "Title": "ncurses: Illegal address access in the function postprocess_termcap()", - "Description": "There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484285", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13731", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13732", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13732", - "Title": "ncurses: Illegal address access in the function dump_uses()", - "Description": "There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484287", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13732", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13733", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13733", - "Title": "ncurses: Illegal address access in the function fmt_entry", - "Description": "There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484290", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13733", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13734", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13734", - "Title": "ncurses: Illegal address access in the function _nc_safe_strcat", - "Description": "There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484291", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13734", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16879", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16879", - "Title": "ncurses: Stack-based buffer overflow in the _nc_write_entry function", - "Description": "Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.5 - } - }, - "References": [ - "http://invisible-island.net/ncurses/NEWS.html#t20171125", - "http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16879", - "https://security.gentoo.org/glsa/201804-13", - "https://tools.cisco.com/security/center/viewAlert.x?alertId=57695" - ], - "PublishedDate": "2017-11-22T22:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19211", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19211", - "Title": "ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c", - "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1643754", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19211" - ], - "PublishedDate": "2018-11-12T19:29:00Z", - "LastModifiedDate": "2019-04-23T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19217", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19217", - "Title": "ncurses: Null pointer dereference at function _nc_name_match", - "Description": "** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1643753", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19217" - ], - "PublishedDate": "2018-11-12T19:29:00Z", - "LastModifiedDate": "2019-04-18T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10684", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10684", - "Title": "ncurses: Stack-based buffer overflow in fmt_entry function in dump_entry.c", - "Description": "In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", - "V3Score": 5.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464687", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10684", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-06-29T23:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10685", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10685", - "Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function", - "Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-134" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464692", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-06-29T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17594", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", - "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-26T15:35:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17595", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", - "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-23T19:26:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11112", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11112", - "Title": "ncurses: Illegal address access in append_acs function", - "Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464686", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11113", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11113", - "Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function", - "Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464691", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2019-05-06T15:00:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13728", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13728", - "Title": "ncurses: Infinite loop in the next_char function", - "Description": "There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484274", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13729", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13729", - "Title": "ncurses: Illegal address access in the _nc_save_str function", - "Description": "There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13729", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13730", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13730", - "Title": "ncurses: Illegal address access in the function _nc_read_entry_source()", - "Description": "There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484284", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13730", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13731", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13731", - "Title": "ncurses: Illegal address access in the function postprocess_termcap()", - "Description": "There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484285", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13731", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13732", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13732", - "Title": "ncurses: Illegal address access in the function dump_uses()", - "Description": "There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484287", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13732", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13733", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13733", - "Title": "ncurses: Illegal address access in the function fmt_entry", - "Description": "There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484290", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13733", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13734", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13734", - "Title": "ncurses: Illegal address access in the function _nc_safe_strcat", - "Description": "There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484291", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13734", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16879", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16879", - "Title": "ncurses: Stack-based buffer overflow in the _nc_write_entry function", - "Description": "Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.5 - } - }, - "References": [ - "http://invisible-island.net/ncurses/NEWS.html#t20171125", - "http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16879", - "https://security.gentoo.org/glsa/201804-13", - "https://tools.cisco.com/security/center/viewAlert.x?alertId=57695" - ], - "PublishedDate": "2017-11-22T22:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19211", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19211", - "Title": "ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c", - "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1643754", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19211" - ], - "PublishedDate": "2018-11-12T19:29:00Z", - "LastModifiedDate": "2019-04-23T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19217", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19217", - "Title": "ncurses: Null pointer dereference at function _nc_name_match", - "Description": "** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1643753", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19217" - ], - "PublishedDate": "2018-11-12T19:29:00Z", - "LastModifiedDate": "2019-04-18T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10684", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10684", - "Title": "ncurses: Stack-based buffer overflow in fmt_entry function in dump_entry.c", - "Description": "In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", - "V3Score": 5.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464687", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10684", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-06-29T23:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10685", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10685", - "Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function", - "Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-134" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464692", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-06-29T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17594", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", - "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-26T15:35:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17595", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", - "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-23T19:26:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11112", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11112", - "Title": "ncurses: Illegal address access in append_acs function", - "Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464686", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11113", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11113", - "Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function", - "Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464691", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2019-05-06T15:00:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13728", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13728", - "Title": "ncurses: Infinite loop in the next_char function", - "Description": "There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484274", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13729", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13729", - "Title": "ncurses: Illegal address access in the _nc_save_str function", - "Description": "There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13729", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13730", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13730", - "Title": "ncurses: Illegal address access in the function _nc_read_entry_source()", - "Description": "There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484284", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13730", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13731", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13731", - "Title": "ncurses: Illegal address access in the function postprocess_termcap()", - "Description": "There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484285", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13731", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13732", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13732", - "Title": "ncurses: Illegal address access in the function dump_uses()", - "Description": "There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484287", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13732", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13733", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13733", - "Title": "ncurses: Illegal address access in the function fmt_entry", - "Description": "There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484290", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13733", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13734", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13734", - "Title": "ncurses: Illegal address access in the function _nc_safe_strcat", - "Description": "There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484291", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13734", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16879", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16879", - "Title": "ncurses: Stack-based buffer overflow in the _nc_write_entry function", - "Description": "Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.5 - } - }, - "References": [ - "http://invisible-island.net/ncurses/NEWS.html#t20171125", - "http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16879", - "https://security.gentoo.org/glsa/201804-13", - "https://tools.cisco.com/security/center/viewAlert.x?alertId=57695" - ], - "PublishedDate": "2017-11-22T22:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19211", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19211", - "Title": "ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c", - "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1643754", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19211" - ], - "PublishedDate": "2018-11-12T19:29:00Z", - "LastModifiedDate": "2019-04-23T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19217", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19217", - "Title": "ncurses: Null pointer dereference at function _nc_name_match", - "Description": "** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1643753", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19217" - ], - "PublishedDate": "2018-11-12T19:29:00Z", - "LastModifiedDate": "2019-04-18T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-1951", - "PkgName": "nspr", - "InstalledVersion": "4.21.0-1.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1951", - "Title": "nspr: Memory allocation issue related to PR_*printf functions", - "Description": "Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before 4.12 allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long string to a PR_*printf function.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", - "V2Score": 7.5, - "V3Score": 8.6 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - } - }, - "References": [ - "http://www.securityfocus.com/bid/92385", - "http://www.securitytracker.com/id/1036590", - "http://www.ubuntu.com/usn/USN-3023-1", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1174015", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1951", - "https://groups.google.com/forum/#!topic/mozilla.dev.tech.nspr/dV4MyMsg6jw", - "https://groups.google.com/forum/message/raw?msg=mozilla.dev.tech.nspr/dV4MyMsg6jw/hhWcXOgJDQAJ", - "https://hg.mozilla.org/projects/nspr/rev/96381e3aaae2", - "https://usn.ubuntu.com/usn/usn-3023-1", - "https://usn.ubuntu.com/usn/usn-3028-1" - ], - "PublishedDate": "2016-08-07T19:59:00Z", - "LastModifiedDate": "2016-11-28T20:02:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss", - "InstalledVersion": "3.44.0-4.el7", - "FixedVersion": "3.44.0-7.el7_7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2808", - "PkgName": "nss", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2808", - "Title": "SSL/TLS: \"Invariance Weakness\" vulnerability in RC4 stream cipher", - "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", - "http://linux.oracle.com/cve/CVE-2015-2808.html", - "http://linux.oracle.com/errata/ELSA-2015-1526.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html", - "http://marc.info/?l=bugtraq\u0026m=143456209711959\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143629696317098\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144059660127919\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144059703728085\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144104565600964\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2", - "http://rhn.redhat.com/errata/RHSA-2015-1006.html", - "http://rhn.redhat.com/errata/RHSA-2015-1007.html", - "http://rhn.redhat.com/errata/RHSA-2015-1020.html", - "http://rhn.redhat.com/errata/RHSA-2015-1021.html", - "http://rhn.redhat.com/errata/RHSA-2015-1091.html", - "http://rhn.redhat.com/errata/RHSA-2015-1228.html", - "http://rhn.redhat.com/errata/RHSA-2015-1229.html", - "http://rhn.redhat.com/errata/RHSA-2015-1230.html", - "http://rhn.redhat.com/errata/RHSA-2015-1241.html", - "http://rhn.redhat.com/errata/RHSA-2015-1242.html", - "http://rhn.redhat.com/errata/RHSA-2015-1243.html", - "http://rhn.redhat.com/errata/RHSA-2015-1526.html", - "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888", - "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892", - "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", - "http://www-304.ibm.com/support/docview.wss?uid=swg21903565", - "http://www-304.ibm.com/support/docview.wss?uid=swg21960015", - "http://www-304.ibm.com/support/docview.wss?uid=swg21960769", - "http://www.debian.org/security/2015/dsa-3316", - "http://www.debian.org/security/2015/dsa-3339", - "http://www.huawei.com/en/psirt/security-advisories/hw-454055", - "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "http://www.securityfocus.com/bid/73684", - "http://www.securityfocus.com/bid/91787", - "http://www.securitytracker.com/id/1032599", - "http://www.securitytracker.com/id/1032600", - "http://www.securitytracker.com/id/1032707", - "http://www.securitytracker.com/id/1032708", - "http://www.securitytracker.com/id/1032734", - "http://www.securitytracker.com/id/1032788", - "http://www.securitytracker.com/id/1032858", - "http://www.securitytracker.com/id/1032868", - "http://www.securitytracker.com/id/1032910", - "http://www.securitytracker.com/id/1032990", - "http://www.securitytracker.com/id/1033071", - "http://www.securitytracker.com/id/1033072", - "http://www.securitytracker.com/id/1033386", - "http://www.securitytracker.com/id/1033415", - "http://www.securitytracker.com/id/1033431", - "http://www.securitytracker.com/id/1033432", - "http://www.securitytracker.com/id/1033737", - "http://www.securitytracker.com/id/1033769", - "http://www.securitytracker.com/id/1036222", - "http://www.ubuntu.com/usn/USN-2696-1", - "http://www.ubuntu.com/usn/USN-2706-1", - "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808", - "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", - "https://kb.juniper.net/JSA10783", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163", - "https://security.gentoo.org/glsa/201512-10", - "https://usn.ubuntu.com/usn/usn-2696-1", - "https://usn.ubuntu.com/usn/usn-2706-1", - "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709", - "https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf" - ], - "PublishedDate": "2015-04-01T02:00:00Z", - "LastModifiedDate": "2018-01-18T18:18:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2183", - "PkgName": "nss", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2183", - "Title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)", - "Description": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.7 - } - }, - "References": [ - "http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/5d2bb853ae31", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759", - "http://linux.oracle.com/cve/CVE-2016-2183.html", - "http://linux.oracle.com/errata/ELSA-2018-2123.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", - "http://rhn.redhat.com/errata/RHSA-2017-0336.html", - "http://rhn.redhat.com/errata/RHSA-2017-0337.html", - "http://rhn.redhat.com/errata/RHSA-2017-0338.html", - "http://rhn.redhat.com/errata/RHSA-2017-0462.html", - "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697", - "http://www-01.ibm.com/support/docview.wss?uid=swg21991482", - "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", - "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", - "http://www.securityfocus.com/bid/92630", - "http://www.securityfocus.com/bid/95568", - "http://www.securitytracker.com/id/1036696", - "http://www.splunk.com/view/SP-CAAAPSV", - "http://www.splunk.com/view/SP-CAAAPUE", - "https://access.redhat.com/articles/2548661", - "https://access.redhat.com/errata/RHSA-2016:1940", - "https://access.redhat.com/errata/RHSA-2017:1216", - "https://access.redhat.com/errata/RHSA-2017:2708", - "https://access.redhat.com/errata/RHSA-2017:2709", - "https://access.redhat.com/errata/RHSA-2017:2710", - "https://access.redhat.com/errata/RHSA-2017:3113", - "https://access.redhat.com/errata/RHSA-2017:3114", - "https://access.redhat.com/errata/RHSA-2017:3239", - "https://access.redhat.com/errata/RHSA-2017:3240", - "https://access.redhat.com/errata/RHSA-2018:2123", - "https://access.redhat.com/errata/RHSA-2019:1245", - "https://access.redhat.com/errata/RHSA-2019:2859", - "https://access.redhat.com/security/cve/cve-2016-2183", - "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/", - "https://bto.bluecoat.com/security-advisory/sa133", - "https://bugzilla.redhat.com/show_bug.cgi?id=1369383", - "https://community.qualys.com/thread/16555", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183", - "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03765en_us", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849", - "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", - "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171", - "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/", - "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", - "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvb05575", - "https://security-tracker.debian.org/tracker/CVE-2016-2183", - "https://security.gentoo.org/glsa/201612-16", - "https://security.gentoo.org/glsa/201701-65", - "https://security.gentoo.org/glsa/201707-01", - "https://security.netapp.com/advisory/ntap-20160915-0001/", - "https://security.netapp.com/advisory/ntap-20170119-0001/", - "https://sweet32.info/", - "https://twitter.com/symantec/status/768786631159603200", - "https://usn.ubuntu.com/usn/usn-3087-1", - "https://usn.ubuntu.com/usn/usn-3179-1", - "https://usn.ubuntu.com/usn/usn-3194-1", - "https://usn.ubuntu.com/usn/usn-3198-1", - "https://usn.ubuntu.com/usn/usn-3270-1", - "https://usn.ubuntu.com/usn/usn-3372-1", - "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html", - "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008", - "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/", - "https://www.openssl.org/blog/blog/2016/08/24/sweet32/", - "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "https://www.sigsac.org/ccs/CCS2016/accepted-papers/", - "https://www.suse.com/security/cve/CVE-2016-2183.html", - "https://www.tenable.com/security/tns-2016-16", - "https://www.tenable.com/security/tns-2016-20", - "https://www.tenable.com/security/tns-2016-21", - "https://www.tenable.com/security/tns-2017-09", - "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue" - ], - "PublishedDate": "2016-09-01T00:59:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9074", - "PkgName": "nss", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9074", - "Title": "nss: Insufficient timing side-channel resistance in divSpoiler", - "Description": "An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/94341", - "http://www.securitytracker.com/id/1037298", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1293334", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", - "https://security.gentoo.org/glsa/201701-15", - "https://security.gentoo.org/glsa/201701-46", - "https://usn.ubuntu.com/usn/usn-3163-1", - "https://www.debian.org/security/2016/dsa-3730", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9074", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/", - "https://www.mozilla.org/security/advisories/mfsa2016-89/", - "https://www.mozilla.org/security/advisories/mfsa2016-90/", - "https://www.mozilla.org/security/advisories/mfsa2016-93/" - ], - "PublishedDate": "2018-06-11T21:29:00Z", - "LastModifiedDate": "2018-08-09T15:12:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9574", - "PkgName": "nss", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9574", - "Title": "nss: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA", - "Description": "nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-384" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - } - }, - "References": [ - "https://bugzilla.mozilla.org/show_bug.cgi?id=1320695", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9574", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9574" - ], - "PublishedDate": "2018-07-19T13:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18508", - "PkgName": "nss", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18508", - "Title": "nss: NULL pointer dereference in several CMS functions resulting in a denial of service", - "Description": "No description is available for this CVE.", - "Severity": "MEDIUM", - "CVSS": { - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18508.html", - "http://linux.oracle.com/errata/ELSA-2019-1951.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.42.1_release_notes", - "https://usn.ubuntu.com/usn/usn-3898-1", - "https://usn.ubuntu.com/usn/usn-3898-2" +{ + "SchemaVersion": 2, + "ArtifactName": "testdata/fixtures/images/ubi-7.tar.gz", + "ArtifactType": "container_image", + "Metadata": { + "OS": { + "Family": "redhat", + "Name": "7.7" + }, + "ImageID": "sha256:6fecccc91c83e11ae4fede6793e9410841221d4779520c2b9e9fb7f7b3830264", + "DiffIDs": [ + "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac", + "sha256:ecb0311889b3478bc9b62660fa9391d5ebf8da4c6ae143cb33434873668f9e36" + ], + "ImageConfig": { + "architecture": "amd64", + "created": "2019-09-02T12:56:43.939095Z", + "docker_version": "1.13.1", + "history": [ + { + "created": "2019-09-02T12:56:36.440695936Z", + "comment": "Imported from -" + }, + { + "created": "2019-09-02T12:56:43.939095Z" + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac", + "sha256:ecb0311889b3478bc9b62660fa9391d5ebf8da4c6ae143cb33434873668f9e36" ] }, - { - "VulnerabilityID": "CVE-2019-11719", - "PkgName": "nss", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11719", - "Title": "nss: Out-of-bounds read when importing curve25519 private key", - "Description": "When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11719.html", - "http://linux.oracle.com/errata/ELSA-2019-1951.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1540541", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11719", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11719", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11719", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11729", - "PkgName": "nss", - "InstalledVersion": "3.44.0-4.el7", - "FixedVersion": "3.44.0-7.el7_7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", - "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", - "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11729.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11756", - "PkgName": "nss", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11756", - "Title": "nss: UAF in sftk_FreeSession due to improper refcounting", - "Description": "Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox \u003c 71.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.1 - } - }, - "References": [ - "https://bugzilla.mozilla.org/show_bug.cgi?id=1508776", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11756", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47_release_notes", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-11756", - "https://www.mozilla.org/security/advisories/mfsa2019-36/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-13T18:02:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17006", - "PkgName": "nss", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17006", - "Title": "nss: Check length of inputs for cryptographic primitives", - "Description": "A vulnerability was discovered in nss where input text length was not checked when using certain cryptographic primitives. This could lead to a heap-buffer overflow resulting in a crash and data leak. The highest threat is to confidentiality and integrity of data as well as system availability.", - "Severity": "MEDIUM", - "CVSS": { - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes", - "https://hg.mozilla.org/projects/nss/rev/9d1f5e71773d4e3146524096d74cb96c8df51abe", - "https://hg.mozilla.org/projects/nss/rev/dfd6996fe7425eb0437346d11a01082f16fcfe34", - "https://usn.ubuntu.com/usn/usn-4231-1" - ] - }, - { - "VulnerabilityID": "CVE-2019-11727", - "PkgName": "nss", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11727", - "Title": "nss: PKCS#1 v1.5 signatures can be used for TLS 1.3", - "Description": "A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox \u003c 68.", - "Severity": "LOW", - "CweIDs": [ - "CWE-295" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", - "V3Score": 3.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11727.html", - "http://linux.oracle.com/errata/ELSA-2019-1951.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1552208", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11727", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11727", - "https://www.mozilla.org/security/advisories/mfsa2019-21/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-30T23:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17023", - "PkgName": "nss", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17023", - "Title": "nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state", - "Description": "After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox \u003c 72.", - "Severity": "LOW", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", - "V3Score": 5.3 - } - }, - "References": [ - "https://bugzilla.mozilla.org/show_bug.cgi?id=1590001", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.49_release_notes", - "https://usn.ubuntu.com/4234-1/", - "https://usn.ubuntu.com/usn/usn-4234-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17023", - "https://www.mozilla.org/security/advisories/mfsa2020-01/" - ], - "PublishedDate": "2020-01-08T22:15:00Z", - "LastModifiedDate": "2020-01-13T19:43:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-softokn", - "InstalledVersion": "3.44.0-5.el7", - "FixedVersion": "3.44.0-8.el7_7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2613", - "PkgName": "nss-softokn", - "InstalledVersion": "3.44.0-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2613", - "Title": "NSS / JCE: missing EC parameter validation in ECDH_Derive() (OpenJDK JCE, 8075833)", - "Description": "Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - } - }, - "References": [ - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", - "http://rhn.redhat.com/errata/RHSA-2015-1241.html", - "http://rhn.redhat.com/errata/RHSA-2015-1242.html", - "http://rhn.redhat.com/errata/RHSA-2015-1485.html", - "http://rhn.redhat.com/errata/RHSA-2015-1488.html", - "http://www.debian.org/security/2015/dsa-3316", - "http://www.debian.org/security/2015/dsa-3339", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA", - "http://www.securityfocus.com/bid/75871", - "http://www.securitytracker.com/id/1032910", - "http://www.ubuntu.com/usn/USN-2696-1", - "http://www.ubuntu.com/usn/USN-2706-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10139", - "https://security.gentoo.org/glsa/201603-11", - "https://security.gentoo.org/glsa/201603-14", - "https://usn.ubuntu.com/usn/usn-2696-1" - ], - "PublishedDate": "2015-07-16T10:59:00Z", - "LastModifiedDate": "2018-01-05T02:30:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7781", - "PkgName": "nss-softokn", - "InstalledVersion": "3.44.0-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7781", - "Title": "Mozilla: Elliptic curve point addition error when using mixed Jacobian-affine coordinates (MFSA 2017-18)", - "Description": "An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result \"POINT_AT_INFINITY\" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret. This vulnerability affects Firefox \u003c 55.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V3Score": 6.1 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100383", - "http://www.securitytracker.com/id/1039124", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1352039", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7781", - "https://usn.ubuntu.com/usn/usn-3391-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7781", - "https://www.mozilla.org/security/advisories/mfsa2017-18/" - ], - "PublishedDate": "2018-06-11T21:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11729", - "PkgName": "nss-softokn", - "InstalledVersion": "3.44.0-5.el7", - "FixedVersion": "3.44.0-8.el7_7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", - "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", - "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11729.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-1938", - "PkgName": "nss-softokn", - "InstalledVersion": "3.44.0-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1938", - "Title": "Mozilla NSS: Errors in mp_div and mp_exptmod cryptographic functions", - "Description": "The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.", - "Severity": "LOW", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V2Score": 6.4, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 2.6 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html", - "http://www.debian.org/security/2016/dsa-3688", - "http://www.mozilla.org/security/announce/2016/mfsa2016-07.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "http://www.securityfocus.com/bid/81955", - "http://www.securityfocus.com/bid/91787", - "http://www.securitytracker.com/id/1034825", - "http://www.ubuntu.com/usn/USN-2880-1", - "http://www.ubuntu.com/usn/USN-2880-2", - "http://www.ubuntu.com/usn/USN-2903-1", - "http://www.ubuntu.com/usn/USN-2903-2", - "http://www.ubuntu.com/usn/USN-2973-1", - "https://blog.fuzzing-project.org/37-Mozilla-NSS-Wrong-calculation-results-in-mp_div-and-mp_exptmod.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1190248", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1194947", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1938", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes", - "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_div.c", - "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_exptmod.c", - "https://hg.mozilla.org/projects/nss/diff/a555bf0fc23a/lib/freebl/mpi/mpi.c", - "https://security.gentoo.org/glsa/201605-06", - "https://security.gentoo.org/glsa/201701-46", - "https://usn.ubuntu.com/usn/usn-2880-1", - "https://usn.ubuntu.com/usn/usn-2903-1", - "https://usn.ubuntu.com/usn/usn-2973-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-07/" - ], - "PublishedDate": "2016-01-31T18:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.44.0-5.el7", - "FixedVersion": "3.44.0-8.el7_7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2613", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.44.0-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2613", - "Title": "NSS / JCE: missing EC parameter validation in ECDH_Derive() (OpenJDK JCE, 8075833)", - "Description": "Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - } - }, - "References": [ - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", - "http://rhn.redhat.com/errata/RHSA-2015-1241.html", - "http://rhn.redhat.com/errata/RHSA-2015-1242.html", - "http://rhn.redhat.com/errata/RHSA-2015-1485.html", - "http://rhn.redhat.com/errata/RHSA-2015-1488.html", - "http://www.debian.org/security/2015/dsa-3316", - "http://www.debian.org/security/2015/dsa-3339", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA", - "http://www.securityfocus.com/bid/75871", - "http://www.securitytracker.com/id/1032910", - "http://www.ubuntu.com/usn/USN-2696-1", - "http://www.ubuntu.com/usn/USN-2706-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10139", - "https://security.gentoo.org/glsa/201603-11", - "https://security.gentoo.org/glsa/201603-14", - "https://usn.ubuntu.com/usn/usn-2696-1" - ], - "PublishedDate": "2015-07-16T10:59:00Z", - "LastModifiedDate": "2018-01-05T02:30:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7781", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.44.0-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7781", - "Title": "Mozilla: Elliptic curve point addition error when using mixed Jacobian-affine coordinates (MFSA 2017-18)", - "Description": "An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result \"POINT_AT_INFINITY\" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret. This vulnerability affects Firefox \u003c 55.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V3Score": 6.1 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100383", - "http://www.securitytracker.com/id/1039124", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1352039", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7781", - "https://usn.ubuntu.com/usn/usn-3391-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7781", - "https://www.mozilla.org/security/advisories/mfsa2017-18/" - ], - "PublishedDate": "2018-06-11T21:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11729", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.44.0-5.el7", - "FixedVersion": "3.44.0-8.el7_7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", - "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", - "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11729.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-1938", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.44.0-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1938", - "Title": "Mozilla NSS: Errors in mp_div and mp_exptmod cryptographic functions", - "Description": "The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.", - "Severity": "LOW", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V2Score": 6.4, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 2.6 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html", - "http://www.debian.org/security/2016/dsa-3688", - "http://www.mozilla.org/security/announce/2016/mfsa2016-07.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "http://www.securityfocus.com/bid/81955", - "http://www.securityfocus.com/bid/91787", - "http://www.securitytracker.com/id/1034825", - "http://www.ubuntu.com/usn/USN-2880-1", - "http://www.ubuntu.com/usn/USN-2880-2", - "http://www.ubuntu.com/usn/USN-2903-1", - "http://www.ubuntu.com/usn/USN-2903-2", - "http://www.ubuntu.com/usn/USN-2973-1", - "https://blog.fuzzing-project.org/37-Mozilla-NSS-Wrong-calculation-results-in-mp_div-and-mp_exptmod.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1190248", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1194947", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1938", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes", - "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_div.c", - "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_exptmod.c", - "https://hg.mozilla.org/projects/nss/diff/a555bf0fc23a/lib/freebl/mpi/mpi.c", - "https://security.gentoo.org/glsa/201605-06", - "https://security.gentoo.org/glsa/201701-46", - "https://usn.ubuntu.com/usn/usn-2880-1", - "https://usn.ubuntu.com/usn/usn-2903-1", - "https://usn.ubuntu.com/usn/usn-2973-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-07/" - ], - "PublishedDate": "2016-01-31T18:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.44.0-4.el7", - "FixedVersion": "3.44.0-7.el7_7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2808", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2808", - "Title": "SSL/TLS: \"Invariance Weakness\" vulnerability in RC4 stream cipher", - "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", - "http://linux.oracle.com/cve/CVE-2015-2808.html", - "http://linux.oracle.com/errata/ELSA-2015-1526.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html", - "http://marc.info/?l=bugtraq\u0026m=143456209711959\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143629696317098\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144059660127919\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144059703728085\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144104565600964\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2", - "http://rhn.redhat.com/errata/RHSA-2015-1006.html", - "http://rhn.redhat.com/errata/RHSA-2015-1007.html", - "http://rhn.redhat.com/errata/RHSA-2015-1020.html", - "http://rhn.redhat.com/errata/RHSA-2015-1021.html", - "http://rhn.redhat.com/errata/RHSA-2015-1091.html", - "http://rhn.redhat.com/errata/RHSA-2015-1228.html", - "http://rhn.redhat.com/errata/RHSA-2015-1229.html", - "http://rhn.redhat.com/errata/RHSA-2015-1230.html", - "http://rhn.redhat.com/errata/RHSA-2015-1241.html", - "http://rhn.redhat.com/errata/RHSA-2015-1242.html", - "http://rhn.redhat.com/errata/RHSA-2015-1243.html", - "http://rhn.redhat.com/errata/RHSA-2015-1526.html", - "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888", - "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892", - "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", - "http://www-304.ibm.com/support/docview.wss?uid=swg21903565", - "http://www-304.ibm.com/support/docview.wss?uid=swg21960015", - "http://www-304.ibm.com/support/docview.wss?uid=swg21960769", - "http://www.debian.org/security/2015/dsa-3316", - "http://www.debian.org/security/2015/dsa-3339", - "http://www.huawei.com/en/psirt/security-advisories/hw-454055", - "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "http://www.securityfocus.com/bid/73684", - "http://www.securityfocus.com/bid/91787", - "http://www.securitytracker.com/id/1032599", - "http://www.securitytracker.com/id/1032600", - "http://www.securitytracker.com/id/1032707", - "http://www.securitytracker.com/id/1032708", - "http://www.securitytracker.com/id/1032734", - "http://www.securitytracker.com/id/1032788", - "http://www.securitytracker.com/id/1032858", - "http://www.securitytracker.com/id/1032868", - "http://www.securitytracker.com/id/1032910", - "http://www.securitytracker.com/id/1032990", - "http://www.securitytracker.com/id/1033071", - "http://www.securitytracker.com/id/1033072", - "http://www.securitytracker.com/id/1033386", - "http://www.securitytracker.com/id/1033415", - "http://www.securitytracker.com/id/1033431", - "http://www.securitytracker.com/id/1033432", - "http://www.securitytracker.com/id/1033737", - "http://www.securitytracker.com/id/1033769", - "http://www.securitytracker.com/id/1036222", - "http://www.ubuntu.com/usn/USN-2696-1", - "http://www.ubuntu.com/usn/USN-2706-1", - "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808", - "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", - "https://kb.juniper.net/JSA10783", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163", - "https://security.gentoo.org/glsa/201512-10", - "https://usn.ubuntu.com/usn/usn-2696-1", - "https://usn.ubuntu.com/usn/usn-2706-1", - "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709", - "https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf" - ], - "PublishedDate": "2015-04-01T02:00:00Z", - "LastModifiedDate": "2018-01-18T18:18:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2183", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2183", - "Title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)", - "Description": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.7 - } - }, - "References": [ - "http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/5d2bb853ae31", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759", - "http://linux.oracle.com/cve/CVE-2016-2183.html", - "http://linux.oracle.com/errata/ELSA-2018-2123.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", - "http://rhn.redhat.com/errata/RHSA-2017-0336.html", - "http://rhn.redhat.com/errata/RHSA-2017-0337.html", - "http://rhn.redhat.com/errata/RHSA-2017-0338.html", - "http://rhn.redhat.com/errata/RHSA-2017-0462.html", - "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697", - "http://www-01.ibm.com/support/docview.wss?uid=swg21991482", - "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", - "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", - "http://www.securityfocus.com/bid/92630", - "http://www.securityfocus.com/bid/95568", - "http://www.securitytracker.com/id/1036696", - "http://www.splunk.com/view/SP-CAAAPSV", - "http://www.splunk.com/view/SP-CAAAPUE", - "https://access.redhat.com/articles/2548661", - "https://access.redhat.com/errata/RHSA-2016:1940", - "https://access.redhat.com/errata/RHSA-2017:1216", - "https://access.redhat.com/errata/RHSA-2017:2708", - "https://access.redhat.com/errata/RHSA-2017:2709", - "https://access.redhat.com/errata/RHSA-2017:2710", - "https://access.redhat.com/errata/RHSA-2017:3113", - "https://access.redhat.com/errata/RHSA-2017:3114", - "https://access.redhat.com/errata/RHSA-2017:3239", - "https://access.redhat.com/errata/RHSA-2017:3240", - "https://access.redhat.com/errata/RHSA-2018:2123", - "https://access.redhat.com/errata/RHSA-2019:1245", - "https://access.redhat.com/errata/RHSA-2019:2859", - "https://access.redhat.com/security/cve/cve-2016-2183", - "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/", - "https://bto.bluecoat.com/security-advisory/sa133", - "https://bugzilla.redhat.com/show_bug.cgi?id=1369383", - "https://community.qualys.com/thread/16555", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183", - "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03765en_us", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849", - "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", - "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171", - "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/", - "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", - "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvb05575", - "https://security-tracker.debian.org/tracker/CVE-2016-2183", - "https://security.gentoo.org/glsa/201612-16", - "https://security.gentoo.org/glsa/201701-65", - "https://security.gentoo.org/glsa/201707-01", - "https://security.netapp.com/advisory/ntap-20160915-0001/", - "https://security.netapp.com/advisory/ntap-20170119-0001/", - "https://sweet32.info/", - "https://twitter.com/symantec/status/768786631159603200", - "https://usn.ubuntu.com/usn/usn-3087-1", - "https://usn.ubuntu.com/usn/usn-3179-1", - "https://usn.ubuntu.com/usn/usn-3194-1", - "https://usn.ubuntu.com/usn/usn-3198-1", - "https://usn.ubuntu.com/usn/usn-3270-1", - "https://usn.ubuntu.com/usn/usn-3372-1", - "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html", - "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008", - "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/", - "https://www.openssl.org/blog/blog/2016/08/24/sweet32/", - "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "https://www.sigsac.org/ccs/CCS2016/accepted-papers/", - "https://www.suse.com/security/cve/CVE-2016-2183.html", - "https://www.tenable.com/security/tns-2016-16", - "https://www.tenable.com/security/tns-2016-20", - "https://www.tenable.com/security/tns-2016-21", - "https://www.tenable.com/security/tns-2017-09", - "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue" - ], - "PublishedDate": "2016-09-01T00:59:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9074", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9074", - "Title": "nss: Insufficient timing side-channel resistance in divSpoiler", - "Description": "An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/94341", - "http://www.securitytracker.com/id/1037298", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1293334", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", - "https://security.gentoo.org/glsa/201701-15", - "https://security.gentoo.org/glsa/201701-46", - "https://usn.ubuntu.com/usn/usn-3163-1", - "https://www.debian.org/security/2016/dsa-3730", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9074", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/", - "https://www.mozilla.org/security/advisories/mfsa2016-89/", - "https://www.mozilla.org/security/advisories/mfsa2016-90/", - "https://www.mozilla.org/security/advisories/mfsa2016-93/" - ], - "PublishedDate": "2018-06-11T21:29:00Z", - "LastModifiedDate": "2018-08-09T15:12:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9574", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9574", - "Title": "nss: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA", - "Description": "nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-384" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - } - }, - "References": [ - "https://bugzilla.mozilla.org/show_bug.cgi?id=1320695", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9574", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9574" - ], - "PublishedDate": "2018-07-19T13:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18508", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18508", - "Title": "nss: NULL pointer dereference in several CMS functions resulting in a denial of service", - "Description": "No description is available for this CVE.", - "Severity": "MEDIUM", - "CVSS": { - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18508.html", - "http://linux.oracle.com/errata/ELSA-2019-1951.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.42.1_release_notes", - "https://usn.ubuntu.com/usn/usn-3898-1", - "https://usn.ubuntu.com/usn/usn-3898-2" - ] - }, - { - "VulnerabilityID": "CVE-2019-11719", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11719", - "Title": "nss: Out-of-bounds read when importing curve25519 private key", - "Description": "When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11719.html", - "http://linux.oracle.com/errata/ELSA-2019-1951.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1540541", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11719", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11719", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11719", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11729", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.44.0-4.el7", - "FixedVersion": "3.44.0-7.el7_7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", - "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", - "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11729.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11756", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11756", - "Title": "nss: UAF in sftk_FreeSession due to improper refcounting", - "Description": "Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox \u003c 71.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.1 - } - }, - "References": [ - "https://bugzilla.mozilla.org/show_bug.cgi?id=1508776", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11756", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47_release_notes", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-11756", - "https://www.mozilla.org/security/advisories/mfsa2019-36/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-13T18:02:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17006", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17006", - "Title": "nss: Check length of inputs for cryptographic primitives", - "Description": "A vulnerability was discovered in nss where input text length was not checked when using certain cryptographic primitives. This could lead to a heap-buffer overflow resulting in a crash and data leak. The highest threat is to confidentiality and integrity of data as well as system availability.", - "Severity": "MEDIUM", - "CVSS": { - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes", - "https://hg.mozilla.org/projects/nss/rev/9d1f5e71773d4e3146524096d74cb96c8df51abe", - "https://hg.mozilla.org/projects/nss/rev/dfd6996fe7425eb0437346d11a01082f16fcfe34", - "https://usn.ubuntu.com/usn/usn-4231-1" - ] - }, - { - "VulnerabilityID": "CVE-2019-11727", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11727", - "Title": "nss: PKCS#1 v1.5 signatures can be used for TLS 1.3", - "Description": "A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox \u003c 68.", - "Severity": "LOW", - "CweIDs": [ - "CWE-295" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", - "V3Score": 3.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11727.html", - "http://linux.oracle.com/errata/ELSA-2019-1951.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1552208", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11727", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11727", - "https://www.mozilla.org/security/advisories/mfsa2019-21/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-30T23:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17023", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17023", - "Title": "nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state", - "Description": "After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox \u003c 72.", - "Severity": "LOW", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", - "V3Score": 5.3 - } - }, - "References": [ - "https://bugzilla.mozilla.org/show_bug.cgi?id=1590001", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.49_release_notes", - "https://usn.ubuntu.com/4234-1/", - "https://usn.ubuntu.com/usn/usn-4234-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17023", - "https://www.mozilla.org/security/advisories/mfsa2020-01/" - ], - "PublishedDate": "2020-01-08T22:15:00Z", - "LastModifiedDate": "2020-01-13T19:43:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-tools", - "InstalledVersion": "3.44.0-4.el7", - "FixedVersion": "3.44.0-7.el7_7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2808", - "PkgName": "nss-tools", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2808", - "Title": "SSL/TLS: \"Invariance Weakness\" vulnerability in RC4 stream cipher", - "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", - "http://linux.oracle.com/cve/CVE-2015-2808.html", - "http://linux.oracle.com/errata/ELSA-2015-1526.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html", - "http://marc.info/?l=bugtraq\u0026m=143456209711959\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143629696317098\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144059660127919\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144059703728085\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144104565600964\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2", - "http://rhn.redhat.com/errata/RHSA-2015-1006.html", - "http://rhn.redhat.com/errata/RHSA-2015-1007.html", - "http://rhn.redhat.com/errata/RHSA-2015-1020.html", - "http://rhn.redhat.com/errata/RHSA-2015-1021.html", - "http://rhn.redhat.com/errata/RHSA-2015-1091.html", - "http://rhn.redhat.com/errata/RHSA-2015-1228.html", - "http://rhn.redhat.com/errata/RHSA-2015-1229.html", - "http://rhn.redhat.com/errata/RHSA-2015-1230.html", - "http://rhn.redhat.com/errata/RHSA-2015-1241.html", - "http://rhn.redhat.com/errata/RHSA-2015-1242.html", - "http://rhn.redhat.com/errata/RHSA-2015-1243.html", - "http://rhn.redhat.com/errata/RHSA-2015-1526.html", - "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888", - "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892", - "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", - "http://www-304.ibm.com/support/docview.wss?uid=swg21903565", - "http://www-304.ibm.com/support/docview.wss?uid=swg21960015", - "http://www-304.ibm.com/support/docview.wss?uid=swg21960769", - "http://www.debian.org/security/2015/dsa-3316", - "http://www.debian.org/security/2015/dsa-3339", - "http://www.huawei.com/en/psirt/security-advisories/hw-454055", - "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "http://www.securityfocus.com/bid/73684", - "http://www.securityfocus.com/bid/91787", - "http://www.securitytracker.com/id/1032599", - "http://www.securitytracker.com/id/1032600", - "http://www.securitytracker.com/id/1032707", - "http://www.securitytracker.com/id/1032708", - "http://www.securitytracker.com/id/1032734", - "http://www.securitytracker.com/id/1032788", - "http://www.securitytracker.com/id/1032858", - "http://www.securitytracker.com/id/1032868", - "http://www.securitytracker.com/id/1032910", - "http://www.securitytracker.com/id/1032990", - "http://www.securitytracker.com/id/1033071", - "http://www.securitytracker.com/id/1033072", - "http://www.securitytracker.com/id/1033386", - "http://www.securitytracker.com/id/1033415", - "http://www.securitytracker.com/id/1033431", - "http://www.securitytracker.com/id/1033432", - "http://www.securitytracker.com/id/1033737", - "http://www.securitytracker.com/id/1033769", - "http://www.securitytracker.com/id/1036222", - "http://www.ubuntu.com/usn/USN-2696-1", - "http://www.ubuntu.com/usn/USN-2706-1", - "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808", - "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", - "https://kb.juniper.net/JSA10783", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163", - "https://security.gentoo.org/glsa/201512-10", - "https://usn.ubuntu.com/usn/usn-2696-1", - "https://usn.ubuntu.com/usn/usn-2706-1", - "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709", - "https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf" - ], - "PublishedDate": "2015-04-01T02:00:00Z", - "LastModifiedDate": "2018-01-18T18:18:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2183", - "PkgName": "nss-tools", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2183", - "Title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)", - "Description": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.7 - } - }, - "References": [ - "http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/5d2bb853ae31", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759", - "http://linux.oracle.com/cve/CVE-2016-2183.html", - "http://linux.oracle.com/errata/ELSA-2018-2123.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", - "http://rhn.redhat.com/errata/RHSA-2017-0336.html", - "http://rhn.redhat.com/errata/RHSA-2017-0337.html", - "http://rhn.redhat.com/errata/RHSA-2017-0338.html", - "http://rhn.redhat.com/errata/RHSA-2017-0462.html", - "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697", - "http://www-01.ibm.com/support/docview.wss?uid=swg21991482", - "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", - "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", - "http://www.securityfocus.com/bid/92630", - "http://www.securityfocus.com/bid/95568", - "http://www.securitytracker.com/id/1036696", - "http://www.splunk.com/view/SP-CAAAPSV", - "http://www.splunk.com/view/SP-CAAAPUE", - "https://access.redhat.com/articles/2548661", - "https://access.redhat.com/errata/RHSA-2016:1940", - "https://access.redhat.com/errata/RHSA-2017:1216", - "https://access.redhat.com/errata/RHSA-2017:2708", - "https://access.redhat.com/errata/RHSA-2017:2709", - "https://access.redhat.com/errata/RHSA-2017:2710", - "https://access.redhat.com/errata/RHSA-2017:3113", - "https://access.redhat.com/errata/RHSA-2017:3114", - "https://access.redhat.com/errata/RHSA-2017:3239", - "https://access.redhat.com/errata/RHSA-2017:3240", - "https://access.redhat.com/errata/RHSA-2018:2123", - "https://access.redhat.com/errata/RHSA-2019:1245", - "https://access.redhat.com/errata/RHSA-2019:2859", - "https://access.redhat.com/security/cve/cve-2016-2183", - "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/", - "https://bto.bluecoat.com/security-advisory/sa133", - "https://bugzilla.redhat.com/show_bug.cgi?id=1369383", - "https://community.qualys.com/thread/16555", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183", - "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03765en_us", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849", - "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", - "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171", - "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/", - "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", - "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvb05575", - "https://security-tracker.debian.org/tracker/CVE-2016-2183", - "https://security.gentoo.org/glsa/201612-16", - "https://security.gentoo.org/glsa/201701-65", - "https://security.gentoo.org/glsa/201707-01", - "https://security.netapp.com/advisory/ntap-20160915-0001/", - "https://security.netapp.com/advisory/ntap-20170119-0001/", - "https://sweet32.info/", - "https://twitter.com/symantec/status/768786631159603200", - "https://usn.ubuntu.com/usn/usn-3087-1", - "https://usn.ubuntu.com/usn/usn-3179-1", - "https://usn.ubuntu.com/usn/usn-3194-1", - "https://usn.ubuntu.com/usn/usn-3198-1", - "https://usn.ubuntu.com/usn/usn-3270-1", - "https://usn.ubuntu.com/usn/usn-3372-1", - "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html", - "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008", - "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/", - "https://www.openssl.org/blog/blog/2016/08/24/sweet32/", - "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "https://www.sigsac.org/ccs/CCS2016/accepted-papers/", - "https://www.suse.com/security/cve/CVE-2016-2183.html", - "https://www.tenable.com/security/tns-2016-16", - "https://www.tenable.com/security/tns-2016-20", - "https://www.tenable.com/security/tns-2016-21", - "https://www.tenable.com/security/tns-2017-09", - "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue" - ], - "PublishedDate": "2016-09-01T00:59:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9074", - "PkgName": "nss-tools", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9074", - "Title": "nss: Insufficient timing side-channel resistance in divSpoiler", - "Description": "An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/94341", - "http://www.securitytracker.com/id/1037298", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1293334", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", - "https://security.gentoo.org/glsa/201701-15", - "https://security.gentoo.org/glsa/201701-46", - "https://usn.ubuntu.com/usn/usn-3163-1", - "https://www.debian.org/security/2016/dsa-3730", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9074", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/", - "https://www.mozilla.org/security/advisories/mfsa2016-89/", - "https://www.mozilla.org/security/advisories/mfsa2016-90/", - "https://www.mozilla.org/security/advisories/mfsa2016-93/" - ], - "PublishedDate": "2018-06-11T21:29:00Z", - "LastModifiedDate": "2018-08-09T15:12:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9574", - "PkgName": "nss-tools", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9574", - "Title": "nss: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA", - "Description": "nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-384" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - } - }, - "References": [ - "https://bugzilla.mozilla.org/show_bug.cgi?id=1320695", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9574", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9574" - ], - "PublishedDate": "2018-07-19T13:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18508", - "PkgName": "nss-tools", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18508", - "Title": "nss: NULL pointer dereference in several CMS functions resulting in a denial of service", - "Description": "No description is available for this CVE.", - "Severity": "MEDIUM", - "CVSS": { - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18508.html", - "http://linux.oracle.com/errata/ELSA-2019-1951.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.42.1_release_notes", - "https://usn.ubuntu.com/usn/usn-3898-1", - "https://usn.ubuntu.com/usn/usn-3898-2" - ] - }, - { - "VulnerabilityID": "CVE-2019-11719", - "PkgName": "nss-tools", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11719", - "Title": "nss: Out-of-bounds read when importing curve25519 private key", - "Description": "When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11719.html", - "http://linux.oracle.com/errata/ELSA-2019-1951.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1540541", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11719", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11719", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11719", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11729", - "PkgName": "nss-tools", - "InstalledVersion": "3.44.0-4.el7", - "FixedVersion": "3.44.0-7.el7_7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", - "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", - "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11729.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11756", - "PkgName": "nss-tools", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11756", - "Title": "nss: UAF in sftk_FreeSession due to improper refcounting", - "Description": "Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox \u003c 71.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.1 - } - }, - "References": [ - "https://bugzilla.mozilla.org/show_bug.cgi?id=1508776", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11756", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47_release_notes", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-11756", - "https://www.mozilla.org/security/advisories/mfsa2019-36/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-13T18:02:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17006", - "PkgName": "nss-tools", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17006", - "Title": "nss: Check length of inputs for cryptographic primitives", - "Description": "A vulnerability was discovered in nss where input text length was not checked when using certain cryptographic primitives. This could lead to a heap-buffer overflow resulting in a crash and data leak. The highest threat is to confidentiality and integrity of data as well as system availability.", - "Severity": "MEDIUM", - "CVSS": { - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes", - "https://hg.mozilla.org/projects/nss/rev/9d1f5e71773d4e3146524096d74cb96c8df51abe", - "https://hg.mozilla.org/projects/nss/rev/dfd6996fe7425eb0437346d11a01082f16fcfe34", - "https://usn.ubuntu.com/usn/usn-4231-1" - ] - }, - { - "VulnerabilityID": "CVE-2019-11727", - "PkgName": "nss-tools", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11727", - "Title": "nss: PKCS#1 v1.5 signatures can be used for TLS 1.3", - "Description": "A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox \u003c 68.", - "Severity": "LOW", - "CweIDs": [ - "CWE-295" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", - "V3Score": 3.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11727.html", - "http://linux.oracle.com/errata/ELSA-2019-1951.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1552208", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11727", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11727", - "https://www.mozilla.org/security/advisories/mfsa2019-21/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-30T23:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17023", - "PkgName": "nss-tools", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17023", - "Title": "nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state", - "Description": "After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox \u003c 72.", - "Severity": "LOW", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", - "V3Score": 5.3 - } - }, - "References": [ - "https://bugzilla.mozilla.org/show_bug.cgi?id=1590001", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.49_release_notes", - "https://usn.ubuntu.com/4234-1/", - "https://usn.ubuntu.com/usn/usn-4234-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17023", - "https://www.mozilla.org/security/advisories/mfsa2020-01/" - ], - "PublishedDate": "2020-01-08T22:15:00Z", - "LastModifiedDate": "2020-01-13T19:43:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-util", - "InstalledVersion": "3.44.0-3.el7", - "FixedVersion": "3.44.0-4.el7_7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11729", - "PkgName": "nss-util", - "InstalledVersion": "3.44.0-3.el7", - "FixedVersion": "3.44.0-4.el7_7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", - "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", - "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11729.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2015-1546", - "PkgName": "openldap", - "InstalledVersion": "2.4.44-21.el7_6", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1546", - "Title": "openldap: slapd crash in valueReturnFilter cleanup", - "Description": "Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matched values control.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html", - "http://lists.opensuse.org/opensuse-updates/2015-07/msg00069.html", - "http://secunia.com/advisories/62787", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:073", - "http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=2f1a2dd329b91afe561cd06b872d09630d4edb6a", - "http://www.openldap.org/its/?findid=8046", - "http://www.openwall.com/lists/oss-security/2015/02/07/3", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776991", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1546", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/100938", - "https://support.apple.com/HT204659" - ], - "PublishedDate": "2015-02-12T16:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13057", - "PkgName": "openldap", - "InstalledVersion": "2.4.44-21.el7_6", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13057", - "Title": "openldap: Information disclosure issue in slapd component", - "Description": "An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.)", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 3.5, - "V3Score": 4.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.openldap.org/lists/openldap-announce/201907/msg00001.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13057", - "https://lists.debian.org/debian-lts-announce/2019/08/msg00024.html", - "https://openldap.org/its/?findid=9038", - "https://security.netapp.com/advisory/ntap-20190822-0004/", - "https://usn.ubuntu.com/4078-1/", - "https://usn.ubuntu.com/4078-2/", - "https://usn.ubuntu.com/usn/usn-4078-1", - "https://usn.ubuntu.com/usn/usn-4078-2", - "https://www.openldap.org/its/?findid=9038", - "https://www.openldap.org/lists/openldap-announce/201907/msg00001.html" - ], - "PublishedDate": "2019-07-26T13:15:00Z", - "LastModifiedDate": "2019-08-19T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13565", - "PkgName": "openldap", - "InstalledVersion": "2.4.44-21.el7_6", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13565", - "Title": "openldap: ACL restrictions bypass due to sasl_ssf value being set permanently", - "Description": "An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, etc.). In other words, a successful authorization step completed by one user affects the authorization requirement for a different user.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", - "V3Score": 7.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", - "http://www.openldap.org/lists/openldap-announce/201907/msg00001.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13565", - "https://lists.debian.org/debian-lts-announce/2019/08/msg00024.html", - "https://openldap.org/its/?findid=9052", - "https://usn.ubuntu.com/4078-1/", - "https://usn.ubuntu.com/4078-2/", - "https://usn.ubuntu.com/usn/usn-4078-1", - "https://usn.ubuntu.com/usn/usn-4078-2", - "https://www.openldap.org/its/index.cgi/?findid=9052", - "https://www.openldap.org/lists/openldap-announce/201907/msg00001.html" - ], - "PublishedDate": "2019-07-26T13:15:00Z", - "LastModifiedDate": "2019-09-24T00:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4984", - "PkgName": "openldap", - "InstalledVersion": "2.4.44-21.el7_6", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4984", - "Title": "openldap-servers: /usr/libexec/openldap/generate-server-cert.sh create world readable password file", - "Description": "/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it.", - "Severity": "LOW", - "CweIDs": [ - "CWE-362" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", - "V2Score": 1.9, - "V3Score": 2.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1346120" - ], - "PublishedDate": "2017-07-17T13:18:00Z", - "LastModifiedDate": "2019-04-22T17:48:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2808", - "PkgName": "openssl-libs", - "InstalledVersion": "1:1.0.2k-19.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2808", - "Title": "SSL/TLS: \"Invariance Weakness\" vulnerability in RC4 stream cipher", - "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", - "http://linux.oracle.com/cve/CVE-2015-2808.html", - "http://linux.oracle.com/errata/ELSA-2015-1526.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html", - "http://marc.info/?l=bugtraq\u0026m=143456209711959\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143629696317098\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144059660127919\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144059703728085\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144104565600964\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2", - "http://rhn.redhat.com/errata/RHSA-2015-1006.html", - "http://rhn.redhat.com/errata/RHSA-2015-1007.html", - "http://rhn.redhat.com/errata/RHSA-2015-1020.html", - "http://rhn.redhat.com/errata/RHSA-2015-1021.html", - "http://rhn.redhat.com/errata/RHSA-2015-1091.html", - "http://rhn.redhat.com/errata/RHSA-2015-1228.html", - "http://rhn.redhat.com/errata/RHSA-2015-1229.html", - "http://rhn.redhat.com/errata/RHSA-2015-1230.html", - "http://rhn.redhat.com/errata/RHSA-2015-1241.html", - "http://rhn.redhat.com/errata/RHSA-2015-1242.html", - "http://rhn.redhat.com/errata/RHSA-2015-1243.html", - "http://rhn.redhat.com/errata/RHSA-2015-1526.html", - "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888", - "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892", - "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", - "http://www-304.ibm.com/support/docview.wss?uid=swg21903565", - "http://www-304.ibm.com/support/docview.wss?uid=swg21960015", - "http://www-304.ibm.com/support/docview.wss?uid=swg21960769", - "http://www.debian.org/security/2015/dsa-3316", - "http://www.debian.org/security/2015/dsa-3339", - "http://www.huawei.com/en/psirt/security-advisories/hw-454055", - "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "http://www.securityfocus.com/bid/73684", - "http://www.securityfocus.com/bid/91787", - "http://www.securitytracker.com/id/1032599", - "http://www.securitytracker.com/id/1032600", - "http://www.securitytracker.com/id/1032707", - "http://www.securitytracker.com/id/1032708", - "http://www.securitytracker.com/id/1032734", - "http://www.securitytracker.com/id/1032788", - "http://www.securitytracker.com/id/1032858", - "http://www.securitytracker.com/id/1032868", - "http://www.securitytracker.com/id/1032910", - "http://www.securitytracker.com/id/1032990", - "http://www.securitytracker.com/id/1033071", - "http://www.securitytracker.com/id/1033072", - "http://www.securitytracker.com/id/1033386", - "http://www.securitytracker.com/id/1033415", - "http://www.securitytracker.com/id/1033431", - "http://www.securitytracker.com/id/1033432", - "http://www.securitytracker.com/id/1033737", - "http://www.securitytracker.com/id/1033769", - "http://www.securitytracker.com/id/1036222", - "http://www.ubuntu.com/usn/USN-2696-1", - "http://www.ubuntu.com/usn/USN-2706-1", - "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808", - "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", - "https://kb.juniper.net/JSA10783", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163", - "https://security.gentoo.org/glsa/201512-10", - "https://usn.ubuntu.com/usn/usn-2696-1", - "https://usn.ubuntu.com/usn/usn-2706-1", - "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709", - "https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf" - ], - "PublishedDate": "2015-04-01T02:00:00Z", - "LastModifiedDate": "2018-01-18T18:18:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1547", - "PkgName": "openssl-libs", - "InstalledVersion": "1:1.0.2k-19.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1547", - "Title": "openssl: side-channel weak encryption vulnerability", - "Description": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-311" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 1.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.5 - } - }, - "References": [ - "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", - "https://arxiv.org/abs/1909.01785", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a", - "https://seclists.org/bugtraq/2019/Sep/25", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-12T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0735", - "PkgName": "openssl-libs", - "InstalledVersion": "1:1.0.2k-19.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0735", - "Title": "openssl: timing side channel attack in the ECDSA signature generation", - "Description": "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).", - "Severity": "LOW", - "CweIDs": [ - "CWE-320" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0735.html", - "http://linux.oracle.com/errata/ELSA-2019-3700.html", - "http://www.securityfocus.com/bid/105750", - "http://www.securitytracker.com/id/1041986", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0735", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56fb454d281a023b3f950d969693553d3f3ceea1", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html", - "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", - "https://security.netapp.com/advisory/ntap-20181105-0002/", - "https://usn.ubuntu.com/3840-1/", - "https://usn.ubuntu.com/usn/usn-3840-1", - "https://www.debian.org/security/2018/dsa-4348", - "https://www.openssl.org/news/secadv/20181029.txt", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" - ], - "PublishedDate": "2018-10-29T13:29:00Z", - "LastModifiedDate": "2019-07-23T23:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1551", - "PkgName": "openssl-libs", - "InstalledVersion": "1:1.0.2k-19.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", - "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64", - "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.8 - } - }, - "References": [ - "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98", - "https://github.com/openssl/openssl/pull/10575", - "https://seclists.org/bugtraq/2019/Dec/39", - "https://seclists.org/bugtraq/2019/Dec/46", - "https://security.netapp.com/advisory/ntap-20191210-0001/", - "https://www.debian.org/security/2019/dsa-4594", - "https://www.openssl.org/news/secadv/20191206.txt", - "https://www.tenable.com/security/tns-2019-09" - ], - "PublishedDate": "2019-12-06T18:15:00Z", - "LastModifiedDate": "2019-12-25T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1563", - "PkgName": "openssl-libs", - "InstalledVersion": "1:1.0.2k-19.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", - "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey", - "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", - "Severity": "LOW", - "CweIDs": [ - "CWE-311" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 3.7 - } - }, - "References": [ - "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", - "https://seclists.org/bugtraq/2019/Sep/25", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-12T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8380", - "PkgName": "pcre", - "InstalledVersion": "8.32-17.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8380", - "Title": "pcre: OOB write when pcre_exec() is called with ovecsize of 1 (8.38/10)", - "Description": "The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \\01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173700.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/77695", - "https://blog.fuzzing-project.org/29-Heap-Overflow-in-PCRE.html", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://bugs.exim.org/show_bug.cgi?id=1637", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8380", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8387", - "PkgName": "pcre", - "InstalledVersion": "8.32-17.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8387", - "Title": "pcre: Integer overflow in subroutine calls (8.38/8)", - "Description": "PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-189" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/82990", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8387", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8390", - "PkgName": "pcre", - "InstalledVersion": "8.32-17.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8390", - "Title": "pcre: uninitialized memory read triggered by malformed posix character class (8.38/22)", - "Description": "PCRE before 8.38 mishandles the [: and \\\\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/82990", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8390", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8393", - "PkgName": "pcre", - "InstalledVersion": "8.32-17.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8393", - "Title": "pcre: pcregrep -q is not always quiet (8.38/28)", - "Description": "pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/82990", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8393", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8394", - "PkgName": "pcre", - "InstalledVersion": "8.32-17.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8394", - "Title": "pcre: Integer overflow caused by missing check for certain conditions (8.38/31)", - "Description": "PCRE before 8.38 mishandles the (?(\u003cdigits\u003e) and (?(R\u003cdigits\u003e) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-189" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/82990", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8394", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-6004", - "PkgName": "pcre", - "InstalledVersion": "8.32-17.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6004", - "Title": "pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3)", - "Description": "The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/96295", - "http://www.securitytracker.com/id/1037850", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://bugs.exim.org/show_bug.cgi?id=2035", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6004", - "https://security.gentoo.org/glsa/201706-11", - "https://vcs.pcre.org/pcre/code/trunk/pcre_jit_compile.c?r1=1676\u0026r2=1680\u0026view=patch" - ], - "PublishedDate": "2017-02-16T11:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7186", - "PkgName": "pcre", - "InstalledVersion": "8.32-17.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7186", - "Title": "pcre: Invalid Unicode property lookup (8.41/7, 10.24/2)", - "Description": "libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97030", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/", - "https://bugs.exim.org/show_bug.cgi?id=2052", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7186", - "https://security.gentoo.org/glsa/201710-09", - "https://security.gentoo.org/glsa/201710-25", - "https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649\u0026r2=1688\u0026sortby=date", - "https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490\u0026r2=1688\u0026sortby=date", - "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600\u0026r2=670\u0026sortby=date", - "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316\u0026r2=670\u0026sortby=date" - ], - "PublishedDate": "2017-03-20T00:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8382", - "PkgName": "pcre", - "InstalledVersion": "8.32-17.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8382", - "Title": "php: Regular Expression Uninitialized Pointer Information Disclosure Vulnerability (ZDI-CAN-2547)", - "Description": "The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V2Score": 6.4 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 1.9 - } - }, - "References": [ - "http://git.php.net/?p=php-src.git;a=commit;h=c351b47ce85a3a147cfa801fa9f0149ab4160834", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://vcs.pcre.org/pcre/code/trunk/pcre_exec.c?r1=1502\u0026r2=1510", - "http://www.openwall.com/lists/oss-security/2015/08/04/2", - "http://www.openwall.com/lists/oss-security/2015/08/04/3", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/76157", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://bugs.exim.org/show_bug.cgi?id=1537", - "https://bugzilla.redhat.com/show_bug.cgi?id=1187225", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8382", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2016-12-28T02:59:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11164", - "PkgName": "pcre", - "InstalledVersion": "8.32-17.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11164", - "Title": "pcre: OP_KETRMAX feature in the match function in pcre_exec.c", - "Description": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.", - "Severity": "LOW", - "CweIDs": [ - "CWE-674" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 7.8, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2017/07/11/3", - "http://www.securityfocus.com/bid/99575", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164" - ], - "PublishedDate": "2017-07-11T03:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7244", - "PkgName": "pcre", - "InstalledVersion": "8.32-17.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7244", - "Title": "pcre: invalid memory read in _pcre32_xclass (pcre_xclass.c)", - "Description": "The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97067", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7244", - "https://security.gentoo.org/glsa/201710-25" - ], - "PublishedDate": "2017-03-23T21:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7245", - "PkgName": "pcre", - "InstalledVersion": "8.32-17.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7245", - "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", - "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97067", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7245", - "https://security.gentoo.org/glsa/201710-25" - ], - "PublishedDate": "2017-03-23T21:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7246", - "PkgName": "pcre", - "InstalledVersion": "8.32-17.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7246", - "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", - "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97067", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7246", - "https://security.gentoo.org/glsa/201710-25" - ], - "PublishedDate": "2017-03-23T21:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1121", - "PkgName": "procps-ng", - "InstalledVersion": "3.3.10-26.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1121", - "Title": "procps-ng, procps: process hiding through race condition enumerating /proc", - "Description": "procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.", - "Severity": "LOW", - "CweIDs": [ - "CWE-362" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", - "V3Score": 3.9 - } - }, - "References": [ - "http://seclists.org/oss-sec/2018/q2/122", - "http://www.securityfocus.com/bid/104214", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1121", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1121", - "https://security.gentoo.org/glsa/201805-14", - "https://www.exploit-db.com/exploits/44806/", - "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" - ], - "PublishedDate": "2018-06-13T20:29:00Z", - "LastModifiedDate": "2019-10-09T23:38:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1123", - "PkgName": "procps-ng", - "InstalledVersion": "3.3.10-26.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1123", - "Title": "procps-ng, procps: denial of service in ps via mmap buffer overflow", - "Description": "procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", - "V3Score": 3.9 - } - }, - "References": [ - "http://seclists.org/oss-sec/2018/q2/122", - "http://www.securityfocus.com/bid/104214", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1123", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1123", - "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html", - "https://security.gentoo.org/glsa/201805-14", - "https://usn.ubuntu.com/3658-1/", - "https://usn.ubuntu.com/3658-3/", - "https://usn.ubuntu.com/usn/usn-3658-1", - "https://usn.ubuntu.com/usn/usn-3658-3", - "https://www.debian.org/security/2018/dsa-4208", - "https://www.exploit-db.com/exploits/44806/", - "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" - ], - "PublishedDate": "2018-05-23T14:29:00Z", - "LastModifiedDate": "2019-10-09T23:38:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1125", - "PkgName": "procps-ng", - "InstalledVersion": "3.3.10-26.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1125", - "Title": "procps-ng, procps: stack buffer overflow in pgrep", - "Description": "procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", - "V3Score": 4.4 - } - }, - "References": [ - "http://seclists.org/oss-sec/2018/q2/122", - "http://www.securityfocus.com/bid/104214", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1125", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1125", - "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html", - "https://usn.ubuntu.com/3658-1/", - "https://usn.ubuntu.com/3658-3/", - "https://usn.ubuntu.com/usn/usn-3658-1", - "https://usn.ubuntu.com/usn/usn-3658-3", - "https://www.debian.org/security/2018/dsa-4208", - "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" - ], - "PublishedDate": "2018-05-23T14:29:00Z", - "LastModifiedDate": "2019-10-09T23:38:00Z" - }, - { - "VulnerabilityID": "CVE-2013-1664", - "PkgName": "python", - "InstalledVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-1664", - "Title": "Python xml bindings: Internal entity expansion in Python XML libraries inflicts DoS vulnerabilities", - "Description": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html", - "http://bugs.python.org/issue17239", - "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html", - "http://rhn.redhat.com/errata/RHSA-2013-0657.html", - "http://rhn.redhat.com/errata/RHSA-2013-0658.html", - "http://rhn.redhat.com/errata/RHSA-2013-0670.html", - "http://ubuntu.com/usn/usn-1757-1", - "http://www.openwall.com/lists/oss-security/2013/02/19/2", - "http://www.openwall.com/lists/oss-security/2013/02/19/4", - "https://bugs.launchpad.net/nova/+bug/1100282", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1664", - "https://usn.ubuntu.com/usn/usn-1730-1", - "https://usn.ubuntu.com/usn/usn-1731-1", - "https://usn.ubuntu.com/usn/usn-1734-1", - "https://usn.ubuntu.com/usn/usn-1757-1", - "https://www.djangoproject.com/weblog/2013/feb/19/security/" - ], - "PublishedDate": "2013-04-03T00:55:00Z", - "LastModifiedDate": "2013-05-15T03:35:00Z" - }, - { - "VulnerabilityID": "CVE-2013-1665", - "PkgName": "python", - "InstalledVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-1665", - "Title": "Python xml bindings: External entity expansion in Python XML libraries inflicts potential security flaws and DoS vulnerabilities", - "Description": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - } - }, - "References": [ - "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html", - "http://bugs.python.org/issue17239", - "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html", - "http://rhn.redhat.com/errata/RHSA-2013-0657.html", - "http://rhn.redhat.com/errata/RHSA-2013-0658.html", - "http://rhn.redhat.com/errata/RHSA-2013-0670.html", - "http://ubuntu.com/usn/usn-1757-1", - "http://www.debian.org/security/2013/dsa-2634", - "http://www.openwall.com/lists/oss-security/2013/02/19/2", - "http://www.openwall.com/lists/oss-security/2013/02/19/4", - "https://bugs.launchpad.net/keystone/+bug/1100279", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1665", - "https://usn.ubuntu.com/usn/usn-1730-1", - "https://usn.ubuntu.com/usn/usn-1757-1", - "https://www.djangoproject.com/weblog/2013/feb/19/security/" - ], - "PublishedDate": "2013-04-03T00:55:00Z", - "LastModifiedDate": "2013-05-15T03:35:00Z" - }, - { - "VulnerabilityID": "CVE-2013-7040", - "PkgName": "python", - "InstalledVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-7040", - "Title": "python: hash secret can be recovered remotely", - "Description": "Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://bugs.python.org/issue14621", - "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", - "http://www.openwall.com/lists/oss-security/2013/12/09/13", - "http://www.openwall.com/lists/oss-security/2013/12/09/3", - "http://www.securityfocus.com/bid/64194", - "https://support.apple.com/kb/HT205031" - ], - "PublishedDate": "2014-05-19T14:55:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2017-1000158", - "PkgName": "python", - "InstalledVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000158", - "Title": "python: Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow", - "Description": "CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://python-security.readthedocs.io/vuln/cve-2017-1000158_pystring_decodeescape_integer_overflow.html", - "http://www.securitytracker.com/id/1039890", - "https://bugs.python.org/issue30657", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000158", - "https://github.com/python/cpython/commit/c3c9db89273fabc62ea1b48389d9a3000c1c03ae", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00035.html", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00036.html", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html", - "https://security.gentoo.org/glsa/201805-02", - "https://usn.ubuntu.com/usn/usn-3496-1", - "https://usn.ubuntu.com/usn/usn-3496-2", - "https://usn.ubuntu.com/usn/usn-3496-3", - "https://www.debian.org/security/2018/dsa-4307" - ], - "PublishedDate": "2017-11-17T05:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20852", - "PkgName": "python", - "InstalledVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20852", - "Title": "python: Cookie domain check returns incorrect results", - "Description": "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-20852.html", - "http://linux.oracle.com/errata/ELSA-2019-4884.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00071.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00074.html", - "https://bugs.python.org/issue35121", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20852", - "https://lists.debian.org/debian-lts-announce/2019/08/msg00022.html", - "https://python-security.readthedocs.io/vuln/cookie-domain-check.html", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-07-13T21:15:00Z", - "LastModifiedDate": "2019-08-17T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-16056", - "PkgName": "python", - "InstalledVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16056", - "Title": "python: email.utils.parseaddr wrongly parses email addresses", - "Description": "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugs.python.org/issue34155", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16056", - "https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00018.html", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00019.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K4KZEFP6E4YPYB52AF4WXCUDSGQOTF37/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/", - "https://usn.ubuntu.com/usn/usn-4151-1", - "https://usn.ubuntu.com/usn/usn-4151-2" - ], - "PublishedDate": "2019-09-06T18:15:00Z", - "LastModifiedDate": "2019-09-11T05:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-16935", - "PkgName": "python", - "InstalledVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16935", - "Title": "python: XSS vulnerability in the documentation XML-RPC server in server_title field", - "Description": "The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-79" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V3Score": 6.1 - } - }, - "References": [ - "https://bugs.python.org/issue38243", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16935", - "https://github.com/python/cpython/blob/35c0809158be7feae4c4f877a08b93baea2d8291/Lib/xmlrpc/server.py#L897", - "https://github.com/python/cpython/blob/e007860b8b3609ce0bc62b1780efaa06241520bd/Lib/DocXMLRPCServer.py#L213", - "https://github.com/python/cpython/pull/16373", - "https://security.netapp.com/advisory/ntap-20191017-0004/", - "https://usn.ubuntu.com/4151-1/", - "https://usn.ubuntu.com/4151-2/", - "https://usn.ubuntu.com/usn/usn-4151-1", - "https://usn.ubuntu.com/usn/usn-4151-2" - ], - "PublishedDate": "2019-09-28T02:15:00Z", - "LastModifiedDate": "2019-10-09T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-18348", - "PkgName": "python", - "InstalledVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18348", - "Title": "python: CRLF injection via the host part of the url passed to urlopen()", - "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.)", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-74" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "https://bugs.python.org/issue30458#msg347282", - "https://bugzilla.redhat.com/show_bug.cgi?id=1727276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18348", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/", - "https://security.netapp.com/advisory/ntap-20191107-0004/" - ], - "PublishedDate": "2019-10-23T17:15:00Z", - "LastModifiedDate": "2019-11-07T10:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1000030", - "PkgName": "python", - "InstalledVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000030", - "Title": "python: Heap-Buffer-Overflow and Heap-Use-After-Free in Objects/fileobject.c", - "Description": "Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3-\u003eMalloc-\u003eThread1-\u003eFree's-\u003eThread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119", - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "https://bugs.python.org/issue31530", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000030", - "https://drive.google.com/file/d/1oyR9DAZjZK_SCn3mor6NRAYLJS6ueXaY/view", - "https://security.gentoo.org/glsa/201811-02", - "https://usn.ubuntu.com/3817-1/", - "https://usn.ubuntu.com/3817-2/", - "https://usn.ubuntu.com/usn/usn-3817-1", - "https://usn.ubuntu.com/usn/usn-3817-2", - "https://www.dropbox.com/sh/sj3ee7xv55j36k7/AADwP-YfOYikBMuy32e0uvPFa?dl=0" - ], - "PublishedDate": "2018-02-08T17:29:00Z", - "LastModifiedDate": "2019-10-09T23:32:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9674", - "PkgName": "python", - "InstalledVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9674", - "Title": "python: Nested zip file (Zip bomb) vulnerability in Lib/zipfile.py", - "Description": "Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.", - "Severity": "LOW", - "CweIDs": [ - "CWE-400" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://bugs.python.org/issue36260", - "https://bugs.python.org/issue36462", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9674", - "https://github.com/python/cpython/blob/master/Lib/zipfile.py", - "https://github.com/python/cpython/commit/3ba51d587f6897a45301ce9126300c14fcd4eba2", - "https://python-security.readthedocs.io/security.html#archives-and-zip-bomb", - "https://security.netapp.com/advisory/ntap-20200221-0003/", - "https://www.python.org/news/security/" - ], - "PublishedDate": "2020-02-04T15:15:00Z", - "LastModifiedDate": "2020-02-24T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2013-1664", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-1664", - "Title": "Python xml bindings: Internal entity expansion in Python XML libraries inflicts DoS vulnerabilities", - "Description": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html", - "http://bugs.python.org/issue17239", - "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html", - "http://rhn.redhat.com/errata/RHSA-2013-0657.html", - "http://rhn.redhat.com/errata/RHSA-2013-0658.html", - "http://rhn.redhat.com/errata/RHSA-2013-0670.html", - "http://ubuntu.com/usn/usn-1757-1", - "http://www.openwall.com/lists/oss-security/2013/02/19/2", - "http://www.openwall.com/lists/oss-security/2013/02/19/4", - "https://bugs.launchpad.net/nova/+bug/1100282", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1664", - "https://usn.ubuntu.com/usn/usn-1730-1", - "https://usn.ubuntu.com/usn/usn-1731-1", - "https://usn.ubuntu.com/usn/usn-1734-1", - "https://usn.ubuntu.com/usn/usn-1757-1", - "https://www.djangoproject.com/weblog/2013/feb/19/security/" - ], - "PublishedDate": "2013-04-03T00:55:00Z", - "LastModifiedDate": "2013-05-15T03:35:00Z" - }, - { - "VulnerabilityID": "CVE-2013-1665", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-1665", - "Title": "Python xml bindings: External entity expansion in Python XML libraries inflicts potential security flaws and DoS vulnerabilities", - "Description": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - } - }, - "References": [ - "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html", - "http://bugs.python.org/issue17239", - "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html", - "http://rhn.redhat.com/errata/RHSA-2013-0657.html", - "http://rhn.redhat.com/errata/RHSA-2013-0658.html", - "http://rhn.redhat.com/errata/RHSA-2013-0670.html", - "http://ubuntu.com/usn/usn-1757-1", - "http://www.debian.org/security/2013/dsa-2634", - "http://www.openwall.com/lists/oss-security/2013/02/19/2", - "http://www.openwall.com/lists/oss-security/2013/02/19/4", - "https://bugs.launchpad.net/keystone/+bug/1100279", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1665", - "https://usn.ubuntu.com/usn/usn-1730-1", - "https://usn.ubuntu.com/usn/usn-1757-1", - "https://www.djangoproject.com/weblog/2013/feb/19/security/" - ], - "PublishedDate": "2013-04-03T00:55:00Z", - "LastModifiedDate": "2013-05-15T03:35:00Z" - }, - { - "VulnerabilityID": "CVE-2013-7040", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-7040", - "Title": "python: hash secret can be recovered remotely", - "Description": "Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://bugs.python.org/issue14621", - "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", - "http://www.openwall.com/lists/oss-security/2013/12/09/13", - "http://www.openwall.com/lists/oss-security/2013/12/09/3", - "http://www.securityfocus.com/bid/64194", - "https://support.apple.com/kb/HT205031" - ], - "PublishedDate": "2014-05-19T14:55:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2017-1000158", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000158", - "Title": "python: Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow", - "Description": "CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://python-security.readthedocs.io/vuln/cve-2017-1000158_pystring_decodeescape_integer_overflow.html", - "http://www.securitytracker.com/id/1039890", - "https://bugs.python.org/issue30657", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000158", - "https://github.com/python/cpython/commit/c3c9db89273fabc62ea1b48389d9a3000c1c03ae", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00035.html", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00036.html", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html", - "https://security.gentoo.org/glsa/201805-02", - "https://usn.ubuntu.com/usn/usn-3496-1", - "https://usn.ubuntu.com/usn/usn-3496-2", - "https://usn.ubuntu.com/usn/usn-3496-3", - "https://www.debian.org/security/2018/dsa-4307" - ], - "PublishedDate": "2017-11-17T05:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20852", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20852", - "Title": "python: Cookie domain check returns incorrect results", - "Description": "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-20852.html", - "http://linux.oracle.com/errata/ELSA-2019-4884.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00071.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00074.html", - "https://bugs.python.org/issue35121", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20852", - "https://lists.debian.org/debian-lts-announce/2019/08/msg00022.html", - "https://python-security.readthedocs.io/vuln/cookie-domain-check.html", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-07-13T21:15:00Z", - "LastModifiedDate": "2019-08-17T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-16056", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16056", - "Title": "python: email.utils.parseaddr wrongly parses email addresses", - "Description": "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugs.python.org/issue34155", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16056", - "https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00018.html", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00019.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K4KZEFP6E4YPYB52AF4WXCUDSGQOTF37/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/", - "https://usn.ubuntu.com/usn/usn-4151-1", - "https://usn.ubuntu.com/usn/usn-4151-2" - ], - "PublishedDate": "2019-09-06T18:15:00Z", - "LastModifiedDate": "2019-09-11T05:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-16935", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16935", - "Title": "python: XSS vulnerability in the documentation XML-RPC server in server_title field", - "Description": "The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-79" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V3Score": 6.1 - } - }, - "References": [ - "https://bugs.python.org/issue38243", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16935", - "https://github.com/python/cpython/blob/35c0809158be7feae4c4f877a08b93baea2d8291/Lib/xmlrpc/server.py#L897", - "https://github.com/python/cpython/blob/e007860b8b3609ce0bc62b1780efaa06241520bd/Lib/DocXMLRPCServer.py#L213", - "https://github.com/python/cpython/pull/16373", - "https://security.netapp.com/advisory/ntap-20191017-0004/", - "https://usn.ubuntu.com/4151-1/", - "https://usn.ubuntu.com/4151-2/", - "https://usn.ubuntu.com/usn/usn-4151-1", - "https://usn.ubuntu.com/usn/usn-4151-2" - ], - "PublishedDate": "2019-09-28T02:15:00Z", - "LastModifiedDate": "2019-10-09T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-18348", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18348", - "Title": "python: CRLF injection via the host part of the url passed to urlopen()", - "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.)", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-74" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "https://bugs.python.org/issue30458#msg347282", - "https://bugzilla.redhat.com/show_bug.cgi?id=1727276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18348", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/", - "https://security.netapp.com/advisory/ntap-20191107-0004/" - ], - "PublishedDate": "2019-10-23T17:15:00Z", - "LastModifiedDate": "2019-11-07T10:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1000030", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000030", - "Title": "python: Heap-Buffer-Overflow and Heap-Use-After-Free in Objects/fileobject.c", - "Description": "Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3-\u003eMalloc-\u003eThread1-\u003eFree's-\u003eThread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119", - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "https://bugs.python.org/issue31530", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000030", - "https://drive.google.com/file/d/1oyR9DAZjZK_SCn3mor6NRAYLJS6ueXaY/view", - "https://security.gentoo.org/glsa/201811-02", - "https://usn.ubuntu.com/3817-1/", - "https://usn.ubuntu.com/3817-2/", - "https://usn.ubuntu.com/usn/usn-3817-1", - "https://usn.ubuntu.com/usn/usn-3817-2", - "https://www.dropbox.com/sh/sj3ee7xv55j36k7/AADwP-YfOYikBMuy32e0uvPFa?dl=0" - ], - "PublishedDate": "2018-02-08T17:29:00Z", - "LastModifiedDate": "2019-10-09T23:32:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9674", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9674", - "Title": "python: Nested zip file (Zip bomb) vulnerability in Lib/zipfile.py", - "Description": "Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.", - "Severity": "LOW", - "CweIDs": [ - "CWE-400" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://bugs.python.org/issue36260", - "https://bugs.python.org/issue36462", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9674", - "https://github.com/python/cpython/blob/master/Lib/zipfile.py", - "https://github.com/python/cpython/commit/3ba51d587f6897a45301ce9126300c14fcd4eba2", - "https://python-security.readthedocs.io/security.html#archives-and-zip-bomb", - "https://security.netapp.com/advisory/ntap-20200221-0003/", - "https://www.python.org/news/security/" - ], - "PublishedDate": "2020-02-04T15:15:00Z", - "LastModifiedDate": "2020-02-24T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-7091", - "PkgName": "readline", - "InstalledVersion": "6.2-11.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-7091", - "Title": "sudo: Possible info leak via INPUTRC", - "Description": "sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.9, - "V3Score": 4.4 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N", - "V2Score": 3.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-7091.html", - "http://linux.oracle.com/errata/ELSA-2016-2593.html", - "http://www.securityfocus.com/bid/92615", - "https://lists.gnu.org/archive/html/bug-readline/2016-05/msg00009.html", - "https://rhn.redhat.com/errata/RHSA-2016-2593.html" - ], - "PublishedDate": "2016-12-22T21:59:00Z", - "LastModifiedDate": "2016-12-23T18:17:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7500", - "PkgName": "rpm", - "InstalledVersion": "4.11.3-40.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7500", - "Title": "rpm: Following symlinks to directories when installing packages allows privilege escalation", - "Description": "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1450369", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7500", - "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9", - "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79" - ], - "PublishedDate": "2018-08-13T17:29:00Z", - "LastModifiedDate": "2019-10-09T23:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7501", - "PkgName": "rpm", - "InstalledVersion": "4.11.3-40.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7501", - "Title": "rpm: Following symlinks to files when installing packages allows privilege escalation", - "Description": "It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1452133", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7501", - "https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc", - "https://security.gentoo.org/glsa/201811-22" - ], - "PublishedDate": "2017-11-22T22:29:00Z", - "LastModifiedDate": "2018-11-29T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7500", - "PkgName": "rpm-build-libs", - "InstalledVersion": "4.11.3-40.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7500", - "Title": "rpm: Following symlinks to directories when installing packages allows privilege escalation", - "Description": "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1450369", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7500", - "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9", - "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79" - ], - "PublishedDate": "2018-08-13T17:29:00Z", - "LastModifiedDate": "2019-10-09T23:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7501", - "PkgName": "rpm-build-libs", - "InstalledVersion": "4.11.3-40.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7501", - "Title": "rpm: Following symlinks to files when installing packages allows privilege escalation", - "Description": "It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1452133", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7501", - "https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc", - "https://security.gentoo.org/glsa/201811-22" - ], - "PublishedDate": "2017-11-22T22:29:00Z", - "LastModifiedDate": "2018-11-29T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7500", - "PkgName": "rpm-libs", - "InstalledVersion": "4.11.3-40.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7500", - "Title": "rpm: Following symlinks to directories when installing packages allows privilege escalation", - "Description": "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1450369", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7500", - "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9", - "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79" - ], - "PublishedDate": "2018-08-13T17:29:00Z", - "LastModifiedDate": "2019-10-09T23:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7501", - "PkgName": "rpm-libs", - "InstalledVersion": "4.11.3-40.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7501", - "Title": "rpm: Following symlinks to files when installing packages allows privilege escalation", - "Description": "It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1452133", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7501", - "https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc", - "https://security.gentoo.org/glsa/201811-22" - ], - "PublishedDate": "2017-11-22T22:29:00Z", - "LastModifiedDate": "2018-11-29T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7500", - "PkgName": "rpm-python", - "InstalledVersion": "4.11.3-40.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7500", - "Title": "rpm: Following symlinks to directories when installing packages allows privilege escalation", - "Description": "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1450369", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7500", - "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9", - "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79" - ], - "PublishedDate": "2018-08-13T17:29:00Z", - "LastModifiedDate": "2019-10-09T23:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7501", - "PkgName": "rpm-python", - "InstalledVersion": "4.11.3-40.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7501", - "Title": "rpm: Following symlinks to files when installing packages allows privilege escalation", - "Description": "It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1452133", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7501", - "https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc", - "https://security.gentoo.org/glsa/201811-22" - ], - "PublishedDate": "2017-11-22T22:29:00Z", - "LastModifiedDate": "2018-11-29T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13734", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "FixedVersion": "3.7.17-8.el7_7.1", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13734", - "Title": "sqlite: fts3: improve shadow table corruption detection", - "Description": "Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 8.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-13734.html", - "http://linux.oracle.com/errata/ELSA-2020-0273.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html", - "https://access.redhat.com/errata/RHSA-2019:4238", - "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", - "https://crbug.com/1025466", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13734", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/" - ], - "PublishedDate": "2019-12-10T22:15:00Z", - "LastModifiedDate": "2019-12-16T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5827", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5827", - "Title": "chromium-browser: out-of-bounds access in SQLite", - "Description": "Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 8.8 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html", - "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html", - "https://crbug.com/952406", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5827", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/", - "https://usn.ubuntu.com/usn/usn-4205-1" - ], - "PublishedDate": "2019-06-27T17:15:00Z", - "LastModifiedDate": "2019-07-25T04:15:00Z" - }, - { - "VulnerabilityID": "CVE-2015-7036", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-7036", - "Title": "sqlite: arbitrary code execution on databases with malformed schema", - "Description": "The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API call with a crafted pointer value in the second argument.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 5.1 - } - }, - "References": [ - "http://support.apple.com/kb/HT204941", - "http://support.apple.com/kb/HT204942", - "http://zerodayinitiative.com/advisories/ZDI-15-570/", - "https://security.gentoo.org/glsa/201612-21" - ], - "PublishedDate": "2015-11-22T03:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7000", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7000", - "Title": "chromium-browser: pointer disclosure in sqlite", - "Description": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the \"SQLite\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98767", - "http://www.securityfocus.com/bid/99950", - "https://access.redhat.com/errata/RHSA-2017:1833", - "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7000", - "https://security.gentoo.org/glsa/201709-15", - "https://support.apple.com/HT207797", - "https://support.apple.com/HT207798", - "https://www.debian.org/security/2017/dsa-3926", - "https://www.sqlite.org/bindptr.html" - ], - "PublishedDate": "2018-04-03T06:29:00Z", - "LastModifiedDate": "2018-04-27T18:00:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13751", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13751", - "Title": "sqlite: fts3: improve detection of corrupted records", - "Description": "Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html", - "https://access.redhat.com/errata/RHSA-2019:4238", - "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", - "https://crbug.com/1025465", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13751", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/" - ], - "PublishedDate": "2019-12-10T22:15:00Z", - "LastModifiedDate": "2019-12-16T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13752", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13752", - "Title": "sqlite: fts3: improve shadow table corruption detection", - "Description": "Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html", - "https://access.redhat.com/errata/RHSA-2019:4238", - "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", - "https://crbug.com/1025470", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13752", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/" - ], - "PublishedDate": "2019-12-10T22:15:00Z", - "LastModifiedDate": "2019-12-16T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13753", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13753", - "Title": "sqlite: fts3: incorrectly removed corruption check", - "Description": "Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html", - "https://access.redhat.com/errata/RHSA-2019:4238", - "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", - "https://crbug.com/1025471", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13753", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/" - ], - "PublishedDate": "2019-12-10T22:15:00Z", - "LastModifiedDate": "2019-12-16T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19603", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19603", - "Title": "sqlite: mishandles certain SELECT statements with a nonexistent VIEW, leading to DoS", - "Description": "SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19603", - "https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13", - "https://security.netapp.com/advisory/ntap-20191223-0001/", - "https://www.sqlite.org/" - ], - "PublishedDate": "2019-12-09T19:15:00Z", - "LastModifiedDate": "2020-02-03T14:22:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19645", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19645", - "Title": "sqlite: infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements", - "Description": "alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-674" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19645", - "https://github.com/sqlite/sqlite/commit/38096961c7cd109110ac21d3ed7dad7e0cb0ae06", - "https://security.netapp.com/advisory/ntap-20191223-0001/" - ], - "PublishedDate": "2019-12-09T16:15:00Z", - "LastModifiedDate": "2019-12-23T05:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19880", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19880", - "Title": "sqlite: invalid pointer dereference in exprListAppendList in window.c", - "Description": "exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19880", - "https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54", - "https://security.netapp.com/advisory/ntap-20200114-0001/" - ], - "PublishedDate": "2019-12-18T06:15:00Z", - "LastModifiedDate": "2020-01-14T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19924", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19924", - "Title": "sqlite: incorrect sqlite3WindowRewrite() error handling leads to mishandling certain parser-tree rewriting", - "Description": "SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-755" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V3Score": 5.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19924", - "https://github.com/sqlite/sqlite/commit/8654186b0236d556aa85528c2573ee0b6ab71be3", - "https://security.netapp.com/advisory/ntap-20200114-0003/" - ], - "PublishedDate": "2019-12-24T16:15:00Z", - "LastModifiedDate": "2020-01-14T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-20218", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20218", - "Title": "sqlite: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error", - "Description": "selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-755" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20218", - "https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387" - ], - "PublishedDate": "2020-01-02T14:16:00Z", - "LastModifiedDate": "2020-01-16T20:35:00Z" - }, - { - "VulnerabilityID": "CVE-2019-8457", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-8457", - "Title": "sqlite: heap out-of-bound read in function rtreenode()", - "Description": "SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00074.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8457", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPKYSWCOM3CL66RI76TYVIG6TJ263RXH/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJPFGA45DI4F5MCF2OAACGH3HQOF4G3M/", - "https://security.netapp.com/advisory/ntap-20190606-0002/", - "https://usn.ubuntu.com/4004-1/", - "https://usn.ubuntu.com/4004-2/", - "https://usn.ubuntu.com/4019-1/", - "https://usn.ubuntu.com/4019-2/", - "https://usn.ubuntu.com/usn/usn-4004-1", - "https://usn.ubuntu.com/usn/usn-4004-2", - "https://usn.ubuntu.com/usn/usn-4019-1", - "https://usn.ubuntu.com/usn/usn-4019-2", - "https://www.oracle.com/security-alerts/cpujan2020.html", - "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "https://www.sqlite.org/releaselog/3_28_0.html", - "https://www.sqlite.org/src/info/90acdbfce9c08858" - ], - "PublishedDate": "2019-05-30T16:29:00Z", - "LastModifiedDate": "2020-01-15T20:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6153", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6153", - "Title": "sqlite: Tempdir selection vulnerability", - "Description": "os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4.6, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", - "V2Score": 1.2, - "V3Score": 2.2 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00053.html", - "http://www.openwall.com/lists/oss-security/2016/07/01/1", - "http://www.openwall.com/lists/oss-security/2016/07/01/2", - "http://www.securityfocus.com/bid/91546", - "http://www.sqlite.org/cgi/src/info/67985761aa93fb61", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6153", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IGQTH7V45QVHFDXJAEECHEO3HHD644WZ/", - "https://usn.ubuntu.com/usn/usn-4019-1", - "https://usn.ubuntu.com/usn/usn-4019-2", - "https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt", - "https://www.sqlite.org/releaselog/3_13_0.html", - "https://www.tenable.com/security/tns-2016-20" - ], - "PublishedDate": "2016-09-26T16:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10989", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10989", - "Title": "sqlite: Heap-buffer overflow in the getNodeSize function", - "Description": "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html", - "http://marc.info/?l=sqlite-users\u0026m=149933696214713\u0026w=2", - "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "http://www.securityfocus.com/bid/99502", - "http://www.securitytracker.com/id/1039427", - "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405", - "https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10989", - "https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html", - "https://sqlite.org/src/info/66de6f4a", - "https://sqlite.org/src/vpatch?from=0db20efe201736b3\u0026to=66de6f4a9504ec26", - "https://support.apple.com/HT208112", - "https://support.apple.com/HT208113", - "https://support.apple.com/HT208115", - "https://support.apple.com/HT208144", - "https://usn.ubuntu.com/4019-1/", - "https://usn.ubuntu.com/4019-2/", - "https://usn.ubuntu.com/usn/usn-4019-1", - "https://usn.ubuntu.com/usn/usn-4019-2" - ], - "PublishedDate": "2017-07-07T12:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13685", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13685", - "Title": "sqlite: Local DoS via dump_callback function", - "Description": "The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html", - "http://www.securityfocus.com/bid/100521", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13685", - "https://usn.ubuntu.com/usn/usn-4019-1", - "https://usn.ubuntu.com/usn/usn-4019-2" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2017-08-31T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15286", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15286", - "Title": "sqlite: NULL pointer dereference in tableColumnList", - "Description": "SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never initialized.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101285", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15286", - "https://github.com/Ha0Team/crash-of-sqlite3/blob/master/poc.md" - ], - "PublishedDate": "2017-10-12T08:29:00Z", - "LastModifiedDate": "2017-10-27T14:18:00Z" - }, - { - "VulnerabilityID": "CVE-2018-8740", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-8740", - "Title": "sqlite: NULL pointer dereference with databases with schema corrupted with CREATE TABLE AS allows for denial of service", - "Description": "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html", - "http://www.securityfocus.com/bid/103466", - "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964", - "https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8740", - "https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html", - "https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema", - "https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d\u0026to=d75e67654aa9620b" - ], - "PublishedDate": "2018-03-17T00:29:00Z", - "LastModifiedDate": "2019-05-22T03:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19244", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19244", - "Title": "sqlite: allows a crash if a sub-select uses both DISTINCT and window functions and also has certain ORDER BY usage", - "Description": "sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19244", - "https://github.com/sqlite/sqlite/commit/e59c562b3f6894f84c715772c4b116d7b5c01348", - "https://usn.ubuntu.com/4205-1/", - "https://usn.ubuntu.com/usn/usn-4205-1" - ], - "PublishedDate": "2019-11-25T20:15:00Z", - "LastModifiedDate": "2019-12-04T16:11:00Z" - }, - { - "VulnerabilityID": "CVE-2013-4392", - "PkgName": "systemd", - "InstalledVersion": "219-67.el7_7.1", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4392", - "Title": "systemd: TOCTOU race condition when updating file permissions and SELinux security contexts", - "Description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 3.3 - } - }, - "References": [ - "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", - "http://www.openwall.com/lists/oss-security/2013/10/01/9", - "https://bugzilla.redhat.com/show_bug.cgi?id=859060" - ], - "PublishedDate": "2013-10-28T22:55:00Z", - "LastModifiedDate": "2013-12-08T06:00:00Z" - }, - { - "VulnerabilityID": "CVE-2017-18078", - "PkgName": "systemd", - "InstalledVersion": "219-67.el7_7.1", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18078", - "Title": "systemd: Unsafe handling of hard links allowing privilege escalation", - "Description": "systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 6.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2018-02/msg00109.html", - "http://packetstormsecurity.com/files/146184/systemd-Local-Privilege-Escalation.html", - "http://www.openwall.com/lists/oss-security/2018/01/29/3", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18078", - "https://github.com/systemd/systemd/issues/7736", - "https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html", - "https://www.exploit-db.com/exploits/43935/", - "https://www.openwall.com/lists/oss-security/2018/01/29/4" - ], - "PublishedDate": "2018-01-29T05:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6954", - "PkgName": "systemd", - "InstalledVersion": "219-67.el7_7.1", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6954", - "Title": "systemd: Mishandled symlinks in systemd-tmpfiles allows local users to obtain ownership of arbitrary files", - "Description": "systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6954", - "https://github.com/systemd/systemd/issues/7986", - "https://usn.ubuntu.com/3816-1/", - "https://usn.ubuntu.com/3816-2/", - "https://usn.ubuntu.com/usn/usn-3816-1", - "https://usn.ubuntu.com/usn/usn-3816-2" - ], - "PublishedDate": "2018-02-13T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3842", - "PkgName": "systemd", - "InstalledVersion": "219-67.el7_7.1", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3842", - "Title": "systemd: Spoofing of XDG_SEAT allows for actions to be checked against \"allow_active\" instead of \"allow_any\"", - "Description": "In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the \"allow_active\" element rather than \"allow_any\".", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.4, - "V3Score": 7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 4.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html", - "http://packetstormsecurity.com/files/152610/systemd-Seat-Verification-Active-Session-Spoofing.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3842", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3842", - "https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STR36RJE4ZZIORMDXRERVBHMPRNRTHAC/", - "https://usn.ubuntu.com/usn/usn-3938-1", - "https://www.exploit-db.com/exploits/46743/" - ], - "PublishedDate": "2019-04-09T21:29:00Z", - "LastModifiedDate": "2019-05-28T00:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6349", - "PkgName": "systemd", - "InstalledVersion": "219-67.el7_7.1", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6349", - "Title": "oci-register-machine: information exposure for docker containers", - "Description": "The machinectl command in oci-register-machine allows local users to list running containers and possibly obtain sensitive information by running that command.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 2.1, - "V3Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/07/26/9", - "http://www.openwall.com/lists/oss-security/2016/10/13/7", - "http://www.securityfocus.com/bid/92143", - "https://bugzilla.redhat.com/show_bug.cgi?id=1360634", - "https://github.com/projectatomic/oci-register-machine/pull/22" - ], - "PublishedDate": "2017-03-29T20:59:00Z", - "LastModifiedDate": "2017-04-06T13:33:00Z" - }, - { - "VulnerabilityID": "CVE-2019-20386", - "PkgName": "systemd", - "InstalledVersion": "219-67.el7_7.1", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20386", - "Title": "systemd: a memory leak was discovered in button_open in login/logind-button.c when udev events are received", - "Description": "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 2.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20386", - "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad", - "https://security.netapp.com/advisory/ntap-20200210-0002/", - "https://usn.ubuntu.com/4269-1/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2020-01-21T06:15:00Z", - "LastModifiedDate": "2020-02-10T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2013-4392", - "PkgName": "systemd-libs", - "InstalledVersion": "219-67.el7_7.1", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4392", - "Title": "systemd: TOCTOU race condition when updating file permissions and SELinux security contexts", - "Description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 3.3 - } - }, - "References": [ - "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", - "http://www.openwall.com/lists/oss-security/2013/10/01/9", - "https://bugzilla.redhat.com/show_bug.cgi?id=859060" - ], - "PublishedDate": "2013-10-28T22:55:00Z", - "LastModifiedDate": "2013-12-08T06:00:00Z" - }, - { - "VulnerabilityID": "CVE-2017-18078", - "PkgName": "systemd-libs", - "InstalledVersion": "219-67.el7_7.1", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18078", - "Title": "systemd: Unsafe handling of hard links allowing privilege escalation", - "Description": "systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 6.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2018-02/msg00109.html", - "http://packetstormsecurity.com/files/146184/systemd-Local-Privilege-Escalation.html", - "http://www.openwall.com/lists/oss-security/2018/01/29/3", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18078", - "https://github.com/systemd/systemd/issues/7736", - "https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html", - "https://www.exploit-db.com/exploits/43935/", - "https://www.openwall.com/lists/oss-security/2018/01/29/4" - ], - "PublishedDate": "2018-01-29T05:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6954", - "PkgName": "systemd-libs", - "InstalledVersion": "219-67.el7_7.1", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6954", - "Title": "systemd: Mishandled symlinks in systemd-tmpfiles allows local users to obtain ownership of arbitrary files", - "Description": "systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6954", - "https://github.com/systemd/systemd/issues/7986", - "https://usn.ubuntu.com/3816-1/", - "https://usn.ubuntu.com/3816-2/", - "https://usn.ubuntu.com/usn/usn-3816-1", - "https://usn.ubuntu.com/usn/usn-3816-2" - ], - "PublishedDate": "2018-02-13T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3842", - "PkgName": "systemd-libs", - "InstalledVersion": "219-67.el7_7.1", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3842", - "Title": "systemd: Spoofing of XDG_SEAT allows for actions to be checked against \"allow_active\" instead of \"allow_any\"", - "Description": "In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the \"allow_active\" element rather than \"allow_any\".", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.4, - "V3Score": 7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 4.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html", - "http://packetstormsecurity.com/files/152610/systemd-Seat-Verification-Active-Session-Spoofing.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3842", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3842", - "https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STR36RJE4ZZIORMDXRERVBHMPRNRTHAC/", - "https://usn.ubuntu.com/usn/usn-3938-1", - "https://www.exploit-db.com/exploits/46743/" - ], - "PublishedDate": "2019-04-09T21:29:00Z", - "LastModifiedDate": "2019-05-28T00:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6349", - "PkgName": "systemd-libs", - "InstalledVersion": "219-67.el7_7.1", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6349", - "Title": "oci-register-machine: information exposure for docker containers", - "Description": "The machinectl command in oci-register-machine allows local users to list running containers and possibly obtain sensitive information by running that command.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 2.1, - "V3Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/07/26/9", - "http://www.openwall.com/lists/oss-security/2016/10/13/7", - "http://www.securityfocus.com/bid/92143", - "https://bugzilla.redhat.com/show_bug.cgi?id=1360634", - "https://github.com/projectatomic/oci-register-machine/pull/22" - ], - "PublishedDate": "2017-03-29T20:59:00Z", - "LastModifiedDate": "2017-04-06T13:33:00Z" - }, - { - "VulnerabilityID": "CVE-2019-20386", - "PkgName": "systemd-libs", - "InstalledVersion": "219-67.el7_7.1", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20386", - "Title": "systemd: a memory leak was discovered in button_open in login/logind-button.c when udev events are received", - "Description": "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 2.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20386", - "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad", - "https://security.netapp.com/advisory/ntap-20200210-0002/", - "https://usn.ubuntu.com/4269-1/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2020-01-21T06:15:00Z", - "LastModifiedDate": "2020-02-10T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6321", - "PkgName": "tar", - "InstalledVersion": "2:1.26-35.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6321", - "Title": "tar: Bypassing the extract path name", - "Description": "Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-22" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 5.1 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d", - "http://lists.gnu.org/archive/html/bug-tar/2016-10/msg00016.html", - "http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html", - "http://seclists.org/fulldisclosure/2016/Oct/102", - "http://seclists.org/fulldisclosure/2016/Oct/96", - "http://www.debian.org/security/2016/dsa-3702", - "http://www.securityfocus.com/bid/93937", - "http://www.ubuntu.com/usn/USN-3132-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6321", - "https://security.gentoo.org/glsa/201611-19", - "https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt", - "https://sintonen.fi/advisories/tar-extract-pathname-bypass.txt", - "https://usn.ubuntu.com/usn/usn-3132-1" - ], - "PublishedDate": "2016-12-09T22:59:00Z", - "LastModifiedDate": "2017-07-01T01:30:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20482", - "PkgName": "tar", - "InstalledVersion": "2:1.26-35.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20482", - "Title": "tar: Infinite read loop in sparse_dump_region function in sparse.c", - "Description": "GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42ccd1e2377945fd0414eca1a49294bff454", - "http://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html", - "http://www.securityfocus.com/bid/106354", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20482", - "https://lists.debian.org/debian-lts-announce/2018/12/msg00023.html", - "https://news.ycombinator.com/item?id=18745431", - "https://security.gentoo.org/glsa/201903-05", - "https://twitter.com/thatcks/status/1076166645708668928", - "https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug" - ], - "PublishedDate": "2018-12-26T18:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9923", - "PkgName": "tar", - "InstalledVersion": "2:1.26-35.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9923", - "Title": "tar: null-pointer dereference in pax_decode_header in sparse.c", - "Description": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html", - "http://savannah.gnu.org/bugs/?55369", - "https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241" - ], - "PublishedDate": "2019-03-22T08:29:00Z", - "LastModifiedDate": "2019-04-24T19:02:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9114", - "PkgName": "util-linux", - "InstalledVersion": "2.23.2-61.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9114", - "Title": "util-linux: command injection flaw in blkid", - "Description": "Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-77" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V2Score": 6.2 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146229.html", - "http://lists.opensuse.org/opensuse-updates/2015-01/msg00035.html", - "http://www.openwall.com/lists/oss-security/2014/11/26/21", - "http://www.securityfocus.com/bid/71327", - "https://bugzilla.redhat.com/show_bug.cgi?id=1168485", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9114", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/98993", - "https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc", - "https://security.gentoo.org/glsa/201612-14" - ], - "PublishedDate": "2017-03-31T16:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2779", - "PkgName": "util-linux", - "InstalledVersion": "2.23.2-61.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", - "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", - "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 6.2, - "V3Score": 8.6 - } - }, - "References": [ - "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", - "http://www.openwall.com/lists/oss-security/2016/02/27/1", - "http://www.openwall.com/lists/oss-security/2016/02/27/2", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" - ], - "PublishedDate": "2017-02-07T15:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5218", - "PkgName": "util-linux", - "InstalledVersion": "2.23.2-61.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5218", - "Title": "colcrt: global-buffer-overflow", - "Description": "Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2015-11/msg00035.html", - "http://www.spinics.net/lists/util-linux-ng/msg11873.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=1259322", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5218", - "https://github.com/kerolasa/lelux-utiliteetit/commit/70e3fcf293c1827a2655a86584ab13075124a8a8", - "https://github.com/kerolasa/lelux-utiliteetit/commit/d883d64d96ab9bef510745d064a351145b9babec", - "https://www.kernel.org/pub/linux/utils/util-linux/v2.27/v2.27-ReleaseNotes" - ], - "PublishedDate": "2015-11-09T16:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2017-1000382", - "PkgName": "vim-minimal", - "InstalledVersion": "2:7.4.629-6.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000382", - "Title": "vim: Ignores umask when creating a swap file", - "Description": "VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file (\"[ORIGINAL_FILENAME].swp\") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 2.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.5 - } - }, - "References": [ - "http://security.cucumberlinux.com/security/details.php?id=120", - "http://www.openwall.com/lists/oss-security/2017/10/31/1" - ], - "PublishedDate": "2017-10-31T20:29:00Z", - "LastModifiedDate": "2017-11-27T16:24:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11109", - "PkgName": "vim-minimal", - "InstalledVersion": "2:7.4.629-6.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11109", - "Title": "vim: Use-after-free via crafted file", - "Description": "Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. NOTE: there might be a limited number of scenarios in which this has security relevance.", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1468492", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11109", - "https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11109.html", - "https://www.mail-archive.com/vim_dev@googlegroups.com/msg45274.html" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2019-08-03T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17087", - "PkgName": "vim-minimal", - "InstalledVersion": "2:7.4.629-6.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17087", - "Title": "vim: Sets the group ownership of a .swp file to the editor's primary group", - "Description": "fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 2.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.5 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2017/11/27/2", - "http://security.cucumberlinux.com/security/details.php?id=166", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17087", - "https://github.com/vim/vim/commit/5a73e0ca54c77e067c3b12ea6f35e3e8681e8cf8", - "https://groups.google.com/d/msg/vim_dev/sRT9BtjLWMk/BRtSXNU4BwAJ", - "https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html" - ], - "PublishedDate": "2017-12-01T08:29:00Z", - "LastModifiedDate": "2019-08-03T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2017-5953", - "PkgName": "vim-minimal", - "InstalledVersion": "2:7.4.629-6.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-5953", - "Title": "vim: Tree length values not validated properly when handling a spell file", - "Description": "vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.5 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3786", - "http://www.securityfocus.com/bid/96217", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5953", - "https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d", - "https://groups.google.com/forum/#!topic/vim_dev/t-3RSdEnrHY", - "https://security.gentoo.org/glsa/201706-26", - "https://usn.ubuntu.com/4016-1/", - "https://usn.ubuntu.com/usn/usn-4016-1" - ], - "PublishedDate": "2017-02-10T07:59:00Z", - "LastModifiedDate": "2019-06-11T20:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-6350", - "PkgName": "vim-minimal", - "InstalledVersion": "2:7.4.629-6.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6350", - "Title": "vim: Integer overflow at an unserialize_uep memory allocation site", - "Description": "An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/96448", - "http://www.securitytracker.com/id/1037949", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6350", - "https://github.com/vim/vim/commit/0c8485f0e4931463c0f7986e1ea84a7d79f10c75", - "https://groups.google.com/forum/#!topic/vim_dev/L_dOHOOiQ5Q", - "https://groups.google.com/forum/#!topic/vim_dev/QPZc0CY9j3Y", - "https://security.gentoo.org/glsa/201706-26" - ], - "PublishedDate": "2017-02-27T07:59:00Z", - "LastModifiedDate": "2018-08-13T21:47:00Z" + "config": { + "Cmd": [ + "/bin/bash" + ], + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "container=oci" + ], + "Hostname": "0da2e3774382", + "Image": "2e9103a7b91a7ffe333e9162ce98ea078263747527571655e93bd4d35ee278f0", + "Labels": { + "architecture": "x86_64", + "authoritative-source-url": "registry.access.redhat.com", + "build-date": "2019-09-02T12:56:18.824770", + "com.redhat.build-host": "cpt-1005.osbs.prod.upshift.rdu2.redhat.com", + "com.redhat.component": "ubi7-container", + "com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI", + "description": "The Universal Base Image is designed and engineered to be the base layer for all of your containerized applications, middleware and utilities. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly.", + "distribution-scope": "public", + "io.k8s.description": "The Universal Base Image is designed and engineered to be the base layer for all of your containerized applications, middleware and utilities. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly.", + "io.k8s.display-name": "Red Hat Universal Base Image 7", + "io.openshift.tags": "base rhel7", + "maintainer": "Red Hat, Inc.", + "name": "ubi7", + "release": "140", + "summary": "Provides the latest release of the Red Hat Universal Base Image 7.", + "url": "https://access.redhat.com/containers/#/registry.access.redhat.com/ubi7/images/7.7-140", + "vcs-ref": "4c80c8aa26e69950ab11b87789c8fb7665b1632d", + "vcs-type": "git", + "vendor": "Red Hat, Inc.", + "version": "7.7" + }, + "ArgsEscaped": true } - ] - } -] \ No newline at end of file + } + }, + "Results": [ + { + "Target": "testdata/fixtures/images/ubi-7.tar.gz (redhat 7.7)", + "Class": "os-pkgs", + "Type": "redhat", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2015-5186", + "PkgName": "audit-libs", + "InstalledVersion": "2.8.5-4.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5186", + "Title": "Audit: log terminal emulator escape sequences handling", + "Description": "Audit before 2.4.4 in Linux does not sanitize escape characters in filenames.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V2Score": 4.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2015/08/13/9", + "http://www.securityfocus.com/bid/76840", + "https://bugzilla.redhat.com/show_bug.cgi?id=1251621", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5186", + "https://people.redhat.com/sgrubb/audit/ChangeLog" + ], + "PublishedDate": "2017-09-06T21:29:00Z", + "LastModifiedDate": "2017-09-13T11:17:00Z" + }, + { + "VulnerabilityID": "CVE-2012-6711", + "PkgName": "bash", + "InstalledVersion": "4.2.46-33.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2012-6711", + "Title": "bash: heap-based buffer overflow during echo of unsupported characters", + "Description": "A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to print through the \"echo -e\" built-in function, may use this flaw to crash a script or execute code with the privileges of the bash process. This occurs because ansicstr() in lib/sh/strtrans.c mishandles u32cconv().", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/bash.git/commit/?h=devel\u0026id=863d31ae775d56b785dc5b0105b6d251515d81d5", + "http://www.securityfocus.com/bid/108824", + "https://bugzilla.redhat.com/show_bug.cgi?id=1721071", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6711" + ], + "PublishedDate": "2019-06-18T18:15:00Z", + "LastModifiedDate": "2019-06-20T09:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9924", + "PkgName": "bash", + "InstalledVersion": "4.2.46-33.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9924", + "Title": "bash: BASH_CMD is writable in restricted bash shells", + "Description": "rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/bash.git/tree/CHANGES?h=bash-4.4-testing#n65", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00049.html", + "https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1803441", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9924", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00028.html", + "https://lists.gnu.org/archive/html/bug-bash/2017-03/msg00077.html", + "https://security.netapp.com/advisory/ntap-20190411-0001/", + "https://usn.ubuntu.com/usn/usn-4058-1", + "https://usn.ubuntu.com/usn/usn-4058-2" + ], + "PublishedDate": "2019-03-22T08:29:00Z", + "LastModifiedDate": "2019-04-11T22:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-18276", + "PkgName": "bash", + "InstalledVersion": "4.2.46-33.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18276", + "Title": "bash: when effective UID is not equal to its real UID the saved UID is not dropped", + "Description": "An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support \"saved UID\" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use \"enable -f\" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.", + "Severity": "LOW", + "CweIDs": [ + "CWE-273" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V2Score": 7.2 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276", + "https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff", + "https://www.youtube.com/watch?v=-wGtxJ8opa8" + ], + "PublishedDate": "2019-11-28T01:15:00Z", + "LastModifiedDate": "2020-01-22T14:27:00Z" + }, + { + "VulnerabilityID": "CVE-2017-6965", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6965", + "Title": "binutils: Heap-based buffer overflow in target_specific_reloc_handling in readelf", + "Description": "readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6965", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21137" + ], + "PublishedDate": "2017-03-17T09:59:00Z", + "LastModifiedDate": "2017-09-19T01:36:00Z" + }, + { + "VulnerabilityID": "CVE-2017-6966", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6966", + "Title": "binutils: Use-after-free in target_specific_reloc_handling in readelf", + "Description": "readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6966", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21139" + ], + "PublishedDate": "2017-03-17T09:59:00Z", + "LastModifiedDate": "2017-09-19T01:36:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20673", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20673", + "Title": "libiberty: Integer overflow in demangle_template() function", + "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106454", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24039" + ], + "PublishedDate": "2019-01-04T18:29:00Z", + "LastModifiedDate": "2019-01-15T14:36:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9074", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9074", + "Title": "binutils: out-of-bound read in function bfd_getl32 in libbfd.c", + "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://security.netapp.com/advisory/ntap-20190314-0003/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24235", + "https://support.f5.com/csp/article/K09092524" + ], + "PublishedDate": "2019-02-24T00:29:00Z", + "LastModifiedDate": "2019-05-23T23:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9075", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9075", + "Title": "binutils: heap-based buffer overflow in function _bfd_archive_64_bit_slurp_armap in archive64.c", + "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://security.netapp.com/advisory/ntap-20190314-0003/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24236", + "https://support.f5.com/csp/article/K42059040" + ], + "PublishedDate": "2019-02-24T00:29:00Z", + "LastModifiedDate": "2019-05-23T23:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9077", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9077", + "Title": "binutils: heap-based buffer overflow in function process_mips_specific in readelf.c", + "Description": "An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/107139", + "https://security.netapp.com/advisory/ntap-20190314-0003/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24243", + "https://support.f5.com/csp/article/K00056379" + ], + "PublishedDate": "2019-02-24T00:29:00Z", + "LastModifiedDate": "2019-05-24T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2014-9939", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9939", + "Title": "binutils: buffer overflow in ihex.c", + "Description": "ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", + "V2Score": 1.2 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2015/07/31/6", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9939", + "https://sourceware.org/bugzilla/show_bug.cgi?id=18750", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e27a9d5f22f9f7ead11738b1546d0b5c737266b", + "https://usn.ubuntu.com/usn/usn-3367-1" + ], + "PublishedDate": "2017-03-21T06:59:00Z", + "LastModifiedDate": "2017-03-22T19:12:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8538", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8538", + "Title": "libdwarf: Out-of-bounds read in dwarf_leb.c", + "Description": "dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV).", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "V2Score": 1.7 + } + }, + "References": [ + "http://sourceforge.net/p/libdwarf/code/ci/da724a0bc5eec8e9ec0b0cb0c238a80e34466459/", + "http://www.openwall.com/lists/oss-security/2015/12/09/2", + "http://www.openwall.com/lists/oss-security/2015/12/10/3", + "https://bugzilla.redhat.com/show_bug.cgi?id=1289385", + "https://bugzilla.redhat.com/show_bug.cgi?id=1291299", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8538" + ], + "PublishedDate": "2017-06-07T20:29:00Z", + "LastModifiedDate": "2017-06-14T18:17:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2226", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2226", + "Title": "gcc: Exploitable buffer overflow", + "Description": "Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190", + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V2Score": 6.8, + "V3Score": 3.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90103", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1", + "https://www.exploit-db.com/exploits/42386/" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-08-12T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4487", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4487", + "Title": "gcc: Invalid write due to a use-after-free to array btypevec", + "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"btypevec.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V2Score": 2.6, + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90025", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", + "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4488", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4488", + "Title": "gcc: Invalid write due to a use-after-free to array ktypevec", + "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"ktypevec.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V2Score": 5.1, + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90025", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", + "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4489", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4489", + "Title": "gcc: Invalid write due to integer overflow", + "Description": "Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the \"demangling of virtual tables.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 4, + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90017", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4490", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4490", + "Title": "gcc: Write access violation", + "Description": "Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 4, + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90019", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4491", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4491", + "Title": "gcc: Stack overflow due to infinite recursion in d_print_comp", + "Description": "The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90016", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909", + "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4492", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4492", + "Title": "gcc: Read access violations", + "Description": "Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 4.4 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 2.6, + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90014", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", + "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4493", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4493", + "Title": "gcc: Read access violations", + "Description": "The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 2.6, + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90014", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", + "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12449", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12449", + "Title": "binutils: out of bounds heap read in _bfd_vms_save_sized_string function", + "Description": "The _bfd_vms_save_sized_string function in vms-misc.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12449", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21840" + ], + "PublishedDate": "2017-08-04T15:29:00Z", + "LastModifiedDate": "2017-08-07T18:39:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12451", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12451", + "Title": "binutils: out of bounds stack read in _bfd_xcoff_read_ar_hdr function", + "Description": "The _bfd_xcoff_read_ar_hdr function in bfd/coff-rs6000.c and bfd/coff64-rs6000.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds stack read via a crafted COFF image file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12451", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21786" + ], + "PublishedDate": "2017-08-04T15:29:00Z", + "LastModifiedDate": "2017-08-07T18:37:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12452", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12452", + "Title": "binutils: out of bounds heap read in bfd_mach_o_i386_canonicalize_one_reloc function", + "Description": "The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted mach-o file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12452", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21813" + ], + "PublishedDate": "2017-08-04T15:29:00Z", + "LastModifiedDate": "2017-08-07T18:36:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12453", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12453", + "Title": "binutils: out of bounds heap read in __bfd_vms_slurp_eeom function", + "Description": "The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12453", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21813" + ], + "PublishedDate": "2017-08-04T15:29:00Z", + "LastModifiedDate": "2017-08-07T18:35:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12454", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12454", + "Title": "binutils: Arbitrary memory read in _bfd_vms_slurp_egs function", + "Description": "The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an arbitrary memory read via a crafted vms alpha file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12454", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21813" + ], + "PublishedDate": "2017-08-04T15:29:00Z", + "LastModifiedDate": "2017-08-07T13:05:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12455", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12455", + "Title": "binutils: out of bounds heap read in evax_bfd_print_emh function", + "Description": "The evax_bfd_print_emh function in vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12455", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21840" + ], + "PublishedDate": "2017-08-04T15:29:00Z", + "LastModifiedDate": "2017-08-07T13:05:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12456", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12456", + "Title": "binutils: out of bounds heap read in read_symbol_stabs_debugging_inf function", + "Description": "The read_symbol_stabs_debugging_info function in rddbg.c in GNU Binutils 2.29 and earlier allows remote attackers to cause an out of bounds heap read via a crafted binary file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12456", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21813" + ], + "PublishedDate": "2017-08-04T15:29:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12457", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12457", + "Title": "binutils: NULL pointer dereference in bfd_make_section_with_flags function", + "Description": "The bfd_make_section_with_flags function in section.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a NULL dereference via a crafted file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12457", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21840" + ], + "PublishedDate": "2017-08-04T15:29:00Z", + "LastModifiedDate": "2017-08-07T13:20:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12458", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12458", + "Title": "binutils: out of bounds heap read in nlm_swap_auxiliary_headers_in function", + "Description": "The nlm_swap_auxiliary_headers_in function in bfd/nlmcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted nlm file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12458", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21840" + ], + "PublishedDate": "2017-08-04T15:29:00Z", + "LastModifiedDate": "2017-08-07T14:23:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12799", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12799", + "Title": "binutils: Heap-based 1 byte buffer over-write in elf_read_notes function in bfd/elf.c", + "Description": "The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/100292", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12799", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21933" + ], + "PublishedDate": "2017-08-10T18:29:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12967", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12967", + "Title": "binutils: Stack-based buffer over-read in getsym function in tekhex.c", + "Description": "The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/100462", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12967", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21962" + ], + "PublishedDate": "2017-08-19T16:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13710", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13710", + "Title": "binutils: NULL pointer dereference in the setup_group function", + "Description": "The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a group section that is too small.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/100499", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13710", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0c54f69295208331faab9bc5e995111a35672f9b", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d6f8dea6798528de0fc762409595251eeeb1f547" + ], + "PublishedDate": "2017-08-27T16:29:00Z", + "LastModifiedDate": "2017-08-30T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13716", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13716", + "Title": "binutils: Memory leak with the C++ symbol demangler routine in libiberty", + "Description": "The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).", + "Severity": "LOW", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 7.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13716", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22009" + ], + "PublishedDate": "2017-08-28T21:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13757", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13757", + "Title": "binutils: heap-based buffer over-read in elf_i386_get_synthetic_symtab in elf32-i386.c and elf_x86_64_get_synthetic_symtab in elf64-x86-64.c", + "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the PLT section size, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to elf_i386_get_synthetic_symtab in elf32-i386.c and elf_x86_64_get_synthetic_symtab in elf64-x86-64.c.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/100532", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13757", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22018", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=90efb6422939ca031804266fba669f77c22a274a" + ], + "PublishedDate": "2017-08-29T23:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-14128", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14128", + "Title": "binutils: Heap-based buffer over-read in the decode_line_info function", + "Description": "The decode_line_info function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (read_1_byte heap-based buffer over-read and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/100623", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14128", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22059", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e8b60085eb3e6f2c41bc0c00c0d759fa7f72780" + ], + "PublishedDate": "2017-09-04T20:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-14129", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14129", + "Title": "binutils: Heap-based buffer over-read in the read_section function", + "Description": "The read_section function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (parse_comp_unit heap-based buffer over-read and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/100624", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14129", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22047", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e4f2723003859dc6b33ca0dadbc4a7659ebf1643" + ], + "PublishedDate": "2017-09-04T20:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-14130", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14130", + "Title": "binutils: Heap-based buffer over-read in the _bfd_elf_parse_attributes function", + "Description": "The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (_bfd_elf_attr_strdup heap-based buffer over-read and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/100625", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14130", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22058", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=2a143b99fc4a5094a9cf128f3184d8e6818c8229" + ], + "PublishedDate": "2017-09-04T20:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-14529", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14529", + "Title": "binutils: heap-based buffer over-read in bfd_getl16 function in peXXigen.c", + "Description": "The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PE file, related to the bfd_getl16 function.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14529", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22113", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4d465c689a8fb27212ef358d0aee89d60dee69a6", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dcaaca89e8618eba35193c27afcb1cfa54f74582" + ], + "PublishedDate": "2017-09-18T00:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-14729", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14729", + "Title": "binutils: Heap buffer overflow in the *_get_synthetic_symtab functions", + "Description": "The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://blogs.gentoo.org/ago/2017/09/25/binutils-heap-based-buffer-overflow-in-_bfd_x86_elf_get_synthetic_symtab-elfxx-x86-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14729", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22170", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=56933f9e3e90eebf1018ed7417d6c1184b91db6b", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=61e3bf5f83f7e505b6bc51ef65426e5b31e6e360" + ], + "PublishedDate": "2017-09-25T16:29:00Z", + "LastModifiedDate": "2017-09-28T16:51:00Z" + }, + { + "VulnerabilityID": "CVE-2017-14745", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14745", + "Title": "binutils: Integer overflow in the *_get_synthetic_symtab functions", + "Description": "The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, interpret a -1 value as a sorting count instead of an error flag, which allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14745", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22148" + ], + "PublishedDate": "2017-09-26T16:29:00Z", + "LastModifiedDate": "2017-09-29T18:37:00Z" + }, + { + "VulnerabilityID": "CVE-2017-14930", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14930", + "Title": "binutils: Memory leak in decode_line_info", + "Description": "Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 7.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14930", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22191" + ], + "PublishedDate": "2017-09-30T01:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-14932", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14932", + "Title": "binutils: Infinite loop in the decode_line_info", + "Description": "decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14932", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22204", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e338894dc2e603683bed2172e8e9f25b29051005" + ], + "PublishedDate": "2017-09-30T01:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-14933", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14933", + "Title": "binutils: Infinite loop in read_formatted_entries", + "Description": "read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/101203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14933", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22210", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=30d0157a2ad64e64e5ff9fcc0dbe78a3e682f573", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=33e0a9a056bd23e923b929a4f2ab049ade0b1c32" + ], + "PublishedDate": "2017-09-30T01:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-14934", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14934", + "Title": "binutils: Infinite loop in process_debug_info", + "Description": "process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure.", + "Severity": "LOW", + "CweIDs": [ + "CWE-131", + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/101204", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14934", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22219", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=19485196044b2521af979f1e5c4a89bfb90fba0b" + ], + "PublishedDate": "2017-09-30T01:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-14938", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14938", + "Title": "binutils: Excessive memory allocation in _bfd_elf_slurp_version_tables", + "Description": "_bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/101212", + "https://blogs.gentoo.org/ago/2017/09/26/binutils-memory-allocation-failure-in-_bfd_elf_slurp_version_tables-elf-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14938", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22166", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bd61e135492ecf624880e6b78e5fcde3c9716df6" + ], + "PublishedDate": "2017-09-30T01:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-14939", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14939", + "Title": "binutils: Heap-based buffer over-read in the decode_line_info", + "Description": "decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to read_1_byte.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/101216", + "https://blogs.gentoo.org/ago/2017/09/26/binutils-heap-based-buffer-overflow-in-read_1_byte-dwarf2-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14939", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22169", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=515f23e63c0074ab531bc954f84ca40c6281a724", + "https://www.exploit-db.com/exploits/42970/" + ], + "PublishedDate": "2017-09-30T01:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-14940", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14940", + "Title": "binutils: NULL pointer dereference in the scan_unit_for_symbols", + "Description": "scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://blogs.gentoo.org/ago/2017/09/26/binutils-null-pointer-dereference-in-scan_unit_for_symbols-dwarf2-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14940", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22166", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0d76029f92182c3682d8be2c833d45bc9a2068fe" + ], + "PublishedDate": "2017-09-30T01:29:00Z", + "LastModifiedDate": "2017-10-03T17:37:00Z" + }, + { + "VulnerabilityID": "CVE-2017-14974", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14974", + "Title": "binutils: NULL pointer dereference in the *_get_synthetic_symtab functions", + "Description": "The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14974", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22163", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e70c19e3a4c26e9c1ebf0c9170d105039b56d7cf" + ], + "PublishedDate": "2017-10-02T01:29:00Z", + "LastModifiedDate": "2017-10-05T16:23:00Z" + }, + { + "VulnerabilityID": "CVE-2017-15020", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15020", + "Title": "binutils: Heap-based buffer overflow in parse_die", + "Description": "dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles pointers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file, related to parse_die and parse_line_table, as demonstrated by a parse_die heap-based buffer over-read.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-parse_die-dwarf1-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15020", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22202", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1da5c9a485f3dcac4c45e96ef4b7dae5948314b5" + ], + "PublishedDate": "2017-10-05T01:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-15021", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15021", + "Title": "binutils: Heap-based buffer over-read in bfd_get_debug_link_info_1", + "Description": "bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to bfd_getl32.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-bfd_getl32-opncls-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15021", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22197", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=52b36c51e5bf6d7600fdc6ba115b170b0e78e31d" + ], + "PublishedDate": "2017-10-05T01:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-15022", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15022", + "Title": "binutils: NULL pointer dereference in dwarf2.c", + "Description": "dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of service (bfd_hash_hash NULL pointer dereference, or out-of-bounds access, and application crash) via a crafted ELF file, related to scan_unit_for_symbols and parse_comp_unit.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-bfd_hash_hash-hash-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15022", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22201", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=11855d8a1f11b102a702ab76e95b22082cccf2f8" + ], + "PublishedDate": "2017-10-05T01:29:00Z", + "LastModifiedDate": "2017-10-11T17:37:00Z" + }, + { + "VulnerabilityID": "CVE-2017-15023", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15023", + "Title": "binutils: NULL pointer dereference in read_formatted_entries", + "Description": "read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/101611", + "https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15023", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22200", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c361faae8d964db951b7100cada4dcdc983df1bf" + ], + "PublishedDate": "2017-10-05T01:29:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-15024", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15024", + "Title": "binutils: Infinite recursion in find_abstract_instance_name", + "Description": "find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://blogs.gentoo.org/ago/2017/10/03/binutils-infinite-loop-in-find_abstract_instance_name-dwarf2-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15024", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22187", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=52a93b95ec0771c97e26f0bb28630a271a667bd2" + ], + "PublishedDate": "2017-10-05T01:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-15025", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15025", + "Title": "binutils: Divide-by-zero in decode_line_info", + "Description": "decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-369" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://blogs.gentoo.org/ago/2017/10/03/binutils-divide-by-zero-in-decode_line_info-dwarf2-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15025", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22186", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d8010d3e75ec7194a4703774090b27486b742d48" + ], + "PublishedDate": "2017-10-05T01:29:00Z", + "LastModifiedDate": "2017-10-11T17:38:00Z" + }, + { + "VulnerabilityID": "CVE-2017-15225", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15225", + "Title": "binutils: Memory leak in _bfd_dwarf2_cleanup_debug_info", + "Description": "_bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15225", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22212", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b55ec8b676ed05d93ee49d6c79ae0403616c4fb0" + ], + "PublishedDate": "2017-10-10T23:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-15938", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15938", + "Title": "binutils: Invalid memory read in find_abstract_instance_name", + "Description": "dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash).", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/101610", + "https://blogs.gentoo.org/ago/2017/10/24/binutils-invalid-memory-read-in-find_abstract_instance_name-dwarf2-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15938", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22209", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1b86808a86077722ee4f42ff97f836b12420bb2a" + ], + "PublishedDate": "2017-10-27T21:29:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-15939", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15939", + "Title": "binutils: NULL pointer dereference in the concat_filename", + "Description": "dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. NOTE: this issue is caused by an incomplete fix for CVE-2017-15023.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/101613", + "https://blogs.gentoo.org/ago/2017/10/24/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c-incomplete-fix-for-cve-2017-15023/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15939", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22205", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a54018b72d75abf2e74bf36016702da06399c1d9" + ], + "PublishedDate": "2017-10-27T21:29:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-15996", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15996", + "Title": "binutils: Excessive memory allocation in elfcomm.c", + "Description": "elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a \"buffer overflow on fuzzed archive header,\" related to an uninitialized variable, an improper conditional jump, and the get_archive_member_name, process_archive_index_and_symbols, and setup_archive functions.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/101608", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15996", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22361", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d91f0b20e561e326ee91a09a76206257bde8438b" + ], + "PublishedDate": "2017-10-29T17:29:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16826", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16826", + "Title": "binutils: Invalid memory access in the coff_slurp_line_table function", + "Description": "The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16826", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22376", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a67d66eb97e7613a38ffe6622d837303b3ecd31d" + ], + "PublishedDate": "2017-11-15T08:29:00Z", + "LastModifiedDate": "2018-11-27T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16827", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16827", + "Title": "binutils: Invalid free in the aout_get_external_symbols function", + "Description": "The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16827", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22306", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0301ce1486b1450f219202677f30d0fa97335419" + ], + "PublishedDate": "2017-11-15T08:29:00Z", + "LastModifiedDate": "2018-11-27T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16828", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16828", + "Title": "binutils: Integer overflow in the display_debug_frames function", + "Description": "The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file, related to print_debug_frame.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16828", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22386", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bf59c5d5f4f5b8b4da1f5f605cfa546f8029b43d" + ], + "PublishedDate": "2017-11-15T08:29:00Z", + "LastModifiedDate": "2018-11-27T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16829", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16829", + "Title": "binutils: Out-of-bounds read in the _bfd_elf_parse_gnu_properties function", + "Description": "The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16829", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22307", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cf54ebff3b7361989712fd9c0128a9b255578163" + ], + "PublishedDate": "2017-11-15T08:29:00Z", + "LastModifiedDate": "2018-11-27T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16830", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16830", + "Title": "binutils: Segmentation fault in the print_gnu_property_note function", + "Description": "The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/101941", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16830", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22384", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6ab2c4ed51f9c4243691755e1b1d2149c6a426f4" + ], + "PublishedDate": "2017-11-15T08:29:00Z", + "LastModifiedDate": "2018-11-27T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16831", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16831", + "Title": "binutils: Integer overflow in coffgen.c", + "Description": "coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16831", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22385", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6cee897971d4d7cd37d2a686bb6d2aa3e759c8ca" + ], + "PublishedDate": "2017-11-15T08:29:00Z", + "LastModifiedDate": "2018-11-27T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16832", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16832", + "Title": "binutils: Segmentation fault in the pe_bfd_read_buildid function", + "Description": "The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16832", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22373", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0bb6961f18b8e832d88b490d421ca56cea16c45b" + ], + "PublishedDate": "2017-11-15T08:29:00Z", + "LastModifiedDate": "2018-11-27T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-17080", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17080", + "Title": "binutils: Heap-based buffer over-read in bfd_getl32", + "Description": "elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate sizes of core notes, which allows remote attackers to cause a denial of service (bfd_getl32 heap-based buffer over-read and application crash) via a crafted object file, related to elfcore_grok_netbsd_procinfo, elfcore_grok_openbsd_procinfo, and elfcore_grok_nto_status.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17080", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22421" + ], + "PublishedDate": "2017-11-30T21:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-17121", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17121", + "Title": "binutils: Memory access violation via a crafted COFF binary", + "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location after the end of the to-be-relocated section.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17121", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22506", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b23dc97fe237a1d9e850d7cbeee066183a00630b" + ], + "PublishedDate": "2017-12-04T08:29:00Z", + "LastModifiedDate": "2018-11-27T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-17122", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17122", + "Title": "binutils: Excessive memory allocation in the dump_relocs_in_section function", + "Description": "The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to cause a denial of service (excessive memory allocation, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PE file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17122", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22508", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d785b7d4b877ed465d04072e17ca19d0f47d840f" + ], + "PublishedDate": "2017-12-04T08:29:00Z", + "LastModifiedDate": "2019-03-14T02:32:00Z" + }, + { + "VulnerabilityID": "CVE-2017-17123", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17123", + "Title": "binutils: NULL pointer dereference in the coff_slurp_reloc_table function", + "Description": "The coff_slurp_reloc_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted COFF based file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17123", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22509", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4581a1c7d304ce14e714b27522ebf3d0188d6543" + ], + "PublishedDate": "2017-12-04T08:29:00Z", + "LastModifiedDate": "2018-11-27T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-17124", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17124", + "Title": "binutils: Heap buffer overflow in the _bfd_coff_read_string_table function", + "Description": "The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not properly validate the size of the external string table, which allows remote attackers to cause a denial of service (excessive memory consumption, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted COFF binary.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17124", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22507", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b0029dce6867de1a2828293177b0e030d2f0f03c" + ], + "PublishedDate": "2017-12-04T08:29:00Z", + "LastModifiedDate": "2018-11-27T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-17125", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17125", + "Title": "binutils: Buffer over-read in the _bfd_elf_get_symbol_version_string function", + "Description": "nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global symbols, which allows remote attackers to cause a denial of service (_bfd_elf_get_symbol_version_string buffer over-read and application crash) or possibly have unspecified other impact via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17125", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22443", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=160b1a618ad94988410dc81fce9189fcda5b7ff4" + ], + "PublishedDate": "2017-12-04T08:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-17126", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17126", + "Title": "binutils: Invalid memory access in the load_debug_section function", + "Description": "The load_debug_section function in readelf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via an ELF file that lacks section headers.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17126", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22510", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f425ec6600b69e39eb605f3128806ff688137ea8" + ], + "PublishedDate": "2017-12-04T08:29:00Z", + "LastModifiedDate": "2019-03-13T19:31:00Z" + }, + { + "VulnerabilityID": "CVE-2017-6969", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6969", + "Title": "binutils: Heap-based buffer over-read in readelf when processing corrupt RL78 binaries", + "Description": "readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2017/03/16/8", + "http://www.securityfocus.com/bid/97065", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6969", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21156" + ], + "PublishedDate": "2017-03-17T09:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7209", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7209", + "Title": "binutils: Null pointer dereference in dump_section_as_bytes function in readelf", + "Description": "The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/96994", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7209", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21135" + ], + "PublishedDate": "2017-03-21T06:59:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7210", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7210", + "Title": "binutils: Heap-based buffer over-reads in objdump", + "Description": "objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/96992", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7210", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21157" + ], + "PublishedDate": "2017-03-21T06:59:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7223", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7223", + "Title": "binutils: Global buffer overflow when attempting to unget EOF character", + "Description": "GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7223", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20898" + ], + "PublishedDate": "2017-03-22T16:59:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7224", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7224", + "Title": "binutils: Invalid write in find_nearest_line function", + "Description": "The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97277", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7224", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20892" + ], + "PublishedDate": "2017-03-22T16:59:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7225", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7225", + "Title": "binutils: Null pointer dereference and invalid write in find_nearest_line function in addr2line", + "Description": "The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97275", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7225", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20891" + ], + "PublishedDate": "2017-03-22T16:59:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7226", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7226", + "Title": "binutils: Heap-based buffer over-read in pe_ILF_object_p function in libbfd", + "Description": "The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7226", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20905" + ], + "PublishedDate": "2017-03-22T16:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7227", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7227", + "Title": "binutils: Heap-based buffer overflow in ld due to missing null termination", + "Description": "GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of '\\0' termination of a name field in ldlex.l.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97209", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7227", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20906" + ], + "PublishedDate": "2017-03-22T16:59:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7299", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7299", + "Title": "binutils: Out-of-bounds read in bfd_elf_final_link function", + "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) does not check the format of the input file before trying to read the ELF reloc section header. The vulnerability leads to a GNU linker (ld) program crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97217", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7299", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20908" + ], + "PublishedDate": "2017-03-29T15:59:00Z", + "LastModifiedDate": "2017-03-31T16:28:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7300", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7300", + "Title": "binutils: Heap-buffer overflow in aout_link_add_symbols function", + "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97219", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7300", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20909" + ], + "PublishedDate": "2017-03-29T15:59:00Z", + "LastModifiedDate": "2017-03-31T17:00:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7301", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7301", + "Title": "binutils: Off-by-one error in aout_link_add_symbols function", + "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully check the string offset. The vulnerability could lead to a GNU linker (ld) program crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97218", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7301", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20924" + ], + "PublishedDate": "2017-03-29T15:59:00Z", + "LastModifiedDate": "2017-03-31T17:02:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7302", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7302", + "Title": "binutils: Out-of-bounds read in wap_std_reloc_out function", + "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability causes Binutils utilities like strip to crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7302", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20921" + ], + "PublishedDate": "2017-03-29T15:59:00Z", + "LastModifiedDate": "2017-03-31T16:28:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7303", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7303", + "Title": "binutils: Out-of-bounds read in find_link function", + "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers before attempting to match them. This vulnerability causes Binutils utilities like strip to crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97213", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7303", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20922" + ], + "PublishedDate": "2017-03-29T15:59:00Z", + "LastModifiedDate": "2017-03-31T17:00:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7304", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7304", + "Title": "binutils: Out-of-bounds read in copy_special_section_fields function", + "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field before attempting to follow it. This vulnerability causes Binutils utilities like strip to crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7304", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20931" + ], + "PublishedDate": "2017-03-29T15:59:00Z", + "LastModifiedDate": "2017-03-31T17:06:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7614", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7614", + "Title": "binutils: NULL pointer dereference in bfd_elf_final_link function", + "Description": "elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a \"member access within null pointer\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an \"int main() {return 0;}\" program.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://blogs.gentoo.org/ago/2017/04/05/binutils-two-null-pointer-dereference-in-elflink-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7614", + "https://security.gentoo.org/glsa/201709-02" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2017-09-19T01:36:00Z" + }, + { + "VulnerabilityID": "CVE-2017-8392", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8392", + "Title": "binutils: NULL pointer dereference in the _bfd_dwarf2_find_nearest_line function", + "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21409" + ], + "PublishedDate": "2017-05-01T18:59:00Z", + "LastModifiedDate": "2017-09-19T01:36:00Z" + }, + { + "VulnerabilityID": "CVE-2017-8393", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8393", + "Title": "binutils: Out-of-bounds read due to wrong assumption for objcopy and strip", + "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy and strip, to crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8393", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21412" + ], + "PublishedDate": "2017-05-01T18:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-8394", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8394", + "Title": "binutils: NULL pointer dereference in the _bfd_elf_large_com_section", + "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8394", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21414" + ], + "PublishedDate": "2017-05-01T18:59:00Z", + "LastModifiedDate": "2017-09-19T01:36:00Z" + }, + { + "VulnerabilityID": "CVE-2017-8395", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8395", + "Title": "binutils: Out-of-bounds write in the _bfd_generic_get_section_contents function", + "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid write of size 8 because of missing a malloc() return-value check to see if memory had actually been allocated in the _bfd_generic_get_section_contents function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8395", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21431" + ], + "PublishedDate": "2017-05-01T18:59:00Z", + "LastModifiedDate": "2017-09-19T01:36:00Z" + }, + { + "VulnerabilityID": "CVE-2017-8396", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8396", + "Title": "binutils: Out-of-bounds read in the existing reloc offset range tests", + "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8396", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21432" + ], + "PublishedDate": "2017-05-01T18:59:00Z", + "LastModifiedDate": "2017-09-19T01:36:00Z" + }, + { + "VulnerabilityID": "CVE-2017-8397", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8397", + "Title": "binutils: Out-of-bounds read and write while processing binary containing reloc(s) with negative addresses", + "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 and an invalid write of size 1 during processing of a corrupt binary containing reloc(s) with negative addresses. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8397", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21434" + ], + "PublishedDate": "2017-05-01T18:59:00Z", + "LastModifiedDate": "2017-09-19T01:36:00Z" + }, + { + "VulnerabilityID": "CVE-2017-8398", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8398", + "Title": "binutils: Out-of-bounds read while dumping the debug information from a corrupt binary", + "Description": "dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8398", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21438" + ], + "PublishedDate": "2017-05-01T18:59:00Z", + "LastModifiedDate": "2017-09-19T01:36:00Z" + }, + { + "VulnerabilityID": "CVE-2017-8421", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8421", + "Title": "binutils: Memory exhaustion in objdump via a crafted PE file", + "Description": "The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file. Additional validation in dump_relocs_in_section in objdump.c can resolve this.", + "Severity": "LOW", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 7.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8421", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21440" + ], + "PublishedDate": "2017-05-02T17:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9038", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9038", + "Title": "binutils: Heap-buffer overflow in the byte_get_little_endian", + "Description": "GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to the byte_get_little_endian function in elfcomm.c, the get_unwind_section_word function in readelf.c, and ARM unwind information that contains invalid word offsets.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/98589", + "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9038", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f32ba72991d2406b21ab17edc234a2f3fa7fb23d" + ], + "PublishedDate": "2017-05-18T01:29:00Z", + "LastModifiedDate": "2017-09-19T01:36:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9039", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9039", + "Title": "binutils: Memory consumption via many program headers", + "Description": "GNU Binutils 2.28 allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file with many program headers, related to the get_program_headers function in readelf.c.", + "Severity": "LOW", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/98580", + "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9039", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=82156ab704b08b124d319c0decdbd48b3ca2dac5" + ], + "PublishedDate": "2017-05-18T01:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9040", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9040", + "Title": "binutils: NULL pointer dereference in the process_mips_specific_function", + "Description": "GNU Binutils 2017-04-03 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash), related to the process_mips_specific function in readelf.c, via a crafted ELF file that triggers a large memory-allocation attempt.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/98579", + "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9040", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf" + ], + "PublishedDate": "2017-05-18T01:29:00Z", + "LastModifiedDate": "2017-09-19T01:36:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9041", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9041", + "Title": "binutils: Heap buffer overflow in the process_mips_specific function", + "Description": "GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to MIPS GOT mishandling in the process_mips_specific function in readelf.c.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/98598", + "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9041", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75ec1fdbb797a389e4fe4aaf2e15358a070dcc19", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c4ab9505b53cdc899506ed421fddb7e1f8faf7a3" + ], + "PublishedDate": "2017-05-18T01:29:00Z", + "LastModifiedDate": "2017-09-19T01:36:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9042", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9042", + "Title": "binutils: Invalid variable type in readelf.c", + "Description": "readelf.c in GNU Binutils 2017-04-12 has a \"cannot be represented in type long\" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-704" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9042", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf" + ], + "PublishedDate": "2017-05-18T01:29:00Z", + "LastModifiedDate": "2017-09-19T01:36:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9043", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9043", + "Title": "binutils: Shift exponent too large for type unsigned long in readelf.c", + "Description": "readelf.c in GNU Binutils 2017-04-12 has a \"shift exponent too large for type unsigned long\" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/98591", + "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9043", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ddef72cdc10d82ba011a7ff81cafbbd3466acf54" + ], + "PublishedDate": "2017-05-18T01:29:00Z", + "LastModifiedDate": "2017-05-25T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9044", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9044", + "Title": "binutils: Out-of-bounds read in the print_symbol_for_build_attribute function", + "Description": "The print_symbol_for_build_attribute function in readelf.c in GNU Binutils 2017-04-12 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/98587", + "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9044" + ], + "PublishedDate": "2017-05-18T01:29:00Z", + "LastModifiedDate": "2017-05-25T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9742", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9742", + "Title": "binutils: Global buffer over-read in print_insn_score16 function while disassembling corrupt score binary", + "Description": "The score_opcodes function in opcodes/score7-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99105", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9742", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21576", + "https://www.exploit-db.com/exploits/42203/" + ], + "PublishedDate": "2017-06-19T04:29:00Z", + "LastModifiedDate": "2017-09-19T01:36:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9743", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9743", + "Title": "binutils: Global buffer over-read in print_insn_score32 function while disassembling corrupt score binary", + "Description": "The print_insn_score32 function in opcodes/score7-dis.c:552 in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99106", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9743", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21577" + ], + "PublishedDate": "2017-06-19T04:29:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9744", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9744", + "Title": "binutils: Address violation in sh_elf_set_mach_from_flags function when disassembling a corrupt SH binary", + "Description": "The sh_elf_set_mach_from_flags function in bfd/elf32-sh.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99108", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9744", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21578" + ], + "PublishedDate": "2017-06-19T04:29:00Z", + "LastModifiedDate": "2017-06-26T16:10:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9745", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9745", + "Title": "binutils: Heap buffer over-read in _bfd_vms_slurp_etir function when handling VMS alpha binaries", + "Description": "The _bfd_vms_slurp_etir function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99109", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9745", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21579" + ], + "PublishedDate": "2017-06-19T04:29:00Z", + "LastModifiedDate": "2017-06-26T16:13:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9746", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9746", + "Title": "binutils: Heap buffer over-read in disassemble_bytes function when disassembling a corrupt binary", + "Description": "The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing for this file during \"objdump -D\" execution.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99117", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9746", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21580", + "https://www.exploit-db.com/exploits/42199/" + ], + "PublishedDate": "2017-06-19T04:29:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9747", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9747", + "Title": "binutils: Stack-based buffer over-read in ieee_archive_p function while disassembling corrupt IEEE binary", + "Description": "The ieee_archive_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution. NOTE: this may be related to a compiler bug.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99114", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9747", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21581", + "https://www.exploit-db.com/exploits/42200/" + ], + "PublishedDate": "2017-06-19T04:29:00Z", + "LastModifiedDate": "2017-08-13T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9748", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9748", + "Title": "binutils: Stack-based buffer over-read in ieee_object_p function", + "Description": "The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution. NOTE: this may be related to a compiler bug.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99110", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9748", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21582", + "https://www.exploit-db.com/exploits/42202/" + ], + "PublishedDate": "2017-06-19T04:29:00Z", + "LastModifiedDate": "2017-08-12T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9749", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9749", + "Title": "binutils: Global buffer over-read in *regs* macros when disassembling corrupt bfin binary", + "Description": "The *regs* macros in opcodes/bfin-dis.c in GNU Binutils 2.28 allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99113", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9749", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21586", + "https://www.exploit-db.com/exploits/42201/" + ], + "PublishedDate": "2017-06-19T04:29:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9750", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9750", + "Title": "binutils: Global buffer over-read in opcodes/rx-decode.opc when disassembling a corrupt RX binary", + "Description": "opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain scale arrays, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99118", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9750", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21587", + "https://www.exploit-db.com/exploits/42198/" + ], + "PublishedDate": "2017-06-19T04:29:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9751", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9751", + "Title": "binutils: Stack-based buffer over-read in opcodes/rl78-decode.opc when disassembling a corrupt RL78 binary", + "Description": "opcodes/rl78-decode.opc in GNU Binutils 2.28 has an unbounded GETBYTE macro, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9751", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21588" + ], + "PublishedDate": "2017-06-19T04:29:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9752", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9752", + "Title": "binutils: Heap buffer over-read in f_bfd_vms_get_value function when processing a corrupt Alpha VMA binary", + "Description": "bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file in the _bfd_vms_get_value and _bfd_vms_slurp_etir functions during \"objdump -D\" execution.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99122", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9752", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21589" + ], + "PublishedDate": "2017-06-19T04:29:00Z", + "LastModifiedDate": "2017-06-26T16:20:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9753", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9753", + "Title": "binutils: Address violation in versados_mkobject function when disassembling a corrupt versados binary", + "Description": "The versados_mkobject function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not initialize a certain data structure, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99116", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9753", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21591" + ], + "PublishedDate": "2017-06-19T04:29:00Z", + "LastModifiedDate": "2017-06-26T16:20:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9754", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9754", + "Title": "binutils: Stack-based buffer over-read in process_otr function", + "Description": "The process_otr function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not validate a certain offset, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99125", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9754", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21591" + ], + "PublishedDate": "2017-06-19T04:29:00Z", + "LastModifiedDate": "2017-06-26T16:21:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9755", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9755", + "Title": "binutils: Global buffer over-read in opcodes/i386-dis.c while checking invalid registers", + "Description": "opcodes/i386-dis.c in GNU Binutils 2.28 does not consider the number of registers for bnd mode, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99124", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9755", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21594" + ], + "PublishedDate": "2017-06-19T04:29:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9756", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9756", + "Title": "binutils: Address violation in aarch64_ext_ldst_reglist function when disassembling corrupt aarch64 binary", + "Description": "The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99103", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9756", + "https://security.gentoo.org/glsa/201801-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21595", + "https://www.exploit-db.com/exploits/42204/" + ], + "PublishedDate": "2017-06-19T04:29:00Z", + "LastModifiedDate": "2018-01-09T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9954", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9954", + "Title": "binutils: stack-based buffer over-read in getvalue function", + "Description": "The getvalue function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted tekhex file, as demonstrated by mishandling within the nm program.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99307", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9954", + "https://security.gentoo.org/glsa/201709-02", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21670" + ], + "PublishedDate": "2017-06-26T23:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9955", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9955", + "Title": "binutils: heap buffer over-read in get_build_id function", + "Description": "The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file in which a certain size field is larger than a corresponding data field, as demonstrated by mishandling within the objdump program.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99573", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9955", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21665" + ], + "PublishedDate": "2017-06-26T23:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12698", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12698", + "Title": "binutils: excessive memory consumption in demangle_template in cplus-dem.c", + "Description": "demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the \"Create an array for saving the template argument values\" XNEWVEC call. This can occur during execution of objdump.", + "Severity": "LOW", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/104539", + "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12698", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454", + "https://security.gentoo.org/glsa/201908-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23057" + ], + "PublishedDate": "2018-06-23T23:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12699", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12699", + "Title": "binutils: heap-based buffer overflow in finish_stab in stabs.c", + "Description": "finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump.", + "Severity": "LOW", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/104540", + "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12699", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454", + "https://security.gentoo.org/glsa/201908-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23057" + ], + "PublishedDate": "2018-06-23T23:29:00Z", + "LastModifiedDate": "2019-08-03T13:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12700", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12700", + "Title": "binutils: Stack Exhaustion in debug_write_type in debug.c", + "Description": "A Stack Exhaustion issue was discovered in debug_write_type in debug.c in GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion.", + "Severity": "LOW", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/104541", + "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12700", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454", + "https://security.gentoo.org/glsa/201908-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23057" + ], + "PublishedDate": "2018-06-23T23:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-12934", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12934", + "Title": "binutils: Uncontrolled Resource Consumption in remember_Ktype in cplus-dem.c", + "Description": "remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.", + "Severity": "LOW", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763101", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85453", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23059" + ], + "PublishedDate": "2018-06-28T14:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-17794", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17794", + "Title": "binutils: NULL pointer dereference in libiberty/cplus-dem.c:work_stuff_copy_to_from() via crafted input", + "Description": "An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in work_stuff_copy_to_from when called from iterate_demangle_function.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17794", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87350" + ], + "PublishedDate": "2018-09-30T20:29:00Z", + "LastModifiedDate": "2018-11-28T15:06:00Z" + }, + { + "VulnerabilityID": "CVE-2018-17985", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17985", + "Title": "binutils: Stack consumption problem caused by the cplus_demangle_type", + "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls to itself in certain scenarios involving many 'P' characters.", + "Severity": "LOW", + "CweIDs": [ + "CWE-400" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17985", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87335" + ], + "PublishedDate": "2018-10-04T23:29:00Z", + "LastModifiedDate": "2019-10-31T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18483", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18483", + "Title": "binutils: Integer overflow in cplus-dem.c:get_count() allows for denial of service", + "Description": "The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", + "http://www.securityfocus.com/bid/105689", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87602", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23767" + ], + "PublishedDate": "2018-10-18T21:29:00Z", + "LastModifiedDate": "2019-10-31T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18484", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18484", + "Title": "binutils: Stack exhaustion in cp-demangle.c allows for denial of service", + "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplus_demangle_type, d_bare_function_type, d_function_type.", + "Severity": "LOW", + "CweIDs": [ + "CWE-400" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", + "http://www.securityfocus.com/bid/105693", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18484", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87636" + ], + "PublishedDate": "2018-10-18T21:29:00Z", + "LastModifiedDate": "2019-10-31T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18605", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18605", + "Title": "binutils: heap-based buffer over-read in sec_merge_hash_lookup in merge.c", + "Description": "A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", + "http://www.securityfocus.com/bid/105754", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18605", + "https://deb.freexian.com/extended-lts/tracker/CVE-2018-18605", + "https://security.netapp.com/advisory/ntap-20190307-0003/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23804", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ab419ddbb2cdd17ca83618990f2cacf904ce1d61" + ], + "PublishedDate": "2018-10-23T17:29:00Z", + "LastModifiedDate": "2019-10-31T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18606", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18606", + "Title": "binutils: NULL pointer dereference in _bfd_add_merge_section in merge_strings function in merge.c", + "Description": "An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", + "http://www.securityfocus.com/bid/105754", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18606", + "https://deb.freexian.com/extended-lts/tracker/CVE-2018-18606", + "https://security.netapp.com/advisory/ntap-20190307-0003/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23806", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=45a0eaf77022963d639d6d19871dbab7b79703fc" + ], + "PublishedDate": "2018-10-23T17:29:00Z", + "LastModifiedDate": "2019-10-31T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18607", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18607", + "Title": "binutils: NULL pointer dereference in elf_link_input_bfd in elflink.c", + "Description": "An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", + "http://www.securityfocus.com/bid/105754", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18607", + "https://deb.freexian.com/extended-lts/tracker/CVE-2018-18607", + "https://security.netapp.com/advisory/ntap-20190307-0003/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23805", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=102def4da826b3d9e169741421e5e67e8731909a" + ], + "PublishedDate": "2018-10-23T17:29:00Z", + "LastModifiedDate": "2019-10-31T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18700", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18700", + "Title": "binutils: Recursive Stack Overflow within function d_name, d_encoding, and d_local_name in cp-demangle.c", + "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions d_name(), d_encoding(), and d_local_name() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.", + "Severity": "LOW", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18700", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87681" + ], + "PublishedDate": "2018-10-29T12:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18701", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18701", + "Title": "binutils: infinite recursion in next_is_type_qual and cplus_demangle_type functions in cp-demangle.c", + "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.", + "Severity": "LOW", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18701", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87675" + ], + "PublishedDate": "2018-10-29T12:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-19932", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19932", + "Title": "binutils: Integer overflow due to the IS_CONTAINED_BY_LMA macro resulting in a denial of service", + "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106144", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19932", + "https://security.gentoo.org/glsa/201908-01", + "https://security.netapp.com/advisory/ntap-20190221-0004/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23932", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=beab453223769279cc1cef68a1622ab8978641f7" + ], + "PublishedDate": "2018-12-07T07:29:00Z", + "LastModifiedDate": "2019-08-03T13:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20002", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20002", + "Title": "binutils: memory leak in _bfd_generic_read_minisymbols function in syms.c", + "Description": "The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.", + "Severity": "LOW", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106142", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20002", + "https://security.gentoo.org/glsa/201908-01", + "https://security.netapp.com/advisory/ntap-20190221-0004/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23952", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c2f5dc30afa34696f2da0081c4ac50b958ecb0e9", + "https://support.f5.com/csp/article/K62602089" + ], + "PublishedDate": "2018-12-10T02:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20657", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20657", + "Title": "libiberty: Memory leak in demangle_template function resulting in a denial of service", + "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", + "Severity": "LOW", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-20657.html", + "http://linux.oracle.com/errata/ELSA-2019-3352.html", + "http://www.securityfocus.com/bid/106444", + "https://access.redhat.com/errata/RHSA-2019:3352", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539", + "https://support.f5.com/csp/article/K62602089" + ], + "PublishedDate": "2019-01-02T14:29:00Z", + "LastModifiedDate": "2019-11-06T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-6323", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6323", + "Title": "binutils: Integer overflow in elf_object_p function in elfcode.h", + "Description": "The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", + "http://www.securityfocus.com/bid/102821", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6323", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22746", + "https://www.exploit-db.com/exploits/44035/" + ], + "PublishedDate": "2018-01-26T08:29:00Z", + "LastModifiedDate": "2019-10-31T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-6759", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6759", + "Title": "binutils: Unchecked strnlen in opncls.c:bfd_get_debug_link_info_1() can allow lead to denial of service", + "Description": "The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", + "http://www.securityfocus.com/bid/103030", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6759", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22794" + ], + "PublishedDate": "2018-02-06T21:29:00Z", + "LastModifiedDate": "2019-10-31T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-6872", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6872", + "Title": "binutils: out of bounds read in elf_parse_notes function in elf.c file in libbfd library", + "Description": "The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", + "http://www.securityfocus.com/bid/103103", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6872", + "https://security.gentoo.org/glsa/201811-17", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22788", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=ef135d4314fd4c2d7da66b9d7b59af4a85b0f7e6" + ], + "PublishedDate": "2018-02-09T06:29:00Z", + "LastModifiedDate": "2019-10-31T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1010204", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010204", + "Title": "binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service", + "Description": "GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125", + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + } + }, + "References": [ + "https://security.netapp.com/advisory/ntap-20190822-0001/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23765" + ], + "PublishedDate": "2019-07-23T14:15:00Z", + "LastModifiedDate": "2019-08-22T07:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-14250", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14250", + "Title": "binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow", + "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/109354", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90924", + "https://gcc.gnu.org/ml/gcc-patches/2019-07/msg01003.html", + "https://security.netapp.com/advisory/ntap-20190822-0002/" + ], + "PublishedDate": "2019-07-24T04:15:00Z", + "LastModifiedDate": "2019-08-22T07:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17450", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17450", + "Title": "binutils: denial of service via crafted ELF file", + "Description": "find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://security.netapp.com/advisory/ntap-20191024-0002/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=25078" + ], + "PublishedDate": "2019-10-10T17:15:00Z", + "LastModifiedDate": "2019-10-24T06:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17451", + "PkgName": "binutils", + "InstalledVersion": "2.27-41.base.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17451", + "Title": "binutils: integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c", + "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "V3Score": 4.4 + } + }, + "References": [ + "https://security.netapp.com/advisory/ntap-20191024-0002/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=25070", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=336bfbeb1848f4b9558456fdcf283ee8a32d7fd1" + ], + "PublishedDate": "2019-10-10T17:15:00Z", + "LastModifiedDate": "2019-10-24T06:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-3189", + "PkgName": "bzip2-libs", + "InstalledVersion": "1.0.6-13.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-3189", + "Title": "bzip2: heap use after free in bzip2recover", + "Description": "Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.", + "Severity": "LOW", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/06/20/1", + "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", + "http://www.securityfocus.com/bid/91297", + "http://www.securitytracker.com/id/1036132", + "https://bugzilla.redhat.com/show_bug.cgi?id=1319648", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3189", + "https://marc.info/?l=oss-security\u0026m=146642106322396\u0026w=2", + "https://security.gentoo.org/glsa/201708-08", + "https://usn.ubuntu.com/usn/usn-4038-1", + "https://usn.ubuntu.com/usn/usn-4038-2" + ], + "PublishedDate": "2016-06-30T17:59:00Z", + "LastModifiedDate": "2017-08-22T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-12900", + "PkgName": "bzip2-libs", + "InstalledVersion": "1.0.6-13.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12900", + "Title": "bzip2: out-of-bounds write in function BZ2_decompress", + "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", + "Severity": "LOW", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4 + } + }, + "References": [ + "https://bugs.launchpad.net/ubuntu/+source/bzip2/+bug/1834494", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12900", + "https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html", + "https://usn.ubuntu.com/4038-1/", + "https://usn.ubuntu.com/4038-2/", + "https://usn.ubuntu.com/usn/usn-4038-1", + "https://usn.ubuntu.com/usn/usn-4038-2", + "https://usn.ubuntu.com/usn/usn-4038-3", + "https://usn.ubuntu.com/usn/usn-4038-4", + "https://usn.ubuntu.com/usn/usn-4146-1", + "https://usn.ubuntu.com/usn/usn-4146-2" + ], + "PublishedDate": "2019-06-19T23:15:00Z", + "LastModifiedDate": "2019-06-24T23:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2781", + "PkgName": "coreutils", + "InstalledVersion": "8.22-24.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2781", + "Title": "coreutils: Non-privileged session can escape to the parent session in chroot", + "Description": "chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", + "V2Score": 2.1, + "V3Score": 6.5 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "V2Score": 6.2, + "V3Score": 8.6 + } + }, + "References": [ + "http://seclists.org/oss-sec/2016/q1/452", + "http://www.openwall.com/lists/oss-security/2016/02/28/2", + "http://www.openwall.com/lists/oss-security/2016/02/28/3", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2781" + ], + "PublishedDate": "2017-02-07T15:59:00Z", + "LastModifiedDate": "2017-02-27T19:32:00Z" + }, + { + "VulnerabilityID": "CVE-2017-18018", + "PkgName": "coreutils", + "InstalledVersion": "8.22-24.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18018", + "Title": "coreutils: race condition vulnerability in chown and chgrp", + "Description": "In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX \"-R -L\" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-362" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 4.2 + } + }, + "References": [ + "http://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html" + ], + "PublishedDate": "2018-01-04T04:29:00Z", + "LastModifiedDate": "2018-01-19T15:46:00Z" + }, + { + "VulnerabilityID": "CVE-2014-9471", + "PkgName": "coreutils", + "InstalledVersion": "8.22-24.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9471", + "Title": "coreutils: memory corruption flaw in parse_datetime()", + "Description": "The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the \"--date=TZ=\"123\"345\" @1\" string to the touch or date command.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V2Score": 2.6 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2015-0029.html", + "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16872", + "http://debbugs.gnu.org/cgi/bugreport.cgi?msg=11;filename=date-tz-crash.patch;att=1;bug=16872", + "http://debbugs.gnu.org/cgi/bugreport.cgi?msg=19;filename=coreutils-date-crash.patch;att=1;bug=16872", + "http://secunia.com/advisories/62226", + "http://ubuntu.com/usn/usn-2473-1", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:179", + "http://www.openwall.com/lists/oss-security/2014/11/25/1", + "http://www.openwall.com/lists/oss-security/2014/11/25/4", + "http://www.openwall.com/lists/oss-security/2015/01/03/11", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766147", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9471", + "https://security.gentoo.org/glsa/201612-22", + "https://usn.ubuntu.com/usn/usn-2473-1" + ], + "PublishedDate": "2015-01-16T16:59:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-4041", + "PkgName": "coreutils", + "InstalledVersion": "8.22-24.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-4041", + "Title": "coreutils: heap buffer overflow in sort(1) keycompare_mb()", + "Description": "The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings.", + "Severity": "LOW", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", + "V2Score": 3.7 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2015/05/15/1", + "https://bugzilla.suse.com/show_bug.cgi?id=928749", + "https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940" + ], + "PublishedDate": "2020-01-24T17:15:00Z", + "LastModifiedDate": "2020-02-01T17:33:00Z" + }, + { + "VulnerabilityID": "CVE-2015-4042", + "PkgName": "coreutils", + "InstalledVersion": "8.22-24.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-4042", + "Title": "coreutils: possible buffer overflow in keycompare_mb()", + "Description": "Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", + "V2Score": 3.7 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2015/05/15/1", + "https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940" + ], + "PublishedDate": "2020-01-24T17:15:00Z", + "LastModifiedDate": "2020-02-01T17:33:00Z" + }, + { + "VulnerabilityID": "CVE-2019-14866", + "PkgName": "cpio", + "InstalledVersion": "2.11-27.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14866", + "Title": "cpio: improper input validation when writing tar header fields leads to unexpect tar generation", + "Description": "In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have access to. Extracting those archives from a high-privilege user without carefully reviewing them may lead to the compromise of the system.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", + "V2Score": 6.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 6.7 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14866", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14866", + "https://lists.gnu.org/archive/html/bug-cpio/2019-08/msg00003.html", + "https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00000.html", + "https://usn.ubuntu.com/usn/usn-4176-1" + ], + "PublishedDate": "2020-01-07T17:15:00Z", + "LastModifiedDate": "2020-01-10T14:27:00Z" + }, + { + "VulnerabilityID": "CVE-2015-1197", + "PkgName": "cpio", + "InstalledVersion": "2.11-27.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1197", + "Title": "cpio: directory traversal through symlinks", + "Description": "cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.", + "Severity": "LOW", + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", + "V2Score": 1.9 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 2.1 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2015-0080.html", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:066", + "http://www.openwall.com/lists/oss-security/2015/01/07/5", + "http://www.openwall.com/lists/oss-security/2015/01/18/7", + "http://www.securityfocus.com/bid/71914", + "http://www.ubuntu.com/usn/USN-2906-1", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774669", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1197", + "https://lists.gnu.org/archive/html/bug-cpio/2015-01/msg00000.html", + "https://usn.ubuntu.com/usn/usn-2906-1" + ], + "PublishedDate": "2015-02-19T15:59:00Z", + "LastModifiedDate": "2016-12-06T02:59:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2037", + "PkgName": "cpio", + "InstalledVersion": "2.11-27.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2037", + "Title": "cpio: out of bounds write", + "Description": "The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V2Score": 4.3, + "V3Score": 4.3 + } + }, + "References": [ + "http://www.debian.org/security/2016/dsa-3483", + "http://www.openwall.com/lists/oss-security/2016/01/19/4", + "http://www.openwall.com/lists/oss-security/2016/01/22/4", + "http://www.securityfocus.com/bid/82293", + "http://www.securitytracker.com/id/1035067", + "http://www.ubuntu.com/usn/USN-2906-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2037", + "https://usn.ubuntu.com/usn/usn-2906-1" + ], + "PublishedDate": "2016-02-22T15:59:00Z", + "LastModifiedDate": "2016-12-06T03:07:00Z" + }, + { + "VulnerabilityID": "CVE-2016-6318", + "PkgName": "cracklib", + "InstalledVersion": "2.9.0-11.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6318", + "Title": "cracklib: Stack-based buffer overflow when parsing large GECOS field", + "Description": "Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V2Score": 1.9, + "V3Score": 4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-updates/2016-08/msg00122.html", + "http://seclists.org/oss-sec/2016/q3/290", + "http://www.openwall.com/lists/oss-security/2016/08/16/2", + "http://www.securityfocus.com/bid/92478", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6318", + "https://security.gentoo.org/glsa/201612-25" + ], + "PublishedDate": "2016-09-07T19:28:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2016-6318", + "PkgName": "cracklib-dicts", + "InstalledVersion": "2.9.0-11.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6318", + "Title": "cracklib: Stack-based buffer overflow when parsing large GECOS field", + "Description": "Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V2Score": 1.9, + "V3Score": 4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-updates/2016-08/msg00122.html", + "http://seclists.org/oss-sec/2016/q3/290", + "http://www.openwall.com/lists/oss-security/2016/08/16/2", + "http://www.securityfocus.com/bid/92478", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6318", + "https://security.gentoo.org/glsa/201612-25" + ], + "PublishedDate": "2016-09-07T19:28:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2015-3153", + "PkgName": "curl", + "InstalledVersion": "7.29.0-54.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-3153", + "Title": "curl: sensitive HTTP server headers also sent to proxies", + "Description": "The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + } + }, + "References": [ + "http://curl.haxx.se/docs/adv_20150429.html", + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743", + "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", + "http://lists.opensuse.org/opensuse-updates/2015-05/msg00017.html", + "http://www.debian.org/security/2015/dsa-3240", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", + "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", + "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", + "http://www.securityfocus.com/bid/74408", + "http://www.securitytracker.com/id/1032233", + "http://www.ubuntu.com/usn/USN-2591-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3153", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10131", + "https://support.apple.com/kb/HT205031", + "https://usn.ubuntu.com/usn/usn-2591-1" + ], + "PublishedDate": "2015-05-01T15:59:00Z", + "LastModifiedDate": "2018-10-17T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8615", + "PkgName": "curl", + "InstalledVersion": "7.29.0-54.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8615", + "Title": "curl: Cookie injection for other servers", + "Description": "A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-254" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 4.3, + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8615.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94096", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8615", + "https://curl.haxx.se/CVE-2016-8615.patch", + "https://curl.haxx.se/docs/adv_20161102A.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-08-01T06:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8617", + "PkgName": "curl", + "InstalledVersion": "7.29.0-54.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8617", + "Title": "curl: Out-of-bounds write via unchecked multiplication", + "Description": "The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.4, + "V3Score": 7 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 4.3, + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8617.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94097", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8617", + "https://curl.haxx.se/CVE-2016-8617.patch", + "https://curl.haxx.se/docs/adv_20161102C.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-07-31T22:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8618", + "PkgName": "curl", + "InstalledVersion": "7.29.0-54.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8618", + "Title": "curl: Double-free in curl_maprintf", + "Description": "The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 4.3, + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8618.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94098", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8618", + "https://curl.haxx.se/docs/adv_20161102D.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-07-31T21:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8619", + "PkgName": "curl", + "InstalledVersion": "7.29.0-54.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8619", + "Title": "curl: Double-free in krb5 code", + "Description": "The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 4.3, + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8619.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94100", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8619", + "https://curl.haxx.se/CVE-2016-8619.patch", + "https://curl.haxx.se/docs/adv_20161102E.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-08-01T06:29:00Z", + "LastModifiedDate": "2019-10-09T23:20:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8624", + "PkgName": "curl", + "InstalledVersion": "7.29.0-54.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8624", + "Title": "curl: Invalid URL parsing with '#'", + "Description": "curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 4.3, + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8624.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94103", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8624", + "https://curl.haxx.se/docs/adv_20161102J.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-07-31T21:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8625", + "PkgName": "curl", + "InstalledVersion": "7.29.0-54.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8625", + "Title": "curl: IDNA 2003 makes curl use wrong host", + "Description": "curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 4.3, + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8625.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.securityfocus.com/bid/94107", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8625", + "https://curl.haxx.se/CVE-2016-8625.patch", + "https://curl.haxx.se/docs/adv_20161102K.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8625", + "https://security.gentoo.org/glsa/201701-47", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-08-01T06:29:00Z", + "LastModifiedDate": "2019-10-09T23:20:00Z" + }, + { + "VulnerabilityID": "CVE-2017-1000254", + "PkgName": "curl", + "InstalledVersion": "7.29.0-54.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000254", + "Title": "curl: FTP PWD response parser out of bounds read", + "Description": "libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "http://www.debian.org/security/2017/dsa-3992", + "http://www.securityfocus.com/bid/101115", + "http://www.securitytracker.com/id/1039509", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://curl.haxx.se/673d0cd8.patch", + "https://curl.haxx.se/docs/adv_20171004.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000254", + "https://security.gentoo.org/glsa/201712-04", + "https://support.apple.com/HT208331", + "https://usn.ubuntu.com/usn/usn-3441-1", + "https://usn.ubuntu.com/usn/usn-3441-2" + ], + "PublishedDate": "2017-10-06T13:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-8817", + "PkgName": "curl", + "InstalledVersion": "7.29.0-54.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8817", + "Title": "curl: FTP wildcard out of bounds read", + "Description": "The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", + "V3Score": 3.1 + } + }, + "References": [ + "http://security.cucumberlinux.com/security/details.php?id=162", + "http://www.securityfocus.com/bid/102057", + "http://www.securitytracker.com/id/1039897", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://curl.haxx.se/docs/adv_2017-ae72.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8817", + "https://lists.debian.org/debian-lts-announce/2017/11/msg00040.html", + "https://security.gentoo.org/glsa/201712-04", + "https://usn.ubuntu.com/usn/usn-3498-1", + "https://usn.ubuntu.com/usn/usn-3498-2", + "https://www.debian.org/security/2017/dsa-4051" + ], + "PublishedDate": "2017-11-29T18:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20483", + "PkgName": "curl", + "InstalledVersion": "7.29.0-54.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20483", + "Title": "wget: Information exposure in set_file_metadata function in xattr.c", + "Description": "set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-255" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 2.1, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/wget.git/tree/NEWS", + "http://linux.oracle.com/cve/CVE-2018-20483.html", + "http://linux.oracle.com/errata/ELSA-2019-3701.html", + "http://www.securityfocus.com/bid/106358", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20483", + "https://security.gentoo.org/glsa/201903-08", + "https://security.netapp.com/advisory/ntap-20190321-0002/", + "https://twitter.com/marcan42/status/1077676739877232640", + "https://usn.ubuntu.com/3943-1/", + "https://usn.ubuntu.com/usn/usn-3943-1" + ], + "PublishedDate": "2018-12-26T18:29:00Z", + "LastModifiedDate": "2019-04-09T16:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5482", + "PkgName": "curl", + "InstalledVersion": "7.29.0-54.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5482", + "Title": "curl: heap buffer overflow in function tftp_receive_packet()", + "Description": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-120" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 6.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", + "https://curl.haxx.se/docs/CVE-2019-5482.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", + "https://usn.ubuntu.com/usn/usn-4129-1", + "https://usn.ubuntu.com/usn/usn-4129-2" + ], + "PublishedDate": "2019-09-16T19:15:00Z", + "LastModifiedDate": "2019-09-18T00:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-0755", + "PkgName": "curl", + "InstalledVersion": "7.29.0-54.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-0755", + "Title": "curl: NTLM credentials not-checked for proxy connection re-use", + "Description": "The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.", + "Severity": "LOW", + "CweIDs": [ + "CWE-287" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 5, + "V3Score": 7.3 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", + "V2Score": 4 + } + }, + "References": [ + "http://curl.haxx.se/docs/adv_20160127A.html", + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176546.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177342.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177383.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176413.html", + "http://lists.opensuse.org/opensuse-updates/2016-02/msg00031.html", + "http://lists.opensuse.org/opensuse-updates/2016-02/msg00044.html", + "http://lists.opensuse.org/opensuse-updates/2016-02/msg00047.html", + "http://packetstormsecurity.com/files/135695/Slackware-Security-Advisory-curl-Updates.html", + "http://www.debian.org/security/2016/dsa-3455", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/82307", + "http://www.securitytracker.com/id/1034882", + "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.519965", + "http://www.ubuntu.com/usn/USN-2882-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0755", + "https://security.gentoo.org/glsa/201701-47", + "https://support.apple.com/HT207170", + "https://usn.ubuntu.com/usn/usn-2882-1" + ], + "PublishedDate": "2016-01-29T20:59:00Z", + "LastModifiedDate": "2018-10-17T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8616", + "PkgName": "curl", + "InstalledVersion": "7.29.0-54.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8616", + "Title": "curl: Case insensitive password comparison", + "Description": "A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.", + "Severity": "LOW", + "CweIDs": [ + "CWE-255" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 2.6, + "V3Score": 3.7 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8616.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94094", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8616", + "https://curl.haxx.se/CVE-2016-8616.patch", + "https://curl.haxx.se/docs/adv_20161102B.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-08-01T06:29:00Z", + "LastModifiedDate": "2019-10-09T23:20:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8621", + "PkgName": "curl", + "InstalledVersion": "7.29.0-54.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8621", + "Title": "curl: curl_getdate out-of-bounds read", + "Description": "The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8621.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94101", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8621", + "https://curl.haxx.se/CVE-2016-8621.patch", + "https://curl.haxx.se/docs/adv_20161102G.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-07-31T22:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8622", + "PkgName": "curl", + "InstalledVersion": "7.29.0-54.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8622", + "Title": "curl: URL unescape heap overflow via integer truncation", + "Description": "The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer.", + "Severity": "LOW", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 2.6, + "V3Score": 3.7 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8622.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94105", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8622", + "https://curl.haxx.se/docs/adv_20161102H.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-07-31T21:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8623", + "PkgName": "curl", + "InstalledVersion": "7.29.0-54.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8623", + "Title": "curl: Use-after-free via shared cookies", + "Description": "A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.", + "Severity": "LOW", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 4.3, + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8623.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94106", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8623", + "https://curl.haxx.se/CVE-2016-8623.patch", + "https://curl.haxx.se/docs/adv_20161102I.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-08-01T06:29:00Z", + "LastModifiedDate": "2019-10-09T23:20:00Z" + }, + { + "VulnerabilityID": "CVE-2016-9586", + "PkgName": "curl", + "InstalledVersion": "7.29.0-54.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9586", + "Title": "curl: printf floating point buffer overflow", + "Description": "curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.1 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 2.6, + "V3Score": 5.9 + } + }, + "References": [ + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/95019", + "http://www.securitytracker.com/id/1037515", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9586", + "https://curl.haxx.se/docs/adv_20161221A.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9586", + "https://github.com/curl/curl/commit/curl-7_51_0-162-g3ab3c16", + "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3441-1", + "https://usn.ubuntu.com/usn/usn-3441-2" + ], + "PublishedDate": "2018-04-23T18:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-1000100", + "PkgName": "curl", + "InstalledVersion": "7.29.0-54.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000100", + "Title": "curl: TFTP sends more than buffer size", + "Description": "When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.8 + } + }, + "References": [ + "http://www.debian.org/security/2017/dsa-3992", + "http://www.securityfocus.com/bid/100286", + "http://www.securitytracker.com/id/1039118", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://curl.haxx.se/docs/adv_20170809B.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000100", + "https://security.gentoo.org/glsa/201709-14", + "https://support.apple.com/HT208221", + "https://usn.ubuntu.com/usn/usn-3441-1", + "https://usn.ubuntu.com/usn/usn-3441-2" + ], + "PublishedDate": "2017-10-05T01:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7407", + "PkgName": "curl", + "InstalledVersion": "7.29.0-54.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7407", + "Title": "curl: --write-out out of bounds read", + "Description": "The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 2.1, + "V3Score": 2.4 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", + "V3Score": 1.8 + } + }, + "References": [ + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://curl.haxx.se/docs/adv_20170403.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7407", + "https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13", + "https://security.gentoo.org/glsa/201709-14", + "https://usn.ubuntu.com/usn/usn-3441-1", + "https://usn.ubuntu.com/usn/usn-3441-2" + ], + "PublishedDate": "2017-04-03T20:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5436", + "PkgName": "curl", + "InstalledVersion": "7.29.0-54.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5436", + "Title": "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function", + "Description": "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html", + "https://curl.haxx.se/docs/CVE-2019-5436.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/", + "https://security.netapp.com/advisory/ntap-20190606-0004/", + "https://usn.ubuntu.com/usn/usn-3993-1", + "https://usn.ubuntu.com/usn/usn-3993-2" + ], + "PublishedDate": "2019-05-28T19:29:00Z", + "LastModifiedDate": "2019-06-09T05:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19906", + "PkgName": "cyrus-sasl-lib", + "InstalledVersion": "2.1.26-23.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19906", + "Title": "cyrus-sasl: denial of service in _sasl_add_string function", + "Description": "cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19906", + "https://github.com/cyrusimap/cyrus-sasl/issues/587", + "https://lists.debian.org/debian-lts-announce/2019/12/msg00027.html", + "https://seclists.org/bugtraq/2019/Dec/42", + "https://usn.ubuntu.com/4256-1/", + "https://usn.ubuntu.com/usn/usn-4256-1", + "https://www.debian.org/security/2019/dsa-4591", + "https://www.openldap.org/its/index.cgi/Incoming?id=9123" + ], + "PublishedDate": "2019-12-19T18:15:00Z", + "LastModifiedDate": "2020-01-30T18:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-12749", + "PkgName": "dbus", + "InstalledVersion": "1:1.10.24-13.el7_6", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12749", + "Title": "dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass", + "Description": "dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-287" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "V2Score": 3.6, + "V3Score": 7.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-12749.html", + "http://linux.oracle.com/errata/ELSA-2019-3707.html", + "http://www.openwall.com/lists/oss-security/2019/06/11/2", + "http://www.securityfocus.com/bid/108751", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12749", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00005.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2CQF37O73VH2JDVX2ILX2KD2KLXLQOU/", + "https://seclists.org/bugtraq/2019/Jun/16", + "https://usn.ubuntu.com/4015-1/", + "https://usn.ubuntu.com/4015-2/", + "https://usn.ubuntu.com/usn/usn-4015-1", + "https://usn.ubuntu.com/usn/usn-4015-2", + "https://www.debian.org/security/2019/dsa-4462", + "https://www.openwall.com/lists/oss-security/2019/06/11/2" + ], + "PublishedDate": "2019-06-11T17:29:00Z", + "LastModifiedDate": "2019-06-14T14:29:00Z" + }, + { + "VulnerabilityID": "CVE-2014-3477", + "PkgName": "dbus", + "InstalledVersion": "1:1.10.24-13.el7_6", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3477", + "Title": "dbus: denial of service flaw in dbus-daemon", + "Description": "The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P", + "V2Score": 3.6 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2014-0266.html", + "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8\u0026id=24c590703ca47eb71ddef453de43126b90954567", + "http://lists.opensuse.org/opensuse-updates/2014-06/msg00042.html", + "http://lists.opensuse.org/opensuse-updates/2014-07/msg00012.html", + "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", + "http://seclists.org/oss-sec/2014/q2/509", + "http://secunia.com/advisories/59428", + "http://secunia.com/advisories/59611", + "http://secunia.com/advisories/59798", + "http://www.debian.org/security/2014/dsa-2971", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", + "http://www.securityfocus.com/bid/67986", + "https://bugs.freedesktop.org/show_bug.cgi?id=78979", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3477", + "https://usn.ubuntu.com/usn/usn-2275-1" + ], + "PublishedDate": "2014-07-01T17:55:00Z", + "LastModifiedDate": "2015-04-15T02:00:00Z" + }, + { + "VulnerabilityID": "CVE-2014-3532", + "PkgName": "dbus", + "InstalledVersion": "1:1.10.24-13.el7_6", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3532", + "Title": "dbus: denial of service in file descriptor passing feature", + "Description": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2014-0294.html", + "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", + "http://openwall.com/lists/oss-security/2014/07/02/4", + "http://secunia.com/advisories/59611", + "http://secunia.com/advisories/59798", + "http://secunia.com/advisories/60236", + "http://www.debian.org/security/2014/dsa-2971", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", + "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", + "https://bugs.freedesktop.org/show_bug.cgi?id=80163", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3532", + "https://usn.ubuntu.com/usn/usn-2275-1" + ], + "PublishedDate": "2014-07-19T19:55:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2014-3533", + "PkgName": "dbus", + "InstalledVersion": "1:1.10.24-13.el7_6", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3533", + "Title": "dbus: denial of service when forwarding invalid file descriptors", + "Description": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2014-0294.html", + "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", + "http://openwall.com/lists/oss-security/2014/07/02/4", + "http://secunia.com/advisories/59611", + "http://secunia.com/advisories/59798", + "http://secunia.com/advisories/60236", + "http://www.debian.org/security/2014/dsa-2971", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", + "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", + "https://bugs.freedesktop.org/show_bug.cgi?id=79694", + "https://bugs.freedesktop.org/show_bug.cgi?id=80469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3533", + "https://usn.ubuntu.com/usn/usn-2275-1" + ], + "PublishedDate": "2014-07-19T19:55:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2014-3635", + "PkgName": "dbus", + "InstalledVersion": "1:1.10.24-13.el7_6", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3635", + "Title": "dbus: heap-based buffer overflow flaw in file descriptor passing", + "Description": "Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 4.4 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2014-0395.html", + "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", + "http://secunia.com/advisories/61378", + "http://www.debian.org/security/2014/dsa-3026", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", + "http://www.openwall.com/lists/oss-security/2014/09/16/9", + "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "http://www.securitytracker.com/id/1030864", + "http://www.ubuntu.com/usn/USN-2352-1", + "https://bugs.freedesktop.org/show_bug.cgi?id=83622", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3635", + "https://usn.ubuntu.com/usn/usn-2352-1" + ], + "PublishedDate": "2014-09-22T15:55:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2014-3636", + "PkgName": "dbus", + "InstalledVersion": "1:1.10.24-13.el7_6", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3636", + "Title": "dbus: denial of service by queuing or splitting file descriptors", + "Description": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 1.9 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2014-0395.html", + "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", + "http://secunia.com/advisories/61378", + "http://www.debian.org/security/2014/dsa-3026", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", + "http://www.openwall.com/lists/oss-security/2014/09/16/9", + "http://www.securitytracker.com/id/1030864", + "http://www.ubuntu.com/usn/USN-2352-1", + "https://bugs.freedesktop.org/show_bug.cgi?id=82820", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3636", + "https://usn.ubuntu.com/usn/usn-2352-1" + ], + "PublishedDate": "2014-10-25T20:55:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2014-3637", + "PkgName": "dbus", + "InstalledVersion": "1:1.10.24-13.el7_6", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3637", + "Title": "dbus: denial of service by creating unkillable D-Bus connections", + "Description": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.", + "Severity": "LOW", + "CweIDs": [ + "CWE-17" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2014-0395.html", + "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", + "http://secunia.com/advisories/61378", + "http://www.debian.org/security/2014/dsa-3026", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", + "http://www.openwall.com/lists/oss-security/2014/09/16/9", + "http://www.openwall.com/lists/oss-security/2019/06/24/13", + "http://www.openwall.com/lists/oss-security/2019/06/24/14", + "http://www.securitytracker.com/id/1030864", + "http://www.ubuntu.com/usn/USN-2352-1", + "https://bugs.freedesktop.org/show_bug.cgi?id=80559", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3637", + "https://usn.ubuntu.com/usn/usn-2352-1" + ], + "PublishedDate": "2014-09-22T15:55:00Z", + "LastModifiedDate": "2019-06-24T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2014-3638", + "PkgName": "dbus", + "InstalledVersion": "1:1.10.24-13.el7_6", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3638", + "Title": "dbus: denial of service in method call handling", + "Description": "The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2014-0395.html", + "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html", + "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", + "http://secunia.com/advisories/61378", + "http://secunia.com/advisories/61431", + "http://www.debian.org/security/2014/dsa-3026", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", + "http://www.openwall.com/lists/oss-security/2014/09/16/9", + "http://www.securitytracker.com/id/1030864", + "http://www.ubuntu.com/usn/USN-2352-1", + "https://bugs.freedesktop.org/show_bug.cgi?id=81053", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3638", + "https://usn.ubuntu.com/usn/usn-2352-1" + ], + "PublishedDate": "2014-09-22T15:55:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2014-3639", + "PkgName": "dbus", + "InstalledVersion": "1:1.10.24-13.el7_6", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3639", + "Title": "dbus: denial of service flaw in incomplete connection handling", + "Description": "The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2014-0395.html", + "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html", + "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", + "http://secunia.com/advisories/61378", + "http://secunia.com/advisories/61431", + "http://www.debian.org/security/2014/dsa-3026", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", + "http://www.openwall.com/lists/oss-security/2014/09/16/9", + "http://www.securitytracker.com/id/1030864", + "http://www.ubuntu.com/usn/USN-2352-1", + "https://bugs.freedesktop.org/show_bug.cgi?id=80919", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3639", + "https://usn.ubuntu.com/usn/usn-2352-1" + ], + "PublishedDate": "2014-09-22T15:55:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2015-0245", + "PkgName": "dbus", + "InstalledVersion": "1:1.10.24-13.el7_6", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-0245", + "Title": "dbus: denial of service in dbus systemd activation", + "Description": "D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds.", + "Severity": "LOW", + "CweIDs": [ + "CWE-362" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 1.9 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 1.9 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2015-0071.html", + "http://lists.opensuse.org/opensuse-updates/2015-02/msg00066.html", + "http://www.debian.org/security/2015/dsa-3161", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", + "http://www.openwall.com/lists/oss-security/2015/02/09/6", + "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0245", + "https://usn.ubuntu.com/usn/usn-3116-1" + ], + "PublishedDate": "2015-02-13T15:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2019-12749", + "PkgName": "dbus-libs", + "InstalledVersion": "1:1.10.24-13.el7_6", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12749", + "Title": "dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass", + "Description": "dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-287" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "V2Score": 3.6, + "V3Score": 7.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-12749.html", + "http://linux.oracle.com/errata/ELSA-2019-3707.html", + "http://www.openwall.com/lists/oss-security/2019/06/11/2", + "http://www.securityfocus.com/bid/108751", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12749", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00005.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2CQF37O73VH2JDVX2ILX2KD2KLXLQOU/", + "https://seclists.org/bugtraq/2019/Jun/16", + "https://usn.ubuntu.com/4015-1/", + "https://usn.ubuntu.com/4015-2/", + "https://usn.ubuntu.com/usn/usn-4015-1", + "https://usn.ubuntu.com/usn/usn-4015-2", + "https://www.debian.org/security/2019/dsa-4462", + "https://www.openwall.com/lists/oss-security/2019/06/11/2" + ], + "PublishedDate": "2019-06-11T17:29:00Z", + "LastModifiedDate": "2019-06-14T14:29:00Z" + }, + { + "VulnerabilityID": "CVE-2014-3477", + "PkgName": "dbus-libs", + "InstalledVersion": "1:1.10.24-13.el7_6", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3477", + "Title": "dbus: denial of service flaw in dbus-daemon", + "Description": "The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P", + "V2Score": 3.6 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2014-0266.html", + "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8\u0026id=24c590703ca47eb71ddef453de43126b90954567", + "http://lists.opensuse.org/opensuse-updates/2014-06/msg00042.html", + "http://lists.opensuse.org/opensuse-updates/2014-07/msg00012.html", + "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", + "http://seclists.org/oss-sec/2014/q2/509", + "http://secunia.com/advisories/59428", + "http://secunia.com/advisories/59611", + "http://secunia.com/advisories/59798", + "http://www.debian.org/security/2014/dsa-2971", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", + "http://www.securityfocus.com/bid/67986", + "https://bugs.freedesktop.org/show_bug.cgi?id=78979", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3477", + "https://usn.ubuntu.com/usn/usn-2275-1" + ], + "PublishedDate": "2014-07-01T17:55:00Z", + "LastModifiedDate": "2015-04-15T02:00:00Z" + }, + { + "VulnerabilityID": "CVE-2014-3532", + "PkgName": "dbus-libs", + "InstalledVersion": "1:1.10.24-13.el7_6", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3532", + "Title": "dbus: denial of service in file descriptor passing feature", + "Description": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2014-0294.html", + "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", + "http://openwall.com/lists/oss-security/2014/07/02/4", + "http://secunia.com/advisories/59611", + "http://secunia.com/advisories/59798", + "http://secunia.com/advisories/60236", + "http://www.debian.org/security/2014/dsa-2971", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", + "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", + "https://bugs.freedesktop.org/show_bug.cgi?id=80163", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3532", + "https://usn.ubuntu.com/usn/usn-2275-1" + ], + "PublishedDate": "2014-07-19T19:55:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2014-3533", + "PkgName": "dbus-libs", + "InstalledVersion": "1:1.10.24-13.el7_6", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3533", + "Title": "dbus: denial of service when forwarding invalid file descriptors", + "Description": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2014-0294.html", + "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", + "http://openwall.com/lists/oss-security/2014/07/02/4", + "http://secunia.com/advisories/59611", + "http://secunia.com/advisories/59798", + "http://secunia.com/advisories/60236", + "http://www.debian.org/security/2014/dsa-2971", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", + "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", + "https://bugs.freedesktop.org/show_bug.cgi?id=79694", + "https://bugs.freedesktop.org/show_bug.cgi?id=80469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3533", + "https://usn.ubuntu.com/usn/usn-2275-1" + ], + "PublishedDate": "2014-07-19T19:55:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2014-3635", + "PkgName": "dbus-libs", + "InstalledVersion": "1:1.10.24-13.el7_6", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3635", + "Title": "dbus: heap-based buffer overflow flaw in file descriptor passing", + "Description": "Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 4.4 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2014-0395.html", + "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", + "http://secunia.com/advisories/61378", + "http://www.debian.org/security/2014/dsa-3026", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", + "http://www.openwall.com/lists/oss-security/2014/09/16/9", + "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "http://www.securitytracker.com/id/1030864", + "http://www.ubuntu.com/usn/USN-2352-1", + "https://bugs.freedesktop.org/show_bug.cgi?id=83622", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3635", + "https://usn.ubuntu.com/usn/usn-2352-1" + ], + "PublishedDate": "2014-09-22T15:55:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2014-3636", + "PkgName": "dbus-libs", + "InstalledVersion": "1:1.10.24-13.el7_6", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3636", + "Title": "dbus: denial of service by queuing or splitting file descriptors", + "Description": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 1.9 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2014-0395.html", + "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", + "http://secunia.com/advisories/61378", + "http://www.debian.org/security/2014/dsa-3026", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", + "http://www.openwall.com/lists/oss-security/2014/09/16/9", + "http://www.securitytracker.com/id/1030864", + "http://www.ubuntu.com/usn/USN-2352-1", + "https://bugs.freedesktop.org/show_bug.cgi?id=82820", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3636", + "https://usn.ubuntu.com/usn/usn-2352-1" + ], + "PublishedDate": "2014-10-25T20:55:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2014-3637", + "PkgName": "dbus-libs", + "InstalledVersion": "1:1.10.24-13.el7_6", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3637", + "Title": "dbus: denial of service by creating unkillable D-Bus connections", + "Description": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.", + "Severity": "LOW", + "CweIDs": [ + "CWE-17" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2014-0395.html", + "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", + "http://secunia.com/advisories/61378", + "http://www.debian.org/security/2014/dsa-3026", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", + "http://www.openwall.com/lists/oss-security/2014/09/16/9", + "http://www.openwall.com/lists/oss-security/2019/06/24/13", + "http://www.openwall.com/lists/oss-security/2019/06/24/14", + "http://www.securitytracker.com/id/1030864", + "http://www.ubuntu.com/usn/USN-2352-1", + "https://bugs.freedesktop.org/show_bug.cgi?id=80559", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3637", + "https://usn.ubuntu.com/usn/usn-2352-1" + ], + "PublishedDate": "2014-09-22T15:55:00Z", + "LastModifiedDate": "2019-06-24T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2014-3638", + "PkgName": "dbus-libs", + "InstalledVersion": "1:1.10.24-13.el7_6", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3638", + "Title": "dbus: denial of service in method call handling", + "Description": "The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2014-0395.html", + "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html", + "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", + "http://secunia.com/advisories/61378", + "http://secunia.com/advisories/61431", + "http://www.debian.org/security/2014/dsa-3026", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", + "http://www.openwall.com/lists/oss-security/2014/09/16/9", + "http://www.securitytracker.com/id/1030864", + "http://www.ubuntu.com/usn/USN-2352-1", + "https://bugs.freedesktop.org/show_bug.cgi?id=81053", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3638", + "https://usn.ubuntu.com/usn/usn-2352-1" + ], + "PublishedDate": "2014-09-22T15:55:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2014-3639", + "PkgName": "dbus-libs", + "InstalledVersion": "1:1.10.24-13.el7_6", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3639", + "Title": "dbus: denial of service flaw in incomplete connection handling", + "Description": "The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2014-0395.html", + "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html", + "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", + "http://secunia.com/advisories/61378", + "http://secunia.com/advisories/61431", + "http://www.debian.org/security/2014/dsa-3026", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", + "http://www.openwall.com/lists/oss-security/2014/09/16/9", + "http://www.securitytracker.com/id/1030864", + "http://www.ubuntu.com/usn/USN-2352-1", + "https://bugs.freedesktop.org/show_bug.cgi?id=80919", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3639", + "https://usn.ubuntu.com/usn/usn-2352-1" + ], + "PublishedDate": "2014-09-22T15:55:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2015-0245", + "PkgName": "dbus-libs", + "InstalledVersion": "1:1.10.24-13.el7_6", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-0245", + "Title": "dbus: denial of service in dbus systemd activation", + "Description": "D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds.", + "Severity": "LOW", + "CweIDs": [ + "CWE-362" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 1.9 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 1.9 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2015-0071.html", + "http://lists.opensuse.org/opensuse-updates/2015-02/msg00066.html", + "http://www.debian.org/security/2015/dsa-3161", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", + "http://www.openwall.com/lists/oss-security/2015/02/09/6", + "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0245", + "https://usn.ubuntu.com/usn/usn-3116-1" + ], + "PublishedDate": "2015-02-13T15:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4484", + "PkgName": "dracut", + "InstalledVersion": "033-564.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4484", + "Title": "dracut: Brute force attack on LUKS password decryption via initramfs", + "Description": "The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-287" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 6.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 6.8 + } + }, + "References": [ + "http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html", + "http://www.openwall.com/lists/oss-security/2016/11/14/13", + "http://www.openwall.com/lists/oss-security/2016/11/15/1", + "http://www.openwall.com/lists/oss-security/2016/11/15/4", + "http://www.openwall.com/lists/oss-security/2016/11/16/6", + "http://www.securityfocus.com/bid/94315", + "https://access.redhat.com/articles/2786581", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4484", + "https://gitlab.com/cryptsetup/cryptsetup/commit/ef8a7d82d8d3716ae9b58179590f7908981fa0cb" + ], + "PublishedDate": "2017-01-23T21:59:00Z", + "LastModifiedDate": "2017-01-26T02:59:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10254", + "PkgName": "elfutils-default-yama-scope", + "InstalledVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10254", + "Title": "elfutils: Memory allocation failure in allocate_elf", + "Description": "The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2017/03/22/2", + "https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-allocate_elf-common-h/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10254", + "https://lists.fedorahosted.org/archives/list/elfutils-devel@lists.fedorahosted.org/message/EJWVY7TMRDEMWPAPNVU3V4MZYG5HANF2/", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-03-23T16:59:00Z", + "LastModifiedDate": "2018-06-07T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10255", + "PkgName": "elfutils-default-yama-scope", + "InstalledVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10255", + "Title": "elfutils: Memory allocation failure in __libelf_set_rawdata_wrlock (elf_getdata.c)", + "Description": "The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2017/03/22/1", + "https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-__libelf_set_rawdata_wrlock-elf_getdata-c/", + "https://bugzilla.redhat.com/show_bug.cgi?id=1387584", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10255", + "https://lists.fedorahosted.org/archives/list/elfutils-devel@lists.fedorahosted.org/thread/Q4LE47FPEVRZANMV6JE2NMHYO4H5MHGJ/", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-03-23T16:59:00Z", + "LastModifiedDate": "2018-06-07T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7607", + "PkgName": "elfutils-default-yama-scope", + "InstalledVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7607", + "Title": "elfutils: Heap-buffer overflow in the handle_gnu_hash function", + "Description": "The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "http://www.securityfocus.com/bid/98608", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7607", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7608", + "PkgName": "elfutils-default-yama-scope", + "InstalledVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7608", + "Title": "elfutils: Heap-buffer overflow in the ebl_object_note_type_name function", + "Description": "The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "http://www.securityfocus.com/bid/98609", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7608", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7609", + "PkgName": "elfutils-default-yama-scope", + "InstalledVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7609", + "Title": "elfutils: Memory allocation failure in elf_compress.c", + "Description": "elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7609", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2018-06-07T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7610", + "PkgName": "elfutils-default-yama-scope", + "InstalledVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7610", + "Title": "elfutils: Heap-buffer overflow in the check_group function", + "Description": "The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7610", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7611", + "PkgName": "elfutils-default-yama-scope", + "InstalledVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7611", + "Title": "elfutils: Heap-buffer overflow in the check_symtab_shndx function", + "Description": "The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7611", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7612", + "PkgName": "elfutils-default-yama-scope", + "InstalledVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7612", + "Title": "elfutils: Heap-buffer overflow in the check_sysv_hash function", + "Description": "The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7612", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7613", + "PkgName": "elfutils-default-yama-scope", + "InstalledVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7613", + "Title": "elfutils: elflint.c does not validate the number of sections and segments", + "Description": "elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7613", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2019-06-20T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10254", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10254", + "Title": "elfutils: Memory allocation failure in allocate_elf", + "Description": "The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2017/03/22/2", + "https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-allocate_elf-common-h/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10254", + "https://lists.fedorahosted.org/archives/list/elfutils-devel@lists.fedorahosted.org/message/EJWVY7TMRDEMWPAPNVU3V4MZYG5HANF2/", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-03-23T16:59:00Z", + "LastModifiedDate": "2018-06-07T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10255", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10255", + "Title": "elfutils: Memory allocation failure in __libelf_set_rawdata_wrlock (elf_getdata.c)", + "Description": "The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2017/03/22/1", + "https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-__libelf_set_rawdata_wrlock-elf_getdata-c/", + "https://bugzilla.redhat.com/show_bug.cgi?id=1387584", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10255", + "https://lists.fedorahosted.org/archives/list/elfutils-devel@lists.fedorahosted.org/thread/Q4LE47FPEVRZANMV6JE2NMHYO4H5MHGJ/", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-03-23T16:59:00Z", + "LastModifiedDate": "2018-06-07T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7607", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7607", + "Title": "elfutils: Heap-buffer overflow in the handle_gnu_hash function", + "Description": "The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "http://www.securityfocus.com/bid/98608", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7607", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7608", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7608", + "Title": "elfutils: Heap-buffer overflow in the ebl_object_note_type_name function", + "Description": "The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "http://www.securityfocus.com/bid/98609", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7608", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7609", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7609", + "Title": "elfutils: Memory allocation failure in elf_compress.c", + "Description": "elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7609", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2018-06-07T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7610", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7610", + "Title": "elfutils: Heap-buffer overflow in the check_group function", + "Description": "The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7610", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7611", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7611", + "Title": "elfutils: Heap-buffer overflow in the check_symtab_shndx function", + "Description": "The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7611", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7612", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7612", + "Title": "elfutils: Heap-buffer overflow in the check_sysv_hash function", + "Description": "The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7612", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7613", + "PkgName": "elfutils-libelf", + "InstalledVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7613", + "Title": "elfutils: elflint.c does not validate the number of sections and segments", + "Description": "elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7613", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2019-06-20T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10254", + "PkgName": "elfutils-libs", + "InstalledVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10254", + "Title": "elfutils: Memory allocation failure in allocate_elf", + "Description": "The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2017/03/22/2", + "https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-allocate_elf-common-h/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10254", + "https://lists.fedorahosted.org/archives/list/elfutils-devel@lists.fedorahosted.org/message/EJWVY7TMRDEMWPAPNVU3V4MZYG5HANF2/", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-03-23T16:59:00Z", + "LastModifiedDate": "2018-06-07T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10255", + "PkgName": "elfutils-libs", + "InstalledVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10255", + "Title": "elfutils: Memory allocation failure in __libelf_set_rawdata_wrlock (elf_getdata.c)", + "Description": "The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2017/03/22/1", + "https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-__libelf_set_rawdata_wrlock-elf_getdata-c/", + "https://bugzilla.redhat.com/show_bug.cgi?id=1387584", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10255", + "https://lists.fedorahosted.org/archives/list/elfutils-devel@lists.fedorahosted.org/thread/Q4LE47FPEVRZANMV6JE2NMHYO4H5MHGJ/", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-03-23T16:59:00Z", + "LastModifiedDate": "2018-06-07T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7607", + "PkgName": "elfutils-libs", + "InstalledVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7607", + "Title": "elfutils: Heap-buffer overflow in the handle_gnu_hash function", + "Description": "The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "http://www.securityfocus.com/bid/98608", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7607", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7608", + "PkgName": "elfutils-libs", + "InstalledVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7608", + "Title": "elfutils: Heap-buffer overflow in the ebl_object_note_type_name function", + "Description": "The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "http://www.securityfocus.com/bid/98609", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7608", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7609", + "PkgName": "elfutils-libs", + "InstalledVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7609", + "Title": "elfutils: Memory allocation failure in elf_compress.c", + "Description": "elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7609", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2018-06-07T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7610", + "PkgName": "elfutils-libs", + "InstalledVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7610", + "Title": "elfutils: Heap-buffer overflow in the check_group function", + "Description": "The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7610", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7611", + "PkgName": "elfutils-libs", + "InstalledVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7611", + "Title": "elfutils: Heap-buffer overflow in the check_symtab_shndx function", + "Description": "The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7611", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7612", + "PkgName": "elfutils-libs", + "InstalledVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7612", + "Title": "elfutils: Heap-buffer overflow in the check_sysv_hash function", + "Description": "The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7612", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7613", + "PkgName": "elfutils-libs", + "InstalledVersion": "0.176-2.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7613", + "Title": "elfutils: elflint.c does not validate the number of sections and segments", + "Description": "elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c", + "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7613", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", + "https://security.gentoo.org/glsa/201710-10", + "https://usn.ubuntu.com/3670-1/", + "https://usn.ubuntu.com/usn/usn-3670-1" + ], + "PublishedDate": "2017-04-09T14:59:00Z", + "LastModifiedDate": "2019-06-20T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2012-6702", + "PkgName": "expat", + "InstalledVersion": "2.1.0-10.el7_3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2012-6702", + "Title": "expat: Using XML_Parse before rand() results into non-random output", + "Description": "Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + } + }, + "References": [ + "http://seclists.org/oss-sec/2016/q2/468", + "http://www.debian.org/security/2016/dsa-3597", + "http://www.openwall.com/lists/oss-security/2016/06/03/8", + "http://www.openwall.com/lists/oss-security/2016/06/04/1", + "http://www.securityfocus.com/bid/91483", + "http://www.ubuntu.com/usn/USN-3010-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6702", + "https://security.gentoo.org/glsa/201701-21", + "https://source.android.com/security/bulletin/2016-11-01.html", + "https://usn.ubuntu.com/usn/usn-3010-1", + "https://usn.ubuntu.com/usn/usn-3013-1", + "https://www.tenable.com/security/tns-2016-20" + ], + "PublishedDate": "2016-06-16T18:59:00Z", + "LastModifiedDate": "2019-01-18T17:55:00Z" + }, + { + "VulnerabilityID": "CVE-2013-0340", + "PkgName": "expat", + "InstalledVersion": "2.1.0-10.el7_3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-0340", + "Title": "expat: internal entity expansion", + "Description": "expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2013/02/22/3", + "http://securitytracker.com/id?1028213", + "http://www.openwall.com/lists/oss-security/2013/04/12/6", + "http://www.osvdb.org/90634", + "http://www.securityfocus.com/bid/58233", + "https://security.gentoo.org/glsa/201701-21" + ], + "PublishedDate": "2014-01-21T18:55:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-2716", + "PkgName": "expat", + "InstalledVersion": "2.1.0-10.el7_3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2716", + "Title": "Mozilla: Buffer overflow when parsing compressed XML (MFSA 2015-54)", + "Description": "Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2015-2716.html", + "http://linux.oracle.com/errata/ELSA-2015-1012.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html", + "http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html", + "http://rhn.redhat.com/errata/RHSA-2015-0988.html", + "http://rhn.redhat.com/errata/RHSA-2015-1012.html", + "http://www.debian.org/security/2015/dsa-3260", + "http://www.debian.org/security/2015/dsa-3264", + "http://www.mozilla.org/security/announce/2015/mfsa2015-54.html", + "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "http://www.securityfocus.com/bid/74611", + "http://www.ubuntu.com/usn/USN-2602-1", + "http://www.ubuntu.com/usn/USN-2603-1", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1140537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2716", + "https://hg.mozilla.org/releases/mozilla-esr31/rev/2f3e78643f5c", + "https://security.gentoo.org/glsa/201605-06", + "https://usn.ubuntu.com/usn/usn-2602-1", + "https://usn.ubuntu.com/usn/usn-2603-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2015-54/", + "https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7", + "https://www.tenable.com/security/tns-2016-20" + ], + "PublishedDate": "2015-05-14T10:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4472", + "PkgName": "expat", + "InstalledVersion": "2.1.0-10.el7_3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4472", + "Title": "expat: Undefined behavior and pointer overflows", + "Description": "The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.1 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", + "V2Score": 5.1 + } + }, + "References": [ + "http://www.securityfocus.com/bid/91528", + "http://www.ubuntu.com/usn/USN-3013-1", + "https://bugzilla.redhat.com/show_bug.cgi?id=1344251", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4472", + "https://security.gentoo.org/glsa/201701-21", + "https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde", + "https://usn.ubuntu.com/usn/usn-3013-1", + "https://www.tenable.com/security/tns-2016-20" + ], + "PublishedDate": "2016-06-30T17:59:00Z", + "LastModifiedDate": "2017-11-03T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-5300", + "PkgName": "expat", + "InstalledVersion": "2.1.0-10.el7_3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5300", + "Title": "expat: Little entropy used for hash initialization", + "Description": "The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 7.8, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://seclists.org/oss-sec/2016/q2/468", + "http://www.debian.org/security/2016/dsa-3597", + "http://www.openwall.com/lists/oss-security/2016/06/04/4", + "http://www.openwall.com/lists/oss-security/2016/06/04/5", + "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", + "http://www.securityfocus.com/bid/91159", + "http://www.ubuntu.com/usn/USN-3010-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5300", + "https://security.gentoo.org/glsa/201701-21", + "https://source.android.com/security/bulletin/2016-11-01.html", + "https://usn.ubuntu.com/usn/usn-3010-1", + "https://usn.ubuntu.com/usn/usn-3013-1", + "https://www.tenable.com/security/tns-2016-20" + ], + "PublishedDate": "2016-06-16T18:59:00Z", + "LastModifiedDate": "2019-01-23T12:59:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9233", + "PkgName": "expat", + "InstalledVersion": "2.1.0-10.el7_3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9233", + "Title": "expat: Inifinite loop due to invalid XML in external entity", + "Description": "XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-611", + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.debian.org/security/2017/dsa-3898", + "http://www.openwall.com/lists/oss-security/2017/06/17/7", + "http://www.securityfocus.com/bid/99276", + "http://www.securitytracker.com/id/1039427", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9233", + "https://github.com/libexpat/libexpat/blob/master/expat/Changes", + "https://libexpat.github.io/doc/cve-2017-9233/", + "https://support.apple.com/HT208112", + "https://support.apple.com/HT208113", + "https://support.apple.com/HT208115", + "https://support.apple.com/HT208144", + "https://support.f5.com/csp/article/K03244804", + "https://usn.ubuntu.com/usn/usn-3356-1", + "https://usn.ubuntu.com/usn/usn-3356-2" + ], + "PublishedDate": "2017-07-25T20:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20843", + "PkgName": "expat", + "InstalledVersion": "2.1.0-10.el7_3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20843", + "Title": "expat: large number of colons in input makes parser consume high amount of resources, leading to DoS", + "Description": "In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-611" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 7.8, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931031", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20843", + "https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes", + "https://github.com/libexpat/libexpat/issues/186", + "https://github.com/libexpat/libexpat/pull/262", + "https://github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00028.html", + "https://seclists.org/bugtraq/2019/Jun/39", + "https://security.netapp.com/advisory/ntap-20190703-0001/", + "https://usn.ubuntu.com/4040-1/", + "https://usn.ubuntu.com/4040-2/", + "https://usn.ubuntu.com/usn/usn-4040-1", + "https://usn.ubuntu.com/usn/usn-4040-2", + "https://www.debian.org/security/2019/dsa-4472" + ], + "PublishedDate": "2019-06-24T17:15:00Z", + "LastModifiedDate": "2019-06-26T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-9063", + "PkgName": "expat", + "InstalledVersion": "2.1.0-10.el7_3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9063", + "Title": "firefox: Possible integer overflow to fix inside XML_Parse in Expat", + "Description": "An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox \u003c 50.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V2Score": 4.3, + "V3Score": 3.1 + } + }, + "References": [ + "http://www.securityfocus.com/bid/94337", + "http://www.securitytracker.com/id/1037298", + "http://www.securitytracker.com/id/1039427", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1274777", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063", + "https://usn.ubuntu.com/usn/usn-3124-1", + "https://www.debian.org/security/2017/dsa-3898", + "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/", + "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9063", + "https://www.mozilla.org/security/advisories/mfsa2016-89/" + ], + "PublishedDate": "2018-06-11T21:29:00Z", + "LastModifiedDate": "2018-07-30T18:31:00Z" + }, + { + "VulnerabilityID": "CVE-2019-15903", + "PkgName": "expat", + "InstalledVersion": "2.1.0-10.el7_3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-15903", + "Title": "expat: heap-based buffer over-read via crafted XML input", + "Description": "In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.", + "Severity": "LOW", + "CweIDs": [ + "CWE-611" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-15903.html", + "http://linux.oracle.com/errata/ELSA-2019-3237.html", + "http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903", + "https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43", + "https://github.com/libexpat/libexpat/issues/317", + "https://github.com/libexpat/libexpat/issues/342", + "https://github.com/libexpat/libexpat/pull/318", + "https://seclists.org/bugtraq/2019/Sep/30", + "https://usn.ubuntu.com/4132-1/", + "https://usn.ubuntu.com/4132-2/", + "https://usn.ubuntu.com/usn/usn-4132-1", + "https://usn.ubuntu.com/usn/usn-4132-2", + "https://usn.ubuntu.com/usn/usn-4165-1", + "https://usn.ubuntu.com/usn/usn-4202-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-15903" + ], + "PublishedDate": "2019-09-04T06:15:00Z", + "LastModifiedDate": "2019-09-12T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2014-9620", + "PkgName": "file-libs", + "InstalledVersion": "5.11-35.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9620", + "Title": "file: limit the number of ELF notes processed", + "Description": "The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 1.9 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2015-0040.html", + "http://linux.oracle.com/cve/CVE-2014-9620.html", + "http://linux.oracle.com/errata/ELSA-2016-0760.html", + "http://mx.gw.com/pipermail/file/2014/001653.html", + "http://mx.gw.com/pipermail/file/2015/001660.html", + "http://rhn.redhat.com/errata/RHSA-2016-0760.html", + "http://www.debian.org/security/2015/dsa-3121", + "http://www.openwall.com/lists/oss-security/2015/01/17/9", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "http://www.securityfocus.com/bid/71715", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9620", + "https://github.com/file/file/commit/ce90e05774dd77d86cfc8dfa6da57b32816841c4", + "https://security.gentoo.org/glsa/201503-08", + "https://usn.ubuntu.com/3686-1/", + "https://usn.ubuntu.com/usn/usn-3686-1" + ], + "PublishedDate": "2015-01-21T18:59:00Z", + "LastModifiedDate": "2018-06-16T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8865", + "PkgName": "file-libs", + "InstalledVersion": "5.11-35.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8865", + "Title": "file: Buffer over-write in finfo_open with malformed magic file", + "Description": "The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 7.3 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 5.1, + "V3Score": 5.6 + } + }, + "References": [ + "http://bugs.gw.com/view.php?id=522", + "http://git.php.net/?p=php-src.git;a=commit;h=fe13566c93f118a15a96320a546c7878fd0cfc5e", + "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html", + "http://rhn.redhat.com/errata/RHSA-2016-2750.html", + "http://www.debian.org/security/2016/dsa-3560", + "http://www.openwall.com/lists/oss-security/2016/04/11/7", + "http://www.openwall.com/lists/oss-security/2016/04/24/1", + "http://www.php.net/ChangeLog-5.php", + "http://www.php.net/ChangeLog-7.php", + "http://www.securityfocus.com/bid/85802", + "http://www.ubuntu.com/usn/USN-2952-1", + "http://www.ubuntu.com/usn/USN-2952-2", + "https://bugs.php.net/bug.php?id=71527", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8865", + "https://github.com/file/file/commit/6713ca45e7757297381f4b4cdb9cf5e624a9ad36", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", + "https://security.gentoo.org/glsa/201611-22", + "https://security.gentoo.org/glsa/201701-42", + "https://support.apple.com/HT206567", + "https://usn.ubuntu.com/3686-1/", + "https://usn.ubuntu.com/3686-2/", + "https://usn.ubuntu.com/usn/usn-2952-1", + "https://usn.ubuntu.com/usn/usn-2984-1", + "https://usn.ubuntu.com/usn/usn-3686-1", + "https://usn.ubuntu.com/usn/usn-3686-2" + ], + "PublishedDate": "2016-05-20T10:59:00Z", + "LastModifiedDate": "2018-06-30T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-10360", + "PkgName": "file-libs", + "InstalledVersion": "5.11-35.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-10360", + "Title": "file: out-of-bounds read via a crafted ELF file", + "Description": "The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10360", + "https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22", + "https://security.gentoo.org/glsa/201806-08", + "https://usn.ubuntu.com/3686-1/", + "https://usn.ubuntu.com/3686-2/", + "https://usn.ubuntu.com/usn/usn-3686-1", + "https://usn.ubuntu.com/usn/usn-3686-2" + ], + "PublishedDate": "2018-06-11T10:29:00Z", + "LastModifiedDate": "2019-05-02T14:40:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1010180", + "PkgName": "gdb-gdbserver", + "InstalledVersion": "7.6.1-115.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010180", + "Title": "gdb: buffer overflow while opening an ELF for debugging leads to Dos, information dislosure and code execution", + "Description": "GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L", + "V3Score": 6.1 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", + "http://www.securityfocus.com/bid/109367", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010180", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23657" + ], + "PublishedDate": "2019-07-24T13:15:00Z", + "LastModifiedDate": "2019-10-31T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2226", + "PkgName": "gdb-gdbserver", + "InstalledVersion": "7.6.1-115.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2226", + "Title": "gcc: Exploitable buffer overflow", + "Description": "Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190", + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V2Score": 6.8, + "V3Score": 3.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90103", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1", + "https://www.exploit-db.com/exploits/42386/" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-08-12T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4487", + "PkgName": "gdb-gdbserver", + "InstalledVersion": "7.6.1-115.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4487", + "Title": "gcc: Invalid write due to a use-after-free to array btypevec", + "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"btypevec.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V2Score": 2.6, + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90025", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", + "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4488", + "PkgName": "gdb-gdbserver", + "InstalledVersion": "7.6.1-115.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4488", + "Title": "gcc: Invalid write due to a use-after-free to array ktypevec", + "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"ktypevec.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V2Score": 5.1, + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90025", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", + "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4489", + "PkgName": "gdb-gdbserver", + "InstalledVersion": "7.6.1-115.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4489", + "Title": "gcc: Invalid write due to integer overflow", + "Description": "Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the \"demangling of virtual tables.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 4, + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90017", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4490", + "PkgName": "gdb-gdbserver", + "InstalledVersion": "7.6.1-115.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4490", + "Title": "gcc: Write access violation", + "Description": "Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 4, + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90019", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4491", + "PkgName": "gdb-gdbserver", + "InstalledVersion": "7.6.1-115.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4491", + "Title": "gcc: Stack overflow due to infinite recursion in d_print_comp", + "Description": "The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90016", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909", + "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4492", + "PkgName": "gdb-gdbserver", + "InstalledVersion": "7.6.1-115.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4492", + "Title": "gcc: Read access violations", + "Description": "Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 4.4 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 2.6, + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90014", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", + "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4493", + "PkgName": "gdb-gdbserver", + "InstalledVersion": "7.6.1-115.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4493", + "Title": "gcc: Read access violations", + "Description": "The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 2.6, + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90014", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", + "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9778", + "PkgName": "gdb-gdbserver", + "InstalledVersion": "7.6.1-115.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9778", + "Title": "gdb: Malformed section in an ELF binary or a core file can cause memory exhaustion", + "Description": "GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20", + "CWE-770" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99244", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9778", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21600" + ], + "PublishedDate": "2017-06-21T07:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20657", + "PkgName": "gdb-gdbserver", + "InstalledVersion": "7.6.1-115.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20657", + "Title": "libiberty: Memory leak in demangle_template function resulting in a denial of service", + "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", + "Severity": "LOW", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-20657.html", + "http://linux.oracle.com/errata/ELSA-2019-3352.html", + "http://www.securityfocus.com/bid/106444", + "https://access.redhat.com/errata/RHSA-2019:3352", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539", + "https://support.f5.com/csp/article/K62602089" + ], + "PublishedDate": "2019-01-02T14:29:00Z", + "LastModifiedDate": "2019-11-06T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8385", + "PkgName": "glib2", + "InstalledVersion": "2.56.1-5.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8385", + "Title": "pcre: buffer overflow caused by named forward reference to duplicate group number (8.38/30)", + "Description": "PCRE before 8.38 mishandles the /(?|(\\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2015-8385.html", + "http://linux.oracle.com/errata/ELSA-2016-1025.html", + "http://rhn.redhat.com/errata/RHSA-2016-1025.html", + "http://rhn.redhat.com/errata/RHSA-2016-2750.html", + "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", + "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", + "http://www.openwall.com/lists/oss-security/2015/11/29/1", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "http://www.securityfocus.com/bid/85572", + "https://access.redhat.com/errata/RHSA-2016:1132", + "https://bto.bluecoat.com/security-advisory/sa128", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8385", + "https://security.gentoo.org/glsa/201607-02", + "https://usn.ubuntu.com/usn/usn-2943-1" + ], + "PublishedDate": "2015-12-02T01:59:00Z", + "LastModifiedDate": "2019-12-27T16:08:00Z" + }, + { + "VulnerabilityID": "CVE-2016-3191", + "PkgName": "glib2", + "InstalledVersion": "2.56.1-5.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-3191", + "Title": "pcre: workspace overflow for (*ACCEPT) with deeply nested parentheses (8.39/13, 10.22/12)", + "Description": "The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-3191.html", + "http://linux.oracle.com/errata/ELSA-2016-1025.html", + "http://rhn.redhat.com/errata/RHSA-2016-1025.html", + "http://vcs.pcre.org/pcre2?view=revision\u0026revision=489", + "http://vcs.pcre.org/pcre?view=revision\u0026revision=1631", + "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "http://www.securityfocus.com/bid/84810", + "https://access.redhat.com/errata/RHSA-2016:1132", + "https://bto.bluecoat.com/security-advisory/sa128", + "https://bugs.debian.org/815920", + "https://bugs.debian.org/815921", + "https://bugs.exim.org/show_bug.cgi?id=1791", + "https://bugzilla.redhat.com/show_bug.cgi?id=1311503", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3191", + "https://usn.ubuntu.com/usn/usn-2943-1", + "https://www.tenable.com/security/tns-2016-18" + ], + "PublishedDate": "2016-03-17T23:59:00Z", + "LastModifiedDate": "2018-01-05T02:30:00Z" + }, + { + "VulnerabilityID": "CVE-2015-2327", + "PkgName": "glib2", + "InstalledVersion": "2.56.1-5.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2327", + "Title": "pcre: infinite recursion compiling pattern with zero-repeated groups that include recursive back reference (8.36/19)", + "Description": "PCRE before 8.36 mishandles the /(((a\\2)|(a*)\\g\u003c-1\u003e))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://rhn.redhat.com/errata/RHSA-2016-2750.html", + "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", + "http://www.fortiguard.com/advisory/FG-VD-15-010/", + "http://www.openwall.com/lists/oss-security/2015/11/29/1", + "http://www.securityfocus.com/bid/74924", + "https://bugs.exim.org/show_bug.cgi?id=1503", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2327", + "https://jira.mongodb.org/browse/SERVER-17252", + "https://usn.ubuntu.com/usn/usn-2943-1" + ], + "PublishedDate": "2015-12-02T01:59:00Z", + "LastModifiedDate": "2018-01-05T02:30:00Z" + }, + { + "VulnerabilityID": "CVE-2015-2328", + "PkgName": "glib2", + "InstalledVersion": "2.56.1-5.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2328", + "Title": "pcre: infinite recursion compiling pattern with recursive reference in a group with indefinite repeat (8.36/20)", + "Description": "PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-19" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2015-2328.html", + "http://linux.oracle.com/errata/ELSA-2016-1025.html", + "http://rhn.redhat.com/errata/RHSA-2016-1025.html", + "http://rhn.redhat.com/errata/RHSA-2016-2750.html", + "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", + "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", + "http://www.fortiguard.com/advisory/FG-VD-15-014/", + "http://www.openwall.com/lists/oss-security/2015/11/29/1", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "http://www.securityfocus.com/bid/74924", + "https://bugs.exim.org/show_bug.cgi?id=1515", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2328", + "https://jira.mongodb.org/browse/SERVER-17252", + "https://usn.ubuntu.com/usn/usn-2943-1" + ], + "PublishedDate": "2015-12-02T01:59:00Z", + "LastModifiedDate": "2019-12-27T16:08:00Z" + }, + { + "VulnerabilityID": "CVE-2015-3217", + "PkgName": "glib2", + "InstalledVersion": "2.56.1-5.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-3217", + "Title": "pcre: stack overflow caused by mishandled group empty match (8.38/11)", + "Description": "PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\\\.|([^\\\\\\\\W_])?)+)+$/.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2015-3217.html", + "http://linux.oracle.com/errata/ELSA-2016-1025.html", + "http://rhn.redhat.com/errata/RHSA-2016-1025.html", + "http://rhn.redhat.com/errata/RHSA-2016-2750.html", + "http://vcs.pcre.org/pcre?view=revision\u0026revision=1566", + "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", + "http://www.openwall.com/lists/oss-security/2015/06/03/7", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "http://www.securityfocus.com/bid/75018", + "https://access.redhat.com/errata/RHSA-2016:1132", + "https://bugs.exim.org/show_bug.cgi?id=1638", + "https://bugzilla.redhat.com/show_bug.cgi?id=1228283", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3217" + ], + "PublishedDate": "2016-12-13T16:59:00Z", + "LastModifiedDate": "2018-05-18T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-5073", + "PkgName": "glib2", + "InstalledVersion": "2.56.1-5.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5073", + "Title": "CVE-2015-8388 pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18)", + "Description": "Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119", + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2015-5073.html", + "http://linux.oracle.com/errata/ELSA-2016-1025.html", + "http://rhn.redhat.com/errata/RHSA-2016-1025.html", + "http://rhn.redhat.com/errata/RHSA-2016-2750.html", + "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?revision=1609\u0026view=markup", + "http://vcs.pcre.org/pcre?view=revision\u0026revision=1571", + "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", + "http://www.openwall.com/lists/oss-security/2015/06/26/1", + "http://www.openwall.com/lists/oss-security/2015/06/26/3", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "http://www.securityfocus.com/bid/75430", + "http://www.securitytracker.com/id/1033154", + "https://access.redhat.com/errata/RHSA-2016:1132", + "https://bugs.exim.org/show_bug.cgi?id=1651", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5073", + "https://security.gentoo.org/glsa/201607-02", + "https://usn.ubuntu.com/usn/usn-2694-1", + "https://usn.ubuntu.com/usn/usn-2943-1" + ], + "PublishedDate": "2016-12-13T16:59:00Z", + "LastModifiedDate": "2018-05-18T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8387", + "PkgName": "glib2", + "InstalledVersion": "2.56.1-5.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8387", + "Title": "pcre: Integer overflow in subroutine calls (8.38/8)", + "Description": "PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-189" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", + "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", + "http://www.openwall.com/lists/oss-security/2015/11/29/1", + "http://www.securityfocus.com/bid/82990", + "https://bto.bluecoat.com/security-advisory/sa128", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8387", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", + "https://security.gentoo.org/glsa/201607-02", + "https://usn.ubuntu.com/usn/usn-2943-1" + ], + "PublishedDate": "2015-12-02T01:59:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8388", + "PkgName": "glib2", + "InstalledVersion": "2.56.1-5.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8388", + "Title": "CVE-2015-5073 CVE-2015-8388 pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18)", + "Description": "PCRE before 8.38 mishandles the /(?=di(?\u003c=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119", + "CWE-185" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2015-8388.html", + "http://linux.oracle.com/errata/ELSA-2016-1025.html", + "http://rhn.redhat.com/errata/RHSA-2016-1025.html", + "http://rhn.redhat.com/errata/RHSA-2016-2750.html", + "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", + "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", + "http://www.openwall.com/lists/oss-security/2015/11/29/1", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "http://www.securityfocus.com/bid/85576", + "https://access.redhat.com/errata/RHSA-2016:1132", + "https://bto.bluecoat.com/security-advisory/sa128", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8388", + "https://security.gentoo.org/glsa/201607-02", + "https://usn.ubuntu.com/usn/usn-2943-1" + ], + "PublishedDate": "2015-12-02T01:59:00Z", + "LastModifiedDate": "2019-12-27T16:08:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8390", + "PkgName": "glib2", + "InstalledVersion": "2.56.1-5.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8390", + "Title": "pcre: uninitialized memory read triggered by malformed posix character class (8.38/22)", + "Description": "PCRE before 8.38 mishandles the [: and \\\\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", + "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", + "http://www.openwall.com/lists/oss-security/2015/11/29/1", + "http://www.securityfocus.com/bid/82990", + "https://bto.bluecoat.com/security-advisory/sa128", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8390", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", + "https://security.gentoo.org/glsa/201607-02", + "https://usn.ubuntu.com/usn/usn-2943-1" + ], + "PublishedDate": "2015-12-02T01:59:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8391", + "PkgName": "glib2", + "InstalledVersion": "2.56.1-5.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8391", + "Title": "pcre: inefficient posix character class syntax check (8.38/16)", + "Description": "The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:C", + "V2Score": 9 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2015-8391.html", + "http://linux.oracle.com/errata/ELSA-2016-1025.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", + "http://rhn.redhat.com/errata/RHSA-2016-1025.html", + "http://rhn.redhat.com/errata/RHSA-2016-2750.html", + "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", + "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", + "http://www.openwall.com/lists/oss-security/2015/11/29/1", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "http://www.securityfocus.com/bid/82990", + "https://access.redhat.com/errata/RHSA-2016:1132", + "https://bto.bluecoat.com/security-advisory/sa128", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8391", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", + "https://security.gentoo.org/glsa/201607-02", + "https://usn.ubuntu.com/usn/usn-2943-1" + ], + "PublishedDate": "2015-12-02T01:59:00Z", + "LastModifiedDate": "2018-01-05T02:30:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8394", + "PkgName": "glib2", + "InstalledVersion": "2.56.1-5.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8394", + "Title": "pcre: Integer overflow caused by missing check for certain conditions (8.38/31)", + "Description": "PCRE before 8.38 mishandles the (?(\u003cdigits\u003e) and (?(R\u003cdigits\u003e) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-189" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", + "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", + "http://www.openwall.com/lists/oss-security/2015/11/29/1", + "http://www.securityfocus.com/bid/82990", + "https://bto.bluecoat.com/security-advisory/sa128", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8394", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", + "https://security.gentoo.org/glsa/201607-02", + "https://usn.ubuntu.com/usn/usn-2943-1" + ], + "PublishedDate": "2015-12-02T01:59:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-12450", + "PkgName": "glib2", + "InstalledVersion": "2.56.1-5.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12450", + "Title": "glib2: file_copy_fallback in gio/gfile.c in GNOME GLib does not properly restrict file permissions while a copy operation is in progress", + "Description": "file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-275" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", + "V3Score": 6.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-12450.html", + "http://linux.oracle.com/errata/ELSA-2019-3530.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12450", + "https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00013.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2W4WIOAGO3M743M5KZLVQZM3NGHQDYLI/", + "https://security.netapp.com/advisory/ntap-20190606-0003/", + "https://usn.ubuntu.com/4014-1/", + "https://usn.ubuntu.com/4014-2/", + "https://usn.ubuntu.com/usn/usn-4014-1", + "https://usn.ubuntu.com/usn/usn-4014-2" + ], + "PublishedDate": "2019-05-29T17:29:00Z", + "LastModifiedDate": "2019-06-11T14:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9633", + "PkgName": "glib2", + "InstalledVersion": "2.56.1-5.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9633", + "Title": "glib: g_socket_client_connected_callback in gio/gsocketclient.c allows to cause denial of service", + "Description": "gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mishandling and application crash) via a crafted web site, as demonstrated by GNOME Web (aka Epiphany).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "V3Score": 8.2 + } + }, + "References": [ + "http://www.securityfocus.com/bid/107391", + "https://gitlab.gnome.org/GNOME/glib/issues/1649" + ], + "PublishedDate": "2019-03-08T08:29:00Z", + "LastModifiedDate": "2019-03-14T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8386", + "PkgName": "glib2", + "InstalledVersion": "2.56.1-5.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8386", + "Title": "pcre: Buffer overflow caused by lookbehind assertion (8.38/6)", + "Description": "PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V2Score": 2.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2015-8386.html", + "http://linux.oracle.com/errata/ELSA-2016-1025.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", + "http://rhn.redhat.com/errata/RHSA-2016-1025.html", + "http://rhn.redhat.com/errata/RHSA-2016-2750.html", + "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", + "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", + "http://www.openwall.com/lists/oss-security/2015/11/29/1", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "http://www.securityfocus.com/bid/82990", + "https://access.redhat.com/errata/RHSA-2016:1132", + "https://bto.bluecoat.com/security-advisory/sa128", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8386", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", + "https://security.gentoo.org/glsa/201607-02", + "https://usn.ubuntu.com/usn/usn-2943-1" + ], + "PublishedDate": "2015-12-02T01:59:00Z", + "LastModifiedDate": "2019-12-27T16:08:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11164", + "PkgName": "glib2", + "InstalledVersion": "2.56.1-5.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11164", + "Title": "pcre: OP_KETRMAX feature in the match function in pcre_exec.c", + "Description": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 7.8, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2017/07/11/3", + "http://www.securityfocus.com/bid/99575", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164" + ], + "PublishedDate": "2017-07-11T03:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7244", + "PkgName": "glib2", + "InstalledVersion": "2.56.1-5.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7244", + "Title": "pcre: invalid memory read in _pcre32_xclass (pcre_xclass.c)", + "Description": "The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97067", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7244", + "https://security.gentoo.org/glsa/201710-25" + ], + "PublishedDate": "2017-03-23T21:59:00Z", + "LastModifiedDate": "2018-08-17T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7245", + "PkgName": "glib2", + "InstalledVersion": "2.56.1-5.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7245", + "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", + "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97067", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7245", + "https://security.gentoo.org/glsa/201710-25" + ], + "PublishedDate": "2017-03-23T21:59:00Z", + "LastModifiedDate": "2018-08-17T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7246", + "PkgName": "glib2", + "InstalledVersion": "2.56.1-5.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7246", + "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", + "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97067", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7246", + "https://security.gentoo.org/glsa/201710-25" + ], + "PublishedDate": "2017-03-23T21:59:00Z", + "LastModifiedDate": "2018-08-17T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16428", + "PkgName": "glib2", + "InstalledVersion": "2.56.1-5.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16428", + "Title": "glib2: NULL pointer dereference in g_markup_parse_context_end_parse() function in gmarkup.c", + "Description": "In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.1 + } + }, + "References": [ + "http://www.securityfocus.com/bid/105210", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16428", + "https://gitlab.gnome.org/GNOME/glib/commit/fccef3cc822af74699cca84cd202719ae61ca3b9", + "https://gitlab.gnome.org/GNOME/glib/issues/1364", + "https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html", + "https://usn.ubuntu.com/3767-1/", + "https://usn.ubuntu.com/3767-2/", + "https://usn.ubuntu.com/usn/usn-3767-1", + "https://usn.ubuntu.com/usn/usn-3767-2" + ], + "PublishedDate": "2018-09-04T00:29:00Z", + "LastModifiedDate": "2019-07-31T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16429", + "PkgName": "glib2", + "InstalledVersion": "2.56.1-5.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16429", + "Title": "glib2: Out-of-bounds read in g_markup_parse_context_parse() in gmarkup.c", + "Description": "GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str().", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", + "V3Score": 3.6 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16429", + "https://gitlab.gnome.org/GNOME/glib/commit/cec71705406f0b2790422f0c1aa0ff3b4b464b1b", + "https://gitlab.gnome.org/GNOME/glib/issues/1361", + "https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html", + "https://usn.ubuntu.com/3767-1/", + "https://usn.ubuntu.com/3767-2/", + "https://usn.ubuntu.com/usn/usn-3767-1", + "https://usn.ubuntu.com/usn/usn-3767-2" + ], + "PublishedDate": "2018-09-04T00:29:00Z", + "LastModifiedDate": "2019-07-31T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-13012", + "PkgName": "glib2", + "InstalledVersion": "2.56.1-5.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13012", + "Title": "glib2: insecure permissions for files and directories", + "Description": "The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb-\u003edir, NULL, NULL) and files using g_file_replace_contents (kfsb-\u003efile, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450.", + "Severity": "LOW", + "CweIDs": [ + "CWE-275" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00022.html", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931234#12", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13012", + "https://gitlab.gnome.org/GNOME/glib/commit/5e4da714f00f6bfb2ccd6d73d61329c6f3a08429", + "https://gitlab.gnome.org/GNOME/glib/issues/1658", + "https://gitlab.gnome.org/GNOME/glib/merge_requests/450", + "https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html", + "https://lists.debian.org/debian-lts-announce/2019/08/msg00004.html", + "https://security.netapp.com/advisory/ntap-20190806-0003/", + "https://usn.ubuntu.com/4049-1/", + "https://usn.ubuntu.com/4049-2/", + "https://usn.ubuntu.com/usn/usn-4049-1", + "https://usn.ubuntu.com/usn/usn-4049-2", + "https://usn.ubuntu.com/usn/usn-4049-3", + "https://usn.ubuntu.com/usn/usn-4049-4" + ], + "PublishedDate": "2019-06-28T15:15:00Z", + "LastModifiedDate": "2019-07-29T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2009-5155", + "PkgName": "glibc", + "InstalledVersion": "2.17-292.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2009-5155", + "Title": "glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result", + "Description": "In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-19" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5155", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=11053", + "https://sourceware.org/bugzilla/show_bug.cgi?id=18986", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672", + "https://support.f5.com/csp/article/K64119434" + ], + "PublishedDate": "2019-02-26T02:29:00Z", + "LastModifiedDate": "2019-03-25T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8983", + "PkgName": "glibc", + "InstalledVersion": "2.17-292.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8983", + "Title": "glibc: _IO_wstr_overflow integer overflow", + "Description": "Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 4.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2015/02/22/15", + "http://www.openwall.com/lists/oss-security/2017/02/14/9", + "http://www.securityfocus.com/bid/72740", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8983", + "https://sourceware.org/bugzilla/show_bug.cgi?id=17269", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bdf1ff052a8e23d637f2c838fa5642d78fcedc33", + "https://usn.ubuntu.com/usn/usn-3239-1", + "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html" + ], + "PublishedDate": "2017-03-20T16:59:00Z", + "LastModifiedDate": "2017-03-22T19:12:00Z" + }, + { + "VulnerabilityID": "CVE-2016-1234", + "PkgName": "glibc", + "InstalledVersion": "2.17-292.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1234", + "Title": "glibc: Stack-based buffer overflow in glob with GLOB_ALTDIRFUNC and crafted directory", + "Description": "Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", + "V2Score": 4.6, + "V3Score": 4.8 + } + }, + "References": [ + "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html", + "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html", + "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html", + "http://www.openwall.com/lists/oss-security/2016/03/07/16", + "http://www.securityfocus.com/bid/84204", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1234", + "https://security.gentoo.org/glsa/201702-11", + "https://sourceware.org/bugzilla/show_bug.cgi?id=19779", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5171f3079f2cc53e0548fc4967361f4d1ce9d7ea", + "https://usn.ubuntu.com/usn/usn-3239-1" + ], + "PublishedDate": "2016-06-01T20:59:00Z", + "LastModifiedDate": "2019-05-31T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2017-8804", + "PkgName": "glibc", + "InstalledVersion": "2.17-292.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8804", + "Title": "glibc: memory leak in sunrpc when decoding malformed XDR", + "Description": "The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-502" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 7.8, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2017/05/05/2", + "http://www.securityfocus.com/bid/98339", + "https://bugzilla.suse.com/show_bug.cgi?id=1037559#c7", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21461", + "https://sourceware.org/ml/libc-alpha/2017-05/msg00105.html" + ], + "PublishedDate": "2017-05-07T18:29:00Z", + "LastModifiedDate": "2017-05-16T01:34:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1010022", + "PkgName": "glibc", + "InstalledVersion": "2.17-292.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010022", + "Title": "glibc: stack guard protection bypass", + "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850" + ], + "PublishedDate": "2019-07-15T04:15:00Z", + "LastModifiedDate": "2019-07-18T15:44:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9169", + "PkgName": "glibc", + "InstalledVersion": "2.17-292.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9169", + "Title": "glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/107160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24114", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9", + "https://support.f5.com/csp/article/K54823184" + ], + "PublishedDate": "2019-02-26T02:29:00Z", + "LastModifiedDate": "2019-04-16T05:29:00Z" + }, + { + "VulnerabilityID": "CVE-2014-4043", + "PkgName": "glibc", + "InstalledVersion": "2.17-292.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-4043", + "Title": "glibc: posix_spawn_file_actions_addopen fails to copy the path argument", + "Description": "The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.", + "Severity": "LOW", + "CweIDs": [ + "CWE-94" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:S/C:P/I:N/A:N", + "V2Score": 1 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00012.html", + "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", + "http://seclists.org/fulldisclosure/2019/Jun/18", + "http://www.mandriva.com/security/advisories?name=MDVSA-2014:152", + "http://www.openwall.com/lists/oss-security/2014/06/13/2", + "http://www.securityfocus.com/bid/68006", + "https://bugzilla.redhat.com/show_bug.cgi?id=1109263", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/93784", + "https://seclists.org/bugtraq/2019/Jun/14", + "https://security.gentoo.org/glsa/201503-04", + "https://sourceware.org/bugzilla/show_bug.cgi?id=17048", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=ChangeLog;h=3020b9ac232315df362521aeaf85f21cb9926db8;hp=d86e73963dd9fb5e21b1a28326630337226812aa;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=posix/spawn_faction_addopen.c;h=40800b8e6e81341501c0fb8a91009529e2048dec;hp=47f62425b696a4fdd511b2a057746322eb6518db;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=89e435f3559c53084498e9baad22172b64429362", + "https://usn.ubuntu.com/usn/usn-2306-1" + ], + "PublishedDate": "2014-10-06T23:55:00Z", + "LastModifiedDate": "2019-06-13T21:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8982", + "PkgName": "glibc", + "InstalledVersion": "2.17-292.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8982", + "Title": "glibc: multiple overflows in strxfrm()", + "Description": "Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:N", + "V2Score": 2.6 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2015/09/08/2", + "http://www.openwall.com/lists/oss-security/2015/02/13/3", + "http://www.openwall.com/lists/oss-security/2017/02/14/9", + "http://www.securityfocus.com/bid/72602", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8982", + "https://sourceware.org/bugzilla/show_bug.cgi?id=16009", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=0f9e585480ed", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0f9e585480ed", + "https://usn.ubuntu.com/usn/usn-3239-1" + ], + "PublishedDate": "2017-03-15T19:59:00Z", + "LastModifiedDate": "2017-03-17T12:26:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8984", + "PkgName": "glibc", + "InstalledVersion": "2.17-292.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8984", + "Title": "glibc: potential denial of service in internal_fnmatch()", + "Description": "The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", + "V2Score": 1.2 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2015/02/26/5", + "http://www.openwall.com/lists/oss-security/2017/02/14/9", + "http://www.securityfocus.com/bid/72789", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8984", + "https://sourceware.org/bugzilla/show_bug.cgi?id=18032", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a28f4d55a6cc33474c0792fe93b5942d81bf185", + "https://usn.ubuntu.com/usn/usn-3239-1", + "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html" + ], + "PublishedDate": "2017-03-20T16:59:00Z", + "LastModifiedDate": "2017-03-22T19:12:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8985", + "PkgName": "glibc", + "InstalledVersion": "2.17-292.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8985", + "Title": "glibc: potential denial of service in pop_fail_stack()", + "Description": "The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.", + "Severity": "LOW", + "CweIDs": [ + "CWE-19" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 1.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2017/02/14/9", + "http://www.securityfocus.com/bid/76916", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8985", + "https://security.gentoo.org/glsa/201908-06" + ], + "PublishedDate": "2017-03-20T16:59:00Z", + "LastModifiedDate": "2019-08-15T18:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10228", + "PkgName": "glibc", + "InstalledVersion": "2.17-292.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228", + "Title": "glibc: iconv program can hang when invoked with the -c option", + "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2017/03/01/10", + "http://www.securityfocus.com/bid/96525", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228", + "https://sourceware.org/bugzilla/show_bug.cgi?id=19519" + ], + "PublishedDate": "2017-03-02T01:59:00Z", + "LastModifiedDate": "2017-03-04T02:59:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4429", + "PkgName": "glibc", + "InstalledVersion": "2.17-292.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4429", + "Title": "glibc: libtirpc: stack (frame) overflow in Sun RPC clntudp_call()", + "Description": "Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V2Score": 2.6 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html", + "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html", + "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", + "http://www.securityfocus.com/bid/102073", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4429", + "https://source.android.com/security/bulletin/2017-12-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20112", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bc779a1a5b3035133024b21e2f339fe4219fb11c", + "https://usn.ubuntu.com/3759-1/", + "https://usn.ubuntu.com/3759-2/", + "https://usn.ubuntu.com/usn/usn-3239-1", + "https://usn.ubuntu.com/usn/usn-3759-1", + "https://usn.ubuntu.com/usn/usn-3759-2" + ], + "PublishedDate": "2016-06-10T15:59:00Z", + "LastModifiedDate": "2019-03-22T17:32:00Z" + }, + { + "VulnerabilityID": "CVE-2017-15671", + "PkgName": "glibc", + "InstalledVersion": "2.17-292.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15671", + "Title": "glibc: Memory leak in glob with GLOB_TILDE", + "Description": "The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).", + "Severity": "LOW", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/101517", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15671", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22325" + ], + "PublishedDate": "2017-10-20T17:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1010023", + "PkgName": "glibc", + "InstalledVersion": "2.17-292.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010023", + "Title": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", + "Description": "GNU Libc current is affected by: Re-mapping current loaded libray with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code.", + "Severity": "LOW", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.securityfocus.com/bid/109167", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "https://support.f5.com/csp/article/K11932200?utm_source=f5support\u0026amp;utm_medium=RSS" + ], + "PublishedDate": "2019-07-15T04:15:00Z", + "LastModifiedDate": "2019-10-09T20:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19126", + "PkgName": "glibc", + "InstalledVersion": "2.17-292.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19126", + "Title": "glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries", + "Description": "On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 2.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 2.9 + } + }, + "References": [ + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFJ5E7NWOL6ROE5QVICHKIOUGCPFJVUH/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=25204" + ], + "PublishedDate": "2019-11-19T22:15:00Z", + "LastModifiedDate": "2020-01-21T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2009-5155", + "PkgName": "glibc-common", + "InstalledVersion": "2.17-292.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2009-5155", + "Title": "glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result", + "Description": "In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-19" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5155", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=11053", + "https://sourceware.org/bugzilla/show_bug.cgi?id=18986", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672", + "https://support.f5.com/csp/article/K64119434" + ], + "PublishedDate": "2019-02-26T02:29:00Z", + "LastModifiedDate": "2019-03-25T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8983", + "PkgName": "glibc-common", + "InstalledVersion": "2.17-292.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8983", + "Title": "glibc: _IO_wstr_overflow integer overflow", + "Description": "Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 4.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2015/02/22/15", + "http://www.openwall.com/lists/oss-security/2017/02/14/9", + "http://www.securityfocus.com/bid/72740", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8983", + "https://sourceware.org/bugzilla/show_bug.cgi?id=17269", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bdf1ff052a8e23d637f2c838fa5642d78fcedc33", + "https://usn.ubuntu.com/usn/usn-3239-1", + "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html" + ], + "PublishedDate": "2017-03-20T16:59:00Z", + "LastModifiedDate": "2017-03-22T19:12:00Z" + }, + { + "VulnerabilityID": "CVE-2016-1234", + "PkgName": "glibc-common", + "InstalledVersion": "2.17-292.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1234", + "Title": "glibc: Stack-based buffer overflow in glob with GLOB_ALTDIRFUNC and crafted directory", + "Description": "Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", + "V2Score": 4.6, + "V3Score": 4.8 + } + }, + "References": [ + "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html", + "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html", + "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html", + "http://www.openwall.com/lists/oss-security/2016/03/07/16", + "http://www.securityfocus.com/bid/84204", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1234", + "https://security.gentoo.org/glsa/201702-11", + "https://sourceware.org/bugzilla/show_bug.cgi?id=19779", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5171f3079f2cc53e0548fc4967361f4d1ce9d7ea", + "https://usn.ubuntu.com/usn/usn-3239-1" + ], + "PublishedDate": "2016-06-01T20:59:00Z", + "LastModifiedDate": "2019-05-31T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2017-8804", + "PkgName": "glibc-common", + "InstalledVersion": "2.17-292.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8804", + "Title": "glibc: memory leak in sunrpc when decoding malformed XDR", + "Description": "The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-502" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 7.8, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2017/05/05/2", + "http://www.securityfocus.com/bid/98339", + "https://bugzilla.suse.com/show_bug.cgi?id=1037559#c7", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21461", + "https://sourceware.org/ml/libc-alpha/2017-05/msg00105.html" + ], + "PublishedDate": "2017-05-07T18:29:00Z", + "LastModifiedDate": "2017-05-16T01:34:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1010022", + "PkgName": "glibc-common", + "InstalledVersion": "2.17-292.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010022", + "Title": "glibc: stack guard protection bypass", + "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850" + ], + "PublishedDate": "2019-07-15T04:15:00Z", + "LastModifiedDate": "2019-07-18T15:44:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9169", + "PkgName": "glibc-common", + "InstalledVersion": "2.17-292.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9169", + "Title": "glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/107160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24114", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9", + "https://support.f5.com/csp/article/K54823184" + ], + "PublishedDate": "2019-02-26T02:29:00Z", + "LastModifiedDate": "2019-04-16T05:29:00Z" + }, + { + "VulnerabilityID": "CVE-2014-4043", + "PkgName": "glibc-common", + "InstalledVersion": "2.17-292.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-4043", + "Title": "glibc: posix_spawn_file_actions_addopen fails to copy the path argument", + "Description": "The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.", + "Severity": "LOW", + "CweIDs": [ + "CWE-94" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:S/C:P/I:N/A:N", + "V2Score": 1 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00012.html", + "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", + "http://seclists.org/fulldisclosure/2019/Jun/18", + "http://www.mandriva.com/security/advisories?name=MDVSA-2014:152", + "http://www.openwall.com/lists/oss-security/2014/06/13/2", + "http://www.securityfocus.com/bid/68006", + "https://bugzilla.redhat.com/show_bug.cgi?id=1109263", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/93784", + "https://seclists.org/bugtraq/2019/Jun/14", + "https://security.gentoo.org/glsa/201503-04", + "https://sourceware.org/bugzilla/show_bug.cgi?id=17048", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=ChangeLog;h=3020b9ac232315df362521aeaf85f21cb9926db8;hp=d86e73963dd9fb5e21b1a28326630337226812aa;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=posix/spawn_faction_addopen.c;h=40800b8e6e81341501c0fb8a91009529e2048dec;hp=47f62425b696a4fdd511b2a057746322eb6518db;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=89e435f3559c53084498e9baad22172b64429362", + "https://usn.ubuntu.com/usn/usn-2306-1" + ], + "PublishedDate": "2014-10-06T23:55:00Z", + "LastModifiedDate": "2019-06-13T21:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8982", + "PkgName": "glibc-common", + "InstalledVersion": "2.17-292.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8982", + "Title": "glibc: multiple overflows in strxfrm()", + "Description": "Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:N", + "V2Score": 2.6 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2015/09/08/2", + "http://www.openwall.com/lists/oss-security/2015/02/13/3", + "http://www.openwall.com/lists/oss-security/2017/02/14/9", + "http://www.securityfocus.com/bid/72602", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8982", + "https://sourceware.org/bugzilla/show_bug.cgi?id=16009", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=0f9e585480ed", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0f9e585480ed", + "https://usn.ubuntu.com/usn/usn-3239-1" + ], + "PublishedDate": "2017-03-15T19:59:00Z", + "LastModifiedDate": "2017-03-17T12:26:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8984", + "PkgName": "glibc-common", + "InstalledVersion": "2.17-292.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8984", + "Title": "glibc: potential denial of service in internal_fnmatch()", + "Description": "The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", + "V2Score": 1.2 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2015/02/26/5", + "http://www.openwall.com/lists/oss-security/2017/02/14/9", + "http://www.securityfocus.com/bid/72789", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8984", + "https://sourceware.org/bugzilla/show_bug.cgi?id=18032", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a28f4d55a6cc33474c0792fe93b5942d81bf185", + "https://usn.ubuntu.com/usn/usn-3239-1", + "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html" + ], + "PublishedDate": "2017-03-20T16:59:00Z", + "LastModifiedDate": "2017-03-22T19:12:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8985", + "PkgName": "glibc-common", + "InstalledVersion": "2.17-292.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8985", + "Title": "glibc: potential denial of service in pop_fail_stack()", + "Description": "The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.", + "Severity": "LOW", + "CweIDs": [ + "CWE-19" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 1.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2017/02/14/9", + "http://www.securityfocus.com/bid/76916", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8985", + "https://security.gentoo.org/glsa/201908-06" + ], + "PublishedDate": "2017-03-20T16:59:00Z", + "LastModifiedDate": "2019-08-15T18:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10228", + "PkgName": "glibc-common", + "InstalledVersion": "2.17-292.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228", + "Title": "glibc: iconv program can hang when invoked with the -c option", + "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2017/03/01/10", + "http://www.securityfocus.com/bid/96525", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228", + "https://sourceware.org/bugzilla/show_bug.cgi?id=19519" + ], + "PublishedDate": "2017-03-02T01:59:00Z", + "LastModifiedDate": "2017-03-04T02:59:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4429", + "PkgName": "glibc-common", + "InstalledVersion": "2.17-292.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4429", + "Title": "glibc: libtirpc: stack (frame) overflow in Sun RPC clntudp_call()", + "Description": "Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V2Score": 2.6 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html", + "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html", + "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", + "http://www.securityfocus.com/bid/102073", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4429", + "https://source.android.com/security/bulletin/2017-12-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20112", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bc779a1a5b3035133024b21e2f339fe4219fb11c", + "https://usn.ubuntu.com/3759-1/", + "https://usn.ubuntu.com/3759-2/", + "https://usn.ubuntu.com/usn/usn-3239-1", + "https://usn.ubuntu.com/usn/usn-3759-1", + "https://usn.ubuntu.com/usn/usn-3759-2" + ], + "PublishedDate": "2016-06-10T15:59:00Z", + "LastModifiedDate": "2019-03-22T17:32:00Z" + }, + { + "VulnerabilityID": "CVE-2017-15671", + "PkgName": "glibc-common", + "InstalledVersion": "2.17-292.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15671", + "Title": "glibc: Memory leak in glob with GLOB_TILDE", + "Description": "The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).", + "Severity": "LOW", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/101517", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15671", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22325" + ], + "PublishedDate": "2017-10-20T17:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1010023", + "PkgName": "glibc-common", + "InstalledVersion": "2.17-292.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010023", + "Title": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", + "Description": "GNU Libc current is affected by: Re-mapping current loaded libray with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code.", + "Severity": "LOW", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.securityfocus.com/bid/109167", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "https://support.f5.com/csp/article/K11932200?utm_source=f5support\u0026amp;utm_medium=RSS" + ], + "PublishedDate": "2019-07-15T04:15:00Z", + "LastModifiedDate": "2019-10-09T20:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19126", + "PkgName": "glibc-common", + "InstalledVersion": "2.17-292.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19126", + "Title": "glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries", + "Description": "On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 2.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 2.9 + } + }, + "References": [ + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFJ5E7NWOL6ROE5QVICHKIOUGCPFJVUH/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=25204" + ], + "PublishedDate": "2019-11-19T22:15:00Z", + "LastModifiedDate": "2020-01-21T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2014-4617", + "PkgName": "gnupg2", + "InstalledVersion": "2.0.22-5.el7_5", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-4617", + "Title": "gnupg: infinite loop when decompressing data packets", + "Description": "The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + } + }, + "References": [ + "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=014b2103fcb12f261135e3954f26e9e07b39e342", + "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=11fdfcf82bd8d2b5bc38292a29876e10770f4b0a", + "http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html", + "http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html", + "http://lists.opensuse.org/opensuse-updates/2014-07/msg00010.html", + "http://secunia.com/advisories/59213", + "http://secunia.com/advisories/59351", + "http://secunia.com/advisories/59534", + "http://secunia.com/advisories/59578", + "http://www.debian.org/security/2014/dsa-2967", + "http://www.debian.org/security/2014/dsa-2968", + "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", + "http://www.ubuntu.com/usn/USN-2258-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4617", + "https://usn.ubuntu.com/usn/usn-2258-1" + ], + "PublishedDate": "2014-06-25T11:19:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2019-13050", + "PkgName": "gnupg2", + "InstalledVersion": "2.0.22-5.el7_5", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13050", + "Title": "GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack which leads to persistent DoS", + "Description": "Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-297" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/articles/4264021", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13050", + "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f", + "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html", + "https://twitter.com/lambdafu/status/1147162583969009664" + ], + "PublishedDate": "2019-06-29T17:15:00Z", + "LastModifiedDate": "2019-07-09T20:15:00Z" + }, + { + "VulnerabilityID": "CVE-2014-3591", + "PkgName": "gnupg2", + "InstalledVersion": "2.0.22-5.el7_5", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3591", + "Title": "libgcrypt: use ciphertext blinding for Elgamal decryption (new side-channel attack)", + "Description": "Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 1.9 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", + "V2Score": 1.2 + } + }, + "References": [ + "http://www.cs.tau.ac.il/~tromer/radioexp/", + "http://www.debian.org/security/2015/dsa-3184", + "http://www.debian.org/security/2015/dsa-3185", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3591", + "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html", + "https://usn.ubuntu.com/usn/usn-2554-1", + "https://usn.ubuntu.com/usn/usn-2555-1" + ], + "PublishedDate": "2019-11-29T22:15:00Z", + "LastModifiedDate": "2019-12-05T18:06:00Z" + }, + { + "VulnerabilityID": "CVE-2015-0837", + "PkgName": "gnupg2", + "InstalledVersion": "2.0.22-5.el7_5", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-0837", + "Title": "libgcrypt: last-level cache side-channel attack", + "Description": "The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a \"Last-Level Cache Side-Channel Attack.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-203" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", + "V2Score": 1.2 + } + }, + "References": [ + "http://www.debian.org/security/2015/dsa-3184", + "http://www.debian.org/security/2015/dsa-3185", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0837", + "https://ieeexplore.ieee.org/document/7163050", + "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html", + "https://usn.ubuntu.com/usn/usn-2554-1", + "https://usn.ubuntu.com/usn/usn-2555-1" + ], + "PublishedDate": "2019-11-29T22:15:00Z", + "LastModifiedDate": "2019-12-14T13:59:00Z" + }, + { + "VulnerabilityID": "CVE-2015-1606", + "PkgName": "gnupg2", + "InstalledVersion": "2.0.22-5.el7_5", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1606", + "Title": "gnupg2: invalid memory read using a garbled keyring", + "Description": "The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", + "V2Score": 1.2 + } + }, + "References": [ + "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=f0f71a721ccd7ab9e40b8b6b028b59632c0cc648", + "http://www.debian.org/security/2015/dsa-3184", + "http://www.openwall.com/lists/oss-security/2015/02/13/14", + "http://www.openwall.com/lists/oss-security/2015/02/14/6", + "http://www.securitytracker.com/id/1031876", + "https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1606", + "https://usn.ubuntu.com/usn/usn-2554-1" + ], + "PublishedDate": "2019-11-20T19:15:00Z", + "LastModifiedDate": "2019-11-22T16:33:00Z" + }, + { + "VulnerabilityID": "CVE-2015-1607", + "PkgName": "gnupg2", + "InstalledVersion": "2.0.22-5.el7_5", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1607", + "Title": "gnupg2: memcpy with overlapping ranges (keybox_search.c)", + "Description": "kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and \"memcpy with overlapping ranges.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", + "V2Score": 1.2 + } + }, + "References": [ + "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=2183683bd633818dd031b090b5530951de76f392", + "http://www.openwall.com/lists/oss-security/2015/02/13/14", + "http://www.openwall.com/lists/oss-security/2015/02/14/6", + "http://www.securityfocus.com/bid/72610", + "http://www.ubuntu.com/usn/usn-2554-1/", + "https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1607", + "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000361.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000362.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", + "https://usn.ubuntu.com/usn/usn-2554-1" + ], + "PublishedDate": "2019-11-20T19:15:00Z", + "LastModifiedDate": "2019-11-22T16:19:00Z" + }, + { + "VulnerabilityID": "CVE-2018-9234", + "PkgName": "gnupg2", + "InstalledVersion": "2.0.22-5.el7_5", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-9234", + "Title": "GnuPG: Unenforced configuration allows for apparently valid certifications actually signed by signing subkeys", + "Description": "GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.", + "Severity": "LOW", + "CweIDs": [ + "CWE-320" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", + "V3Score": 2.2 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9234", + "https://dev.gnupg.org/T3844", + "https://usn.ubuntu.com/3675-1/", + "https://usn.ubuntu.com/usn/usn-3675-1" + ], + "PublishedDate": "2018-04-04T00:29:00Z", + "LastModifiedDate": "2019-02-27T19:37:00Z" + }, + { + "VulnerabilityID": "CVE-2014-3564", + "PkgName": "gpgme", + "InstalledVersion": "1.3.2-5.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3564", + "Title": "gpgme: heap-based buffer overflow in gpgsm status handler", + "Description": "Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to \"different line lengths in a specific order.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", + "V2Score": 5.1 + } + }, + "References": [ + "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f7911fc215845e89b50d6af5ff4a83dd77", + "http://seclists.org/oss-sec/2014/q3/266", + "http://www.debian.org/security/2014/dsa-3005", + "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "http://www.osvdb.org/109699", + "http://www.securityfocus.com/bid/68990", + "https://bugzilla.redhat.com/show_bug.cgi?id=1113267", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3564", + "https://usn.ubuntu.com/usn/usn-2307-1" + ], + "PublishedDate": "2014-10-20T17:55:00Z", + "LastModifiedDate": "2016-10-18T03:44:00Z" + }, + { + "VulnerabilityID": "CVE-2014-5351", + "PkgName": "krb5-libs", + "InstalledVersion": "1.15.1-37.el7_7.2", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-5351", + "Title": "krb5: current keys returned when randomizing the keys for a service principal", + "Description": "The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-255" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:H/Au:S/C:P/I:N/A:N", + "V2Score": 2.1 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:S/C:P/I:N/A:N", + "V2Score": 2.1 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2014-0477.html", + "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8018", + "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140132.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html", + "http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html", + "http://security.gentoo.org/glsa/glsa-201412-53.xml", + "http://www.mandriva.com/security/advisories?name=MDVSA-2014:224", + "http://www.securityfocus.com/bid/70380", + "http://www.securitytracker.com/id/1031003", + "http://www.ubuntu.com/usn/USN-2498-1", + "https://bugzilla.redhat.com/show_bug.cgi?id=1145425", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5351", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/97028", + "https://github.com/krb5/krb5/commit/af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6ca", + "https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html", + "https://usn.ubuntu.com/usn/usn-2498-1" + ], + "PublishedDate": "2014-10-10T01:55:00Z", + "LastModifiedDate": "2020-01-21T15:46:00Z" + }, + { + "VulnerabilityID": "CVE-2015-2695", + "PkgName": "krb5-libs", + "InstalledVersion": "1.15.1-37.el7_7.2", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2695", + "Title": "krb5: SPNEGO context aliasing bugs", + "Description": "lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-18" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", + "V2Score": 7.1 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8244", + "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00007.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html", + "http://www.debian.org/security/2015/dsa-3395", + "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "http://www.securityfocus.com/bid/90687", + "http://www.securitytracker.com/id/1034084", + "http://www.ubuntu.com/usn/USN-2810-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2695", + "https://github.com/krb5/krb5/commit/b51b33f2bc5d1497ddf5bd107f791c101695000d", + "https://security.gentoo.org/glsa/201611-14", + "https://usn.ubuntu.com/usn/usn-2810-1" + ], + "PublishedDate": "2015-11-09T03:59:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-2696", + "PkgName": "krb5-libs", + "InstalledVersion": "1.15.1-37.el7_7.2", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2696", + "Title": "krb5: IAKERB context aliasing flaw", + "Description": "lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-18" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", + "V2Score": 7.1 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8244", + "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html", + "http://www.debian.org/security/2015/dsa-3395", + "http://www.securityfocus.com/bid/90675", + "http://www.securitytracker.com/id/1034084", + "http://www.ubuntu.com/usn/USN-2810-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2696", + "https://github.com/krb5/krb5/commit/e04f0283516e80d2f93366e0d479d13c9b5c8c2a", + "https://security.gentoo.org/glsa/201611-14", + "https://usn.ubuntu.com/usn/usn-2810-1" + ], + "PublishedDate": "2015-11-09T03:59:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-2697", + "PkgName": "krb5-libs", + "InstalledVersion": "1.15.1-37.el7_7.2", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2697", + "Title": "krb5: build_principal() memory flaw", + "Description": "The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\\0' character in a long realm field within a TGS request.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C", + "V2Score": 6.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "V2Score": 4 + } + }, + "References": [ + "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8252", + "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html", + "http://www.debian.org/security/2015/dsa-3395", + "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "http://www.securityfocus.com/bid/77581", + "http://www.securitytracker.com/id/1034084", + "http://www.ubuntu.com/usn/USN-2810-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2697", + "https://github.com/krb5/krb5/commit/f0c094a1b745d91ef2f9a4eae2149aac026a5789", + "https://security.gentoo.org/glsa/201611-14", + "https://usn.ubuntu.com/usn/usn-2810-1" + ], + "PublishedDate": "2015-11-09T03:59:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-15088", + "PkgName": "krb5-libs", + "InstalledVersion": "1.15.1-37.el7_7.2", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15088", + "Title": "krb5: Buffer overflow in get_matching_data()", + "Description": "plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_oneline_ex functions. NOTE: this has security relevance only in use cases outside of the MIT Kerberos distribution, e.g., the use of get_matching_data in KDC certauth plugin code that is specific to Red Hat.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.1 + } + }, + "References": [ + "http://www.securityfocus.com/bid/101594", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871698", + "https://bugzilla.redhat.com/show_bug.cgi?id=1504045", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15088", + "https://github.com/krb5/krb5/commit/fbb687db1088ddd894d975996e5f6a4252b9a2b4", + "https://github.com/krb5/krb5/pull/707" + ], + "PublishedDate": "2017-11-23T17:29:00Z", + "LastModifiedDate": "2019-10-09T23:24:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20217", + "PkgName": "krb5-libs", + "InstalledVersion": "1.15.1-37.el7_7.2", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20217", + "Title": "krb5: Reachable assertion in the KDC using S4U2Self requests", + "Description": "A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-617" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 3.5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.3 + } + }, + "References": [ + "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20217", + "https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086", + "https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2KNHELH4YHNT6H2ESJWX2UIDXLBNGB2O/", + "https://security.netapp.com/advisory/ntap-20190416-0006/" + ], + "PublishedDate": "2018-12-26T21:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11462", + "PkgName": "krb5-libs", + "InstalledVersion": "1.15.1-37.el7_7.2", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11462", + "Title": "krb5: Automatic sec context deletion could lead to double-free", + "Description": "Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.", + "Severity": "LOW", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598", + "https://bugzilla.redhat.com/show_bug.cgi?id=1488873", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11462", + "https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2FPRUP4YVOEBGEROUYWZFEQ64HTMGNED/" + ], + "PublishedDate": "2017-09-13T16:29:00Z", + "LastModifiedDate": "2020-01-21T15:47:00Z" + }, + { + "VulnerabilityID": "CVE-2014-9114", + "PkgName": "libblkid", + "InstalledVersion": "2.23.2-61.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9114", + "Title": "util-linux: command injection flaw in blkid", + "Description": "Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-77" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V2Score": 6.2 + } + }, + "References": [ + "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146229.html", + "http://lists.opensuse.org/opensuse-updates/2015-01/msg00035.html", + "http://www.openwall.com/lists/oss-security/2014/11/26/21", + "http://www.securityfocus.com/bid/71327", + "https://bugzilla.redhat.com/show_bug.cgi?id=1168485", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9114", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/98993", + "https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc", + "https://security.gentoo.org/glsa/201612-14" + ], + "PublishedDate": "2017-03-31T16:59:00Z", + "LastModifiedDate": "2019-01-04T14:14:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2779", + "PkgName": "libblkid", + "InstalledVersion": "2.23.2-61.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", + "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", + "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "V2Score": 6.2, + "V3Score": 8.6 + } + }, + "References": [ + "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", + "http://www.openwall.com/lists/oss-security/2016/02/27/1", + "http://www.openwall.com/lists/oss-security/2016/02/27/2", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" + ], + "PublishedDate": "2017-02-07T15:59:00Z", + "LastModifiedDate": "2019-01-04T14:14:00Z" + }, + { + "VulnerabilityID": "CVE-2015-5218", + "PkgName": "libblkid", + "InstalledVersion": "2.23.2-61.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5218", + "Title": "colcrt: global-buffer-overflow", + "Description": "Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", + "V2Score": 3.7 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-updates/2015-11/msg00035.html", + "http://www.spinics.net/lists/util-linux-ng/msg11873.html", + "https://bugzilla.redhat.com/show_bug.cgi?id=1259322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5218", + "https://github.com/kerolasa/lelux-utiliteetit/commit/70e3fcf293c1827a2655a86584ab13075124a8a8", + "https://github.com/kerolasa/lelux-utiliteetit/commit/d883d64d96ab9bef510745d064a351145b9babec", + "https://www.kernel.org/pub/linux/utils/util-linux/v2.27/v2.27-ReleaseNotes" + ], + "PublishedDate": "2015-11-09T16:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2015-0247", + "PkgName": "libcom_err", + "InstalledVersion": "1.42.9-16.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-0247", + "Title": "e2fsprogs: ext2fs_open2() missing first_meta_bg boundary check leading to heap buffer overflow (oCERT-015-002)", + "Description": "Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", + "V2Score": 6.9 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2015-0061.html", + "http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149434.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150606.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150805.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00019.html", + "http://lists.opensuse.org/opensuse-updates/2015-06/msg00010.html", + "http://packetstormsecurity.com/files/130283/e2fsprogs-Input-Sanitization.html", + "http://www.debian.org/security/2015/dsa-3166", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:045", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:067", + "http://www.ocert.org/advisories/ocert-2015-002.html", + "http://www.securityfocus.com/archive/1/534633/100/0/threaded", + "http://www.securityfocus.com/bid/72520", + "http://www.ubuntu.com/usn/USN-2507-1", + "https://bugzilla.redhat.com/show_bug.cgi?id=1187032", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0247", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/100740", + "https://security.gentoo.org/glsa/201701-06", + "https://usn.ubuntu.com/usn/usn-2507-1" + ], + "PublishedDate": "2015-02-17T15:59:00Z", + "LastModifiedDate": "2018-10-09T19:55:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5094", + "PkgName": "libcom_err", + "InstalledVersion": "1.42.9-16.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", + "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", + "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", + "https://seclists.org/bugtraq/2019/Sep/58", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", + "https://usn.ubuntu.com/4142-2/", + "https://usn.ubuntu.com/usn/usn-4142-1", + "https://usn.ubuntu.com/usn/usn-4142-2", + "https://www.debian.org/security/2019/dsa-4535" + ], + "PublishedDate": "2019-09-24T22:15:00Z", + "LastModifiedDate": "2019-09-28T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5188", + "PkgName": "libcom_err", + "InstalledVersion": "1.42.9-16.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", + "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", + "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", + "https://usn.ubuntu.com/4249-1/", + "https://usn.ubuntu.com/usn/usn-4249-1" + ], + "PublishedDate": "2020-01-08T16:15:00Z", + "LastModifiedDate": "2020-01-28T06:15:00Z" + }, + { + "VulnerabilityID": "CVE-2015-1572", + "PkgName": "libcom_err", + "InstalledVersion": "1.42.9-16.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1572", + "Title": "e2fsprogs: potential buffer overflow in closefs() (incomplete CVE-2015-0247 fix)", + "Description": "Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V2Score": 6.2 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2015-0088.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150606.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150805.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00019.html", + "http://lists.opensuse.org/opensuse-updates/2015-06/msg00006.html", + "http://lists.opensuse.org/opensuse-updates/2015-06/msg00010.html", + "http://www.debian.org/security/2015/dsa-3166", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:067", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:068", + "http://www.securityfocus.com/bid/72709", + "http://www.ubuntu.com/usn/USN-2507-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1572", + "https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=49d0fe2a14f2a23da2fe299643379b8c1d37df73", + "https://security.gentoo.org/glsa/201507-22", + "https://usn.ubuntu.com/usn/usn-2507-1" + ], + "PublishedDate": "2015-02-24T15:59:00Z", + "LastModifiedDate": "2017-11-08T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-3153", + "PkgName": "libcurl", + "InstalledVersion": "7.29.0-54.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-3153", + "Title": "curl: sensitive HTTP server headers also sent to proxies", + "Description": "The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + } + }, + "References": [ + "http://curl.haxx.se/docs/adv_20150429.html", + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743", + "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", + "http://lists.opensuse.org/opensuse-updates/2015-05/msg00017.html", + "http://www.debian.org/security/2015/dsa-3240", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", + "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", + "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", + "http://www.securityfocus.com/bid/74408", + "http://www.securitytracker.com/id/1032233", + "http://www.ubuntu.com/usn/USN-2591-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3153", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10131", + "https://support.apple.com/kb/HT205031", + "https://usn.ubuntu.com/usn/usn-2591-1" + ], + "PublishedDate": "2015-05-01T15:59:00Z", + "LastModifiedDate": "2018-10-17T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8615", + "PkgName": "libcurl", + "InstalledVersion": "7.29.0-54.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8615", + "Title": "curl: Cookie injection for other servers", + "Description": "A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-254" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 4.3, + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8615.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94096", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8615", + "https://curl.haxx.se/CVE-2016-8615.patch", + "https://curl.haxx.se/docs/adv_20161102A.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-08-01T06:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8617", + "PkgName": "libcurl", + "InstalledVersion": "7.29.0-54.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8617", + "Title": "curl: Out-of-bounds write via unchecked multiplication", + "Description": "The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.4, + "V3Score": 7 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 4.3, + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8617.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94097", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8617", + "https://curl.haxx.se/CVE-2016-8617.patch", + "https://curl.haxx.se/docs/adv_20161102C.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-07-31T22:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8618", + "PkgName": "libcurl", + "InstalledVersion": "7.29.0-54.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8618", + "Title": "curl: Double-free in curl_maprintf", + "Description": "The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 4.3, + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8618.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94098", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8618", + "https://curl.haxx.se/docs/adv_20161102D.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-07-31T21:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8619", + "PkgName": "libcurl", + "InstalledVersion": "7.29.0-54.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8619", + "Title": "curl: Double-free in krb5 code", + "Description": "The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 4.3, + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8619.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94100", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8619", + "https://curl.haxx.se/CVE-2016-8619.patch", + "https://curl.haxx.se/docs/adv_20161102E.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-08-01T06:29:00Z", + "LastModifiedDate": "2019-10-09T23:20:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8624", + "PkgName": "libcurl", + "InstalledVersion": "7.29.0-54.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8624", + "Title": "curl: Invalid URL parsing with '#'", + "Description": "curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 4.3, + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8624.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94103", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8624", + "https://curl.haxx.se/docs/adv_20161102J.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-07-31T21:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8625", + "PkgName": "libcurl", + "InstalledVersion": "7.29.0-54.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8625", + "Title": "curl: IDNA 2003 makes curl use wrong host", + "Description": "curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 4.3, + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8625.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.securityfocus.com/bid/94107", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8625", + "https://curl.haxx.se/CVE-2016-8625.patch", + "https://curl.haxx.se/docs/adv_20161102K.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8625", + "https://security.gentoo.org/glsa/201701-47", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-08-01T06:29:00Z", + "LastModifiedDate": "2019-10-09T23:20:00Z" + }, + { + "VulnerabilityID": "CVE-2017-1000254", + "PkgName": "libcurl", + "InstalledVersion": "7.29.0-54.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000254", + "Title": "curl: FTP PWD response parser out of bounds read", + "Description": "libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "http://www.debian.org/security/2017/dsa-3992", + "http://www.securityfocus.com/bid/101115", + "http://www.securitytracker.com/id/1039509", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://curl.haxx.se/673d0cd8.patch", + "https://curl.haxx.se/docs/adv_20171004.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000254", + "https://security.gentoo.org/glsa/201712-04", + "https://support.apple.com/HT208331", + "https://usn.ubuntu.com/usn/usn-3441-1", + "https://usn.ubuntu.com/usn/usn-3441-2" + ], + "PublishedDate": "2017-10-06T13:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-8817", + "PkgName": "libcurl", + "InstalledVersion": "7.29.0-54.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8817", + "Title": "curl: FTP wildcard out of bounds read", + "Description": "The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", + "V3Score": 3.1 + } + }, + "References": [ + "http://security.cucumberlinux.com/security/details.php?id=162", + "http://www.securityfocus.com/bid/102057", + "http://www.securitytracker.com/id/1039897", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://curl.haxx.se/docs/adv_2017-ae72.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8817", + "https://lists.debian.org/debian-lts-announce/2017/11/msg00040.html", + "https://security.gentoo.org/glsa/201712-04", + "https://usn.ubuntu.com/usn/usn-3498-1", + "https://usn.ubuntu.com/usn/usn-3498-2", + "https://www.debian.org/security/2017/dsa-4051" + ], + "PublishedDate": "2017-11-29T18:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20483", + "PkgName": "libcurl", + "InstalledVersion": "7.29.0-54.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20483", + "Title": "wget: Information exposure in set_file_metadata function in xattr.c", + "Description": "set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-255" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 2.1, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/wget.git/tree/NEWS", + "http://linux.oracle.com/cve/CVE-2018-20483.html", + "http://linux.oracle.com/errata/ELSA-2019-3701.html", + "http://www.securityfocus.com/bid/106358", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20483", + "https://security.gentoo.org/glsa/201903-08", + "https://security.netapp.com/advisory/ntap-20190321-0002/", + "https://twitter.com/marcan42/status/1077676739877232640", + "https://usn.ubuntu.com/3943-1/", + "https://usn.ubuntu.com/usn/usn-3943-1" + ], + "PublishedDate": "2018-12-26T18:29:00Z", + "LastModifiedDate": "2019-04-09T16:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5482", + "PkgName": "libcurl", + "InstalledVersion": "7.29.0-54.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5482", + "Title": "curl: heap buffer overflow in function tftp_receive_packet()", + "Description": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-120" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 6.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", + "https://curl.haxx.se/docs/CVE-2019-5482.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", + "https://usn.ubuntu.com/usn/usn-4129-1", + "https://usn.ubuntu.com/usn/usn-4129-2" + ], + "PublishedDate": "2019-09-16T19:15:00Z", + "LastModifiedDate": "2019-09-18T00:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-0755", + "PkgName": "libcurl", + "InstalledVersion": "7.29.0-54.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-0755", + "Title": "curl: NTLM credentials not-checked for proxy connection re-use", + "Description": "The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.", + "Severity": "LOW", + "CweIDs": [ + "CWE-287" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 5, + "V3Score": 7.3 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", + "V2Score": 4 + } + }, + "References": [ + "http://curl.haxx.se/docs/adv_20160127A.html", + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176546.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177342.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177383.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176413.html", + "http://lists.opensuse.org/opensuse-updates/2016-02/msg00031.html", + "http://lists.opensuse.org/opensuse-updates/2016-02/msg00044.html", + "http://lists.opensuse.org/opensuse-updates/2016-02/msg00047.html", + "http://packetstormsecurity.com/files/135695/Slackware-Security-Advisory-curl-Updates.html", + "http://www.debian.org/security/2016/dsa-3455", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/82307", + "http://www.securitytracker.com/id/1034882", + "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.519965", + "http://www.ubuntu.com/usn/USN-2882-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0755", + "https://security.gentoo.org/glsa/201701-47", + "https://support.apple.com/HT207170", + "https://usn.ubuntu.com/usn/usn-2882-1" + ], + "PublishedDate": "2016-01-29T20:59:00Z", + "LastModifiedDate": "2018-10-17T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8616", + "PkgName": "libcurl", + "InstalledVersion": "7.29.0-54.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8616", + "Title": "curl: Case insensitive password comparison", + "Description": "A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.", + "Severity": "LOW", + "CweIDs": [ + "CWE-255" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 2.6, + "V3Score": 3.7 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8616.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94094", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8616", + "https://curl.haxx.se/CVE-2016-8616.patch", + "https://curl.haxx.se/docs/adv_20161102B.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-08-01T06:29:00Z", + "LastModifiedDate": "2019-10-09T23:20:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8621", + "PkgName": "libcurl", + "InstalledVersion": "7.29.0-54.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8621", + "Title": "curl: curl_getdate out-of-bounds read", + "Description": "The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8621.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94101", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8621", + "https://curl.haxx.se/CVE-2016-8621.patch", + "https://curl.haxx.se/docs/adv_20161102G.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-07-31T22:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8622", + "PkgName": "libcurl", + "InstalledVersion": "7.29.0-54.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8622", + "Title": "curl: URL unescape heap overflow via integer truncation", + "Description": "The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer.", + "Severity": "LOW", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 2.6, + "V3Score": 3.7 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8622.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94105", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8622", + "https://curl.haxx.se/docs/adv_20161102H.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-07-31T21:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-8623", + "PkgName": "libcurl", + "InstalledVersion": "7.29.0-54.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8623", + "Title": "curl: Use-after-free via shared cookies", + "Description": "A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.", + "Severity": "LOW", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 4.3, + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-8623.html", + "http://linux.oracle.com/errata/ELSA-2019-4652.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/94106", + "http://www.securitytracker.com/id/1037192", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8623", + "https://curl.haxx.se/CVE-2016-8623.patch", + "https://curl.haxx.se/docs/adv_20161102I.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3123-1", + "https://www.tenable.com/security/tns-2016-21" + ], + "PublishedDate": "2018-08-01T06:29:00Z", + "LastModifiedDate": "2019-10-09T23:20:00Z" + }, + { + "VulnerabilityID": "CVE-2016-9586", + "PkgName": "libcurl", + "InstalledVersion": "7.29.0-54.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9586", + "Title": "curl: printf floating point buffer overflow", + "Description": "curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.1 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 2.6, + "V3Score": 5.9 + } + }, + "References": [ + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/95019", + "http://www.securitytracker.com/id/1037515", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9586", + "https://curl.haxx.se/docs/adv_20161221A.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9586", + "https://github.com/curl/curl/commit/curl-7_51_0-162-g3ab3c16", + "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", + "https://security.gentoo.org/glsa/201701-47", + "https://usn.ubuntu.com/usn/usn-3441-1", + "https://usn.ubuntu.com/usn/usn-3441-2" + ], + "PublishedDate": "2018-04-23T18:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-1000100", + "PkgName": "libcurl", + "InstalledVersion": "7.29.0-54.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000100", + "Title": "curl: TFTP sends more than buffer size", + "Description": "When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.8 + } + }, + "References": [ + "http://www.debian.org/security/2017/dsa-3992", + "http://www.securityfocus.com/bid/100286", + "http://www.securitytracker.com/id/1039118", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://curl.haxx.se/docs/adv_20170809B.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000100", + "https://security.gentoo.org/glsa/201709-14", + "https://support.apple.com/HT208221", + "https://usn.ubuntu.com/usn/usn-3441-1", + "https://usn.ubuntu.com/usn/usn-3441-2" + ], + "PublishedDate": "2017-10-05T01:29:00Z", + "LastModifiedDate": "2018-11-13T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7407", + "PkgName": "libcurl", + "InstalledVersion": "7.29.0-54.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7407", + "Title": "curl: --write-out out of bounds read", + "Description": "The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 2.1, + "V3Score": 2.4 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", + "V3Score": 1.8 + } + }, + "References": [ + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "https://access.redhat.com/errata/RHSA-2018:3558", + "https://curl.haxx.se/docs/adv_20170403.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7407", + "https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13", + "https://security.gentoo.org/glsa/201709-14", + "https://usn.ubuntu.com/usn/usn-3441-1", + "https://usn.ubuntu.com/usn/usn-3441-2" + ], + "PublishedDate": "2017-04-03T20:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5436", + "PkgName": "libcurl", + "InstalledVersion": "7.29.0-54.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5436", + "Title": "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function", + "Description": "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html", + "https://curl.haxx.se/docs/CVE-2019-5436.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/", + "https://security.netapp.com/advisory/ntap-20190606-0004/", + "https://usn.ubuntu.com/usn/usn-3993-1", + "https://usn.ubuntu.com/usn/usn-3993-2" + ], + "PublishedDate": "2019-05-28T19:29:00Z", + "LastModifiedDate": "2019-06-09T05:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-10140", + "PkgName": "libdb", + "InstalledVersion": "5.3.21-25.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10140", + "Title": "libdb: Reads DB_CONFIG from the current working directory", + "Description": "Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 4.5 + } + }, + "References": [ + "http://seclists.org/oss-sec/2017/q3/285", + "http://www.openwall.com/lists/oss-security/2017/08/12/1", + "http://www.postfix.org/announcements/postfix-3.2.2.html", + "https://access.redhat.com/errata/RHSA-2019:0366", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10140", + "https://usn.ubuntu.com/usn/usn-3489-1", + "https://usn.ubuntu.com/usn/usn-3489-2" + ], + "PublishedDate": "2018-04-16T17:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-10140", + "PkgName": "libdb-utils", + "InstalledVersion": "5.3.21-25.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10140", + "Title": "libdb: Reads DB_CONFIG from the current working directory", + "Description": "Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 4.5 + } + }, + "References": [ + "http://seclists.org/oss-sec/2017/q3/285", + "http://www.openwall.com/lists/oss-security/2017/08/12/1", + "http://www.postfix.org/announcements/postfix-3.2.2.html", + "https://access.redhat.com/errata/RHSA-2019:0366", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10140", + "https://usn.ubuntu.com/usn/usn-3489-1", + "https://usn.ubuntu.com/usn/usn-3489-2" + ], + "PublishedDate": "2018-04-16T17:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2014-5044", + "PkgName": "libgcc", + "InstalledVersion": "4.8.5-39.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-5044", + "Title": "gcc: integer overflow flaws in libgfortran", + "Description": "Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2014/07/23/7", + "http://www.openwall.com/lists/oss-security/2014/07/24/1", + "http://www.openwall.com/lists/oss-security/2014/07/31/6", + "https://bugzilla.redhat.com/show_bug.cgi?id=1122812", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5044", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/94849", + "https://gcc.gnu.org/viewcvs/gcc/trunk/libgfortran/ChangeLog?limit_changes=0\u0026view=markup\u0026pathrev=211721", + "https://gcc.gnu.org/viewcvs/gcc?limit_changes=0\u0026view=revision\u0026revision=211721" + ], + "PublishedDate": "2018-03-07T15:29:00Z", + "LastModifiedDate": "2018-03-27T23:48:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20673", + "PkgName": "libgcc", + "InstalledVersion": "4.8.5-39.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20673", + "Title": "libiberty: Integer overflow in demangle_template() function", + "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106454", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24039" + ], + "PublishedDate": "2019-01-04T18:29:00Z", + "LastModifiedDate": "2019-01-15T14:36:00Z" + }, + { + "VulnerabilityID": "CVE-2015-5276", + "PkgName": "libgcc", + "InstalledVersion": "4.8.5-39.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5276", + "Title": "gcc: Predictable randomness from std::random_device", + "Description": "The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "V2Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-updates/2015-11/msg00054.html", + "http://lists.opensuse.org/opensuse-updates/2016-04/msg00052.html", + "http://www.securitytracker.com/id/1034375", + "https://bugzilla.redhat.com/show_bug.cgi?id=1262846", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5276", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65142", + "https://gcc.gnu.org/ml/gcc-patches/2015-09/msg01050.html" + ], + "PublishedDate": "2015-11-17T15:59:00Z", + "LastModifiedDate": "2019-02-12T19:05:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2226", + "PkgName": "libgcc", + "InstalledVersion": "4.8.5-39.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2226", + "Title": "gcc: Exploitable buffer overflow", + "Description": "Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190", + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V2Score": 6.8, + "V3Score": 3.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90103", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1", + "https://www.exploit-db.com/exploits/42386/" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-08-12T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4487", + "PkgName": "libgcc", + "InstalledVersion": "4.8.5-39.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4487", + "Title": "gcc: Invalid write due to a use-after-free to array btypevec", + "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"btypevec.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V2Score": 2.6, + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90025", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", + "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4488", + "PkgName": "libgcc", + "InstalledVersion": "4.8.5-39.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4488", + "Title": "gcc: Invalid write due to a use-after-free to array ktypevec", + "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"ktypevec.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V2Score": 5.1, + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90025", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", + "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4489", + "PkgName": "libgcc", + "InstalledVersion": "4.8.5-39.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4489", + "Title": "gcc: Invalid write due to integer overflow", + "Description": "Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the \"demangling of virtual tables.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 4, + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90017", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4490", + "PkgName": "libgcc", + "InstalledVersion": "4.8.5-39.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4490", + "Title": "gcc: Write access violation", + "Description": "Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 4, + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90019", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4491", + "PkgName": "libgcc", + "InstalledVersion": "4.8.5-39.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4491", + "Title": "gcc: Stack overflow due to infinite recursion in d_print_comp", + "Description": "The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90016", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909", + "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4492", + "PkgName": "libgcc", + "InstalledVersion": "4.8.5-39.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4492", + "Title": "gcc: Read access violations", + "Description": "Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 4.4 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 2.6, + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90014", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", + "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4493", + "PkgName": "libgcc", + "InstalledVersion": "4.8.5-39.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4493", + "Title": "gcc: Read access violations", + "Description": "The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 2.6, + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90014", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", + "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20657", + "PkgName": "libgcc", + "InstalledVersion": "4.8.5-39.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20657", + "Title": "libiberty: Memory leak in demangle_template function resulting in a denial of service", + "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", + "Severity": "LOW", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-20657.html", + "http://linux.oracle.com/errata/ELSA-2019-3352.html", + "http://www.securityfocus.com/bid/106444", + "https://access.redhat.com/errata/RHSA-2019:3352", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539", + "https://support.f5.com/csp/article/K62602089" + ], + "PublishedDate": "2019-01-02T14:29:00Z", + "LastModifiedDate": "2019-11-06T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-14250", + "PkgName": "libgcc", + "InstalledVersion": "4.8.5-39.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14250", + "Title": "binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow", + "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/109354", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90924", + "https://gcc.gnu.org/ml/gcc-patches/2019-07/msg01003.html", + "https://security.netapp.com/advisory/ntap-20190822-0002/" + ], + "PublishedDate": "2019-07-24T04:15:00Z", + "LastModifiedDate": "2019-08-22T07:15:00Z" + }, + { + "VulnerabilityID": "CVE-2014-5270", + "PkgName": "libgcrypt", + "InstalledVersion": "1.5.3-14.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-5270", + "Title": "libgcrypt: ELGAMAL side-channel attack", + "Description": "Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 2.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 1.9 + } + }, + "References": [ + "http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000352.html", + "http://openwall.com/lists/oss-security/2014/08/16/2", + "http://www.cs.tau.ac.il/~tromer/handsoff/", + "http://www.debian.org/security/2014/dsa-3024", + "http://www.debian.org/security/2014/dsa-3073", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5270", + "https://usn.ubuntu.com/usn/usn-2339-1", + "https://usn.ubuntu.com/usn/usn-2339-2" + ], + "PublishedDate": "2014-10-10T01:55:00Z", + "LastModifiedDate": "2017-11-04T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7526", + "PkgName": "libgcrypt", + "InstalledVersion": "1.5.3-14.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7526", + "Title": "libgcrypt: Use of left-to-right sliding window method allows full RSA key recovery", + "Description": "libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "http://www.securityfocus.com/bid/99338", + "http://www.securitytracker.com/id/1038915", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7526", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7526", + "https://eprint.iacr.org/2017/627", + "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=78130828e9a140a9de4dafadbc844dbb64cb709a", + "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=8725c99ffa41778f382ca97233183bcd687bb0ce", + "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=e6a3dc9900433bbc8ad362a595a3837318c28fa9", + "https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html", + "https://usn.ubuntu.com/3733-1/", + "https://usn.ubuntu.com/3733-2/", + "https://usn.ubuntu.com/usn/usn-3347-1", + "https://usn.ubuntu.com/usn/usn-3347-2", + "https://usn.ubuntu.com/usn/usn-3733-1", + "https://usn.ubuntu.com/usn/usn-3733-2", + "https://www.debian.org/security/2017/dsa-3901", + "https://www.debian.org/security/2017/dsa-3960" + ], + "PublishedDate": "2018-07-26T13:29:00Z", + "LastModifiedDate": "2019-10-09T23:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-12904", + "PkgName": "libgcrypt", + "InstalledVersion": "1.5.3-14.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12904", + "Title": "Libgcrypt: physical addresses being available to other processes leads to a flush-and-reload side-channel attack", + "Description": "In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.)", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00049.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12904", + "https://dev.gnupg.org/T4541", + "https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020", + "https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762", + "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html" + ], + "PublishedDate": "2019-06-20T00:15:00Z", + "LastModifiedDate": "2019-07-23T18:15:00Z" + }, + { + "VulnerabilityID": "CVE-2014-3591", + "PkgName": "libgcrypt", + "InstalledVersion": "1.5.3-14.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3591", + "Title": "libgcrypt: use ciphertext blinding for Elgamal decryption (new side-channel attack)", + "Description": "Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 1.9 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", + "V2Score": 1.2 + } + }, + "References": [ + "http://www.cs.tau.ac.il/~tromer/radioexp/", + "http://www.debian.org/security/2015/dsa-3184", + "http://www.debian.org/security/2015/dsa-3185", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3591", + "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html", + "https://usn.ubuntu.com/usn/usn-2554-1", + "https://usn.ubuntu.com/usn/usn-2555-1" + ], + "PublishedDate": "2019-11-29T22:15:00Z", + "LastModifiedDate": "2019-12-05T18:06:00Z" + }, + { + "VulnerabilityID": "CVE-2015-0837", + "PkgName": "libgcrypt", + "InstalledVersion": "1.5.3-14.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-0837", + "Title": "libgcrypt: last-level cache side-channel attack", + "Description": "The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a \"Last-Level Cache Side-Channel Attack.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-203" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", + "V2Score": 1.2 + } + }, + "References": [ + "http://www.debian.org/security/2015/dsa-3184", + "http://www.debian.org/security/2015/dsa-3185", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0837", + "https://ieeexplore.ieee.org/document/7163050", + "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html", + "https://usn.ubuntu.com/usn/usn-2554-1", + "https://usn.ubuntu.com/usn/usn-2555-1" + ], + "PublishedDate": "2019-11-29T22:15:00Z", + "LastModifiedDate": "2019-12-14T13:59:00Z" + }, + { + "VulnerabilityID": "CVE-2015-2059", + "PkgName": "libidn", + "InstalledVersion": "1.28-4.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2059", + "Title": "libidn: out-of-bounds read with stringprep on invalid UTF-8", + "Description": "The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", + "V2Score": 2.6 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=2e97c279", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162537.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162549.html", + "http://lists.opensuse.org/opensuse-updates/2015-07/msg00042.html", + "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html", + "http://www.debian.org/security/2016/dsa-3578", + "http://www.openwall.com/lists/oss-security/2015/02/23/25", + "http://www.securityfocus.com/bid/72736", + "http://www.ubuntu.com/usn/USN-3068-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2059", + "https://github.com/jabberd2/jabberd2/issues/85", + "https://lists.gnu.org/archive/html/help-libidn/2015-07/msg00026.html (regression)", + "https://usn.ubuntu.com/usn/usn-3068-1" + ], + "PublishedDate": "2015-08-12T14:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8948", + "PkgName": "libidn", + "InstalledVersion": "1.28-4.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8948", + "Title": "libidn: Out-of-bounds read due to use of fgets with fixed-size buffer", + "Description": "idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 2.6, + "V3Score": 3.7 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=570e68886c41c2e765e6218cb317d9a9a447a041", + "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html", + "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html", + "http://www.debian.org/security/2016/dsa-3658", + "http://www.openwall.com/lists/oss-security/2016/07/20/6", + "http://www.openwall.com/lists/oss-security/2016/07/21/4", + "http://www.securityfocus.com/bid/92070", + "http://www.ubuntu.com/usn/USN-3068-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8948", + "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html", + "https://marc.info/?l=oss-security\u0026m=146910769415616\u0026w=2", + "https://usn.ubuntu.com/usn/usn-3068-1" + ], + "PublishedDate": "2016-09-07T20:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2016-6261", + "PkgName": "libidn", + "InstalledVersion": "1.28-4.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6261", + "Title": "libidn: Out of bounds stack read in idna_to_ascii_4i", + "Description": "The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 2.6, + "V3Score": 3.7 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d", + "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html", + "http://www.debian.org/security/2016/dsa-3658", + "http://www.openwall.com/lists/oss-security/2016/07/20/6", + "http://www.openwall.com/lists/oss-security/2016/07/21/4", + "http://www.securityfocus.com/bid/92070", + "http://www.ubuntu.com/usn/USN-3068-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6261", + "https://lists.gnu.org/archive/html/help-libidn/2015-07/msg00016.html", + "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html", + "https://usn.ubuntu.com/usn/usn-3068-1" + ], + "PublishedDate": "2016-09-07T20:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2016-6262", + "PkgName": "libidn", + "InstalledVersion": "1.28-4.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6262", + "Title": "libidn: Out-of-bounds read when reading zero byte as input", + "Description": "idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V2Score": 2.6, + "V3Score": 3.7 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60", + "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html", + "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html", + "http://www.openwall.com/lists/oss-security/2016/07/20/6", + "http://www.openwall.com/lists/oss-security/2016/07/21/4", + "http://www.securityfocus.com/bid/92070", + "http://www.ubuntu.com/usn/USN-3068-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6262", + "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html", + "https://usn.ubuntu.com/usn/usn-3068-1" + ], + "PublishedDate": "2016-09-07T20:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2016-6263", + "PkgName": "libidn", + "InstalledVersion": "1.28-4.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6263", + "Title": "libidn: Crash when given invalid UTF-8 data on input", + "Description": "The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V2Score": 2.6, + "V3Score": 3.7 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f425555", + "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html", + "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html", + "http://www.debian.org/security/2016/dsa-3658", + "http://www.openwall.com/lists/oss-security/2016/07/20/6", + "http://www.openwall.com/lists/oss-security/2016/07/21/4", + "http://www.securityfocus.com/bid/92070", + "http://www.ubuntu.com/usn/USN-3068-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6263", + "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html", + "https://usn.ubuntu.com/usn/usn-3068-1" + ], + "PublishedDate": "2016-09-07T20:59:00Z", + "LastModifiedDate": "2016-11-28T20:31:00Z" + }, + { + "VulnerabilityID": "CVE-2017-14062", + "PkgName": "libidn", + "InstalledVersion": "1.28-4.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14062", + "Title": "libidn2: Integer overflow in puny_decode.c/decode_digit", + "Description": "Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.debian.org/security/2017/dsa-3988", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14062", + "https://gitlab.com/libidn/libidn2/blob/master/NEWS", + "https://gitlab.com/libidn/libidn2/commit/3284eb342cd0ed1a18786e3fcdf0cdd7e76676bd", + "https://lists.debian.org/debian-lts-announce/2018/07/msg00040.html", + "https://usn.ubuntu.com/usn/usn-3421-1", + "https://usn.ubuntu.com/usn/usn-3434-1", + "https://usn.ubuntu.com/usn/usn-3434-2" + ], + "PublishedDate": "2017-08-31T16:29:00Z", + "LastModifiedDate": "2020-02-18T19:27:00Z" + }, + { + "VulnerabilityID": "CVE-2014-9114", + "PkgName": "libmount", + "InstalledVersion": "2.23.2-61.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9114", + "Title": "util-linux: command injection flaw in blkid", + "Description": "Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-77" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V2Score": 6.2 + } + }, + "References": [ + "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146229.html", + "http://lists.opensuse.org/opensuse-updates/2015-01/msg00035.html", + "http://www.openwall.com/lists/oss-security/2014/11/26/21", + "http://www.securityfocus.com/bid/71327", + "https://bugzilla.redhat.com/show_bug.cgi?id=1168485", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9114", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/98993", + "https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc", + "https://security.gentoo.org/glsa/201612-14" + ], + "PublishedDate": "2017-03-31T16:59:00Z", + "LastModifiedDate": "2019-01-04T14:14:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2779", + "PkgName": "libmount", + "InstalledVersion": "2.23.2-61.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", + "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", + "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "V2Score": 6.2, + "V3Score": 8.6 + } + }, + "References": [ + "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", + "http://www.openwall.com/lists/oss-security/2016/02/27/1", + "http://www.openwall.com/lists/oss-security/2016/02/27/2", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" + ], + "PublishedDate": "2017-02-07T15:59:00Z", + "LastModifiedDate": "2019-01-04T14:14:00Z" + }, + { + "VulnerabilityID": "CVE-2015-5218", + "PkgName": "libmount", + "InstalledVersion": "2.23.2-61.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5218", + "Title": "colcrt: global-buffer-overflow", + "Description": "Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", + "V2Score": 3.7 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-updates/2015-11/msg00035.html", + "http://www.spinics.net/lists/util-linux-ng/msg11873.html", + "https://bugzilla.redhat.com/show_bug.cgi?id=1259322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5218", + "https://github.com/kerolasa/lelux-utiliteetit/commit/70e3fcf293c1827a2655a86584ab13075124a8a8", + "https://github.com/kerolasa/lelux-utiliteetit/commit/d883d64d96ab9bef510745d064a351145b9babec", + "https://www.kernel.org/pub/linux/utils/util-linux/v2.27/v2.27-ReleaseNotes" + ], + "PublishedDate": "2015-11-09T16:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2017-0553", + "PkgName": "libnl", + "InstalledVersion": "1.1.4-3.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-0553", + "Title": "libnl: Integer overflow in nlmsg_reserve()", + "Description": "An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32342065. NOTE: this issue also exists in the upstream libnl before 3.3.0 library.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 7.6, + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://git.infradead.org/users/tgr/libnl.git/commit/3e18948f17148e6a3c4255bdeaaf01ef6081ceeb", + "http://linux.oracle.com/cve/CVE-2017-0553.html", + "http://linux.oracle.com/errata/ELSA-2017-2299.html", + "http://lists.infradead.org/pipermail/libnl/2017-May/002313.html", + "http://www.securityfocus.com/bid/97340", + "http://www.securitytracker.com/id/1038201", + "http://www.ubuntu.com/usn/USN-3311-2", + "https://access.redhat.com/errata/RHSA-2017:2299", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0553", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6VCF5KS6HOJZLFIY2ZSXSVSDQX65A2PU/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KIHASXRQO2YTQPKVP4VGIB2XHPANG6YX/", + "https://source.android.com/security/bulletin/2017-04-01", + "https://usn.ubuntu.com/usn/usn-3311-1", + "https://usn.ubuntu.com/usn/usn-3311-1/", + "https://usn.ubuntu.com/usn/usn-3311-2" + ], + "PublishedDate": "2017-04-07T22:59:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2014-9114", + "PkgName": "libsmartcols", + "InstalledVersion": "2.23.2-61.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9114", + "Title": "util-linux: command injection flaw in blkid", + "Description": "Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-77" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V2Score": 6.2 + } + }, + "References": [ + "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146229.html", + "http://lists.opensuse.org/opensuse-updates/2015-01/msg00035.html", + "http://www.openwall.com/lists/oss-security/2014/11/26/21", + "http://www.securityfocus.com/bid/71327", + "https://bugzilla.redhat.com/show_bug.cgi?id=1168485", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9114", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/98993", + "https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc", + "https://security.gentoo.org/glsa/201612-14" + ], + "PublishedDate": "2017-03-31T16:59:00Z", + "LastModifiedDate": "2019-01-04T14:14:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2779", + "PkgName": "libsmartcols", + "InstalledVersion": "2.23.2-61.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", + "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", + "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "V2Score": 6.2, + "V3Score": 8.6 + } + }, + "References": [ + "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", + "http://www.openwall.com/lists/oss-security/2016/02/27/1", + "http://www.openwall.com/lists/oss-security/2016/02/27/2", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" + ], + "PublishedDate": "2017-02-07T15:59:00Z", + "LastModifiedDate": "2019-01-04T14:14:00Z" + }, + { + "VulnerabilityID": "CVE-2015-5218", + "PkgName": "libsmartcols", + "InstalledVersion": "2.23.2-61.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5218", + "Title": "colcrt: global-buffer-overflow", + "Description": "Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", + "V2Score": 3.7 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-updates/2015-11/msg00035.html", + "http://www.spinics.net/lists/util-linux-ng/msg11873.html", + "https://bugzilla.redhat.com/show_bug.cgi?id=1259322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5218", + "https://github.com/kerolasa/lelux-utiliteetit/commit/70e3fcf293c1827a2655a86584ab13075124a8a8", + "https://github.com/kerolasa/lelux-utiliteetit/commit/d883d64d96ab9bef510745d064a351145b9babec", + "https://www.kernel.org/pub/linux/utils/util-linux/v2.27/v2.27-ReleaseNotes" + ], + "PublishedDate": "2015-11-09T16:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2019-13115", + "PkgName": "libssh2", + "InstalledVersion": "1.8.0-3.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13115", + "Title": "libssh2: integer overflow in kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c leads to out-of-bounds write", + "Description": "In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in 1.8.1, such as CVE-2019-3855.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "V2Score": 5.8, + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H", + "V3Score": 6.8 + } + }, + "References": [ + "https://blog.semmle.com/libssh2-integer-overflow/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13115", + "https://github.com/libssh2/libssh2/compare/02ecf17...42d37aa", + "https://github.com/libssh2/libssh2/pull/350", + "https://libssh2.org/changes.html", + "https://lists.debian.org/debian-lts-announce/2019/07/msg00024.html" + ], + "PublishedDate": "2019-07-16T18:15:00Z", + "LastModifiedDate": "2019-07-25T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17498", + "PkgName": "libssh2", + "InstalledVersion": "1.8.0-3.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17498", + "Title": "libssh2: integer overflow in SSH_MSG_DISCONNECT logic in packet.c", + "Description": "In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V2Score": 5.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html", + "https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17498", + "https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498", + "https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480", + "https://github.com/libssh2/libssh2/pull/402/commits/1c6fa92b77e34d089493fe6d3e2c6c8775858b94", + "https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/" + ], + "PublishedDate": "2019-10-21T22:15:00Z", + "LastModifiedDate": "2019-11-07T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3859", + "PkgName": "libssh2", + "InstalledVersion": "1.8.0-3.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3859", + "Title": "libssh2: Unchecked use of _libssh2_packet_require and _libssh2_packet_requirev resulting in out-of-bounds read", + "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00102.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00103.html", + "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", + "http://www.openwall.com/lists/oss-security/2019/03/18/3", + "http://www.securityfocus.com/bid/107485", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3859", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3859", + "https://github.com/libssh2/libssh2/pull/315", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", + "https://lists.debian.org/debian-lts-announce/2019/04/msg00006.html", + "https://lists.debian.org/debian-lts-announce/2019/07/msg00024.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", + "https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00102.html", + "https://seclists.org/bugtraq/2019/Apr/25", + "https://seclists.org/bugtraq/2019/Mar/25", + "https://security.netapp.com/advisory/ntap-20190327-0005/", + "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", + "https://www.debian.org/security/2019/dsa-4431", + "https://www.libssh2.org/CVE-2019-3859.html" + ], + "PublishedDate": "2019-03-21T16:01:00Z", + "LastModifiedDate": "2019-07-25T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3860", + "PkgName": "libssh2", + "InstalledVersion": "1.8.0-3.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3860", + "Title": "libssh2: Out-of-bounds reads with specially crafted SFTP packets", + "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3860", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3860", + "https://github.com/libssh2/libssh2/pull/316", + "https://libssh2.org/CVE-2019-3860.html", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", + "https://seclists.org/bugtraq/2019/Apr/25", + "https://security.netapp.com/advisory/ntap-20190327-0005/", + "https://www.debian.org/security/2019/dsa-4431", + "https://www.libssh2.org/CVE-2019-3860.html" + ], + "PublishedDate": "2019-03-25T19:29:00Z", + "LastModifiedDate": "2019-04-15T12:31:00Z" + }, + { + "VulnerabilityID": "CVE-2014-5044", + "PkgName": "libstdc++", + "InstalledVersion": "4.8.5-39.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-5044", + "Title": "gcc: integer overflow flaws in libgfortran", + "Description": "Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2014/07/23/7", + "http://www.openwall.com/lists/oss-security/2014/07/24/1", + "http://www.openwall.com/lists/oss-security/2014/07/31/6", + "https://bugzilla.redhat.com/show_bug.cgi?id=1122812", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5044", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/94849", + "https://gcc.gnu.org/viewcvs/gcc/trunk/libgfortran/ChangeLog?limit_changes=0\u0026view=markup\u0026pathrev=211721", + "https://gcc.gnu.org/viewcvs/gcc?limit_changes=0\u0026view=revision\u0026revision=211721" + ], + "PublishedDate": "2018-03-07T15:29:00Z", + "LastModifiedDate": "2018-03-27T23:48:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20673", + "PkgName": "libstdc++", + "InstalledVersion": "4.8.5-39.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20673", + "Title": "libiberty: Integer overflow in demangle_template() function", + "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106454", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24039" + ], + "PublishedDate": "2019-01-04T18:29:00Z", + "LastModifiedDate": "2019-01-15T14:36:00Z" + }, + { + "VulnerabilityID": "CVE-2015-5276", + "PkgName": "libstdc++", + "InstalledVersion": "4.8.5-39.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5276", + "Title": "gcc: Predictable randomness from std::random_device", + "Description": "The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "V2Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-updates/2015-11/msg00054.html", + "http://lists.opensuse.org/opensuse-updates/2016-04/msg00052.html", + "http://www.securitytracker.com/id/1034375", + "https://bugzilla.redhat.com/show_bug.cgi?id=1262846", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5276", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65142", + "https://gcc.gnu.org/ml/gcc-patches/2015-09/msg01050.html" + ], + "PublishedDate": "2015-11-17T15:59:00Z", + "LastModifiedDate": "2019-02-12T19:05:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2226", + "PkgName": "libstdc++", + "InstalledVersion": "4.8.5-39.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2226", + "Title": "gcc: Exploitable buffer overflow", + "Description": "Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190", + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V2Score": 6.8, + "V3Score": 3.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90103", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1", + "https://www.exploit-db.com/exploits/42386/" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-08-12T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4487", + "PkgName": "libstdc++", + "InstalledVersion": "4.8.5-39.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4487", + "Title": "gcc: Invalid write due to a use-after-free to array btypevec", + "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"btypevec.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V2Score": 2.6, + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90025", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", + "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4488", + "PkgName": "libstdc++", + "InstalledVersion": "4.8.5-39.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4488", + "Title": "gcc: Invalid write due to a use-after-free to array ktypevec", + "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"ktypevec.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V2Score": 5.1, + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90025", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", + "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4489", + "PkgName": "libstdc++", + "InstalledVersion": "4.8.5-39.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4489", + "Title": "gcc: Invalid write due to integer overflow", + "Description": "Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the \"demangling of virtual tables.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 4, + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90017", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4490", + "PkgName": "libstdc++", + "InstalledVersion": "4.8.5-39.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4490", + "Title": "gcc: Write access violation", + "Description": "Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 4, + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90019", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4491", + "PkgName": "libstdc++", + "InstalledVersion": "4.8.5-39.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4491", + "Title": "gcc: Stack overflow due to infinite recursion in d_print_comp", + "Description": "The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90016", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909", + "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4492", + "PkgName": "libstdc++", + "InstalledVersion": "4.8.5-39.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4492", + "Title": "gcc: Read access violations", + "Description": "Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 4.4 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 2.6, + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90014", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", + "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4493", + "PkgName": "libstdc++", + "InstalledVersion": "4.8.5-39.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4493", + "Title": "gcc: Read access violations", + "Description": "The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 2.6, + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/05/05/5", + "http://www.securityfocus.com/bid/90014", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", + "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", + "https://usn.ubuntu.com/usn/usn-3337-1", + "https://usn.ubuntu.com/usn/usn-3367-1", + "https://usn.ubuntu.com/usn/usn-3368-1" + ], + "PublishedDate": "2017-02-24T20:59:00Z", + "LastModifiedDate": "2017-07-28T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20657", + "PkgName": "libstdc++", + "InstalledVersion": "4.8.5-39.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20657", + "Title": "libiberty: Memory leak in demangle_template function resulting in a denial of service", + "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", + "Severity": "LOW", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-20657.html", + "http://linux.oracle.com/errata/ELSA-2019-3352.html", + "http://www.securityfocus.com/bid/106444", + "https://access.redhat.com/errata/RHSA-2019:3352", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539", + "https://support.f5.com/csp/article/K62602089" + ], + "PublishedDate": "2019-01-02T14:29:00Z", + "LastModifiedDate": "2019-11-06T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-14250", + "PkgName": "libstdc++", + "InstalledVersion": "4.8.5-39.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14250", + "Title": "binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow", + "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/109354", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90924", + "https://gcc.gnu.org/ml/gcc-patches/2019-07/msg01003.html", + "https://security.netapp.com/advisory/ntap-20190822-0002/" + ], + "PublishedDate": "2019-07-24T04:15:00Z", + "LastModifiedDate": "2019-08-22T07:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4008", + "PkgName": "libtasn1", + "InstalledVersion": "4.10-1.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4008", + "Title": "libtasn1: infinite loop while parsing DER certificates", + "Description": "The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=a6e0a0b58f5cdaf4e9beca5bce69c09808cbb625", + "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=f435825c0f527a8e52e6ffbc3ad0bc60531d537e", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182299.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182907.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183221.html", + "http://lists.opensuse.org/opensuse-updates/2016-06/msg00047.html", + "http://lists.opensuse.org/opensuse-updates/2016-06/msg00097.html", + "http://www.debian.org/security/2016/dsa-3568", + "http://www.openwall.com/lists/oss-security/2016/04/11/3", + "http://www.ubuntu.com/usn/USN-2957-1", + "http://www.ubuntu.com/usn/USN-2957-2", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4008", + "https://lists.gnu.org/archive/html/help-libtasn1/2016-04/msg00009.html", + "https://security.gentoo.org/glsa/201703-05", + "https://usn.ubuntu.com/usn/usn-2957-1", + "https://usn.ubuntu.com/usn/usn-2957-2" + ], + "PublishedDate": "2016-05-05T18:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2018-6003", + "PkgName": "libtasn1", + "InstalledVersion": "4.10-1.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6003", + "Title": "libtasn1: Stack exhaustion due to indefinite recursion during BER decoding", + "Description": "An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-674" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=c593ae84cfcde8fea45787e53950e0ac71e9ca97", + "https://bugzilla.redhat.com/show_bug.cgi?id=1535926", + "https://bugzilla.suse.com/show_bug.cgi?id=1076832", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6003", + "https://gitlab.com/gnutls/libtasn1/commit/946565d8eb05fbf7970ea366e817581bb5a90910", + "https://usn.ubuntu.com/usn/usn-3547-1", + "https://www.debian.org/security/2018/dsa-4106" + ], + "PublishedDate": "2018-01-22T20:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-10790", + "PkgName": "libtasn1", + "InstalledVersion": "4.10-1.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10790", + "Title": "libtasn1: NULL pointer dereference in the _asn1_check_identifier function", + "Description": "The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464141", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10790", + "https://security.gentoo.org/glsa/201710-11", + "https://usn.ubuntu.com/3547-1/", + "https://usn.ubuntu.com/usn/usn-3547-1", + "https://www.debian.org/security/2018/dsa-4106" + ], + "PublishedDate": "2017-07-02T03:29:00Z", + "LastModifiedDate": "2018-03-16T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-6891", + "PkgName": "libtasn1", + "InstalledVersion": "4.10-1.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6891", + "Title": "libtasn1: Stack-based buffer overflow in asn1_find_node()", + "Description": "Two errors in the \"asn1_find_node()\" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=5520704d075802df25ce4ffccc010ba1641bd484", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html", + "http://www.debian.org/security/2017/dsa-3861", + "http://www.securityfocus.com/bid/98641", + "http://www.securitytracker.com/id/1038619", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6891", + "https://secuniaresearch.flexerasoftware.com/advisories/76125/", + "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/", + "https://security.gentoo.org/glsa/201710-11", + "https://usn.ubuntu.com/usn/usn-3309-1", + "https://usn.ubuntu.com/usn/usn-3309-2" + ], + "PublishedDate": "2017-05-22T19:29:00Z", + "LastModifiedDate": "2019-06-05T15:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1000654", + "PkgName": "libtasn1", + "InstalledVersion": "4.10-1.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000654", + "Title": "libtasn1: Infinite loop in _asn1_expand_object_id(ptree) leads to memory exhaustion", + "Description": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", + "Severity": "LOW", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 7.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html", + "http://www.securityfocus.com/bid/105151", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000654", + "https://gitlab.com/gnutls/libtasn1/issues/4" + ], + "PublishedDate": "2018-08-20T19:31:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2014-9114", + "PkgName": "libuuid", + "InstalledVersion": "2.23.2-61.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9114", + "Title": "util-linux: command injection flaw in blkid", + "Description": "Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-77" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V2Score": 6.2 + } + }, + "References": [ + "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146229.html", + "http://lists.opensuse.org/opensuse-updates/2015-01/msg00035.html", + "http://www.openwall.com/lists/oss-security/2014/11/26/21", + "http://www.securityfocus.com/bid/71327", + "https://bugzilla.redhat.com/show_bug.cgi?id=1168485", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9114", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/98993", + "https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc", + "https://security.gentoo.org/glsa/201612-14" + ], + "PublishedDate": "2017-03-31T16:59:00Z", + "LastModifiedDate": "2019-01-04T14:14:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2779", + "PkgName": "libuuid", + "InstalledVersion": "2.23.2-61.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", + "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", + "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "V2Score": 6.2, + "V3Score": 8.6 + } + }, + "References": [ + "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", + "http://www.openwall.com/lists/oss-security/2016/02/27/1", + "http://www.openwall.com/lists/oss-security/2016/02/27/2", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" + ], + "PublishedDate": "2017-02-07T15:59:00Z", + "LastModifiedDate": "2019-01-04T14:14:00Z" + }, + { + "VulnerabilityID": "CVE-2015-5218", + "PkgName": "libuuid", + "InstalledVersion": "2.23.2-61.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5218", + "Title": "colcrt: global-buffer-overflow", + "Description": "Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", + "V2Score": 3.7 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-updates/2015-11/msg00035.html", + "http://www.spinics.net/lists/util-linux-ng/msg11873.html", + "https://bugzilla.redhat.com/show_bug.cgi?id=1259322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5218", + "https://github.com/kerolasa/lelux-utiliteetit/commit/70e3fcf293c1827a2655a86584ab13075124a8a8", + "https://github.com/kerolasa/lelux-utiliteetit/commit/d883d64d96ab9bef510745d064a351145b9babec", + "https://www.kernel.org/pub/linux/utils/util-linux/v2.27/v2.27-ReleaseNotes" + ], + "PublishedDate": "2015-11-09T16:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2016-5131", + "PkgName": "libxml2", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5131", + "Title": "libxml2: use after free triggered by XPointer paths beginning with range-to", + "Description": "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + } + }, + "References": [ + "http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html", + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html", + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html", + "http://rhn.redhat.com/errata/RHSA-2016-1485.html", + "http://www.debian.org/security/2016/dsa-3637", + "http://www.securityfocus.com/bid/92053", + "http://www.securitytracker.com/id/1036428", + "http://www.securitytracker.com/id/1038623", + "http://www.ubuntu.com/usn/USN-3041-1", + "https://bugzilla.redhat.com/show_bug.cgi?id=1358641", + "https://codereview.chromium.org/2127493002", + "https://crbug.com/623378", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131", + "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", + "https://security.gentoo.org/glsa/201610-09", + "https://security.gentoo.org/glsa/201701-37", + "https://source.android.com/security/bulletin/2017-05-01", + "https://support.apple.com/HT207141", + "https://support.apple.com/HT207142", + "https://support.apple.com/HT207143", + "https://support.apple.com/HT207170", + "https://usn.ubuntu.com/usn/usn-3041-1", + "https://usn.ubuntu.com/usn/usn-3235-1" + ], + "PublishedDate": "2016-07-23T19:59:00Z", + "LastModifiedDate": "2019-03-26T17:14:00Z" + }, + { + "VulnerabilityID": "CVE-2017-15412", + "PkgName": "libxml2", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15412", + "Title": "chromium-browser: use after free in libxml", + "Description": "Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + } + }, + "References": [ + "http://www.securitytracker.com/id/1040348", + "https://access.redhat.com/errata/RHSA-2017:3401", + "https://access.redhat.com/errata/RHSA-2018:0287", + "https://bugzilla.gnome.org/show_bug.cgi?id=783160", + "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html", + "https://crbug.com/727039", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412", + "https://github.com/sparklemotion/nokogiri/issues/1714", + "https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html", + "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15412.html", + "https://security.gentoo.org/glsa/201801-03", + "https://usn.ubuntu.com/usn/usn-3513-1", + "https://usn.ubuntu.com/usn/usn-3513-1/", + "https://usn.ubuntu.com/usn/usn-3513-2", + "https://www.debian.org/security/2018/dsa-4086" + ], + "PublishedDate": "2018-08-28T19:29:00Z", + "LastModifiedDate": "2018-10-25T11:35:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8035", + "PkgName": "libxml2", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8035", + "Title": "libxml2: DoS when parsing specially crafted XML document if XZ support is enabled", + "Description": "The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V2Score": 2.6 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html", + "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html", + "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html", + "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html", + "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html", + "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html", + "http://rhn.redhat.com/errata/RHSA-2016-1089.html", + "http://www.debian.org/security/2015/dsa-3430", + "http://www.openwall.com/lists/oss-security/2015/11/02/2", + "http://www.openwall.com/lists/oss-security/2015/11/02/4", + "http://www.openwall.com/lists/oss-security/2015/11/03/1", + "http://www.securityfocus.com/bid/77390", + "http://www.securitytracker.com/id/1034243", + "http://www.ubuntu.com/usn/USN-2812-1", + "http://xmlsoft.org/news.html", + "https://bugzilla.gnome.org/show_bug.cgi?id=757466", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", + "https://security.gentoo.org/glsa/201701-37", + "https://support.apple.com/HT206166", + "https://support.apple.com/HT206167", + "https://support.apple.com/HT206168", + "https://support.apple.com/HT206169", + "https://usn.ubuntu.com/usn/usn-2812-1" + ], + "PublishedDate": "2015-11-18T16:59:00Z", + "LastModifiedDate": "2019-03-08T16:06:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4483", + "PkgName": "libxml2", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4483", + "Title": "libxml2: out-of-bounds read", + "Description": "The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://rhn.redhat.com/errata/RHSA-2016-2957.html", + "http://www.debian.org/security/2016/dsa-3593", + "http://www.openwall.com/lists/oss-security/2016/05/03/8", + "http://www.openwall.com/lists/oss-security/2016/05/04/7", + "http://www.openwall.com/lists/oss-security/2016/06/07/4", + "http://www.openwall.com/lists/oss-security/2016/06/07/5", + "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", + "http://www.securityfocus.com/bid/90013", + "http://www.securitytracker.com/id/1036348", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483", + "https://git.gnome.org/browse/libxml2/commit/?id=c97750d11bb8b6f3303e7131fe526a61ac65bcfd", + "https://security.gentoo.org/glsa/201701-37", + "https://usn.ubuntu.com/usn/usn-2994-1", + "https://www.tenable.com/security/tns-2016-18" + ], + "PublishedDate": "2017-04-11T16:59:00Z", + "LastModifiedDate": "2018-01-05T02:30:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4658", + "PkgName": "libxml2", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4658", + "Title": "libxml2: Use after free via namespace node in XPointer ranges", + "Description": "xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 10, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.3 + } + }, + "References": [ + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html", + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html", + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html", + "http://www.securityfocus.com/bid/93054", + "http://www.securitytracker.com/id/1036858", + "http://www.securitytracker.com/id/1038623", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658", + "https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b", + "https://github.com/sparklemotion/nokogiri/issues/1615", + "https://nvd.nist.gov/vuln/detail/CVE-2016-4658", + "https://security.gentoo.org/glsa/201701-37", + "https://support.apple.com/HT207141", + "https://support.apple.com/HT207142", + "https://support.apple.com/HT207143", + "https://support.apple.com/HT207170", + "https://usn.ubuntu.com/usn/usn-3235-1" + ], + "PublishedDate": "2016-09-25T10:59:00Z", + "LastModifiedDate": "2019-03-13T14:05:00Z" + }, + { + "VulnerabilityID": "CVE-2016-9318", + "PkgName": "libxml2", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9318", + "Title": "libxml2: XML External Entity vulnerability", + "Description": "libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-611" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L", + "V2Score": 5.8, + "V3Score": 6.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/94347", + "https://bugzilla.gnome.org/show_bug.cgi?id=772726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9318", + "https://github.com/lsh123/xmlsec/issues/43", + "https://security.gentoo.org/glsa/201711-01", + "https://usn.ubuntu.com/3739-1/", + "https://usn.ubuntu.com/3739-2/", + "https://usn.ubuntu.com/usn/usn-3739-1", + "https://usn.ubuntu.com/usn/usn-3739-2" + ], + "PublishedDate": "2016-11-16T00:59:00Z", + "LastModifiedDate": "2018-08-15T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-0663", + "PkgName": "libxml2", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-0663", + "Title": "libxml2: Heap buffer overflow in xmlAddID", + "Description": "A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://www.debian.org/security/2017/dsa-3952", + "http://www.securityfocus.com/bid/98877", + "http://www.securitytracker.com/id/1038623", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663", + "https://security.gentoo.org/glsa/201711-01", + "https://source.android.com/security/bulletin/2017-06-01", + "https://usn.ubuntu.com/usn/usn-3424-1", + "https://usn.ubuntu.com/usn/usn-3424-2" + ], + "PublishedDate": "2017-06-14T13:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16931", + "PkgName": "libxml2", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16931", + "Title": "libxml2: Mishandling parameter-entity references", + "Description": "parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://xmlsoft.org/news.html", + "https://bugzilla.gnome.org/show_bug.cgi?id=766956", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16931", + "https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3", + "https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html" + ], + "PublishedDate": "2017-11-23T21:29:00Z", + "LastModifiedDate": "2018-02-04T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16932", + "PkgName": "libxml2", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16932", + "Title": "libxml2: Infinite recursion in parameter entities", + "Description": "parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://xmlsoft.org/news.html", + "https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html", + "https://bugzilla.gnome.org/show_bug.cgi?id=759579", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932", + "https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961", + "https://github.com/sparklemotion/nokogiri/issues/1714", + "https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html", + "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16932.html", + "https://usn.ubuntu.com/3739-1/", + "https://usn.ubuntu.com/usn/usn-3504-1", + "https://usn.ubuntu.com/usn/usn-3504-1/", + "https://usn.ubuntu.com/usn/usn-3504-2", + "https://usn.ubuntu.com/usn/usn-3739-1" + ], + "PublishedDate": "2017-11-23T21:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7375", + "PkgName": "libxml2", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7375", + "Title": "libxml2: Missing validation for external entities in xmlParsePEReference", + "Description": "A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-611" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/98877", + "http://www.securitytracker.com/id/1038623", + "https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa", + "https://bugzilla.redhat.com/show_bug.cgi?id=1462203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375", + "https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e", + "https://security.gentoo.org/glsa/201711-01", + "https://source.android.com/security/bulletin/2017-06-01", + "https://usn.ubuntu.com/usn/usn-3424-1", + "https://usn.ubuntu.com/usn/usn-3424-2", + "https://www.debian.org/security/2017/dsa-3952" + ], + "PublishedDate": "2018-02-19T19:29:00Z", + "LastModifiedDate": "2018-03-18T14:17:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9047", + "PkgName": "libxml2", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9047", + "Title": "libxml2: Buffer overflow in function xmlSnprintfElementContent", + "Description": "A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content-\u003etype is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content-\u003eprefix is appended to buf (if it actually fits) whereupon (ii) content-\u003ename is written to the buffer. However, the check for whether the content-\u003ename actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about \"size\" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.debian.org/security/2017/dsa-3952", + "http://www.openwall.com/lists/oss-security/2017/05/15/1", + "http://www.securityfocus.com/bid/98599", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047", + "https://security.gentoo.org/glsa/201711-01", + "https://usn.ubuntu.com/usn/usn-3424-1", + "https://usn.ubuntu.com/usn/usn-3424-2" + ], + "PublishedDate": "2017-05-18T06:29:00Z", + "LastModifiedDate": "2017-11-11T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9049", + "PkgName": "libxml2", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9049", + "Title": "libxml2: Heap-based buffer over-read in function xmlDictComputeFastKey", + "Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.debian.org/security/2017/dsa-3952", + "http://www.openwall.com/lists/oss-security/2017/05/15/1", + "http://www.securityfocus.com/bid/98601", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049", + "https://security.gentoo.org/glsa/201711-01", + "https://usn.ubuntu.com/usn/usn-3424-1", + "https://usn.ubuntu.com/usn/usn-3424-2" + ], + "PublishedDate": "2017-05-18T06:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9050", + "PkgName": "libxml2", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9050", + "Title": "libxml2: Heap-based buffer over-read in function xmlDictAddString", + "Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.debian.org/security/2017/dsa-3952", + "http://www.openwall.com/lists/oss-security/2017/05/15/1", + "http://www.securityfocus.com/bid/98568", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050", + "https://github.com/sparklemotion/nokogiri/issues/1673", + "https://nvd.nist.gov/vuln/detail/CVE-2017-9050", + "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0663.html", + "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7375.html", + "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7376.html", + "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9047.html", + "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9048.html", + "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9049.html", + "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9050.html", + "https://security.gentoo.org/glsa/201711-01", + "https://usn.ubuntu.com/usn/usn-3424-1", + "https://usn.ubuntu.com/usn/usn-3424-1/", + "https://usn.ubuntu.com/usn/usn-3424-2" + ], + "PublishedDate": "2017-05-18T06:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-14404", + "PkgName": "libxml2", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14404", + "Title": "libxml2: NULL pointer dereference in xpath.c:xmlXPathCompOpEval() can allow attackers to cause a denial of service", + "Description": "A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817", + "https://bugzilla.redhat.com/show_bug.cgi?id=1595985", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14404", + "https://github.com/sparklemotion/nokogiri/issues/1785", + "https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74", + "https://gitlab.gnome.org/GNOME/libxml2/commit/a436374994c47b12d5de1b8b1d191a098fa23594", + "https://gitlab.gnome.org/GNOME/libxml2/issues/10", + "https://groups.google.com/forum/#!msg/ruby-security-ann/uVrmO2HjqQw/Fw3ocLI0BQAJ", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2018-14404", + "https://usn.ubuntu.com/3739-1/", + "https://usn.ubuntu.com/3739-2/", + "https://usn.ubuntu.com/usn/usn-3739-1", + "https://usn.ubuntu.com/usn/usn-3739-2" + ], + "PublishedDate": "2018-07-19T13:29:00Z", + "LastModifiedDate": "2018-09-28T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19956", + "PkgName": "libxml2", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19956", + "Title": "libxml2: There's a memory leak in xmlParseBalancedChunkMemoryRecover in parser.c that could result in a crash", + "Description": "xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc-\u003eoldNs.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19956", + "https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549", + "https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html", + "https://security.netapp.com/advisory/ntap-20200114-0002/", + "https://usn.ubuntu.com/usn/usn-4274-1" + ], + "PublishedDate": "2019-12-24T16:15:00Z", + "LastModifiedDate": "2020-01-14T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2017-18258", + "PkgName": "libxml2", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18258", + "Title": "libxml2: denial of service in xz_head function in xzlib.c", + "Description": "The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18258", + "https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10284", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2017-18258", + "https://security.netapp.com/advisory/ntap-20190719-0001/", + "https://usn.ubuntu.com/3739-1/", + "https://usn.ubuntu.com/usn/usn-3739-1" + ], + "PublishedDate": "2018-04-08T17:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-5969", + "PkgName": "libxml2", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-5969", + "Title": "libxml2: Null pointer dereference in xmlSaveDoc implementation", + "Description": "** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states \"I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 2.6, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/11/05/3", + "http://www.openwall.com/lists/oss-security/2017/02/13/1", + "http://www.securityfocus.com/bid/96188", + "https://bugzilla.gnome.org/show_bug.cgi?id=778519", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5969", + "https://security.gentoo.org/glsa/201711-01" + ], + "PublishedDate": "2017-04-11T16:59:00Z", + "LastModifiedDate": "2017-11-11T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-8872", + "PkgName": "libxml2", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8872", + "Title": "libxml2: Out-of-bounds read in htmlParseTryOrFinish", + "Description": "The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "V3Score": 5.4 + } + }, + "References": [ + "https://bugzilla.gnome.org/show_bug.cgi?id=775200", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8872" + ], + "PublishedDate": "2017-05-10T05:29:00Z", + "LastModifiedDate": "2017-05-15T18:37:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9048", + "PkgName": "libxml2", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9048", + "Title": "libxml2: Stack-based buffer overflow in function xmlSnprintfElementContent", + "Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 \u003c size. This vulnerability causes programs that use libxml2, such as PHP, to crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", + "V3Score": 4.8 + } + }, + "References": [ + "http://www.debian.org/security/2017/dsa-3952", + "http://www.openwall.com/lists/oss-security/2017/05/15/1", + "http://www.securityfocus.com/bid/98556", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048", + "https://security.gentoo.org/glsa/201711-01", + "https://usn.ubuntu.com/usn/usn-3424-1", + "https://usn.ubuntu.com/usn/usn-3424-2" + ], + "PublishedDate": "2017-05-18T06:29:00Z", + "LastModifiedDate": "2017-11-11T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-14567", + "PkgName": "libxml2", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14567", + "Title": "libxml2: Infinite loop when --with-lzma is used allows for denial of service via crafted XML file", + "Description": "libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.", + "Severity": "LOW", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/105198", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14567", + "https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", + "https://usn.ubuntu.com/3739-1/", + "https://usn.ubuntu.com/usn/usn-3739-1" + ], + "PublishedDate": "2018-08-16T20:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2016-5131", + "PkgName": "libxml2-python", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5131", + "Title": "libxml2: use after free triggered by XPointer paths beginning with range-to", + "Description": "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + } + }, + "References": [ + "http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html", + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html", + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html", + "http://rhn.redhat.com/errata/RHSA-2016-1485.html", + "http://www.debian.org/security/2016/dsa-3637", + "http://www.securityfocus.com/bid/92053", + "http://www.securitytracker.com/id/1036428", + "http://www.securitytracker.com/id/1038623", + "http://www.ubuntu.com/usn/USN-3041-1", + "https://bugzilla.redhat.com/show_bug.cgi?id=1358641", + "https://codereview.chromium.org/2127493002", + "https://crbug.com/623378", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131", + "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", + "https://security.gentoo.org/glsa/201610-09", + "https://security.gentoo.org/glsa/201701-37", + "https://source.android.com/security/bulletin/2017-05-01", + "https://support.apple.com/HT207141", + "https://support.apple.com/HT207142", + "https://support.apple.com/HT207143", + "https://support.apple.com/HT207170", + "https://usn.ubuntu.com/usn/usn-3041-1", + "https://usn.ubuntu.com/usn/usn-3235-1" + ], + "PublishedDate": "2016-07-23T19:59:00Z", + "LastModifiedDate": "2019-03-26T17:14:00Z" + }, + { + "VulnerabilityID": "CVE-2017-15412", + "PkgName": "libxml2-python", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15412", + "Title": "chromium-browser: use after free in libxml", + "Description": "Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + } + }, + "References": [ + "http://www.securitytracker.com/id/1040348", + "https://access.redhat.com/errata/RHSA-2017:3401", + "https://access.redhat.com/errata/RHSA-2018:0287", + "https://bugzilla.gnome.org/show_bug.cgi?id=783160", + "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html", + "https://crbug.com/727039", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412", + "https://github.com/sparklemotion/nokogiri/issues/1714", + "https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html", + "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15412.html", + "https://security.gentoo.org/glsa/201801-03", + "https://usn.ubuntu.com/usn/usn-3513-1", + "https://usn.ubuntu.com/usn/usn-3513-1/", + "https://usn.ubuntu.com/usn/usn-3513-2", + "https://www.debian.org/security/2018/dsa-4086" + ], + "PublishedDate": "2018-08-28T19:29:00Z", + "LastModifiedDate": "2018-10-25T11:35:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8035", + "PkgName": "libxml2-python", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8035", + "Title": "libxml2: DoS when parsing specially crafted XML document if XZ support is enabled", + "Description": "The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V2Score": 2.6 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html", + "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html", + "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html", + "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html", + "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html", + "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html", + "http://rhn.redhat.com/errata/RHSA-2016-1089.html", + "http://www.debian.org/security/2015/dsa-3430", + "http://www.openwall.com/lists/oss-security/2015/11/02/2", + "http://www.openwall.com/lists/oss-security/2015/11/02/4", + "http://www.openwall.com/lists/oss-security/2015/11/03/1", + "http://www.securityfocus.com/bid/77390", + "http://www.securitytracker.com/id/1034243", + "http://www.ubuntu.com/usn/USN-2812-1", + "http://xmlsoft.org/news.html", + "https://bugzilla.gnome.org/show_bug.cgi?id=757466", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", + "https://security.gentoo.org/glsa/201701-37", + "https://support.apple.com/HT206166", + "https://support.apple.com/HT206167", + "https://support.apple.com/HT206168", + "https://support.apple.com/HT206169", + "https://usn.ubuntu.com/usn/usn-2812-1" + ], + "PublishedDate": "2015-11-18T16:59:00Z", + "LastModifiedDate": "2019-03-08T16:06:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4483", + "PkgName": "libxml2-python", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4483", + "Title": "libxml2: out-of-bounds read", + "Description": "The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://rhn.redhat.com/errata/RHSA-2016-2957.html", + "http://www.debian.org/security/2016/dsa-3593", + "http://www.openwall.com/lists/oss-security/2016/05/03/8", + "http://www.openwall.com/lists/oss-security/2016/05/04/7", + "http://www.openwall.com/lists/oss-security/2016/06/07/4", + "http://www.openwall.com/lists/oss-security/2016/06/07/5", + "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", + "http://www.securityfocus.com/bid/90013", + "http://www.securitytracker.com/id/1036348", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483", + "https://git.gnome.org/browse/libxml2/commit/?id=c97750d11bb8b6f3303e7131fe526a61ac65bcfd", + "https://security.gentoo.org/glsa/201701-37", + "https://usn.ubuntu.com/usn/usn-2994-1", + "https://www.tenable.com/security/tns-2016-18" + ], + "PublishedDate": "2017-04-11T16:59:00Z", + "LastModifiedDate": "2018-01-05T02:30:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4658", + "PkgName": "libxml2-python", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4658", + "Title": "libxml2: Use after free via namespace node in XPointer ranges", + "Description": "xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 10, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.3 + } + }, + "References": [ + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html", + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html", + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html", + "http://www.securityfocus.com/bid/93054", + "http://www.securitytracker.com/id/1036858", + "http://www.securitytracker.com/id/1038623", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658", + "https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b", + "https://github.com/sparklemotion/nokogiri/issues/1615", + "https://nvd.nist.gov/vuln/detail/CVE-2016-4658", + "https://security.gentoo.org/glsa/201701-37", + "https://support.apple.com/HT207141", + "https://support.apple.com/HT207142", + "https://support.apple.com/HT207143", + "https://support.apple.com/HT207170", + "https://usn.ubuntu.com/usn/usn-3235-1" + ], + "PublishedDate": "2016-09-25T10:59:00Z", + "LastModifiedDate": "2019-03-13T14:05:00Z" + }, + { + "VulnerabilityID": "CVE-2016-9318", + "PkgName": "libxml2-python", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9318", + "Title": "libxml2: XML External Entity vulnerability", + "Description": "libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-611" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L", + "V2Score": 5.8, + "V3Score": 6.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/94347", + "https://bugzilla.gnome.org/show_bug.cgi?id=772726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9318", + "https://github.com/lsh123/xmlsec/issues/43", + "https://security.gentoo.org/glsa/201711-01", + "https://usn.ubuntu.com/3739-1/", + "https://usn.ubuntu.com/3739-2/", + "https://usn.ubuntu.com/usn/usn-3739-1", + "https://usn.ubuntu.com/usn/usn-3739-2" + ], + "PublishedDate": "2016-11-16T00:59:00Z", + "LastModifiedDate": "2018-08-15T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-0663", + "PkgName": "libxml2-python", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-0663", + "Title": "libxml2: Heap buffer overflow in xmlAddID", + "Description": "A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://www.debian.org/security/2017/dsa-3952", + "http://www.securityfocus.com/bid/98877", + "http://www.securitytracker.com/id/1038623", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663", + "https://security.gentoo.org/glsa/201711-01", + "https://source.android.com/security/bulletin/2017-06-01", + "https://usn.ubuntu.com/usn/usn-3424-1", + "https://usn.ubuntu.com/usn/usn-3424-2" + ], + "PublishedDate": "2017-06-14T13:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16931", + "PkgName": "libxml2-python", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16931", + "Title": "libxml2: Mishandling parameter-entity references", + "Description": "parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://xmlsoft.org/news.html", + "https://bugzilla.gnome.org/show_bug.cgi?id=766956", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16931", + "https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3", + "https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html" + ], + "PublishedDate": "2017-11-23T21:29:00Z", + "LastModifiedDate": "2018-02-04T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16932", + "PkgName": "libxml2-python", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16932", + "Title": "libxml2: Infinite recursion in parameter entities", + "Description": "parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://xmlsoft.org/news.html", + "https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html", + "https://bugzilla.gnome.org/show_bug.cgi?id=759579", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932", + "https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961", + "https://github.com/sparklemotion/nokogiri/issues/1714", + "https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html", + "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16932.html", + "https://usn.ubuntu.com/3739-1/", + "https://usn.ubuntu.com/usn/usn-3504-1", + "https://usn.ubuntu.com/usn/usn-3504-1/", + "https://usn.ubuntu.com/usn/usn-3504-2", + "https://usn.ubuntu.com/usn/usn-3739-1" + ], + "PublishedDate": "2017-11-23T21:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7375", + "PkgName": "libxml2-python", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7375", + "Title": "libxml2: Missing validation for external entities in xmlParsePEReference", + "Description": "A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-611" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/98877", + "http://www.securitytracker.com/id/1038623", + "https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa", + "https://bugzilla.redhat.com/show_bug.cgi?id=1462203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375", + "https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e", + "https://security.gentoo.org/glsa/201711-01", + "https://source.android.com/security/bulletin/2017-06-01", + "https://usn.ubuntu.com/usn/usn-3424-1", + "https://usn.ubuntu.com/usn/usn-3424-2", + "https://www.debian.org/security/2017/dsa-3952" + ], + "PublishedDate": "2018-02-19T19:29:00Z", + "LastModifiedDate": "2018-03-18T14:17:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9047", + "PkgName": "libxml2-python", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9047", + "Title": "libxml2: Buffer overflow in function xmlSnprintfElementContent", + "Description": "A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content-\u003etype is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content-\u003eprefix is appended to buf (if it actually fits) whereupon (ii) content-\u003ename is written to the buffer. However, the check for whether the content-\u003ename actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about \"size\" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.debian.org/security/2017/dsa-3952", + "http://www.openwall.com/lists/oss-security/2017/05/15/1", + "http://www.securityfocus.com/bid/98599", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047", + "https://security.gentoo.org/glsa/201711-01", + "https://usn.ubuntu.com/usn/usn-3424-1", + "https://usn.ubuntu.com/usn/usn-3424-2" + ], + "PublishedDate": "2017-05-18T06:29:00Z", + "LastModifiedDate": "2017-11-11T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9049", + "PkgName": "libxml2-python", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9049", + "Title": "libxml2: Heap-based buffer over-read in function xmlDictComputeFastKey", + "Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.debian.org/security/2017/dsa-3952", + "http://www.openwall.com/lists/oss-security/2017/05/15/1", + "http://www.securityfocus.com/bid/98601", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049", + "https://security.gentoo.org/glsa/201711-01", + "https://usn.ubuntu.com/usn/usn-3424-1", + "https://usn.ubuntu.com/usn/usn-3424-2" + ], + "PublishedDate": "2017-05-18T06:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9050", + "PkgName": "libxml2-python", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9050", + "Title": "libxml2: Heap-based buffer over-read in function xmlDictAddString", + "Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.debian.org/security/2017/dsa-3952", + "http://www.openwall.com/lists/oss-security/2017/05/15/1", + "http://www.securityfocus.com/bid/98568", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050", + "https://github.com/sparklemotion/nokogiri/issues/1673", + "https://nvd.nist.gov/vuln/detail/CVE-2017-9050", + "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0663.html", + "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7375.html", + "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7376.html", + "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9047.html", + "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9048.html", + "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9049.html", + "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9050.html", + "https://security.gentoo.org/glsa/201711-01", + "https://usn.ubuntu.com/usn/usn-3424-1", + "https://usn.ubuntu.com/usn/usn-3424-1/", + "https://usn.ubuntu.com/usn/usn-3424-2" + ], + "PublishedDate": "2017-05-18T06:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-14404", + "PkgName": "libxml2-python", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14404", + "Title": "libxml2: NULL pointer dereference in xpath.c:xmlXPathCompOpEval() can allow attackers to cause a denial of service", + "Description": "A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817", + "https://bugzilla.redhat.com/show_bug.cgi?id=1595985", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14404", + "https://github.com/sparklemotion/nokogiri/issues/1785", + "https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74", + "https://gitlab.gnome.org/GNOME/libxml2/commit/a436374994c47b12d5de1b8b1d191a098fa23594", + "https://gitlab.gnome.org/GNOME/libxml2/issues/10", + "https://groups.google.com/forum/#!msg/ruby-security-ann/uVrmO2HjqQw/Fw3ocLI0BQAJ", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2018-14404", + "https://usn.ubuntu.com/3739-1/", + "https://usn.ubuntu.com/3739-2/", + "https://usn.ubuntu.com/usn/usn-3739-1", + "https://usn.ubuntu.com/usn/usn-3739-2" + ], + "PublishedDate": "2018-07-19T13:29:00Z", + "LastModifiedDate": "2018-09-28T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19956", + "PkgName": "libxml2-python", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19956", + "Title": "libxml2: There's a memory leak in xmlParseBalancedChunkMemoryRecover in parser.c that could result in a crash", + "Description": "xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc-\u003eoldNs.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19956", + "https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549", + "https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html", + "https://security.netapp.com/advisory/ntap-20200114-0002/", + "https://usn.ubuntu.com/usn/usn-4274-1" + ], + "PublishedDate": "2019-12-24T16:15:00Z", + "LastModifiedDate": "2020-01-14T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2017-18258", + "PkgName": "libxml2-python", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18258", + "Title": "libxml2: denial of service in xz_head function in xzlib.c", + "Description": "The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18258", + "https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10284", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2017-18258", + "https://security.netapp.com/advisory/ntap-20190719-0001/", + "https://usn.ubuntu.com/3739-1/", + "https://usn.ubuntu.com/usn/usn-3739-1" + ], + "PublishedDate": "2018-04-08T17:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-5969", + "PkgName": "libxml2-python", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-5969", + "Title": "libxml2: Null pointer dereference in xmlSaveDoc implementation", + "Description": "** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states \"I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 2.6, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/11/05/3", + "http://www.openwall.com/lists/oss-security/2017/02/13/1", + "http://www.securityfocus.com/bid/96188", + "https://bugzilla.gnome.org/show_bug.cgi?id=778519", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5969", + "https://security.gentoo.org/glsa/201711-01" + ], + "PublishedDate": "2017-04-11T16:59:00Z", + "LastModifiedDate": "2017-11-11T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-8872", + "PkgName": "libxml2-python", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8872", + "Title": "libxml2: Out-of-bounds read in htmlParseTryOrFinish", + "Description": "The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "V3Score": 5.4 + } + }, + "References": [ + "https://bugzilla.gnome.org/show_bug.cgi?id=775200", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8872" + ], + "PublishedDate": "2017-05-10T05:29:00Z", + "LastModifiedDate": "2017-05-15T18:37:00Z" + }, + { + "VulnerabilityID": "CVE-2017-9048", + "PkgName": "libxml2-python", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9048", + "Title": "libxml2: Stack-based buffer overflow in function xmlSnprintfElementContent", + "Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 \u003c size. This vulnerability causes programs that use libxml2, such as PHP, to crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", + "V3Score": 4.8 + } + }, + "References": [ + "http://www.debian.org/security/2017/dsa-3952", + "http://www.openwall.com/lists/oss-security/2017/05/15/1", + "http://www.securityfocus.com/bid/98556", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048", + "https://security.gentoo.org/glsa/201711-01", + "https://usn.ubuntu.com/usn/usn-3424-1", + "https://usn.ubuntu.com/usn/usn-3424-2" + ], + "PublishedDate": "2017-05-18T06:29:00Z", + "LastModifiedDate": "2017-11-11T02:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-14567", + "PkgName": "libxml2-python", + "InstalledVersion": "2.9.1-6.el7_2.3", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14567", + "Title": "libxml2: Infinite loop when --with-lzma is used allows for denial of service via crafted XML file", + "Description": "libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.", + "Severity": "LOW", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/105198", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14567", + "https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", + "https://usn.ubuntu.com/3739-1/", + "https://usn.ubuntu.com/usn/usn-3739-1" + ], + "PublishedDate": "2018-08-16T20:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2014-5461", + "PkgName": "lua", + "InstalledVersion": "5.1.4-15.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-5461", + "Title": "lua: overflow flaw in vararg functions", + "Description": "Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 4.4 + } + }, + "References": [ + "http://advisories.mageia.org/MGASA-2014-0414.html", + "http://lists.opensuse.org/opensuse-updates/2014-09/msg00030.html", + "http://secunia.com/advisories/59890", + "http://secunia.com/advisories/60869", + "http://secunia.com/advisories/61411", + "http://www.debian.org/security/2014/dsa-3015", + "http://www.debian.org/security/2014/dsa-3016", + "http://www.lua.org/bugs.html#5.2.2-1", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:144", + "http://www.openwall.com/lists/oss-security/2014/08/21/1", + "http://www.openwall.com/lists/oss-security/2014/08/21/4", + "http://www.openwall.com/lists/oss-security/2014/08/27/2", + "http://www.securityfocus.com/bid/69342", + "http://www.ubuntu.com/usn/USN-2338-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5461", + "https://security.gentoo.org/glsa/201701-53", + "https://usn.ubuntu.com/usn/usn-2338-1" + ], + "PublishedDate": "2014-09-04T17:55:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17543", + "PkgName": "lz4", + "InstalledVersion": "1.7.5-3.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17543", + "Title": "lz4: heap-based buffer overflow in LZ4_write32", + "Description": "LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states \"only a few specific / uncommon usages of the API are at risk.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-120" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00069.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00070.html", + "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15941", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17543", + "https://github.com/lz4/lz4/compare/v1.9.1...v1.9.2", + "https://github.com/lz4/lz4/issues/801", + "https://github.com/lz4/lz4/pull/756", + "https://github.com/lz4/lz4/pull/760", + "https://lists.apache.org/thread.html/25015588b770d67470b7ba7ea49a305d6735dd7f00eabe7d50ec1e17@%3Cissues.arrow.apache.org%3E", + "https://lists.apache.org/thread.html/793012683dc0fa6819b7c2560e6cf990811014c40c7d75412099c357@%3Cissues.arrow.apache.org%3E", + "https://lists.apache.org/thread.html/9ff0606d16be2ab6a81619e1c9e23c3e251756638e36272c8c8b7fa3@%3Cissues.arrow.apache.org%3E", + "https://lists.apache.org/thread.html/f0038c4fab2ee25aee849ebeff6b33b3aa89e07ccfb06b5c87b36316@%3Cissues.arrow.apache.org%3E", + "https://lists.apache.org/thread.html/f506bc371d4a068d5d84d7361293568f61167d3a1c3e91f0def2d7d3@%3Cdev.arrow.apache.org%3E" + ], + "PublishedDate": "2019-10-14T02:15:00Z", + "LastModifiedDate": "2019-10-24T15:15:00Z" + }, + { + "VulnerabilityID": "CVE-2017-10684", + "PkgName": "ncurses", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10684", + "Title": "ncurses: Stack-based buffer overflow in fmt_entry function in dump_entry.c", + "Description": "In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", + "V3Score": 5.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464687", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10684", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-06-29T23:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-10685", + "PkgName": "ncurses", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10685", + "Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function", + "Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-134" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464692", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-06-29T23:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17594", + "PkgName": "ncurses", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", + "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-26T15:35:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17595", + "PkgName": "ncurses", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", + "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V2Score": 5.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 5.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-23T19:26:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11112", + "PkgName": "ncurses", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11112", + "Title": "ncurses: Illegal address access in append_acs function", + "Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464686", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-07-08T17:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11113", + "PkgName": "ncurses", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11113", + "Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function", + "Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464691", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-07-08T17:29:00Z", + "LastModifiedDate": "2019-05-06T15:00:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13728", + "PkgName": "ncurses", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13728", + "Title": "ncurses: Infinite loop in the next_char function", + "Description": "There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484274", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13729", + "PkgName": "ncurses", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13729", + "Title": "ncurses: Illegal address access in the _nc_save_str function", + "Description": "There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484276", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13729", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13730", + "PkgName": "ncurses", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13730", + "Title": "ncurses: Illegal address access in the function _nc_read_entry_source()", + "Description": "There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484284", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13730", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13731", + "PkgName": "ncurses", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13731", + "Title": "ncurses: Illegal address access in the function postprocess_termcap()", + "Description": "There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484285", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13731", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13732", + "PkgName": "ncurses", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13732", + "Title": "ncurses: Illegal address access in the function dump_uses()", + "Description": "There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484287", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13732", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13733", + "PkgName": "ncurses", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13733", + "Title": "ncurses: Illegal address access in the function fmt_entry", + "Description": "There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13733", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13734", + "PkgName": "ncurses", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13734", + "Title": "ncurses: Illegal address access in the function _nc_safe_strcat", + "Description": "There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484291", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13734", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16879", + "PkgName": "ncurses", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16879", + "Title": "ncurses: Stack-based buffer overflow in the _nc_write_entry function", + "Description": "Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 2.5 + } + }, + "References": [ + "http://invisible-island.net/ncurses/NEWS.html#t20171125", + "http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16879", + "https://security.gentoo.org/glsa/201804-13", + "https://tools.cisco.com/security/center/viewAlert.x?alertId=57695" + ], + "PublishedDate": "2017-11-22T22:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-19211", + "PkgName": "ncurses", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19211", + "Title": "ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c", + "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1643754", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19211" + ], + "PublishedDate": "2018-11-12T19:29:00Z", + "LastModifiedDate": "2019-04-23T13:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-19217", + "PkgName": "ncurses", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19217", + "Title": "ncurses: Null pointer dereference at function _nc_name_match", + "Description": "** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1643753", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19217" + ], + "PublishedDate": "2018-11-12T19:29:00Z", + "LastModifiedDate": "2019-04-18T16:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-10684", + "PkgName": "ncurses-base", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10684", + "Title": "ncurses: Stack-based buffer overflow in fmt_entry function in dump_entry.c", + "Description": "In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", + "V3Score": 5.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464687", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10684", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-06-29T23:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-10685", + "PkgName": "ncurses-base", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10685", + "Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function", + "Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-134" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464692", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-06-29T23:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17594", + "PkgName": "ncurses-base", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", + "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-26T15:35:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17595", + "PkgName": "ncurses-base", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", + "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V2Score": 5.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 5.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-23T19:26:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11112", + "PkgName": "ncurses-base", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11112", + "Title": "ncurses: Illegal address access in append_acs function", + "Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464686", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-07-08T17:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11113", + "PkgName": "ncurses-base", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11113", + "Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function", + "Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464691", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-07-08T17:29:00Z", + "LastModifiedDate": "2019-05-06T15:00:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13728", + "PkgName": "ncurses-base", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13728", + "Title": "ncurses: Infinite loop in the next_char function", + "Description": "There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484274", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13729", + "PkgName": "ncurses-base", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13729", + "Title": "ncurses: Illegal address access in the _nc_save_str function", + "Description": "There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484276", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13729", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13730", + "PkgName": "ncurses-base", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13730", + "Title": "ncurses: Illegal address access in the function _nc_read_entry_source()", + "Description": "There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484284", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13730", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13731", + "PkgName": "ncurses-base", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13731", + "Title": "ncurses: Illegal address access in the function postprocess_termcap()", + "Description": "There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484285", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13731", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13732", + "PkgName": "ncurses-base", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13732", + "Title": "ncurses: Illegal address access in the function dump_uses()", + "Description": "There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484287", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13732", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13733", + "PkgName": "ncurses-base", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13733", + "Title": "ncurses: Illegal address access in the function fmt_entry", + "Description": "There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13733", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13734", + "PkgName": "ncurses-base", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13734", + "Title": "ncurses: Illegal address access in the function _nc_safe_strcat", + "Description": "There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484291", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13734", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16879", + "PkgName": "ncurses-base", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16879", + "Title": "ncurses: Stack-based buffer overflow in the _nc_write_entry function", + "Description": "Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 2.5 + } + }, + "References": [ + "http://invisible-island.net/ncurses/NEWS.html#t20171125", + "http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16879", + "https://security.gentoo.org/glsa/201804-13", + "https://tools.cisco.com/security/center/viewAlert.x?alertId=57695" + ], + "PublishedDate": "2017-11-22T22:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-19211", + "PkgName": "ncurses-base", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19211", + "Title": "ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c", + "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1643754", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19211" + ], + "PublishedDate": "2018-11-12T19:29:00Z", + "LastModifiedDate": "2019-04-23T13:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-19217", + "PkgName": "ncurses-base", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19217", + "Title": "ncurses: Null pointer dereference at function _nc_name_match", + "Description": "** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1643753", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19217" + ], + "PublishedDate": "2018-11-12T19:29:00Z", + "LastModifiedDate": "2019-04-18T16:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-10684", + "PkgName": "ncurses-libs", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10684", + "Title": "ncurses: Stack-based buffer overflow in fmt_entry function in dump_entry.c", + "Description": "In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", + "V3Score": 5.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464687", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10684", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-06-29T23:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-10685", + "PkgName": "ncurses-libs", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10685", + "Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function", + "Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-134" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464692", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-06-29T23:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17594", + "PkgName": "ncurses-libs", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", + "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-26T15:35:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17595", + "PkgName": "ncurses-libs", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", + "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V2Score": 5.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 5.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-23T19:26:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11112", + "PkgName": "ncurses-libs", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11112", + "Title": "ncurses: Illegal address access in append_acs function", + "Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464686", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-07-08T17:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11113", + "PkgName": "ncurses-libs", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11113", + "Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function", + "Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464691", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-07-08T17:29:00Z", + "LastModifiedDate": "2019-05-06T15:00:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13728", + "PkgName": "ncurses-libs", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13728", + "Title": "ncurses: Infinite loop in the next_char function", + "Description": "There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484274", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13729", + "PkgName": "ncurses-libs", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13729", + "Title": "ncurses: Illegal address access in the _nc_save_str function", + "Description": "There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484276", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13729", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13730", + "PkgName": "ncurses-libs", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13730", + "Title": "ncurses: Illegal address access in the function _nc_read_entry_source()", + "Description": "There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484284", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13730", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13731", + "PkgName": "ncurses-libs", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13731", + "Title": "ncurses: Illegal address access in the function postprocess_termcap()", + "Description": "There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484285", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13731", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13732", + "PkgName": "ncurses-libs", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13732", + "Title": "ncurses: Illegal address access in the function dump_uses()", + "Description": "There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484287", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13732", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13733", + "PkgName": "ncurses-libs", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13733", + "Title": "ncurses: Illegal address access in the function fmt_entry", + "Description": "There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13733", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13734", + "PkgName": "ncurses-libs", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13734", + "Title": "ncurses: Illegal address access in the function _nc_safe_strcat", + "Description": "There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484291", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13734", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16879", + "PkgName": "ncurses-libs", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16879", + "Title": "ncurses: Stack-based buffer overflow in the _nc_write_entry function", + "Description": "Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 2.5 + } + }, + "References": [ + "http://invisible-island.net/ncurses/NEWS.html#t20171125", + "http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16879", + "https://security.gentoo.org/glsa/201804-13", + "https://tools.cisco.com/security/center/viewAlert.x?alertId=57695" + ], + "PublishedDate": "2017-11-22T22:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-19211", + "PkgName": "ncurses-libs", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19211", + "Title": "ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c", + "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1643754", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19211" + ], + "PublishedDate": "2018-11-12T19:29:00Z", + "LastModifiedDate": "2019-04-23T13:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-19217", + "PkgName": "ncurses-libs", + "InstalledVersion": "5.9-14.20130511.el7_4", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19217", + "Title": "ncurses: Null pointer dereference at function _nc_name_match", + "Description": "** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1643753", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19217" + ], + "PublishedDate": "2018-11-12T19:29:00Z", + "LastModifiedDate": "2019-04-18T16:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-1951", + "PkgName": "nspr", + "InstalledVersion": "4.21.0-1.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1951", + "Title": "nspr: Memory allocation issue related to PR_*printf functions", + "Description": "Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before 4.12 allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long string to a PR_*printf function.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", + "V2Score": 7.5, + "V3Score": 8.6 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + } + }, + "References": [ + "http://www.securityfocus.com/bid/92385", + "http://www.securitytracker.com/id/1036590", + "http://www.ubuntu.com/usn/USN-3023-1", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1174015", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1951", + "https://groups.google.com/forum/#!topic/mozilla.dev.tech.nspr/dV4MyMsg6jw", + "https://groups.google.com/forum/message/raw?msg=mozilla.dev.tech.nspr/dV4MyMsg6jw/hhWcXOgJDQAJ", + "https://hg.mozilla.org/projects/nspr/rev/96381e3aaae2", + "https://usn.ubuntu.com/usn/usn-3023-1", + "https://usn.ubuntu.com/usn/usn-3028-1" + ], + "PublishedDate": "2016-08-07T19:59:00Z", + "LastModifiedDate": "2016-11-28T20:02:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11745", + "PkgName": "nss", + "InstalledVersion": "3.44.0-4.el7", + "FixedVersion": "3.44.0-7.el7_7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", + "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", + "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11745.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", + "https://usn.ubuntu.com/4241-1/", + "https://usn.ubuntu.com/usn/usn-4203-1", + "https://usn.ubuntu.com/usn/usn-4203-2", + "https://usn.ubuntu.com/usn/usn-4216-1", + "https://usn.ubuntu.com/usn/usn-4216-2", + "https://usn.ubuntu.com/usn/usn-4241-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", + "https://www.mozilla.org/security/advisories/mfsa2019-36/", + "https://www.mozilla.org/security/advisories/mfsa2019-37/", + "https://www.mozilla.org/security/advisories/mfsa2019-38/" + ], + "PublishedDate": "2020-01-08T20:15:00Z", + "LastModifiedDate": "2020-01-16T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2015-2808", + "PkgName": "nss", + "InstalledVersion": "3.44.0-4.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2808", + "Title": "SSL/TLS: \"Invariance Weakness\" vulnerability in RC4 stream cipher", + "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + } + }, + "References": [ + "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", + "http://linux.oracle.com/cve/CVE-2015-2808.html", + "http://linux.oracle.com/errata/ELSA-2015-1526.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html", + "http://marc.info/?l=bugtraq\u0026m=143456209711959\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143629696317098\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144059660127919\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144059703728085\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144104565600964\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2", + "http://rhn.redhat.com/errata/RHSA-2015-1006.html", + "http://rhn.redhat.com/errata/RHSA-2015-1007.html", + "http://rhn.redhat.com/errata/RHSA-2015-1020.html", + "http://rhn.redhat.com/errata/RHSA-2015-1021.html", + "http://rhn.redhat.com/errata/RHSA-2015-1091.html", + "http://rhn.redhat.com/errata/RHSA-2015-1228.html", + "http://rhn.redhat.com/errata/RHSA-2015-1229.html", + "http://rhn.redhat.com/errata/RHSA-2015-1230.html", + "http://rhn.redhat.com/errata/RHSA-2015-1241.html", + "http://rhn.redhat.com/errata/RHSA-2015-1242.html", + "http://rhn.redhat.com/errata/RHSA-2015-1243.html", + "http://rhn.redhat.com/errata/RHSA-2015-1526.html", + "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888", + "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892", + "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", + "http://www-304.ibm.com/support/docview.wss?uid=swg21903565", + "http://www-304.ibm.com/support/docview.wss?uid=swg21960015", + "http://www-304.ibm.com/support/docview.wss?uid=swg21960769", + "http://www.debian.org/security/2015/dsa-3316", + "http://www.debian.org/security/2015/dsa-3339", + "http://www.huawei.com/en/psirt/security-advisories/hw-454055", + "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", + "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", + "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "http://www.securityfocus.com/bid/73684", + "http://www.securityfocus.com/bid/91787", + "http://www.securitytracker.com/id/1032599", + "http://www.securitytracker.com/id/1032600", + "http://www.securitytracker.com/id/1032707", + "http://www.securitytracker.com/id/1032708", + "http://www.securitytracker.com/id/1032734", + "http://www.securitytracker.com/id/1032788", + "http://www.securitytracker.com/id/1032858", + "http://www.securitytracker.com/id/1032868", + "http://www.securitytracker.com/id/1032910", + "http://www.securitytracker.com/id/1032990", + "http://www.securitytracker.com/id/1033071", + "http://www.securitytracker.com/id/1033072", + "http://www.securitytracker.com/id/1033386", + "http://www.securitytracker.com/id/1033415", + "http://www.securitytracker.com/id/1033431", + "http://www.securitytracker.com/id/1033432", + "http://www.securitytracker.com/id/1033737", + "http://www.securitytracker.com/id/1033769", + "http://www.securitytracker.com/id/1036222", + "http://www.ubuntu.com/usn/USN-2696-1", + "http://www.ubuntu.com/usn/USN-2706-1", + "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808", + "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789", + "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650", + "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", + "https://kb.juniper.net/JSA10783", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163", + "https://security.gentoo.org/glsa/201512-10", + "https://usn.ubuntu.com/usn/usn-2696-1", + "https://usn.ubuntu.com/usn/usn-2706-1", + "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709", + "https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf" + ], + "PublishedDate": "2015-04-01T02:00:00Z", + "LastModifiedDate": "2018-01-18T18:18:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2183", + "PkgName": "nss", + "InstalledVersion": "3.44.0-4.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2183", + "Title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)", + "Description": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 4.3, + "V3Score": 3.7 + } + }, + "References": [ + "http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/5d2bb853ae31", + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759", + "http://linux.oracle.com/cve/CVE-2016-2183.html", + "http://linux.oracle.com/errata/ELSA-2018-2123.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", + "http://rhn.redhat.com/errata/RHSA-2017-0336.html", + "http://rhn.redhat.com/errata/RHSA-2017-0337.html", + "http://rhn.redhat.com/errata/RHSA-2017-0338.html", + "http://rhn.redhat.com/errata/RHSA-2017-0462.html", + "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697", + "http://www-01.ibm.com/support/docview.wss?uid=swg21991482", + "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", + "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", + "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", + "http://www.securityfocus.com/bid/92630", + "http://www.securityfocus.com/bid/95568", + "http://www.securitytracker.com/id/1036696", + "http://www.splunk.com/view/SP-CAAAPSV", + "http://www.splunk.com/view/SP-CAAAPUE", + "https://access.redhat.com/articles/2548661", + "https://access.redhat.com/errata/RHSA-2016:1940", + "https://access.redhat.com/errata/RHSA-2017:1216", + "https://access.redhat.com/errata/RHSA-2017:2708", + "https://access.redhat.com/errata/RHSA-2017:2709", + "https://access.redhat.com/errata/RHSA-2017:2710", + "https://access.redhat.com/errata/RHSA-2017:3113", + "https://access.redhat.com/errata/RHSA-2017:3114", + "https://access.redhat.com/errata/RHSA-2017:3239", + "https://access.redhat.com/errata/RHSA-2017:3240", + "https://access.redhat.com/errata/RHSA-2018:2123", + "https://access.redhat.com/errata/RHSA-2019:1245", + "https://access.redhat.com/errata/RHSA-2019:2859", + "https://access.redhat.com/security/cve/cve-2016-2183", + "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/", + "https://bto.bluecoat.com/security-advisory/sa133", + "https://bugzilla.redhat.com/show_bug.cgi?id=1369383", + "https://community.qualys.com/thread/16555", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183", + "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633", + "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03765en_us", + "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849", + "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", + "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171", + "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/", + "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", + "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvb05575", + "https://security-tracker.debian.org/tracker/CVE-2016-2183", + "https://security.gentoo.org/glsa/201612-16", + "https://security.gentoo.org/glsa/201701-65", + "https://security.gentoo.org/glsa/201707-01", + "https://security.netapp.com/advisory/ntap-20160915-0001/", + "https://security.netapp.com/advisory/ntap-20170119-0001/", + "https://sweet32.info/", + "https://twitter.com/symantec/status/768786631159603200", + "https://usn.ubuntu.com/usn/usn-3087-1", + "https://usn.ubuntu.com/usn/usn-3179-1", + "https://usn.ubuntu.com/usn/usn-3194-1", + "https://usn.ubuntu.com/usn/usn-3198-1", + "https://usn.ubuntu.com/usn/usn-3270-1", + "https://usn.ubuntu.com/usn/usn-3372-1", + "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html", + "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008", + "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/", + "https://www.openssl.org/blog/blog/2016/08/24/sweet32/", + "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "https://www.sigsac.org/ccs/CCS2016/accepted-papers/", + "https://www.suse.com/security/cve/CVE-2016-2183.html", + "https://www.tenable.com/security/tns-2016-16", + "https://www.tenable.com/security/tns-2016-20", + "https://www.tenable.com/security/tns-2016-21", + "https://www.tenable.com/security/tns-2017-09", + "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue" + ], + "PublishedDate": "2016-09-01T00:59:00Z", + "LastModifiedDate": "2019-10-25T11:53:00Z" + }, + { + "VulnerabilityID": "CVE-2016-9074", + "PkgName": "nss", + "InstalledVersion": "3.44.0-4.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9074", + "Title": "nss: Insufficient timing side-channel resistance in divSpoiler", + "Description": "An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 4.3, + "V3Score": 3.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/94341", + "http://www.securitytracker.com/id/1037298", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1293334", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", + "https://security.gentoo.org/glsa/201701-15", + "https://security.gentoo.org/glsa/201701-46", + "https://usn.ubuntu.com/usn/usn-3163-1", + "https://www.debian.org/security/2016/dsa-3730", + "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9074", + "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/", + "https://www.mozilla.org/security/advisories/mfsa2016-89/", + "https://www.mozilla.org/security/advisories/mfsa2016-90/", + "https://www.mozilla.org/security/advisories/mfsa2016-93/" + ], + "PublishedDate": "2018-06-11T21:29:00Z", + "LastModifiedDate": "2018-08-09T15:12:00Z" + }, + { + "VulnerabilityID": "CVE-2016-9574", + "PkgName": "nss", + "InstalledVersion": "3.44.0-4.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9574", + "Title": "nss: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA", + "Description": "nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-384" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + } + }, + "References": [ + "https://bugzilla.mozilla.org/show_bug.cgi?id=1320695", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9574", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9574" + ], + "PublishedDate": "2018-07-19T13:29:00Z", + "LastModifiedDate": "2019-10-09T23:20:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18508", + "PkgName": "nss", + "InstalledVersion": "3.44.0-4.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18508", + "Title": "nss: NULL pointer dereference in several CMS functions resulting in a denial of service", + "Description": "No description is available for this CVE.", + "Severity": "MEDIUM", + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-18508.html", + "http://linux.oracle.com/errata/ELSA-2019-1951.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.42.1_release_notes", + "https://usn.ubuntu.com/usn/usn-3898-1", + "https://usn.ubuntu.com/usn/usn-3898-2" + ] + }, + { + "VulnerabilityID": "CVE-2019-11719", + "PkgName": "nss", + "InstalledVersion": "3.44.0-4.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11719", + "Title": "nss: Out-of-bounds read when importing curve25519 private key", + "Description": "When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11719.html", + "http://linux.oracle.com/errata/ELSA-2019-1951.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", + "https://access.redhat.com/errata/RHSA-2019:1951", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1540541", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11719", + "https://usn.ubuntu.com/usn/usn-4054-1", + "https://usn.ubuntu.com/usn/usn-4060-1", + "https://usn.ubuntu.com/usn/usn-4060-2", + "https://usn.ubuntu.com/usn/usn-4064-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11719", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11719", + "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "https://www.mozilla.org/security/advisories/mfsa2019-22/", + "https://www.mozilla.org/security/advisories/mfsa2019-23/" + ], + "PublishedDate": "2019-07-23T14:15:00Z", + "LastModifiedDate": "2019-07-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11729", + "PkgName": "nss", + "InstalledVersion": "3.44.0-4.el7", + "FixedVersion": "3.44.0-7.el7_7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", + "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", + "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11729.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", + "https://access.redhat.com/errata/RHSA-2019:1951", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", + "https://usn.ubuntu.com/usn/usn-4054-1", + "https://usn.ubuntu.com/usn/usn-4060-1", + "https://usn.ubuntu.com/usn/usn-4060-2", + "https://usn.ubuntu.com/usn/usn-4064-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", + "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "https://www.mozilla.org/security/advisories/mfsa2019-22/", + "https://www.mozilla.org/security/advisories/mfsa2019-23/" + ], + "PublishedDate": "2019-07-23T14:15:00Z", + "LastModifiedDate": "2019-07-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11756", + "PkgName": "nss", + "InstalledVersion": "3.44.0-4.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11756", + "Title": "nss: UAF in sftk_FreeSession due to improper refcounting", + "Description": "Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox \u003c 71.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.1 + } + }, + "References": [ + "https://bugzilla.mozilla.org/show_bug.cgi?id=1508776", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11756", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47_release_notes", + "https://usn.ubuntu.com/usn/usn-4216-1", + "https://usn.ubuntu.com/usn/usn-4216-2", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-11756", + "https://www.mozilla.org/security/advisories/mfsa2019-36/" + ], + "PublishedDate": "2020-01-08T20:15:00Z", + "LastModifiedDate": "2020-01-13T18:02:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17006", + "PkgName": "nss", + "InstalledVersion": "3.44.0-4.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17006", + "Title": "nss: Check length of inputs for cryptographic primitives", + "Description": "A vulnerability was discovered in nss where input text length was not checked when using certain cryptographic primitives. This could lead to a heap-buffer overflow resulting in a crash and data leak. The highest threat is to confidentiality and integrity of data as well as system availability.", + "Severity": "MEDIUM", + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes", + "https://hg.mozilla.org/projects/nss/rev/9d1f5e71773d4e3146524096d74cb96c8df51abe", + "https://hg.mozilla.org/projects/nss/rev/dfd6996fe7425eb0437346d11a01082f16fcfe34", + "https://usn.ubuntu.com/usn/usn-4231-1" + ] + }, + { + "VulnerabilityID": "CVE-2019-11727", + "PkgName": "nss", + "InstalledVersion": "3.44.0-4.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11727", + "Title": "nss: PKCS#1 v1.5 signatures can be used for TLS 1.3", + "Description": "A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox \u003c 68.", + "Severity": "LOW", + "CweIDs": [ + "CWE-295" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "V3Score": 3.4 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11727.html", + "http://linux.oracle.com/errata/ELSA-2019-1951.html", + "https://access.redhat.com/errata/RHSA-2019:1951", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1552208", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11727", + "https://usn.ubuntu.com/usn/usn-4054-1", + "https://usn.ubuntu.com/usn/usn-4060-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11727", + "https://www.mozilla.org/security/advisories/mfsa2019-21/" + ], + "PublishedDate": "2019-07-23T14:15:00Z", + "LastModifiedDate": "2019-07-30T23:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17023", + "PkgName": "nss", + "InstalledVersion": "3.44.0-4.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17023", + "Title": "nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state", + "Description": "After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox \u003c 72.", + "Severity": "LOW", + "CweIDs": [ + "CWE-287" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://bugzilla.mozilla.org/show_bug.cgi?id=1590001", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.49_release_notes", + "https://usn.ubuntu.com/4234-1/", + "https://usn.ubuntu.com/usn/usn-4234-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17023", + "https://www.mozilla.org/security/advisories/mfsa2020-01/" + ], + "PublishedDate": "2020-01-08T22:15:00Z", + "LastModifiedDate": "2020-01-13T19:43:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11745", + "PkgName": "nss-softokn", + "InstalledVersion": "3.44.0-5.el7", + "FixedVersion": "3.44.0-8.el7_7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", + "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", + "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11745.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", + "https://usn.ubuntu.com/4241-1/", + "https://usn.ubuntu.com/usn/usn-4203-1", + "https://usn.ubuntu.com/usn/usn-4203-2", + "https://usn.ubuntu.com/usn/usn-4216-1", + "https://usn.ubuntu.com/usn/usn-4216-2", + "https://usn.ubuntu.com/usn/usn-4241-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", + "https://www.mozilla.org/security/advisories/mfsa2019-36/", + "https://www.mozilla.org/security/advisories/mfsa2019-37/", + "https://www.mozilla.org/security/advisories/mfsa2019-38/" + ], + "PublishedDate": "2020-01-08T20:15:00Z", + "LastModifiedDate": "2020-01-16T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2015-2613", + "PkgName": "nss-softokn", + "InstalledVersion": "3.44.0-5.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2613", + "Title": "NSS / JCE: missing EC parameter validation in ECDH_Derive() (OpenJDK JCE, 8075833)", + "Description": "Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + } + }, + "References": [ + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", + "http://rhn.redhat.com/errata/RHSA-2015-1241.html", + "http://rhn.redhat.com/errata/RHSA-2015-1242.html", + "http://rhn.redhat.com/errata/RHSA-2015-1485.html", + "http://rhn.redhat.com/errata/RHSA-2015-1488.html", + "http://www.debian.org/security/2015/dsa-3316", + "http://www.debian.org/security/2015/dsa-3339", + "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA", + "http://www.securityfocus.com/bid/75871", + "http://www.securitytracker.com/id/1032910", + "http://www.ubuntu.com/usn/USN-2696-1", + "http://www.ubuntu.com/usn/USN-2706-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10139", + "https://security.gentoo.org/glsa/201603-11", + "https://security.gentoo.org/glsa/201603-14", + "https://usn.ubuntu.com/usn/usn-2696-1" + ], + "PublishedDate": "2015-07-16T10:59:00Z", + "LastModifiedDate": "2018-01-05T02:30:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7781", + "PkgName": "nss-softokn", + "InstalledVersion": "3.44.0-5.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7781", + "Title": "Mozilla: Elliptic curve point addition error when using mixed Jacobian-affine coordinates (MFSA 2017-18)", + "Description": "An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result \"POINT_AT_INFINITY\" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret. This vulnerability affects Firefox \u003c 55.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "http://www.securityfocus.com/bid/100383", + "http://www.securitytracker.com/id/1039124", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1352039", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7781", + "https://usn.ubuntu.com/usn/usn-3391-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7781", + "https://www.mozilla.org/security/advisories/mfsa2017-18/" + ], + "PublishedDate": "2018-06-11T21:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11729", + "PkgName": "nss-softokn", + "InstalledVersion": "3.44.0-5.el7", + "FixedVersion": "3.44.0-8.el7_7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", + "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", + "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11729.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", + "https://access.redhat.com/errata/RHSA-2019:1951", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", + "https://usn.ubuntu.com/usn/usn-4054-1", + "https://usn.ubuntu.com/usn/usn-4060-1", + "https://usn.ubuntu.com/usn/usn-4060-2", + "https://usn.ubuntu.com/usn/usn-4064-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", + "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "https://www.mozilla.org/security/advisories/mfsa2019-22/", + "https://www.mozilla.org/security/advisories/mfsa2019-23/" + ], + "PublishedDate": "2019-07-23T14:15:00Z", + "LastModifiedDate": "2019-07-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-1938", + "PkgName": "nss-softokn", + "InstalledVersion": "3.44.0-5.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1938", + "Title": "Mozilla NSS: Errors in mp_div and mp_exptmod cryptographic functions", + "Description": "The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.", + "Severity": "LOW", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V2Score": 6.4, + "V3Score": 6.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", + "V2Score": 2.6 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html", + "http://www.debian.org/security/2016/dsa-3688", + "http://www.mozilla.org/security/announce/2016/mfsa2016-07.html", + "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "http://www.securityfocus.com/bid/81955", + "http://www.securityfocus.com/bid/91787", + "http://www.securitytracker.com/id/1034825", + "http://www.ubuntu.com/usn/USN-2880-1", + "http://www.ubuntu.com/usn/USN-2880-2", + "http://www.ubuntu.com/usn/USN-2903-1", + "http://www.ubuntu.com/usn/USN-2903-2", + "http://www.ubuntu.com/usn/USN-2973-1", + "https://blog.fuzzing-project.org/37-Mozilla-NSS-Wrong-calculation-results-in-mp_div-and-mp_exptmod.html", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1190248", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1194947", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1938", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes", + "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_div.c", + "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_exptmod.c", + "https://hg.mozilla.org/projects/nss/diff/a555bf0fc23a/lib/freebl/mpi/mpi.c", + "https://security.gentoo.org/glsa/201605-06", + "https://security.gentoo.org/glsa/201701-46", + "https://usn.ubuntu.com/usn/usn-2880-1", + "https://usn.ubuntu.com/usn/usn-2903-1", + "https://usn.ubuntu.com/usn/usn-2973-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2016-07/" + ], + "PublishedDate": "2016-01-31T18:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11745", + "PkgName": "nss-softokn-freebl", + "InstalledVersion": "3.44.0-5.el7", + "FixedVersion": "3.44.0-8.el7_7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", + "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", + "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11745.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", + "https://usn.ubuntu.com/4241-1/", + "https://usn.ubuntu.com/usn/usn-4203-1", + "https://usn.ubuntu.com/usn/usn-4203-2", + "https://usn.ubuntu.com/usn/usn-4216-1", + "https://usn.ubuntu.com/usn/usn-4216-2", + "https://usn.ubuntu.com/usn/usn-4241-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", + "https://www.mozilla.org/security/advisories/mfsa2019-36/", + "https://www.mozilla.org/security/advisories/mfsa2019-37/", + "https://www.mozilla.org/security/advisories/mfsa2019-38/" + ], + "PublishedDate": "2020-01-08T20:15:00Z", + "LastModifiedDate": "2020-01-16T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2015-2613", + "PkgName": "nss-softokn-freebl", + "InstalledVersion": "3.44.0-5.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2613", + "Title": "NSS / JCE: missing EC parameter validation in ECDH_Derive() (OpenJDK JCE, 8075833)", + "Description": "Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + } + }, + "References": [ + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", + "http://rhn.redhat.com/errata/RHSA-2015-1241.html", + "http://rhn.redhat.com/errata/RHSA-2015-1242.html", + "http://rhn.redhat.com/errata/RHSA-2015-1485.html", + "http://rhn.redhat.com/errata/RHSA-2015-1488.html", + "http://www.debian.org/security/2015/dsa-3316", + "http://www.debian.org/security/2015/dsa-3339", + "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA", + "http://www.securityfocus.com/bid/75871", + "http://www.securitytracker.com/id/1032910", + "http://www.ubuntu.com/usn/USN-2696-1", + "http://www.ubuntu.com/usn/USN-2706-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10139", + "https://security.gentoo.org/glsa/201603-11", + "https://security.gentoo.org/glsa/201603-14", + "https://usn.ubuntu.com/usn/usn-2696-1" + ], + "PublishedDate": "2015-07-16T10:59:00Z", + "LastModifiedDate": "2018-01-05T02:30:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7781", + "PkgName": "nss-softokn-freebl", + "InstalledVersion": "3.44.0-5.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7781", + "Title": "Mozilla: Elliptic curve point addition error when using mixed Jacobian-affine coordinates (MFSA 2017-18)", + "Description": "An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result \"POINT_AT_INFINITY\" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret. This vulnerability affects Firefox \u003c 55.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "http://www.securityfocus.com/bid/100383", + "http://www.securitytracker.com/id/1039124", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1352039", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7781", + "https://usn.ubuntu.com/usn/usn-3391-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7781", + "https://www.mozilla.org/security/advisories/mfsa2017-18/" + ], + "PublishedDate": "2018-06-11T21:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11729", + "PkgName": "nss-softokn-freebl", + "InstalledVersion": "3.44.0-5.el7", + "FixedVersion": "3.44.0-8.el7_7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", + "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", + "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11729.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", + "https://access.redhat.com/errata/RHSA-2019:1951", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", + "https://usn.ubuntu.com/usn/usn-4054-1", + "https://usn.ubuntu.com/usn/usn-4060-1", + "https://usn.ubuntu.com/usn/usn-4060-2", + "https://usn.ubuntu.com/usn/usn-4064-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", + "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "https://www.mozilla.org/security/advisories/mfsa2019-22/", + "https://www.mozilla.org/security/advisories/mfsa2019-23/" + ], + "PublishedDate": "2019-07-23T14:15:00Z", + "LastModifiedDate": "2019-07-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-1938", + "PkgName": "nss-softokn-freebl", + "InstalledVersion": "3.44.0-5.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1938", + "Title": "Mozilla NSS: Errors in mp_div and mp_exptmod cryptographic functions", + "Description": "The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.", + "Severity": "LOW", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V2Score": 6.4, + "V3Score": 6.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", + "V2Score": 2.6 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html", + "http://www.debian.org/security/2016/dsa-3688", + "http://www.mozilla.org/security/announce/2016/mfsa2016-07.html", + "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "http://www.securityfocus.com/bid/81955", + "http://www.securityfocus.com/bid/91787", + "http://www.securitytracker.com/id/1034825", + "http://www.ubuntu.com/usn/USN-2880-1", + "http://www.ubuntu.com/usn/USN-2880-2", + "http://www.ubuntu.com/usn/USN-2903-1", + "http://www.ubuntu.com/usn/USN-2903-2", + "http://www.ubuntu.com/usn/USN-2973-1", + "https://blog.fuzzing-project.org/37-Mozilla-NSS-Wrong-calculation-results-in-mp_div-and-mp_exptmod.html", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1190248", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1194947", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1938", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes", + "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_div.c", + "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_exptmod.c", + "https://hg.mozilla.org/projects/nss/diff/a555bf0fc23a/lib/freebl/mpi/mpi.c", + "https://security.gentoo.org/glsa/201605-06", + "https://security.gentoo.org/glsa/201701-46", + "https://usn.ubuntu.com/usn/usn-2880-1", + "https://usn.ubuntu.com/usn/usn-2903-1", + "https://usn.ubuntu.com/usn/usn-2973-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2016-07/" + ], + "PublishedDate": "2016-01-31T18:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11745", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.44.0-4.el7", + "FixedVersion": "3.44.0-7.el7_7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", + "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", + "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11745.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", + "https://usn.ubuntu.com/4241-1/", + "https://usn.ubuntu.com/usn/usn-4203-1", + "https://usn.ubuntu.com/usn/usn-4203-2", + "https://usn.ubuntu.com/usn/usn-4216-1", + "https://usn.ubuntu.com/usn/usn-4216-2", + "https://usn.ubuntu.com/usn/usn-4241-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", + "https://www.mozilla.org/security/advisories/mfsa2019-36/", + "https://www.mozilla.org/security/advisories/mfsa2019-37/", + "https://www.mozilla.org/security/advisories/mfsa2019-38/" + ], + "PublishedDate": "2020-01-08T20:15:00Z", + "LastModifiedDate": "2020-01-16T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2015-2808", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.44.0-4.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2808", + "Title": "SSL/TLS: \"Invariance Weakness\" vulnerability in RC4 stream cipher", + "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + } + }, + "References": [ + "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", + "http://linux.oracle.com/cve/CVE-2015-2808.html", + "http://linux.oracle.com/errata/ELSA-2015-1526.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html", + "http://marc.info/?l=bugtraq\u0026m=143456209711959\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143629696317098\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144059660127919\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144059703728085\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144104565600964\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2", + "http://rhn.redhat.com/errata/RHSA-2015-1006.html", + "http://rhn.redhat.com/errata/RHSA-2015-1007.html", + "http://rhn.redhat.com/errata/RHSA-2015-1020.html", + "http://rhn.redhat.com/errata/RHSA-2015-1021.html", + "http://rhn.redhat.com/errata/RHSA-2015-1091.html", + "http://rhn.redhat.com/errata/RHSA-2015-1228.html", + "http://rhn.redhat.com/errata/RHSA-2015-1229.html", + "http://rhn.redhat.com/errata/RHSA-2015-1230.html", + "http://rhn.redhat.com/errata/RHSA-2015-1241.html", + "http://rhn.redhat.com/errata/RHSA-2015-1242.html", + "http://rhn.redhat.com/errata/RHSA-2015-1243.html", + "http://rhn.redhat.com/errata/RHSA-2015-1526.html", + "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888", + "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892", + "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", + "http://www-304.ibm.com/support/docview.wss?uid=swg21903565", + "http://www-304.ibm.com/support/docview.wss?uid=swg21960015", + "http://www-304.ibm.com/support/docview.wss?uid=swg21960769", + "http://www.debian.org/security/2015/dsa-3316", + "http://www.debian.org/security/2015/dsa-3339", + "http://www.huawei.com/en/psirt/security-advisories/hw-454055", + "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", + "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", + "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "http://www.securityfocus.com/bid/73684", + "http://www.securityfocus.com/bid/91787", + "http://www.securitytracker.com/id/1032599", + "http://www.securitytracker.com/id/1032600", + "http://www.securitytracker.com/id/1032707", + "http://www.securitytracker.com/id/1032708", + "http://www.securitytracker.com/id/1032734", + "http://www.securitytracker.com/id/1032788", + "http://www.securitytracker.com/id/1032858", + "http://www.securitytracker.com/id/1032868", + "http://www.securitytracker.com/id/1032910", + "http://www.securitytracker.com/id/1032990", + "http://www.securitytracker.com/id/1033071", + "http://www.securitytracker.com/id/1033072", + "http://www.securitytracker.com/id/1033386", + "http://www.securitytracker.com/id/1033415", + "http://www.securitytracker.com/id/1033431", + "http://www.securitytracker.com/id/1033432", + "http://www.securitytracker.com/id/1033737", + "http://www.securitytracker.com/id/1033769", + "http://www.securitytracker.com/id/1036222", + "http://www.ubuntu.com/usn/USN-2696-1", + "http://www.ubuntu.com/usn/USN-2706-1", + "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808", + "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789", + "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650", + "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", + "https://kb.juniper.net/JSA10783", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163", + "https://security.gentoo.org/glsa/201512-10", + "https://usn.ubuntu.com/usn/usn-2696-1", + "https://usn.ubuntu.com/usn/usn-2706-1", + "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709", + "https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf" + ], + "PublishedDate": "2015-04-01T02:00:00Z", + "LastModifiedDate": "2018-01-18T18:18:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2183", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.44.0-4.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2183", + "Title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)", + "Description": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 4.3, + "V3Score": 3.7 + } + }, + "References": [ + "http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/5d2bb853ae31", + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759", + "http://linux.oracle.com/cve/CVE-2016-2183.html", + "http://linux.oracle.com/errata/ELSA-2018-2123.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", + "http://rhn.redhat.com/errata/RHSA-2017-0336.html", + "http://rhn.redhat.com/errata/RHSA-2017-0337.html", + "http://rhn.redhat.com/errata/RHSA-2017-0338.html", + "http://rhn.redhat.com/errata/RHSA-2017-0462.html", + "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697", + "http://www-01.ibm.com/support/docview.wss?uid=swg21991482", + "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", + "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", + "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", + "http://www.securityfocus.com/bid/92630", + "http://www.securityfocus.com/bid/95568", + "http://www.securitytracker.com/id/1036696", + "http://www.splunk.com/view/SP-CAAAPSV", + "http://www.splunk.com/view/SP-CAAAPUE", + "https://access.redhat.com/articles/2548661", + "https://access.redhat.com/errata/RHSA-2016:1940", + "https://access.redhat.com/errata/RHSA-2017:1216", + "https://access.redhat.com/errata/RHSA-2017:2708", + "https://access.redhat.com/errata/RHSA-2017:2709", + "https://access.redhat.com/errata/RHSA-2017:2710", + "https://access.redhat.com/errata/RHSA-2017:3113", + "https://access.redhat.com/errata/RHSA-2017:3114", + "https://access.redhat.com/errata/RHSA-2017:3239", + "https://access.redhat.com/errata/RHSA-2017:3240", + "https://access.redhat.com/errata/RHSA-2018:2123", + "https://access.redhat.com/errata/RHSA-2019:1245", + "https://access.redhat.com/errata/RHSA-2019:2859", + "https://access.redhat.com/security/cve/cve-2016-2183", + "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/", + "https://bto.bluecoat.com/security-advisory/sa133", + "https://bugzilla.redhat.com/show_bug.cgi?id=1369383", + "https://community.qualys.com/thread/16555", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183", + "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633", + "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03765en_us", + "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849", + "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", + "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171", + "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/", + "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", + "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvb05575", + "https://security-tracker.debian.org/tracker/CVE-2016-2183", + "https://security.gentoo.org/glsa/201612-16", + "https://security.gentoo.org/glsa/201701-65", + "https://security.gentoo.org/glsa/201707-01", + "https://security.netapp.com/advisory/ntap-20160915-0001/", + "https://security.netapp.com/advisory/ntap-20170119-0001/", + "https://sweet32.info/", + "https://twitter.com/symantec/status/768786631159603200", + "https://usn.ubuntu.com/usn/usn-3087-1", + "https://usn.ubuntu.com/usn/usn-3179-1", + "https://usn.ubuntu.com/usn/usn-3194-1", + "https://usn.ubuntu.com/usn/usn-3198-1", + "https://usn.ubuntu.com/usn/usn-3270-1", + "https://usn.ubuntu.com/usn/usn-3372-1", + "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html", + "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008", + "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/", + "https://www.openssl.org/blog/blog/2016/08/24/sweet32/", + "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "https://www.sigsac.org/ccs/CCS2016/accepted-papers/", + "https://www.suse.com/security/cve/CVE-2016-2183.html", + "https://www.tenable.com/security/tns-2016-16", + "https://www.tenable.com/security/tns-2016-20", + "https://www.tenable.com/security/tns-2016-21", + "https://www.tenable.com/security/tns-2017-09", + "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue" + ], + "PublishedDate": "2016-09-01T00:59:00Z", + "LastModifiedDate": "2019-10-25T11:53:00Z" + }, + { + "VulnerabilityID": "CVE-2016-9074", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.44.0-4.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9074", + "Title": "nss: Insufficient timing side-channel resistance in divSpoiler", + "Description": "An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 4.3, + "V3Score": 3.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/94341", + "http://www.securitytracker.com/id/1037298", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1293334", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", + "https://security.gentoo.org/glsa/201701-15", + "https://security.gentoo.org/glsa/201701-46", + "https://usn.ubuntu.com/usn/usn-3163-1", + "https://www.debian.org/security/2016/dsa-3730", + "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9074", + "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/", + "https://www.mozilla.org/security/advisories/mfsa2016-89/", + "https://www.mozilla.org/security/advisories/mfsa2016-90/", + "https://www.mozilla.org/security/advisories/mfsa2016-93/" + ], + "PublishedDate": "2018-06-11T21:29:00Z", + "LastModifiedDate": "2018-08-09T15:12:00Z" + }, + { + "VulnerabilityID": "CVE-2016-9574", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.44.0-4.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9574", + "Title": "nss: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA", + "Description": "nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-384" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + } + }, + "References": [ + "https://bugzilla.mozilla.org/show_bug.cgi?id=1320695", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9574", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9574" + ], + "PublishedDate": "2018-07-19T13:29:00Z", + "LastModifiedDate": "2019-10-09T23:20:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18508", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.44.0-4.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18508", + "Title": "nss: NULL pointer dereference in several CMS functions resulting in a denial of service", + "Description": "No description is available for this CVE.", + "Severity": "MEDIUM", + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-18508.html", + "http://linux.oracle.com/errata/ELSA-2019-1951.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.42.1_release_notes", + "https://usn.ubuntu.com/usn/usn-3898-1", + "https://usn.ubuntu.com/usn/usn-3898-2" + ] + }, + { + "VulnerabilityID": "CVE-2019-11719", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.44.0-4.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11719", + "Title": "nss: Out-of-bounds read when importing curve25519 private key", + "Description": "When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11719.html", + "http://linux.oracle.com/errata/ELSA-2019-1951.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", + "https://access.redhat.com/errata/RHSA-2019:1951", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1540541", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11719", + "https://usn.ubuntu.com/usn/usn-4054-1", + "https://usn.ubuntu.com/usn/usn-4060-1", + "https://usn.ubuntu.com/usn/usn-4060-2", + "https://usn.ubuntu.com/usn/usn-4064-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11719", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11719", + "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "https://www.mozilla.org/security/advisories/mfsa2019-22/", + "https://www.mozilla.org/security/advisories/mfsa2019-23/" + ], + "PublishedDate": "2019-07-23T14:15:00Z", + "LastModifiedDate": "2019-07-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11729", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.44.0-4.el7", + "FixedVersion": "3.44.0-7.el7_7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", + "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", + "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11729.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", + "https://access.redhat.com/errata/RHSA-2019:1951", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", + "https://usn.ubuntu.com/usn/usn-4054-1", + "https://usn.ubuntu.com/usn/usn-4060-1", + "https://usn.ubuntu.com/usn/usn-4060-2", + "https://usn.ubuntu.com/usn/usn-4064-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", + "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "https://www.mozilla.org/security/advisories/mfsa2019-22/", + "https://www.mozilla.org/security/advisories/mfsa2019-23/" + ], + "PublishedDate": "2019-07-23T14:15:00Z", + "LastModifiedDate": "2019-07-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11756", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.44.0-4.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11756", + "Title": "nss: UAF in sftk_FreeSession due to improper refcounting", + "Description": "Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox \u003c 71.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.1 + } + }, + "References": [ + "https://bugzilla.mozilla.org/show_bug.cgi?id=1508776", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11756", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47_release_notes", + "https://usn.ubuntu.com/usn/usn-4216-1", + "https://usn.ubuntu.com/usn/usn-4216-2", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-11756", + "https://www.mozilla.org/security/advisories/mfsa2019-36/" + ], + "PublishedDate": "2020-01-08T20:15:00Z", + "LastModifiedDate": "2020-01-13T18:02:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17006", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.44.0-4.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17006", + "Title": "nss: Check length of inputs for cryptographic primitives", + "Description": "A vulnerability was discovered in nss where input text length was not checked when using certain cryptographic primitives. This could lead to a heap-buffer overflow resulting in a crash and data leak. The highest threat is to confidentiality and integrity of data as well as system availability.", + "Severity": "MEDIUM", + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes", + "https://hg.mozilla.org/projects/nss/rev/9d1f5e71773d4e3146524096d74cb96c8df51abe", + "https://hg.mozilla.org/projects/nss/rev/dfd6996fe7425eb0437346d11a01082f16fcfe34", + "https://usn.ubuntu.com/usn/usn-4231-1" + ] + }, + { + "VulnerabilityID": "CVE-2019-11727", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.44.0-4.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11727", + "Title": "nss: PKCS#1 v1.5 signatures can be used for TLS 1.3", + "Description": "A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox \u003c 68.", + "Severity": "LOW", + "CweIDs": [ + "CWE-295" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "V3Score": 3.4 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11727.html", + "http://linux.oracle.com/errata/ELSA-2019-1951.html", + "https://access.redhat.com/errata/RHSA-2019:1951", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1552208", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11727", + "https://usn.ubuntu.com/usn/usn-4054-1", + "https://usn.ubuntu.com/usn/usn-4060-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11727", + "https://www.mozilla.org/security/advisories/mfsa2019-21/" + ], + "PublishedDate": "2019-07-23T14:15:00Z", + "LastModifiedDate": "2019-07-30T23:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17023", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.44.0-4.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17023", + "Title": "nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state", + "Description": "After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox \u003c 72.", + "Severity": "LOW", + "CweIDs": [ + "CWE-287" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://bugzilla.mozilla.org/show_bug.cgi?id=1590001", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.49_release_notes", + "https://usn.ubuntu.com/4234-1/", + "https://usn.ubuntu.com/usn/usn-4234-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17023", + "https://www.mozilla.org/security/advisories/mfsa2020-01/" + ], + "PublishedDate": "2020-01-08T22:15:00Z", + "LastModifiedDate": "2020-01-13T19:43:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11745", + "PkgName": "nss-tools", + "InstalledVersion": "3.44.0-4.el7", + "FixedVersion": "3.44.0-7.el7_7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", + "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", + "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11745.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", + "https://usn.ubuntu.com/4241-1/", + "https://usn.ubuntu.com/usn/usn-4203-1", + "https://usn.ubuntu.com/usn/usn-4203-2", + "https://usn.ubuntu.com/usn/usn-4216-1", + "https://usn.ubuntu.com/usn/usn-4216-2", + "https://usn.ubuntu.com/usn/usn-4241-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", + "https://www.mozilla.org/security/advisories/mfsa2019-36/", + "https://www.mozilla.org/security/advisories/mfsa2019-37/", + "https://www.mozilla.org/security/advisories/mfsa2019-38/" + ], + "PublishedDate": "2020-01-08T20:15:00Z", + "LastModifiedDate": "2020-01-16T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2015-2808", + "PkgName": "nss-tools", + "InstalledVersion": "3.44.0-4.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2808", + "Title": "SSL/TLS: \"Invariance Weakness\" vulnerability in RC4 stream cipher", + "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + } + }, + "References": [ + "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", + "http://linux.oracle.com/cve/CVE-2015-2808.html", + "http://linux.oracle.com/errata/ELSA-2015-1526.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html", + "http://marc.info/?l=bugtraq\u0026m=143456209711959\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143629696317098\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144059660127919\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144059703728085\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144104565600964\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2", + "http://rhn.redhat.com/errata/RHSA-2015-1006.html", + "http://rhn.redhat.com/errata/RHSA-2015-1007.html", + "http://rhn.redhat.com/errata/RHSA-2015-1020.html", + "http://rhn.redhat.com/errata/RHSA-2015-1021.html", + "http://rhn.redhat.com/errata/RHSA-2015-1091.html", + "http://rhn.redhat.com/errata/RHSA-2015-1228.html", + "http://rhn.redhat.com/errata/RHSA-2015-1229.html", + "http://rhn.redhat.com/errata/RHSA-2015-1230.html", + "http://rhn.redhat.com/errata/RHSA-2015-1241.html", + "http://rhn.redhat.com/errata/RHSA-2015-1242.html", + "http://rhn.redhat.com/errata/RHSA-2015-1243.html", + "http://rhn.redhat.com/errata/RHSA-2015-1526.html", + "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888", + "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892", + "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", + "http://www-304.ibm.com/support/docview.wss?uid=swg21903565", + "http://www-304.ibm.com/support/docview.wss?uid=swg21960015", + "http://www-304.ibm.com/support/docview.wss?uid=swg21960769", + "http://www.debian.org/security/2015/dsa-3316", + "http://www.debian.org/security/2015/dsa-3339", + "http://www.huawei.com/en/psirt/security-advisories/hw-454055", + "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", + "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", + "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "http://www.securityfocus.com/bid/73684", + "http://www.securityfocus.com/bid/91787", + "http://www.securitytracker.com/id/1032599", + "http://www.securitytracker.com/id/1032600", + "http://www.securitytracker.com/id/1032707", + "http://www.securitytracker.com/id/1032708", + "http://www.securitytracker.com/id/1032734", + "http://www.securitytracker.com/id/1032788", + "http://www.securitytracker.com/id/1032858", + "http://www.securitytracker.com/id/1032868", + "http://www.securitytracker.com/id/1032910", + "http://www.securitytracker.com/id/1032990", + "http://www.securitytracker.com/id/1033071", + "http://www.securitytracker.com/id/1033072", + "http://www.securitytracker.com/id/1033386", + "http://www.securitytracker.com/id/1033415", + "http://www.securitytracker.com/id/1033431", + "http://www.securitytracker.com/id/1033432", + "http://www.securitytracker.com/id/1033737", + "http://www.securitytracker.com/id/1033769", + "http://www.securitytracker.com/id/1036222", + "http://www.ubuntu.com/usn/USN-2696-1", + "http://www.ubuntu.com/usn/USN-2706-1", + "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808", + "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789", + "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650", + "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", + "https://kb.juniper.net/JSA10783", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163", + "https://security.gentoo.org/glsa/201512-10", + "https://usn.ubuntu.com/usn/usn-2696-1", + "https://usn.ubuntu.com/usn/usn-2706-1", + "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709", + "https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf" + ], + "PublishedDate": "2015-04-01T02:00:00Z", + "LastModifiedDate": "2018-01-18T18:18:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2183", + "PkgName": "nss-tools", + "InstalledVersion": "3.44.0-4.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2183", + "Title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)", + "Description": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 4.3, + "V3Score": 3.7 + } + }, + "References": [ + "http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/5d2bb853ae31", + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759", + "http://linux.oracle.com/cve/CVE-2016-2183.html", + "http://linux.oracle.com/errata/ELSA-2018-2123.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", + "http://rhn.redhat.com/errata/RHSA-2017-0336.html", + "http://rhn.redhat.com/errata/RHSA-2017-0337.html", + "http://rhn.redhat.com/errata/RHSA-2017-0338.html", + "http://rhn.redhat.com/errata/RHSA-2017-0462.html", + "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697", + "http://www-01.ibm.com/support/docview.wss?uid=swg21991482", + "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", + "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", + "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", + "http://www.securityfocus.com/bid/92630", + "http://www.securityfocus.com/bid/95568", + "http://www.securitytracker.com/id/1036696", + "http://www.splunk.com/view/SP-CAAAPSV", + "http://www.splunk.com/view/SP-CAAAPUE", + "https://access.redhat.com/articles/2548661", + "https://access.redhat.com/errata/RHSA-2016:1940", + "https://access.redhat.com/errata/RHSA-2017:1216", + "https://access.redhat.com/errata/RHSA-2017:2708", + "https://access.redhat.com/errata/RHSA-2017:2709", + "https://access.redhat.com/errata/RHSA-2017:2710", + "https://access.redhat.com/errata/RHSA-2017:3113", + "https://access.redhat.com/errata/RHSA-2017:3114", + "https://access.redhat.com/errata/RHSA-2017:3239", + "https://access.redhat.com/errata/RHSA-2017:3240", + "https://access.redhat.com/errata/RHSA-2018:2123", + "https://access.redhat.com/errata/RHSA-2019:1245", + "https://access.redhat.com/errata/RHSA-2019:2859", + "https://access.redhat.com/security/cve/cve-2016-2183", + "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/", + "https://bto.bluecoat.com/security-advisory/sa133", + "https://bugzilla.redhat.com/show_bug.cgi?id=1369383", + "https://community.qualys.com/thread/16555", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183", + "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633", + "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03765en_us", + "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849", + "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", + "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171", + "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/", + "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", + "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvb05575", + "https://security-tracker.debian.org/tracker/CVE-2016-2183", + "https://security.gentoo.org/glsa/201612-16", + "https://security.gentoo.org/glsa/201701-65", + "https://security.gentoo.org/glsa/201707-01", + "https://security.netapp.com/advisory/ntap-20160915-0001/", + "https://security.netapp.com/advisory/ntap-20170119-0001/", + "https://sweet32.info/", + "https://twitter.com/symantec/status/768786631159603200", + "https://usn.ubuntu.com/usn/usn-3087-1", + "https://usn.ubuntu.com/usn/usn-3179-1", + "https://usn.ubuntu.com/usn/usn-3194-1", + "https://usn.ubuntu.com/usn/usn-3198-1", + "https://usn.ubuntu.com/usn/usn-3270-1", + "https://usn.ubuntu.com/usn/usn-3372-1", + "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html", + "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008", + "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/", + "https://www.openssl.org/blog/blog/2016/08/24/sweet32/", + "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "https://www.sigsac.org/ccs/CCS2016/accepted-papers/", + "https://www.suse.com/security/cve/CVE-2016-2183.html", + "https://www.tenable.com/security/tns-2016-16", + "https://www.tenable.com/security/tns-2016-20", + "https://www.tenable.com/security/tns-2016-21", + "https://www.tenable.com/security/tns-2017-09", + "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue" + ], + "PublishedDate": "2016-09-01T00:59:00Z", + "LastModifiedDate": "2019-10-25T11:53:00Z" + }, + { + "VulnerabilityID": "CVE-2016-9074", + "PkgName": "nss-tools", + "InstalledVersion": "3.44.0-4.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9074", + "Title": "nss: Insufficient timing side-channel resistance in divSpoiler", + "Description": "An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 4.3, + "V3Score": 3.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/94341", + "http://www.securitytracker.com/id/1037298", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1293334", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", + "https://security.gentoo.org/glsa/201701-15", + "https://security.gentoo.org/glsa/201701-46", + "https://usn.ubuntu.com/usn/usn-3163-1", + "https://www.debian.org/security/2016/dsa-3730", + "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9074", + "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/", + "https://www.mozilla.org/security/advisories/mfsa2016-89/", + "https://www.mozilla.org/security/advisories/mfsa2016-90/", + "https://www.mozilla.org/security/advisories/mfsa2016-93/" + ], + "PublishedDate": "2018-06-11T21:29:00Z", + "LastModifiedDate": "2018-08-09T15:12:00Z" + }, + { + "VulnerabilityID": "CVE-2016-9574", + "PkgName": "nss-tools", + "InstalledVersion": "3.44.0-4.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9574", + "Title": "nss: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA", + "Description": "nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-384" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + } + }, + "References": [ + "https://bugzilla.mozilla.org/show_bug.cgi?id=1320695", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9574", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9574" + ], + "PublishedDate": "2018-07-19T13:29:00Z", + "LastModifiedDate": "2019-10-09T23:20:00Z" + }, + { + "VulnerabilityID": "CVE-2018-18508", + "PkgName": "nss-tools", + "InstalledVersion": "3.44.0-4.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18508", + "Title": "nss: NULL pointer dereference in several CMS functions resulting in a denial of service", + "Description": "No description is available for this CVE.", + "Severity": "MEDIUM", + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-18508.html", + "http://linux.oracle.com/errata/ELSA-2019-1951.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.42.1_release_notes", + "https://usn.ubuntu.com/usn/usn-3898-1", + "https://usn.ubuntu.com/usn/usn-3898-2" + ] + }, + { + "VulnerabilityID": "CVE-2019-11719", + "PkgName": "nss-tools", + "InstalledVersion": "3.44.0-4.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11719", + "Title": "nss: Out-of-bounds read when importing curve25519 private key", + "Description": "When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11719.html", + "http://linux.oracle.com/errata/ELSA-2019-1951.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", + "https://access.redhat.com/errata/RHSA-2019:1951", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1540541", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11719", + "https://usn.ubuntu.com/usn/usn-4054-1", + "https://usn.ubuntu.com/usn/usn-4060-1", + "https://usn.ubuntu.com/usn/usn-4060-2", + "https://usn.ubuntu.com/usn/usn-4064-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11719", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11719", + "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "https://www.mozilla.org/security/advisories/mfsa2019-22/", + "https://www.mozilla.org/security/advisories/mfsa2019-23/" + ], + "PublishedDate": "2019-07-23T14:15:00Z", + "LastModifiedDate": "2019-07-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11729", + "PkgName": "nss-tools", + "InstalledVersion": "3.44.0-4.el7", + "FixedVersion": "3.44.0-7.el7_7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", + "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", + "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11729.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", + "https://access.redhat.com/errata/RHSA-2019:1951", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", + "https://usn.ubuntu.com/usn/usn-4054-1", + "https://usn.ubuntu.com/usn/usn-4060-1", + "https://usn.ubuntu.com/usn/usn-4060-2", + "https://usn.ubuntu.com/usn/usn-4064-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", + "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "https://www.mozilla.org/security/advisories/mfsa2019-22/", + "https://www.mozilla.org/security/advisories/mfsa2019-23/" + ], + "PublishedDate": "2019-07-23T14:15:00Z", + "LastModifiedDate": "2019-07-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11756", + "PkgName": "nss-tools", + "InstalledVersion": "3.44.0-4.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11756", + "Title": "nss: UAF in sftk_FreeSession due to improper refcounting", + "Description": "Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox \u003c 71.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.1 + } + }, + "References": [ + "https://bugzilla.mozilla.org/show_bug.cgi?id=1508776", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11756", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47_release_notes", + "https://usn.ubuntu.com/usn/usn-4216-1", + "https://usn.ubuntu.com/usn/usn-4216-2", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-11756", + "https://www.mozilla.org/security/advisories/mfsa2019-36/" + ], + "PublishedDate": "2020-01-08T20:15:00Z", + "LastModifiedDate": "2020-01-13T18:02:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17006", + "PkgName": "nss-tools", + "InstalledVersion": "3.44.0-4.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17006", + "Title": "nss: Check length of inputs for cryptographic primitives", + "Description": "A vulnerability was discovered in nss where input text length was not checked when using certain cryptographic primitives. This could lead to a heap-buffer overflow resulting in a crash and data leak. The highest threat is to confidentiality and integrity of data as well as system availability.", + "Severity": "MEDIUM", + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes", + "https://hg.mozilla.org/projects/nss/rev/9d1f5e71773d4e3146524096d74cb96c8df51abe", + "https://hg.mozilla.org/projects/nss/rev/dfd6996fe7425eb0437346d11a01082f16fcfe34", + "https://usn.ubuntu.com/usn/usn-4231-1" + ] + }, + { + "VulnerabilityID": "CVE-2019-11727", + "PkgName": "nss-tools", + "InstalledVersion": "3.44.0-4.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11727", + "Title": "nss: PKCS#1 v1.5 signatures can be used for TLS 1.3", + "Description": "A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox \u003c 68.", + "Severity": "LOW", + "CweIDs": [ + "CWE-295" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "V3Score": 3.4 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11727.html", + "http://linux.oracle.com/errata/ELSA-2019-1951.html", + "https://access.redhat.com/errata/RHSA-2019:1951", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1552208", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11727", + "https://usn.ubuntu.com/usn/usn-4054-1", + "https://usn.ubuntu.com/usn/usn-4060-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11727", + "https://www.mozilla.org/security/advisories/mfsa2019-21/" + ], + "PublishedDate": "2019-07-23T14:15:00Z", + "LastModifiedDate": "2019-07-30T23:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17023", + "PkgName": "nss-tools", + "InstalledVersion": "3.44.0-4.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17023", + "Title": "nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state", + "Description": "After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox \u003c 72.", + "Severity": "LOW", + "CweIDs": [ + "CWE-287" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://bugzilla.mozilla.org/show_bug.cgi?id=1590001", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.49_release_notes", + "https://usn.ubuntu.com/4234-1/", + "https://usn.ubuntu.com/usn/usn-4234-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17023", + "https://www.mozilla.org/security/advisories/mfsa2020-01/" + ], + "PublishedDate": "2020-01-08T22:15:00Z", + "LastModifiedDate": "2020-01-13T19:43:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11745", + "PkgName": "nss-util", + "InstalledVersion": "3.44.0-3.el7", + "FixedVersion": "3.44.0-4.el7_7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", + "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", + "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11745.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", + "https://usn.ubuntu.com/4241-1/", + "https://usn.ubuntu.com/usn/usn-4203-1", + "https://usn.ubuntu.com/usn/usn-4203-2", + "https://usn.ubuntu.com/usn/usn-4216-1", + "https://usn.ubuntu.com/usn/usn-4216-2", + "https://usn.ubuntu.com/usn/usn-4241-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", + "https://www.mozilla.org/security/advisories/mfsa2019-36/", + "https://www.mozilla.org/security/advisories/mfsa2019-37/", + "https://www.mozilla.org/security/advisories/mfsa2019-38/" + ], + "PublishedDate": "2020-01-08T20:15:00Z", + "LastModifiedDate": "2020-01-16T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11729", + "PkgName": "nss-util", + "InstalledVersion": "3.44.0-3.el7", + "FixedVersion": "3.44.0-4.el7_7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", + "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", + "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-11729.html", + "http://linux.oracle.com/errata/ELSA-2019-4190.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", + "https://access.redhat.com/errata/RHSA-2019:1951", + "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", + "https://usn.ubuntu.com/usn/usn-4054-1", + "https://usn.ubuntu.com/usn/usn-4060-1", + "https://usn.ubuntu.com/usn/usn-4060-2", + "https://usn.ubuntu.com/usn/usn-4064-1", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", + "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", + "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "https://www.mozilla.org/security/advisories/mfsa2019-22/", + "https://www.mozilla.org/security/advisories/mfsa2019-23/" + ], + "PublishedDate": "2019-07-23T14:15:00Z", + "LastModifiedDate": "2019-07-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2015-1546", + "PkgName": "openldap", + "InstalledVersion": "2.4.44-21.el7_6", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1546", + "Title": "openldap: slapd crash in valueReturnFilter cleanup", + "Description": "Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matched values control.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + } + }, + "References": [ + "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html", + "http://lists.opensuse.org/opensuse-updates/2015-07/msg00069.html", + "http://secunia.com/advisories/62787", + "http://www.mandriva.com/security/advisories?name=MDVSA-2015:073", + "http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=2f1a2dd329b91afe561cd06b872d09630d4edb6a", + "http://www.openldap.org/its/?findid=8046", + "http://www.openwall.com/lists/oss-security/2015/02/07/3", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776991", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1546", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/100938", + "https://support.apple.com/HT204659" + ], + "PublishedDate": "2015-02-12T16:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2019-13057", + "PkgName": "openldap", + "InstalledVersion": "2.4.44-21.el7_6", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13057", + "Title": "openldap: Information disclosure issue in slapd component", + "Description": "An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.)", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-287" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 3.5, + "V3Score": 4.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openldap.org/lists/openldap-announce/201907/msg00001.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13057", + "https://lists.debian.org/debian-lts-announce/2019/08/msg00024.html", + "https://openldap.org/its/?findid=9038", + "https://security.netapp.com/advisory/ntap-20190822-0004/", + "https://usn.ubuntu.com/4078-1/", + "https://usn.ubuntu.com/4078-2/", + "https://usn.ubuntu.com/usn/usn-4078-1", + "https://usn.ubuntu.com/usn/usn-4078-2", + "https://www.openldap.org/its/?findid=9038", + "https://www.openldap.org/lists/openldap-announce/201907/msg00001.html" + ], + "PublishedDate": "2019-07-26T13:15:00Z", + "LastModifiedDate": "2019-08-19T01:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-13565", + "PkgName": "openldap", + "InstalledVersion": "2.4.44-21.el7_6", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13565", + "Title": "openldap: ACL restrictions bypass due to sasl_ssf value being set permanently", + "Description": "An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, etc.). In other words, a successful authorization step completed by one user affects the authorization requirement for a different user.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-287" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", + "http://www.openldap.org/lists/openldap-announce/201907/msg00001.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13565", + "https://lists.debian.org/debian-lts-announce/2019/08/msg00024.html", + "https://openldap.org/its/?findid=9052", + "https://usn.ubuntu.com/4078-1/", + "https://usn.ubuntu.com/4078-2/", + "https://usn.ubuntu.com/usn/usn-4078-1", + "https://usn.ubuntu.com/usn/usn-4078-2", + "https://www.openldap.org/its/index.cgi/?findid=9052", + "https://www.openldap.org/lists/openldap-announce/201907/msg00001.html" + ], + "PublishedDate": "2019-07-26T13:15:00Z", + "LastModifiedDate": "2019-09-24T00:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4984", + "PkgName": "openldap", + "InstalledVersion": "2.4.44-21.el7_6", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4984", + "Title": "openldap-servers: /usr/libexec/openldap/generate-server-cert.sh create world readable password file", + "Description": "/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it.", + "Severity": "LOW", + "CweIDs": [ + "CWE-362" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "V2Score": 1.9, + "V3Score": 2.7 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1346120" + ], + "PublishedDate": "2017-07-17T13:18:00Z", + "LastModifiedDate": "2019-04-22T17:48:00Z" + }, + { + "VulnerabilityID": "CVE-2015-2808", + "PkgName": "openssl-libs", + "InstalledVersion": "1:1.0.2k-19.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2808", + "Title": "SSL/TLS: \"Invariance Weakness\" vulnerability in RC4 stream cipher", + "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + } + }, + "References": [ + "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", + "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", + "http://linux.oracle.com/cve/CVE-2015-2808.html", + "http://linux.oracle.com/errata/ELSA-2015-1526.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html", + "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html", + "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html", + "http://marc.info/?l=bugtraq\u0026m=143456209711959\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143629696317098\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144059660127919\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144059703728085\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144104565600964\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2", + "http://rhn.redhat.com/errata/RHSA-2015-1006.html", + "http://rhn.redhat.com/errata/RHSA-2015-1007.html", + "http://rhn.redhat.com/errata/RHSA-2015-1020.html", + "http://rhn.redhat.com/errata/RHSA-2015-1021.html", + "http://rhn.redhat.com/errata/RHSA-2015-1091.html", + "http://rhn.redhat.com/errata/RHSA-2015-1228.html", + "http://rhn.redhat.com/errata/RHSA-2015-1229.html", + "http://rhn.redhat.com/errata/RHSA-2015-1230.html", + "http://rhn.redhat.com/errata/RHSA-2015-1241.html", + "http://rhn.redhat.com/errata/RHSA-2015-1242.html", + "http://rhn.redhat.com/errata/RHSA-2015-1243.html", + "http://rhn.redhat.com/errata/RHSA-2015-1526.html", + "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888", + "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892", + "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", + "http://www-304.ibm.com/support/docview.wss?uid=swg21903565", + "http://www-304.ibm.com/support/docview.wss?uid=swg21960015", + "http://www-304.ibm.com/support/docview.wss?uid=swg21960769", + "http://www.debian.org/security/2015/dsa-3316", + "http://www.debian.org/security/2015/dsa-3339", + "http://www.huawei.com/en/psirt/security-advisories/hw-454055", + "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", + "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", + "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "http://www.securityfocus.com/bid/73684", + "http://www.securityfocus.com/bid/91787", + "http://www.securitytracker.com/id/1032599", + "http://www.securitytracker.com/id/1032600", + "http://www.securitytracker.com/id/1032707", + "http://www.securitytracker.com/id/1032708", + "http://www.securitytracker.com/id/1032734", + "http://www.securitytracker.com/id/1032788", + "http://www.securitytracker.com/id/1032858", + "http://www.securitytracker.com/id/1032868", + "http://www.securitytracker.com/id/1032910", + "http://www.securitytracker.com/id/1032990", + "http://www.securitytracker.com/id/1033071", + "http://www.securitytracker.com/id/1033072", + "http://www.securitytracker.com/id/1033386", + "http://www.securitytracker.com/id/1033415", + "http://www.securitytracker.com/id/1033431", + "http://www.securitytracker.com/id/1033432", + "http://www.securitytracker.com/id/1033737", + "http://www.securitytracker.com/id/1033769", + "http://www.securitytracker.com/id/1036222", + "http://www.ubuntu.com/usn/USN-2696-1", + "http://www.ubuntu.com/usn/USN-2706-1", + "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808", + "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", + "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789", + "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650", + "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", + "https://kb.juniper.net/JSA10783", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163", + "https://security.gentoo.org/glsa/201512-10", + "https://usn.ubuntu.com/usn/usn-2696-1", + "https://usn.ubuntu.com/usn/usn-2706-1", + "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709", + "https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf" + ], + "PublishedDate": "2015-04-01T02:00:00Z", + "LastModifiedDate": "2018-01-18T18:18:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1547", + "PkgName": "openssl-libs", + "InstalledVersion": "1:1.0.2k-19.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1547", + "Title": "openssl: side-channel weak encryption vulnerability", + "Description": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-311" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 1.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", + "https://arxiv.org/abs/1909.01785", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a", + "https://seclists.org/bugtraq/2019/Sep/25", + "https://security.netapp.com/advisory/ntap-20190919-0002/", + "https://www.openssl.org/news/secadv/20190910.txt" + ], + "PublishedDate": "2019-09-10T17:15:00Z", + "LastModifiedDate": "2019-09-12T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-0735", + "PkgName": "openssl-libs", + "InstalledVersion": "1:1.0.2k-19.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0735", + "Title": "openssl: timing side channel attack in the ECDSA signature generation", + "Description": "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).", + "Severity": "LOW", + "CweIDs": [ + "CWE-320" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.1 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-0735.html", + "http://linux.oracle.com/errata/ELSA-2019-3700.html", + "http://www.securityfocus.com/bid/105750", + "http://www.securitytracker.com/id/1041986", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0735", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56fb454d281a023b3f950d969693553d3f3ceea1", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4", + "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html", + "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", + "https://security.netapp.com/advisory/ntap-20181105-0002/", + "https://usn.ubuntu.com/3840-1/", + "https://usn.ubuntu.com/usn/usn-3840-1", + "https://www.debian.org/security/2018/dsa-4348", + "https://www.openssl.org/news/secadv/20181029.txt", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + ], + "PublishedDate": "2018-10-29T13:29:00Z", + "LastModifiedDate": "2019-07-23T23:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1551", + "PkgName": "openssl-libs", + "InstalledVersion": "1:1.0.2k-19.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", + "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64", + "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98", + "https://github.com/openssl/openssl/pull/10575", + "https://seclists.org/bugtraq/2019/Dec/39", + "https://seclists.org/bugtraq/2019/Dec/46", + "https://security.netapp.com/advisory/ntap-20191210-0001/", + "https://www.debian.org/security/2019/dsa-4594", + "https://www.openssl.org/news/secadv/20191206.txt", + "https://www.tenable.com/security/tns-2019-09" + ], + "PublishedDate": "2019-12-06T18:15:00Z", + "LastModifiedDate": "2019-12-25T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-1563", + "PkgName": "openssl-libs", + "InstalledVersion": "1:1.0.2k-19.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", + "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey", + "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", + "Severity": "LOW", + "CweIDs": [ + "CWE-311" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", + "https://seclists.org/bugtraq/2019/Sep/25", + "https://security.netapp.com/advisory/ntap-20190919-0002/", + "https://www.openssl.org/news/secadv/20190910.txt" + ], + "PublishedDate": "2019-09-10T17:15:00Z", + "LastModifiedDate": "2019-09-12T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8380", + "PkgName": "pcre", + "InstalledVersion": "8.32-17.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8380", + "Title": "pcre: OOB write when pcre_exec() is called with ovecsize of 1 (8.38/10)", + "Description": "The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \\01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + } + }, + "References": [ + "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173700.html", + "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", + "http://www.openwall.com/lists/oss-security/2015/11/29/1", + "http://www.securityfocus.com/bid/77695", + "https://blog.fuzzing-project.org/29-Heap-Overflow-in-PCRE.html", + "https://bto.bluecoat.com/security-advisory/sa128", + "https://bugs.exim.org/show_bug.cgi?id=1637", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8380", + "https://security.gentoo.org/glsa/201607-02", + "https://usn.ubuntu.com/usn/usn-2943-1" + ], + "PublishedDate": "2015-12-02T01:59:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8387", + "PkgName": "pcre", + "InstalledVersion": "8.32-17.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8387", + "Title": "pcre: Integer overflow in subroutine calls (8.38/8)", + "Description": "PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-189" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", + "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", + "http://www.openwall.com/lists/oss-security/2015/11/29/1", + "http://www.securityfocus.com/bid/82990", + "https://bto.bluecoat.com/security-advisory/sa128", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8387", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", + "https://security.gentoo.org/glsa/201607-02", + "https://usn.ubuntu.com/usn/usn-2943-1" + ], + "PublishedDate": "2015-12-02T01:59:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8390", + "PkgName": "pcre", + "InstalledVersion": "8.32-17.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8390", + "Title": "pcre: uninitialized memory read triggered by malformed posix character class (8.38/22)", + "Description": "PCRE before 8.38 mishandles the [: and \\\\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", + "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", + "http://www.openwall.com/lists/oss-security/2015/11/29/1", + "http://www.securityfocus.com/bid/82990", + "https://bto.bluecoat.com/security-advisory/sa128", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8390", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", + "https://security.gentoo.org/glsa/201607-02", + "https://usn.ubuntu.com/usn/usn-2943-1" + ], + "PublishedDate": "2015-12-02T01:59:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8393", + "PkgName": "pcre", + "InstalledVersion": "8.32-17.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8393", + "Title": "pcre: pcregrep -q is not always quiet (8.38/28)", + "Description": "pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + } + }, + "References": [ + "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", + "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", + "http://www.openwall.com/lists/oss-security/2015/11/29/1", + "http://www.securityfocus.com/bid/82990", + "https://bto.bluecoat.com/security-advisory/sa128", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8393", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", + "https://security.gentoo.org/glsa/201607-02", + "https://usn.ubuntu.com/usn/usn-2943-1" + ], + "PublishedDate": "2015-12-02T01:59:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8394", + "PkgName": "pcre", + "InstalledVersion": "8.32-17.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8394", + "Title": "pcre: Integer overflow caused by missing check for certain conditions (8.38/31)", + "Description": "PCRE before 8.38 mishandles the (?(\u003cdigits\u003e) and (?(R\u003cdigits\u003e) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-189" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", + "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", + "http://www.openwall.com/lists/oss-security/2015/11/29/1", + "http://www.securityfocus.com/bid/82990", + "https://bto.bluecoat.com/security-advisory/sa128", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8394", + "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", + "https://security.gentoo.org/glsa/201607-02", + "https://usn.ubuntu.com/usn/usn-2943-1" + ], + "PublishedDate": "2015-12-02T01:59:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-6004", + "PkgName": "pcre", + "InstalledVersion": "8.32-17.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6004", + "Title": "pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3)", + "Description": "The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/96295", + "http://www.securitytracker.com/id/1037850", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://bugs.exim.org/show_bug.cgi?id=2035", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6004", + "https://security.gentoo.org/glsa/201706-11", + "https://vcs.pcre.org/pcre/code/trunk/pcre_jit_compile.c?r1=1676\u0026r2=1680\u0026view=patch" + ], + "PublishedDate": "2017-02-16T11:59:00Z", + "LastModifiedDate": "2018-08-17T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7186", + "PkgName": "pcre", + "InstalledVersion": "8.32-17.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7186", + "Title": "pcre: Invalid Unicode property lookup (8.41/7, 10.24/2)", + "Description": "libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97030", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/", + "https://bugs.exim.org/show_bug.cgi?id=2052", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7186", + "https://security.gentoo.org/glsa/201710-09", + "https://security.gentoo.org/glsa/201710-25", + "https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649\u0026r2=1688\u0026sortby=date", + "https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490\u0026r2=1688\u0026sortby=date", + "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600\u0026r2=670\u0026sortby=date", + "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316\u0026r2=670\u0026sortby=date" + ], + "PublishedDate": "2017-03-20T00:59:00Z", + "LastModifiedDate": "2018-08-17T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8382", + "PkgName": "pcre", + "InstalledVersion": "8.32-17.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8382", + "Title": "php: Regular Expression Uninitialized Pointer Information Disclosure Vulnerability (ZDI-CAN-2547)", + "Description": "The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V2Score": 6.4 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 1.9 + } + }, + "References": [ + "http://git.php.net/?p=php-src.git;a=commit;h=c351b47ce85a3a147cfa801fa9f0149ab4160834", + "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", + "http://vcs.pcre.org/pcre/code/trunk/pcre_exec.c?r1=1502\u0026r2=1510", + "http://www.openwall.com/lists/oss-security/2015/08/04/2", + "http://www.openwall.com/lists/oss-security/2015/08/04/3", + "http://www.openwall.com/lists/oss-security/2015/11/29/1", + "http://www.securityfocus.com/bid/76157", + "https://bto.bluecoat.com/security-advisory/sa128", + "https://bugs.exim.org/show_bug.cgi?id=1537", + "https://bugzilla.redhat.com/show_bug.cgi?id=1187225", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8382", + "https://usn.ubuntu.com/usn/usn-2943-1" + ], + "PublishedDate": "2015-12-02T01:59:00Z", + "LastModifiedDate": "2016-12-28T02:59:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11164", + "PkgName": "pcre", + "InstalledVersion": "8.32-17.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11164", + "Title": "pcre: OP_KETRMAX feature in the match function in pcre_exec.c", + "Description": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 7.8, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2017/07/11/3", + "http://www.securityfocus.com/bid/99575", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164" + ], + "PublishedDate": "2017-07-11T03:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7244", + "PkgName": "pcre", + "InstalledVersion": "8.32-17.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7244", + "Title": "pcre: invalid memory read in _pcre32_xclass (pcre_xclass.c)", + "Description": "The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97067", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7244", + "https://security.gentoo.org/glsa/201710-25" + ], + "PublishedDate": "2017-03-23T21:59:00Z", + "LastModifiedDate": "2018-08-17T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7245", + "PkgName": "pcre", + "InstalledVersion": "8.32-17.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7245", + "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", + "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97067", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7245", + "https://security.gentoo.org/glsa/201710-25" + ], + "PublishedDate": "2017-03-23T21:59:00Z", + "LastModifiedDate": "2018-08-17T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7246", + "PkgName": "pcre", + "InstalledVersion": "8.32-17.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7246", + "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", + "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97067", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7246", + "https://security.gentoo.org/glsa/201710-25" + ], + "PublishedDate": "2017-03-23T21:59:00Z", + "LastModifiedDate": "2018-08-17T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1121", + "PkgName": "procps-ng", + "InstalledVersion": "3.3.10-26.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1121", + "Title": "procps-ng, procps: process hiding through race condition enumerating /proc", + "Description": "procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.", + "Severity": "LOW", + "CweIDs": [ + "CWE-362" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "V3Score": 3.9 + } + }, + "References": [ + "http://seclists.org/oss-sec/2018/q2/122", + "http://www.securityfocus.com/bid/104214", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1121", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1121", + "https://security.gentoo.org/glsa/201805-14", + "https://www.exploit-db.com/exploits/44806/", + "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" + ], + "PublishedDate": "2018-06-13T20:29:00Z", + "LastModifiedDate": "2019-10-09T23:38:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1123", + "PkgName": "procps-ng", + "InstalledVersion": "3.3.10-26.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1123", + "Title": "procps-ng, procps: denial of service in ps via mmap buffer overflow", + "Description": "procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "V3Score": 3.9 + } + }, + "References": [ + "http://seclists.org/oss-sec/2018/q2/122", + "http://www.securityfocus.com/bid/104214", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1123", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1123", + "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html", + "https://security.gentoo.org/glsa/201805-14", + "https://usn.ubuntu.com/3658-1/", + "https://usn.ubuntu.com/3658-3/", + "https://usn.ubuntu.com/usn/usn-3658-1", + "https://usn.ubuntu.com/usn/usn-3658-3", + "https://www.debian.org/security/2018/dsa-4208", + "https://www.exploit-db.com/exploits/44806/", + "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" + ], + "PublishedDate": "2018-05-23T14:29:00Z", + "LastModifiedDate": "2019-10-09T23:38:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1125", + "PkgName": "procps-ng", + "InstalledVersion": "3.3.10-26.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1125", + "Title": "procps-ng, procps: stack buffer overflow in pgrep", + "Description": "procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "V3Score": 4.4 + } + }, + "References": [ + "http://seclists.org/oss-sec/2018/q2/122", + "http://www.securityfocus.com/bid/104214", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1125", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1125", + "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html", + "https://usn.ubuntu.com/3658-1/", + "https://usn.ubuntu.com/3658-3/", + "https://usn.ubuntu.com/usn/usn-3658-1", + "https://usn.ubuntu.com/usn/usn-3658-3", + "https://www.debian.org/security/2018/dsa-4208", + "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" + ], + "PublishedDate": "2018-05-23T14:29:00Z", + "LastModifiedDate": "2019-10-09T23:38:00Z" + }, + { + "VulnerabilityID": "CVE-2013-1664", + "PkgName": "python", + "InstalledVersion": "2.7.5-86.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-1664", + "Title": "Python xml bindings: Internal entity expansion in Python XML libraries inflicts DoS vulnerabilities", + "Description": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html", + "http://bugs.python.org/issue17239", + "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html", + "http://rhn.redhat.com/errata/RHSA-2013-0657.html", + "http://rhn.redhat.com/errata/RHSA-2013-0658.html", + "http://rhn.redhat.com/errata/RHSA-2013-0670.html", + "http://ubuntu.com/usn/usn-1757-1", + "http://www.openwall.com/lists/oss-security/2013/02/19/2", + "http://www.openwall.com/lists/oss-security/2013/02/19/4", + "https://bugs.launchpad.net/nova/+bug/1100282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1664", + "https://usn.ubuntu.com/usn/usn-1730-1", + "https://usn.ubuntu.com/usn/usn-1731-1", + "https://usn.ubuntu.com/usn/usn-1734-1", + "https://usn.ubuntu.com/usn/usn-1757-1", + "https://www.djangoproject.com/weblog/2013/feb/19/security/" + ], + "PublishedDate": "2013-04-03T00:55:00Z", + "LastModifiedDate": "2013-05-15T03:35:00Z" + }, + { + "VulnerabilityID": "CVE-2013-1665", + "PkgName": "python", + "InstalledVersion": "2.7.5-86.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-1665", + "Title": "Python xml bindings: External entity expansion in Python XML libraries inflicts potential security flaws and DoS vulnerabilities", + "Description": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V2Score": 5.8 + } + }, + "References": [ + "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html", + "http://bugs.python.org/issue17239", + "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html", + "http://rhn.redhat.com/errata/RHSA-2013-0657.html", + "http://rhn.redhat.com/errata/RHSA-2013-0658.html", + "http://rhn.redhat.com/errata/RHSA-2013-0670.html", + "http://ubuntu.com/usn/usn-1757-1", + "http://www.debian.org/security/2013/dsa-2634", + "http://www.openwall.com/lists/oss-security/2013/02/19/2", + "http://www.openwall.com/lists/oss-security/2013/02/19/4", + "https://bugs.launchpad.net/keystone/+bug/1100279", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1665", + "https://usn.ubuntu.com/usn/usn-1730-1", + "https://usn.ubuntu.com/usn/usn-1757-1", + "https://www.djangoproject.com/weblog/2013/feb/19/security/" + ], + "PublishedDate": "2013-04-03T00:55:00Z", + "LastModifiedDate": "2013-05-15T03:35:00Z" + }, + { + "VulnerabilityID": "CVE-2013-7040", + "PkgName": "python", + "InstalledVersion": "2.7.5-86.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-7040", + "Title": "python: hash secret can be recovered remotely", + "Description": "Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + } + }, + "References": [ + "http://bugs.python.org/issue14621", + "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", + "http://www.openwall.com/lists/oss-security/2013/12/09/13", + "http://www.openwall.com/lists/oss-security/2013/12/09/3", + "http://www.securityfocus.com/bid/64194", + "https://support.apple.com/kb/HT205031" + ], + "PublishedDate": "2014-05-19T14:55:00Z", + "LastModifiedDate": "2019-10-25T11:53:00Z" + }, + { + "VulnerabilityID": "CVE-2017-1000158", + "PkgName": "python", + "InstalledVersion": "2.7.5-86.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000158", + "Title": "python: Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow", + "Description": "CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://python-security.readthedocs.io/vuln/cve-2017-1000158_pystring_decodeescape_integer_overflow.html", + "http://www.securitytracker.com/id/1039890", + "https://bugs.python.org/issue30657", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000158", + "https://github.com/python/cpython/commit/c3c9db89273fabc62ea1b48389d9a3000c1c03ae", + "https://lists.debian.org/debian-lts-announce/2017/11/msg00035.html", + "https://lists.debian.org/debian-lts-announce/2017/11/msg00036.html", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html", + "https://security.gentoo.org/glsa/201805-02", + "https://usn.ubuntu.com/usn/usn-3496-1", + "https://usn.ubuntu.com/usn/usn-3496-2", + "https://usn.ubuntu.com/usn/usn-3496-3", + "https://www.debian.org/security/2018/dsa-4307" + ], + "PublishedDate": "2017-11-17T05:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20852", + "PkgName": "python", + "InstalledVersion": "2.7.5-86.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20852", + "Title": "python: Cookie domain check returns incorrect results", + "Description": "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-20852.html", + "http://linux.oracle.com/errata/ELSA-2019-4884.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00071.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00074.html", + "https://bugs.python.org/issue35121", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20852", + "https://lists.debian.org/debian-lts-announce/2019/08/msg00022.html", + "https://python-security.readthedocs.io/vuln/cookie-domain-check.html", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-07-13T21:15:00Z", + "LastModifiedDate": "2019-08-17T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-16056", + "PkgName": "python", + "InstalledVersion": "2.7.5-86.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16056", + "Title": "python: email.utils.parseaddr wrongly parses email addresses", + "Description": "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + } + }, + "References": [ + "https://bugs.python.org/issue34155", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16056", + "https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00018.html", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00019.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K4KZEFP6E4YPYB52AF4WXCUDSGQOTF37/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/", + "https://usn.ubuntu.com/usn/usn-4151-1", + "https://usn.ubuntu.com/usn/usn-4151-2" + ], + "PublishedDate": "2019-09-06T18:15:00Z", + "LastModifiedDate": "2019-09-11T05:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-16935", + "PkgName": "python", + "InstalledVersion": "2.7.5-86.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16935", + "Title": "python: XSS vulnerability in the documentation XML-RPC server in server_title field", + "Description": "The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://bugs.python.org/issue38243", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16935", + "https://github.com/python/cpython/blob/35c0809158be7feae4c4f877a08b93baea2d8291/Lib/xmlrpc/server.py#L897", + "https://github.com/python/cpython/blob/e007860b8b3609ce0bc62b1780efaa06241520bd/Lib/DocXMLRPCServer.py#L213", + "https://github.com/python/cpython/pull/16373", + "https://security.netapp.com/advisory/ntap-20191017-0004/", + "https://usn.ubuntu.com/4151-1/", + "https://usn.ubuntu.com/4151-2/", + "https://usn.ubuntu.com/usn/usn-4151-1", + "https://usn.ubuntu.com/usn/usn-4151-2" + ], + "PublishedDate": "2019-09-28T02:15:00Z", + "LastModifiedDate": "2019-10-09T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-18348", + "PkgName": "python", + "InstalledVersion": "2.7.5-86.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18348", + "Title": "python: CRLF injection via the host part of the url passed to urlopen()", + "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.)", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-74" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://bugs.python.org/issue30458#msg347282", + "https://bugzilla.redhat.com/show_bug.cgi?id=1727276", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18348", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/", + "https://security.netapp.com/advisory/ntap-20191107-0004/" + ], + "PublishedDate": "2019-10-23T17:15:00Z", + "LastModifiedDate": "2019-11-07T10:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1000030", + "PkgName": "python", + "InstalledVersion": "2.7.5-86.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000030", + "Title": "python: Heap-Buffer-Overflow and Heap-Use-After-Free in Objects/fileobject.c", + "Description": "Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3-\u003eMalloc-\u003eThread1-\u003eFree's-\u003eThread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119", + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 3.6 + } + }, + "References": [ + "https://bugs.python.org/issue31530", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000030", + "https://drive.google.com/file/d/1oyR9DAZjZK_SCn3mor6NRAYLJS6ueXaY/view", + "https://security.gentoo.org/glsa/201811-02", + "https://usn.ubuntu.com/3817-1/", + "https://usn.ubuntu.com/3817-2/", + "https://usn.ubuntu.com/usn/usn-3817-1", + "https://usn.ubuntu.com/usn/usn-3817-2", + "https://www.dropbox.com/sh/sj3ee7xv55j36k7/AADwP-YfOYikBMuy32e0uvPFa?dl=0" + ], + "PublishedDate": "2018-02-08T17:29:00Z", + "LastModifiedDate": "2019-10-09T23:32:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9674", + "PkgName": "python", + "InstalledVersion": "2.7.5-86.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9674", + "Title": "python: Nested zip file (Zip bomb) vulnerability in Lib/zipfile.py", + "Description": "Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.", + "Severity": "LOW", + "CweIDs": [ + "CWE-400" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://bugs.python.org/issue36260", + "https://bugs.python.org/issue36462", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9674", + "https://github.com/python/cpython/blob/master/Lib/zipfile.py", + "https://github.com/python/cpython/commit/3ba51d587f6897a45301ce9126300c14fcd4eba2", + "https://python-security.readthedocs.io/security.html#archives-and-zip-bomb", + "https://security.netapp.com/advisory/ntap-20200221-0003/", + "https://www.python.org/news/security/" + ], + "PublishedDate": "2020-02-04T15:15:00Z", + "LastModifiedDate": "2020-02-24T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2013-1664", + "PkgName": "python-libs", + "InstalledVersion": "2.7.5-86.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-1664", + "Title": "Python xml bindings: Internal entity expansion in Python XML libraries inflicts DoS vulnerabilities", + "Description": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html", + "http://bugs.python.org/issue17239", + "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html", + "http://rhn.redhat.com/errata/RHSA-2013-0657.html", + "http://rhn.redhat.com/errata/RHSA-2013-0658.html", + "http://rhn.redhat.com/errata/RHSA-2013-0670.html", + "http://ubuntu.com/usn/usn-1757-1", + "http://www.openwall.com/lists/oss-security/2013/02/19/2", + "http://www.openwall.com/lists/oss-security/2013/02/19/4", + "https://bugs.launchpad.net/nova/+bug/1100282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1664", + "https://usn.ubuntu.com/usn/usn-1730-1", + "https://usn.ubuntu.com/usn/usn-1731-1", + "https://usn.ubuntu.com/usn/usn-1734-1", + "https://usn.ubuntu.com/usn/usn-1757-1", + "https://www.djangoproject.com/weblog/2013/feb/19/security/" + ], + "PublishedDate": "2013-04-03T00:55:00Z", + "LastModifiedDate": "2013-05-15T03:35:00Z" + }, + { + "VulnerabilityID": "CVE-2013-1665", + "PkgName": "python-libs", + "InstalledVersion": "2.7.5-86.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-1665", + "Title": "Python xml bindings: External entity expansion in Python XML libraries inflicts potential security flaws and DoS vulnerabilities", + "Description": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V2Score": 5.8 + } + }, + "References": [ + "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html", + "http://bugs.python.org/issue17239", + "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html", + "http://rhn.redhat.com/errata/RHSA-2013-0657.html", + "http://rhn.redhat.com/errata/RHSA-2013-0658.html", + "http://rhn.redhat.com/errata/RHSA-2013-0670.html", + "http://ubuntu.com/usn/usn-1757-1", + "http://www.debian.org/security/2013/dsa-2634", + "http://www.openwall.com/lists/oss-security/2013/02/19/2", + "http://www.openwall.com/lists/oss-security/2013/02/19/4", + "https://bugs.launchpad.net/keystone/+bug/1100279", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1665", + "https://usn.ubuntu.com/usn/usn-1730-1", + "https://usn.ubuntu.com/usn/usn-1757-1", + "https://www.djangoproject.com/weblog/2013/feb/19/security/" + ], + "PublishedDate": "2013-04-03T00:55:00Z", + "LastModifiedDate": "2013-05-15T03:35:00Z" + }, + { + "VulnerabilityID": "CVE-2013-7040", + "PkgName": "python-libs", + "InstalledVersion": "2.7.5-86.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-7040", + "Title": "python: hash secret can be recovered remotely", + "Description": "Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + } + }, + "References": [ + "http://bugs.python.org/issue14621", + "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", + "http://www.openwall.com/lists/oss-security/2013/12/09/13", + "http://www.openwall.com/lists/oss-security/2013/12/09/3", + "http://www.securityfocus.com/bid/64194", + "https://support.apple.com/kb/HT205031" + ], + "PublishedDate": "2014-05-19T14:55:00Z", + "LastModifiedDate": "2019-10-25T11:53:00Z" + }, + { + "VulnerabilityID": "CVE-2017-1000158", + "PkgName": "python-libs", + "InstalledVersion": "2.7.5-86.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000158", + "Title": "python: Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow", + "Description": "CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "http://python-security.readthedocs.io/vuln/cve-2017-1000158_pystring_decodeescape_integer_overflow.html", + "http://www.securitytracker.com/id/1039890", + "https://bugs.python.org/issue30657", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000158", + "https://github.com/python/cpython/commit/c3c9db89273fabc62ea1b48389d9a3000c1c03ae", + "https://lists.debian.org/debian-lts-announce/2017/11/msg00035.html", + "https://lists.debian.org/debian-lts-announce/2017/11/msg00036.html", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html", + "https://security.gentoo.org/glsa/201805-02", + "https://usn.ubuntu.com/usn/usn-3496-1", + "https://usn.ubuntu.com/usn/usn-3496-2", + "https://usn.ubuntu.com/usn/usn-3496-3", + "https://www.debian.org/security/2018/dsa-4307" + ], + "PublishedDate": "2017-11-17T05:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20852", + "PkgName": "python-libs", + "InstalledVersion": "2.7.5-86.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20852", + "Title": "python: Cookie domain check returns incorrect results", + "Description": "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-20852.html", + "http://linux.oracle.com/errata/ELSA-2019-4884.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00071.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00074.html", + "https://bugs.python.org/issue35121", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20852", + "https://lists.debian.org/debian-lts-announce/2019/08/msg00022.html", + "https://python-security.readthedocs.io/vuln/cookie-domain-check.html", + "https://usn.ubuntu.com/usn/usn-4127-1", + "https://usn.ubuntu.com/usn/usn-4127-2" + ], + "PublishedDate": "2019-07-13T21:15:00Z", + "LastModifiedDate": "2019-08-17T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-16056", + "PkgName": "python-libs", + "InstalledVersion": "2.7.5-86.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16056", + "Title": "python: email.utils.parseaddr wrongly parses email addresses", + "Description": "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + } + }, + "References": [ + "https://bugs.python.org/issue34155", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16056", + "https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00018.html", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00019.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K4KZEFP6E4YPYB52AF4WXCUDSGQOTF37/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/", + "https://usn.ubuntu.com/usn/usn-4151-1", + "https://usn.ubuntu.com/usn/usn-4151-2" + ], + "PublishedDate": "2019-09-06T18:15:00Z", + "LastModifiedDate": "2019-09-11T05:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-16935", + "PkgName": "python-libs", + "InstalledVersion": "2.7.5-86.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16935", + "Title": "python: XSS vulnerability in the documentation XML-RPC server in server_title field", + "Description": "The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://bugs.python.org/issue38243", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16935", + "https://github.com/python/cpython/blob/35c0809158be7feae4c4f877a08b93baea2d8291/Lib/xmlrpc/server.py#L897", + "https://github.com/python/cpython/blob/e007860b8b3609ce0bc62b1780efaa06241520bd/Lib/DocXMLRPCServer.py#L213", + "https://github.com/python/cpython/pull/16373", + "https://security.netapp.com/advisory/ntap-20191017-0004/", + "https://usn.ubuntu.com/4151-1/", + "https://usn.ubuntu.com/4151-2/", + "https://usn.ubuntu.com/usn/usn-4151-1", + "https://usn.ubuntu.com/usn/usn-4151-2" + ], + "PublishedDate": "2019-09-28T02:15:00Z", + "LastModifiedDate": "2019-10-09T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-18348", + "PkgName": "python-libs", + "InstalledVersion": "2.7.5-86.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18348", + "Title": "python: CRLF injection via the host part of the url passed to urlopen()", + "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.)", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-74" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://bugs.python.org/issue30458#msg347282", + "https://bugzilla.redhat.com/show_bug.cgi?id=1727276", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18348", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/", + "https://security.netapp.com/advisory/ntap-20191107-0004/" + ], + "PublishedDate": "2019-10-23T17:15:00Z", + "LastModifiedDate": "2019-11-07T10:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1000030", + "PkgName": "python-libs", + "InstalledVersion": "2.7.5-86.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000030", + "Title": "python: Heap-Buffer-Overflow and Heap-Use-After-Free in Objects/fileobject.c", + "Description": "Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3-\u003eMalloc-\u003eThread1-\u003eFree's-\u003eThread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119", + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 3.6 + } + }, + "References": [ + "https://bugs.python.org/issue31530", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000030", + "https://drive.google.com/file/d/1oyR9DAZjZK_SCn3mor6NRAYLJS6ueXaY/view", + "https://security.gentoo.org/glsa/201811-02", + "https://usn.ubuntu.com/3817-1/", + "https://usn.ubuntu.com/3817-2/", + "https://usn.ubuntu.com/usn/usn-3817-1", + "https://usn.ubuntu.com/usn/usn-3817-2", + "https://www.dropbox.com/sh/sj3ee7xv55j36k7/AADwP-YfOYikBMuy32e0uvPFa?dl=0" + ], + "PublishedDate": "2018-02-08T17:29:00Z", + "LastModifiedDate": "2019-10-09T23:32:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9674", + "PkgName": "python-libs", + "InstalledVersion": "2.7.5-86.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9674", + "Title": "python: Nested zip file (Zip bomb) vulnerability in Lib/zipfile.py", + "Description": "Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.", + "Severity": "LOW", + "CweIDs": [ + "CWE-400" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://bugs.python.org/issue36260", + "https://bugs.python.org/issue36462", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9674", + "https://github.com/python/cpython/blob/master/Lib/zipfile.py", + "https://github.com/python/cpython/commit/3ba51d587f6897a45301ce9126300c14fcd4eba2", + "https://python-security.readthedocs.io/security.html#archives-and-zip-bomb", + "https://security.netapp.com/advisory/ntap-20200221-0003/", + "https://www.python.org/news/security/" + ], + "PublishedDate": "2020-02-04T15:15:00Z", + "LastModifiedDate": "2020-02-24T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-7091", + "PkgName": "readline", + "InstalledVersion": "6.2-11.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-7091", + "Title": "sudo: Possible info leak via INPUTRC", + "Description": "sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.9, + "V3Score": 4.4 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N", + "V2Score": 3.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-7091.html", + "http://linux.oracle.com/errata/ELSA-2016-2593.html", + "http://www.securityfocus.com/bid/92615", + "https://lists.gnu.org/archive/html/bug-readline/2016-05/msg00009.html", + "https://rhn.redhat.com/errata/RHSA-2016-2593.html" + ], + "PublishedDate": "2016-12-22T21:59:00Z", + "LastModifiedDate": "2016-12-23T18:17:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7500", + "PkgName": "rpm", + "InstalledVersion": "4.11.3-40.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7500", + "Title": "rpm: Following symlinks to directories when installing packages allows privilege escalation", + "Description": "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1450369", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7500", + "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9", + "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79" + ], + "PublishedDate": "2018-08-13T17:29:00Z", + "LastModifiedDate": "2019-10-09T23:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7501", + "PkgName": "rpm", + "InstalledVersion": "4.11.3-40.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7501", + "Title": "rpm: Following symlinks to files when installing packages allows privilege escalation", + "Description": "It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1452133", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7501", + "https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc", + "https://security.gentoo.org/glsa/201811-22" + ], + "PublishedDate": "2017-11-22T22:29:00Z", + "LastModifiedDate": "2018-11-29T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7500", + "PkgName": "rpm-build-libs", + "InstalledVersion": "4.11.3-40.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7500", + "Title": "rpm: Following symlinks to directories when installing packages allows privilege escalation", + "Description": "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1450369", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7500", + "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9", + "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79" + ], + "PublishedDate": "2018-08-13T17:29:00Z", + "LastModifiedDate": "2019-10-09T23:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7501", + "PkgName": "rpm-build-libs", + "InstalledVersion": "4.11.3-40.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7501", + "Title": "rpm: Following symlinks to files when installing packages allows privilege escalation", + "Description": "It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1452133", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7501", + "https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc", + "https://security.gentoo.org/glsa/201811-22" + ], + "PublishedDate": "2017-11-22T22:29:00Z", + "LastModifiedDate": "2018-11-29T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7500", + "PkgName": "rpm-libs", + "InstalledVersion": "4.11.3-40.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7500", + "Title": "rpm: Following symlinks to directories when installing packages allows privilege escalation", + "Description": "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1450369", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7500", + "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9", + "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79" + ], + "PublishedDate": "2018-08-13T17:29:00Z", + "LastModifiedDate": "2019-10-09T23:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7501", + "PkgName": "rpm-libs", + "InstalledVersion": "4.11.3-40.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7501", + "Title": "rpm: Following symlinks to files when installing packages allows privilege escalation", + "Description": "It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1452133", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7501", + "https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc", + "https://security.gentoo.org/glsa/201811-22" + ], + "PublishedDate": "2017-11-22T22:29:00Z", + "LastModifiedDate": "2018-11-29T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7500", + "PkgName": "rpm-python", + "InstalledVersion": "4.11.3-40.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7500", + "Title": "rpm: Following symlinks to directories when installing packages allows privilege escalation", + "Description": "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1450369", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7500", + "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9", + "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79" + ], + "PublishedDate": "2018-08-13T17:29:00Z", + "LastModifiedDate": "2019-10-09T23:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7501", + "PkgName": "rpm-python", + "InstalledVersion": "4.11.3-40.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7501", + "Title": "rpm: Following symlinks to files when installing packages allows privilege escalation", + "Description": "It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1452133", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7501", + "https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc", + "https://security.gentoo.org/glsa/201811-22" + ], + "PublishedDate": "2017-11-22T22:29:00Z", + "LastModifiedDate": "2018-11-29T11:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-13734", + "PkgName": "sqlite", + "InstalledVersion": "3.7.17-8.el7", + "FixedVersion": "3.7.17-8.el7_7.1", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13734", + "Title": "sqlite: fts3: improve shadow table corruption detection", + "Description": "Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-13734.html", + "http://linux.oracle.com/errata/ELSA-2020-0273.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html", + "https://access.redhat.com/errata/RHSA-2019:4238", + "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", + "https://crbug.com/1025466", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13734", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/" + ], + "PublishedDate": "2019-12-10T22:15:00Z", + "LastModifiedDate": "2019-12-16T12:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5827", + "PkgName": "sqlite", + "InstalledVersion": "3.7.17-8.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5827", + "Title": "chromium-browser: out-of-bounds access in SQLite", + "Description": "Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html", + "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html", + "https://crbug.com/952406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5827", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/", + "https://usn.ubuntu.com/usn/usn-4205-1" + ], + "PublishedDate": "2019-06-27T17:15:00Z", + "LastModifiedDate": "2019-07-25T04:15:00Z" + }, + { + "VulnerabilityID": "CVE-2015-7036", + "PkgName": "sqlite", + "InstalledVersion": "3.7.17-8.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-7036", + "Title": "sqlite: arbitrary code execution on databases with malformed schema", + "Description": "The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API call with a crafted pointer value in the second argument.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", + "V2Score": 5.1 + } + }, + "References": [ + "http://support.apple.com/kb/HT204941", + "http://support.apple.com/kb/HT204942", + "http://zerodayinitiative.com/advisories/ZDI-15-570/", + "https://security.gentoo.org/glsa/201612-21" + ], + "PublishedDate": "2015-11-22T03:59:00Z", + "LastModifiedDate": "2017-07-01T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7000", + "PkgName": "sqlite", + "InstalledVersion": "3.7.17-8.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7000", + "Title": "chromium-browser: pointer disclosure in sqlite", + "Description": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the \"SQLite\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/98767", + "http://www.securityfocus.com/bid/99950", + "https://access.redhat.com/errata/RHSA-2017:1833", + "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7000", + "https://security.gentoo.org/glsa/201709-15", + "https://support.apple.com/HT207797", + "https://support.apple.com/HT207798", + "https://www.debian.org/security/2017/dsa-3926", + "https://www.sqlite.org/bindptr.html" + ], + "PublishedDate": "2018-04-03T06:29:00Z", + "LastModifiedDate": "2018-04-27T18:00:00Z" + }, + { + "VulnerabilityID": "CVE-2019-13751", + "PkgName": "sqlite", + "InstalledVersion": "3.7.17-8.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13751", + "Title": "sqlite: fts3: improve detection of corrupted records", + "Description": "Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html", + "https://access.redhat.com/errata/RHSA-2019:4238", + "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", + "https://crbug.com/1025465", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13751", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/" + ], + "PublishedDate": "2019-12-10T22:15:00Z", + "LastModifiedDate": "2019-12-16T12:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-13752", + "PkgName": "sqlite", + "InstalledVersion": "3.7.17-8.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13752", + "Title": "sqlite: fts3: improve shadow table corruption detection", + "Description": "Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html", + "https://access.redhat.com/errata/RHSA-2019:4238", + "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", + "https://crbug.com/1025470", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13752", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/" + ], + "PublishedDate": "2019-12-10T22:15:00Z", + "LastModifiedDate": "2019-12-16T12:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-13753", + "PkgName": "sqlite", + "InstalledVersion": "3.7.17-8.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13753", + "Title": "sqlite: fts3: incorrectly removed corruption check", + "Description": "Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html", + "https://access.redhat.com/errata/RHSA-2019:4238", + "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", + "https://crbug.com/1025471", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13753", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/" + ], + "PublishedDate": "2019-12-10T22:15:00Z", + "LastModifiedDate": "2019-12-16T12:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19603", + "PkgName": "sqlite", + "InstalledVersion": "3.7.17-8.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19603", + "Title": "sqlite: mishandles certain SELECT statements with a nonexistent VIEW, leading to DoS", + "Description": "SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19603", + "https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13", + "https://security.netapp.com/advisory/ntap-20191223-0001/", + "https://www.sqlite.org/" + ], + "PublishedDate": "2019-12-09T19:15:00Z", + "LastModifiedDate": "2020-02-03T14:22:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19645", + "PkgName": "sqlite", + "InstalledVersion": "3.7.17-8.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19645", + "Title": "sqlite: infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements", + "Description": "alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-674" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19645", + "https://github.com/sqlite/sqlite/commit/38096961c7cd109110ac21d3ed7dad7e0cb0ae06", + "https://security.netapp.com/advisory/ntap-20191223-0001/" + ], + "PublishedDate": "2019-12-09T16:15:00Z", + "LastModifiedDate": "2019-12-23T05:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19880", + "PkgName": "sqlite", + "InstalledVersion": "3.7.17-8.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19880", + "Title": "sqlite: invalid pointer dereference in exprListAppendList in window.c", + "Description": "exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19880", + "https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54", + "https://security.netapp.com/advisory/ntap-20200114-0001/" + ], + "PublishedDate": "2019-12-18T06:15:00Z", + "LastModifiedDate": "2020-01-14T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19924", + "PkgName": "sqlite", + "InstalledVersion": "3.7.17-8.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19924", + "Title": "sqlite: incorrect sqlite3WindowRewrite() error handling leads to mishandling certain parser-tree rewriting", + "Description": "SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-755" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19924", + "https://github.com/sqlite/sqlite/commit/8654186b0236d556aa85528c2573ee0b6ab71be3", + "https://security.netapp.com/advisory/ntap-20200114-0003/" + ], + "PublishedDate": "2019-12-24T16:15:00Z", + "LastModifiedDate": "2020-01-14T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-20218", + "PkgName": "sqlite", + "InstalledVersion": "3.7.17-8.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20218", + "Title": "sqlite: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error", + "Description": "selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-755" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20218", + "https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387" + ], + "PublishedDate": "2020-01-02T14:16:00Z", + "LastModifiedDate": "2020-01-16T20:35:00Z" + }, + { + "VulnerabilityID": "CVE-2019-8457", + "PkgName": "sqlite", + "InstalledVersion": "3.7.17-8.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-8457", + "Title": "sqlite: heap out-of-bound read in function rtreenode()", + "Description": "SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00074.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8457", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPKYSWCOM3CL66RI76TYVIG6TJ263RXH/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJPFGA45DI4F5MCF2OAACGH3HQOF4G3M/", + "https://security.netapp.com/advisory/ntap-20190606-0002/", + "https://usn.ubuntu.com/4004-1/", + "https://usn.ubuntu.com/4004-2/", + "https://usn.ubuntu.com/4019-1/", + "https://usn.ubuntu.com/4019-2/", + "https://usn.ubuntu.com/usn/usn-4004-1", + "https://usn.ubuntu.com/usn/usn-4004-2", + "https://usn.ubuntu.com/usn/usn-4019-1", + "https://usn.ubuntu.com/usn/usn-4019-2", + "https://www.oracle.com/security-alerts/cpujan2020.html", + "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "https://www.sqlite.org/releaselog/3_28_0.html", + "https://www.sqlite.org/src/info/90acdbfce9c08858" + ], + "PublishedDate": "2019-05-30T16:29:00Z", + "LastModifiedDate": "2020-01-15T20:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-6153", + "PkgName": "sqlite", + "InstalledVersion": "3.7.17-8.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6153", + "Title": "sqlite: Tempdir selection vulnerability", + "Description": "os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 4.6, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", + "V2Score": 1.2, + "V3Score": 2.2 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-updates/2016-08/msg00053.html", + "http://www.openwall.com/lists/oss-security/2016/07/01/1", + "http://www.openwall.com/lists/oss-security/2016/07/01/2", + "http://www.securityfocus.com/bid/91546", + "http://www.sqlite.org/cgi/src/info/67985761aa93fb61", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6153", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IGQTH7V45QVHFDXJAEECHEO3HHD644WZ/", + "https://usn.ubuntu.com/usn/usn-4019-1", + "https://usn.ubuntu.com/usn/usn-4019-2", + "https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt", + "https://www.sqlite.org/releaselog/3_13_0.html", + "https://www.tenable.com/security/tns-2016-20" + ], + "PublishedDate": "2016-09-26T16:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2017-10989", + "PkgName": "sqlite", + "InstalledVersion": "3.7.17-8.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10989", + "Title": "sqlite: Heap-buffer overflow in the getNodeSize function", + "Description": "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 3.6 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html", + "http://marc.info/?l=sqlite-users\u0026m=149933696214713\u0026w=2", + "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "http://www.securityfocus.com/bid/99502", + "http://www.securitytracker.com/id/1039427", + "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405", + "https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10989", + "https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html", + "https://sqlite.org/src/info/66de6f4a", + "https://sqlite.org/src/vpatch?from=0db20efe201736b3\u0026to=66de6f4a9504ec26", + "https://support.apple.com/HT208112", + "https://support.apple.com/HT208113", + "https://support.apple.com/HT208115", + "https://support.apple.com/HT208144", + "https://usn.ubuntu.com/4019-1/", + "https://usn.ubuntu.com/4019-2/", + "https://usn.ubuntu.com/usn/usn-4019-1", + "https://usn.ubuntu.com/usn/usn-4019-2" + ], + "PublishedDate": "2017-07-07T12:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13685", + "PkgName": "sqlite", + "InstalledVersion": "3.7.17-8.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13685", + "Title": "sqlite: Local DoS via dump_callback function", + "Description": "The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html", + "http://www.securityfocus.com/bid/100521", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13685", + "https://usn.ubuntu.com/usn/usn-4019-1", + "https://usn.ubuntu.com/usn/usn-4019-2" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2017-08-31T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-15286", + "PkgName": "sqlite", + "InstalledVersion": "3.7.17-8.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15286", + "Title": "sqlite: NULL pointer dereference in tableColumnList", + "Description": "SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never initialized.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/101285", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15286", + "https://github.com/Ha0Team/crash-of-sqlite3/blob/master/poc.md" + ], + "PublishedDate": "2017-10-12T08:29:00Z", + "LastModifiedDate": "2017-10-27T14:18:00Z" + }, + { + "VulnerabilityID": "CVE-2018-8740", + "PkgName": "sqlite", + "InstalledVersion": "3.7.17-8.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-8740", + "Title": "sqlite: NULL pointer dereference with databases with schema corrupted with CREATE TABLE AS allows for denial of service", + "Description": "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html", + "http://www.securityfocus.com/bid/103466", + "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964", + "https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8740", + "https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html", + "https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema", + "https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d\u0026to=d75e67654aa9620b" + ], + "PublishedDate": "2018-03-17T00:29:00Z", + "LastModifiedDate": "2019-05-22T03:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-19244", + "PkgName": "sqlite", + "InstalledVersion": "3.7.17-8.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19244", + "Title": "sqlite: allows a crash if a sub-select uses both DISTINCT and window functions and also has certain ORDER BY usage", + "Description": "sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19244", + "https://github.com/sqlite/sqlite/commit/e59c562b3f6894f84c715772c4b116d7b5c01348", + "https://usn.ubuntu.com/4205-1/", + "https://usn.ubuntu.com/usn/usn-4205-1" + ], + "PublishedDate": "2019-11-25T20:15:00Z", + "LastModifiedDate": "2019-12-04T16:11:00Z" + }, + { + "VulnerabilityID": "CVE-2013-4392", + "PkgName": "systemd", + "InstalledVersion": "219-67.el7_7.1", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4392", + "Title": "systemd: TOCTOU race condition when updating file permissions and SELinux security contexts", + "Description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "V2Score": 3.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "V2Score": 3.3 + } + }, + "References": [ + "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", + "http://www.openwall.com/lists/oss-security/2013/10/01/9", + "https://bugzilla.redhat.com/show_bug.cgi?id=859060" + ], + "PublishedDate": "2013-10-28T22:55:00Z", + "LastModifiedDate": "2013-12-08T06:00:00Z" + }, + { + "VulnerabilityID": "CVE-2017-18078", + "PkgName": "systemd", + "InstalledVersion": "219-67.el7_7.1", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18078", + "Title": "systemd: Unsafe handling of hard links allowing privilege escalation", + "Description": "systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 6.7 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-updates/2018-02/msg00109.html", + "http://packetstormsecurity.com/files/146184/systemd-Local-Privilege-Escalation.html", + "http://www.openwall.com/lists/oss-security/2018/01/29/3", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18078", + "https://github.com/systemd/systemd/issues/7736", + "https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html", + "https://www.exploit-db.com/exploits/43935/", + "https://www.openwall.com/lists/oss-security/2018/01/29/4" + ], + "PublishedDate": "2018-01-29T05:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-6954", + "PkgName": "systemd", + "InstalledVersion": "219-67.el7_7.1", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6954", + "Title": "systemd: Mishandled symlinks in systemd-tmpfiles allows local users to obtain ownership of arbitrary files", + "Description": "systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6954", + "https://github.com/systemd/systemd/issues/7986", + "https://usn.ubuntu.com/3816-1/", + "https://usn.ubuntu.com/3816-2/", + "https://usn.ubuntu.com/usn/usn-3816-1", + "https://usn.ubuntu.com/usn/usn-3816-2" + ], + "PublishedDate": "2018-02-13T20:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3842", + "PkgName": "systemd", + "InstalledVersion": "219-67.el7_7.1", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3842", + "Title": "systemd: Spoofing of XDG_SEAT allows for actions to be checked against \"allow_active\" instead of \"allow_any\"", + "Description": "In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the \"allow_active\" element rather than \"allow_any\".", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.4, + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 4.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html", + "http://packetstormsecurity.com/files/152610/systemd-Seat-Verification-Active-Session-Spoofing.html", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3842", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3842", + "https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STR36RJE4ZZIORMDXRERVBHMPRNRTHAC/", + "https://usn.ubuntu.com/usn/usn-3938-1", + "https://www.exploit-db.com/exploits/46743/" + ], + "PublishedDate": "2019-04-09T21:29:00Z", + "LastModifiedDate": "2019-05-28T00:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-6349", + "PkgName": "systemd", + "InstalledVersion": "219-67.el7_7.1", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6349", + "Title": "oci-register-machine: information exposure for docker containers", + "Description": "The machinectl command in oci-register-machine allows local users to list running containers and possibly obtain sensitive information by running that command.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 2.1, + "V3Score": 3.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 1.9, + "V3Score": 4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/07/26/9", + "http://www.openwall.com/lists/oss-security/2016/10/13/7", + "http://www.securityfocus.com/bid/92143", + "https://bugzilla.redhat.com/show_bug.cgi?id=1360634", + "https://github.com/projectatomic/oci-register-machine/pull/22" + ], + "PublishedDate": "2017-03-29T20:59:00Z", + "LastModifiedDate": "2017-04-06T13:33:00Z" + }, + { + "VulnerabilityID": "CVE-2019-20386", + "PkgName": "systemd", + "InstalledVersion": "219-67.el7_7.1", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20386", + "Title": "systemd: a memory leak was discovered in button_open in login/logind-button.c when udev events are received", + "Description": "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.", + "Severity": "LOW", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 2.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20386", + "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad", + "https://security.netapp.com/advisory/ntap-20200210-0002/", + "https://usn.ubuntu.com/4269-1/", + "https://usn.ubuntu.com/usn/usn-4269-1" + ], + "PublishedDate": "2020-01-21T06:15:00Z", + "LastModifiedDate": "2020-02-10T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2013-4392", + "PkgName": "systemd-libs", + "InstalledVersion": "219-67.el7_7.1", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4392", + "Title": "systemd: TOCTOU race condition when updating file permissions and SELinux security contexts", + "Description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "V2Score": 3.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "V2Score": 3.3 + } + }, + "References": [ + "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", + "http://www.openwall.com/lists/oss-security/2013/10/01/9", + "https://bugzilla.redhat.com/show_bug.cgi?id=859060" + ], + "PublishedDate": "2013-10-28T22:55:00Z", + "LastModifiedDate": "2013-12-08T06:00:00Z" + }, + { + "VulnerabilityID": "CVE-2017-18078", + "PkgName": "systemd-libs", + "InstalledVersion": "219-67.el7_7.1", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18078", + "Title": "systemd: Unsafe handling of hard links allowing privilege escalation", + "Description": "systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 6.7 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-updates/2018-02/msg00109.html", + "http://packetstormsecurity.com/files/146184/systemd-Local-Privilege-Escalation.html", + "http://www.openwall.com/lists/oss-security/2018/01/29/3", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18078", + "https://github.com/systemd/systemd/issues/7736", + "https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html", + "https://www.exploit-db.com/exploits/43935/", + "https://www.openwall.com/lists/oss-security/2018/01/29/4" + ], + "PublishedDate": "2018-01-29T05:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-6954", + "PkgName": "systemd-libs", + "InstalledVersion": "219-67.el7_7.1", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6954", + "Title": "systemd: Mishandled symlinks in systemd-tmpfiles allows local users to obtain ownership of arbitrary files", + "Description": "systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6954", + "https://github.com/systemd/systemd/issues/7986", + "https://usn.ubuntu.com/3816-1/", + "https://usn.ubuntu.com/3816-2/", + "https://usn.ubuntu.com/usn/usn-3816-1", + "https://usn.ubuntu.com/usn/usn-3816-2" + ], + "PublishedDate": "2018-02-13T20:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3842", + "PkgName": "systemd-libs", + "InstalledVersion": "219-67.el7_7.1", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3842", + "Title": "systemd: Spoofing of XDG_SEAT allows for actions to be checked against \"allow_active\" instead of \"allow_any\"", + "Description": "In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the \"allow_active\" element rather than \"allow_any\".", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.4, + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 4.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html", + "http://packetstormsecurity.com/files/152610/systemd-Seat-Verification-Active-Session-Spoofing.html", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3842", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3842", + "https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STR36RJE4ZZIORMDXRERVBHMPRNRTHAC/", + "https://usn.ubuntu.com/usn/usn-3938-1", + "https://www.exploit-db.com/exploits/46743/" + ], + "PublishedDate": "2019-04-09T21:29:00Z", + "LastModifiedDate": "2019-05-28T00:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-6349", + "PkgName": "systemd-libs", + "InstalledVersion": "219-67.el7_7.1", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6349", + "Title": "oci-register-machine: information exposure for docker containers", + "Description": "The machinectl command in oci-register-machine allows local users to list running containers and possibly obtain sensitive information by running that command.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 2.1, + "V3Score": 3.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 1.9, + "V3Score": 4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/07/26/9", + "http://www.openwall.com/lists/oss-security/2016/10/13/7", + "http://www.securityfocus.com/bid/92143", + "https://bugzilla.redhat.com/show_bug.cgi?id=1360634", + "https://github.com/projectatomic/oci-register-machine/pull/22" + ], + "PublishedDate": "2017-03-29T20:59:00Z", + "LastModifiedDate": "2017-04-06T13:33:00Z" + }, + { + "VulnerabilityID": "CVE-2019-20386", + "PkgName": "systemd-libs", + "InstalledVersion": "219-67.el7_7.1", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20386", + "Title": "systemd: a memory leak was discovered in button_open in login/logind-button.c when udev events are received", + "Description": "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.", + "Severity": "LOW", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 2.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20386", + "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad", + "https://security.netapp.com/advisory/ntap-20200210-0002/", + "https://usn.ubuntu.com/4269-1/", + "https://usn.ubuntu.com/usn/usn-4269-1" + ], + "PublishedDate": "2020-01-21T06:15:00Z", + "LastModifiedDate": "2020-02-10T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-6321", + "PkgName": "tar", + "InstalledVersion": "2:1.26-35.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6321", + "Title": "tar: Bypassing the extract path name", + "Description": "Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-22" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", + "V2Score": 5.1 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d", + "http://lists.gnu.org/archive/html/bug-tar/2016-10/msg00016.html", + "http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html", + "http://seclists.org/fulldisclosure/2016/Oct/102", + "http://seclists.org/fulldisclosure/2016/Oct/96", + "http://www.debian.org/security/2016/dsa-3702", + "http://www.securityfocus.com/bid/93937", + "http://www.ubuntu.com/usn/USN-3132-1", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6321", + "https://security.gentoo.org/glsa/201611-19", + "https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt", + "https://sintonen.fi/advisories/tar-extract-pathname-bypass.txt", + "https://usn.ubuntu.com/usn/usn-3132-1" + ], + "PublishedDate": "2016-12-09T22:59:00Z", + "LastModifiedDate": "2017-07-01T01:30:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20482", + "PkgName": "tar", + "InstalledVersion": "2:1.26-35.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20482", + "Title": "tar: Infinite read loop in sparse_dump_region function in sparse.c", + "Description": "GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).", + "Severity": "LOW", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42ccd1e2377945fd0414eca1a49294bff454", + "http://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html", + "http://www.securityfocus.com/bid/106354", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20482", + "https://lists.debian.org/debian-lts-announce/2018/12/msg00023.html", + "https://news.ycombinator.com/item?id=18745431", + "https://security.gentoo.org/glsa/201903-05", + "https://twitter.com/thatcks/status/1076166645708668928", + "https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug" + ], + "PublishedDate": "2018-12-26T18:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9923", + "PkgName": "tar", + "InstalledVersion": "2:1.26-35.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9923", + "Title": "tar: null-pointer dereference in pax_decode_header in sparse.c", + "Description": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html", + "http://savannah.gnu.org/bugs/?55369", + "https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241" + ], + "PublishedDate": "2019-03-22T08:29:00Z", + "LastModifiedDate": "2019-04-24T19:02:00Z" + }, + { + "VulnerabilityID": "CVE-2014-9114", + "PkgName": "util-linux", + "InstalledVersion": "2.23.2-61.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9114", + "Title": "util-linux: command injection flaw in blkid", + "Description": "Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-77" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V2Score": 6.2 + } + }, + "References": [ + "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146229.html", + "http://lists.opensuse.org/opensuse-updates/2015-01/msg00035.html", + "http://www.openwall.com/lists/oss-security/2014/11/26/21", + "http://www.securityfocus.com/bid/71327", + "https://bugzilla.redhat.com/show_bug.cgi?id=1168485", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9114", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/98993", + "https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc", + "https://security.gentoo.org/glsa/201612-14" + ], + "PublishedDate": "2017-03-31T16:59:00Z", + "LastModifiedDate": "2019-01-04T14:14:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2779", + "PkgName": "util-linux", + "InstalledVersion": "2.23.2-61.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", + "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", + "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "V2Score": 6.2, + "V3Score": 8.6 + } + }, + "References": [ + "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", + "http://www.openwall.com/lists/oss-security/2016/02/27/1", + "http://www.openwall.com/lists/oss-security/2016/02/27/2", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" + ], + "PublishedDate": "2017-02-07T15:59:00Z", + "LastModifiedDate": "2019-01-04T14:14:00Z" + }, + { + "VulnerabilityID": "CVE-2015-5218", + "PkgName": "util-linux", + "InstalledVersion": "2.23.2-61.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5218", + "Title": "colcrt: global-buffer-overflow", + "Description": "Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", + "V2Score": 3.7 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-updates/2015-11/msg00035.html", + "http://www.spinics.net/lists/util-linux-ng/msg11873.html", + "https://bugzilla.redhat.com/show_bug.cgi?id=1259322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5218", + "https://github.com/kerolasa/lelux-utiliteetit/commit/70e3fcf293c1827a2655a86584ab13075124a8a8", + "https://github.com/kerolasa/lelux-utiliteetit/commit/d883d64d96ab9bef510745d064a351145b9babec", + "https://www.kernel.org/pub/linux/utils/util-linux/v2.27/v2.27-ReleaseNotes" + ], + "PublishedDate": "2015-11-09T16:59:00Z", + "LastModifiedDate": "2018-10-30T16:27:00Z" + }, + { + "VulnerabilityID": "CVE-2017-1000382", + "PkgName": "vim-minimal", + "InstalledVersion": "2:7.4.629-6.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000382", + "Title": "vim: Ignores umask when creating a swap file", + "Description": "VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file (\"[ORIGINAL_FILENAME].swp\") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 2.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "http://security.cucumberlinux.com/security/details.php?id=120", + "http://www.openwall.com/lists/oss-security/2017/10/31/1" + ], + "PublishedDate": "2017-10-31T20:29:00Z", + "LastModifiedDate": "2017-11-27T16:24:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11109", + "PkgName": "vim-minimal", + "InstalledVersion": "2:7.4.629-6.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11109", + "Title": "vim: Use-after-free via crafted file", + "Description": "Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. NOTE: there might be a limited number of scenarios in which this has security relevance.", + "Severity": "LOW", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1468492", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11109", + "https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html", + "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11109.html", + "https://www.mail-archive.com/vim_dev@googlegroups.com/msg45274.html" + ], + "PublishedDate": "2017-07-08T17:29:00Z", + "LastModifiedDate": "2019-08-03T13:15:00Z" + }, + { + "VulnerabilityID": "CVE-2017-17087", + "PkgName": "vim-minimal", + "InstalledVersion": "2:7.4.629-6.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17087", + "Title": "vim: Sets the group ownership of a .swp file to the editor's primary group", + "Description": "fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 2.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2017/11/27/2", + "http://security.cucumberlinux.com/security/details.php?id=166", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17087", + "https://github.com/vim/vim/commit/5a73e0ca54c77e067c3b12ea6f35e3e8681e8cf8", + "https://groups.google.com/d/msg/vim_dev/sRT9BtjLWMk/BRtSXNU4BwAJ", + "https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html" + ], + "PublishedDate": "2017-12-01T08:29:00Z", + "LastModifiedDate": "2019-08-03T13:15:00Z" + }, + { + "VulnerabilityID": "CVE-2017-5953", + "PkgName": "vim-minimal", + "InstalledVersion": "2:7.4.629-6.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-5953", + "Title": "vim: Tree length values not validated properly when handling a spell file", + "Description": "vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 2.5 + } + }, + "References": [ + "http://www.debian.org/security/2017/dsa-3786", + "http://www.securityfocus.com/bid/96217", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5953", + "https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d", + "https://groups.google.com/forum/#!topic/vim_dev/t-3RSdEnrHY", + "https://security.gentoo.org/glsa/201706-26", + "https://usn.ubuntu.com/4016-1/", + "https://usn.ubuntu.com/usn/usn-4016-1" + ], + "PublishedDate": "2017-02-10T07:59:00Z", + "LastModifiedDate": "2019-06-11T20:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-6350", + "PkgName": "vim-minimal", + "InstalledVersion": "2:7.4.629-6.el7", + "Layer": { + "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6350", + "Title": "vim: Integer overflow at an unserialize_uep memory allocation site", + "Description": "An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 2.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/96448", + "http://www.securitytracker.com/id/1037949", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6350", + "https://github.com/vim/vim/commit/0c8485f0e4931463c0f7986e1ea84a7d79f10c75", + "https://groups.google.com/forum/#!topic/vim_dev/L_dOHOOiQ5Q", + "https://groups.google.com/forum/#!topic/vim_dev/QPZc0CY9j3Y", + "https://security.gentoo.org/glsa/201706-26" + ], + "PublishedDate": "2017-02-27T07:59:00Z", + "LastModifiedDate": "2018-08-13T21:47:00Z" + } + ] + } + ] +} \ No newline at end of file diff --git a/integration/testdata/ubuntu-1604.json.golden b/integration/testdata/ubuntu-1604.json.golden index fe34bdfe78..ddb8831273 100644 --- a/integration/testdata/ubuntu-1604.json.golden +++ b/integration/testdata/ubuntu-1604.json.golden @@ -1,6925 +1,6992 @@ -[ - { - "Target": "testdata/fixtures/images/ubuntu-1604.tar.gz (ubuntu 16.04)", - "Class": "os-pkgs", - "Type": "ubuntu", - "Vulnerabilities": [ - { - "VulnerabilityID": "CVE-2019-18276", - "PkgName": "bash", - "InstalledVersion": "4.3-14ubuntu1.4", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" +{ + "SchemaVersion": 2, + "ArtifactName": "testdata/fixtures/images/ubuntu-1604.tar.gz", + "ArtifactType": "container_image", + "Metadata": { + "OS": { + "Family": "ubuntu", + "Name": "16.04" + }, + "ImageID": "sha256:5e13f8dd4c1a20dbe677261cc73171093d502f8edd1da8bec47416cdc20323c6", + "DiffIDs": [ + "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031", + "sha256:2558e637fbff95178cb4b43e0ca5f20a04ddeaf9673053bfa4dc10c72833d15a", + "sha256:aeda103e78c90b573700d64f6660efda378b59fe3e636ebfa28a0a105e2e2168", + "sha256:e79142719515e5304607fdd9adeb31db96b7acf00cabadac2678b056ed83bca6" + ], + "ImageConfig": { + "architecture": "amd64", + "container": "dd31e0e0382f230149544dd4c1a4a02e50824aa0c02ce981087b3f08794cb3a2", + "created": "2019-07-23T15:22:34.054269174Z", + "docker_version": "18.06.1-ce", + "history": [ + { + "created": "2019-07-23T15:22:31.648568069Z", + "created_by": "/bin/sh -c #(nop) ADD file:603693e48cdc7f0c5c62119923aadbb266e5df5a5002fc0f61295858f91690e8 in / " }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18276", - "Title": "bash: when effective UID is not equal to its real UID the saved UID is not dropped", - "Description": "An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support \"saved UID\" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use \"enable -f\" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.", - "Severity": "LOW", - "CweIDs": [ - "CWE-273" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V2Score": 7.2 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } + { + "created": "2019-07-23T15:22:32.444207677Z", + "created_by": "/bin/sh -c rm -rf /var/lib/apt/lists/*" }, - "References": [ - "http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276", - "https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff", - "https://www.youtube.com/watch?v=-wGtxJ8opa8" - ], - "PublishedDate": "2019-11-28T01:15:00Z", - "LastModifiedDate": "2020-01-22T14:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2779", - "PkgName": "bsdutils", - "InstalledVersion": "2.27.1-6ubuntu3.7", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + { + "created": "2019-07-23T15:22:33.179492618Z", + "created_by": "/bin/sh -c set -xe \t\t\u0026\u0026 echo '#!/bin/sh' \u003e /usr/sbin/policy-rc.d \t\u0026\u0026 echo 'exit 101' \u003e\u003e /usr/sbin/policy-rc.d \t\u0026\u0026 chmod +x /usr/sbin/policy-rc.d \t\t\u0026\u0026 dpkg-divert --local --rename --add /sbin/initctl \t\u0026\u0026 cp -a /usr/sbin/policy-rc.d /sbin/initctl \t\u0026\u0026 sed -i 's/^exit.*/exit 0/' /sbin/initctl \t\t\u0026\u0026 echo 'force-unsafe-io' \u003e /etc/dpkg/dpkg.cfg.d/docker-apt-speedup \t\t\u0026\u0026 echo 'DPkg::Post-Invoke { \"rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true\"; };' \u003e /etc/apt/apt.conf.d/docker-clean \t\u0026\u0026 echo 'APT::Update::Post-Invoke { \"rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true\"; };' \u003e\u003e /etc/apt/apt.conf.d/docker-clean \t\u0026\u0026 echo 'Dir::Cache::pkgcache \"\"; Dir::Cache::srcpkgcache \"\";' \u003e\u003e /etc/apt/apt.conf.d/docker-clean \t\t\u0026\u0026 echo 'Acquire::Languages \"none\";' \u003e /etc/apt/apt.conf.d/docker-no-languages \t\t\u0026\u0026 echo 'Acquire::GzipIndexes \"true\"; Acquire::CompressionTypes::Order:: \"gz\";' \u003e /etc/apt/apt.conf.d/docker-gzip-indexes \t\t\u0026\u0026 echo 'Apt::AutoRemove::SuggestsImportant \"false\";' \u003e /etc/apt/apt.conf.d/docker-autoremove-suggests" }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", - "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", - "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 6.2, - "V3Score": 8.6 - } + { + "created": "2019-07-23T15:22:33.883423097Z", + "created_by": "/bin/sh -c mkdir -p /run/systemd \u0026\u0026 echo 'docker' \u003e /run/systemd/container" }, - "References": [ - "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", - "http://www.openwall.com/lists/oss-security/2016/02/27/1", - "http://www.openwall.com/lists/oss-security/2016/02/27/2", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" - ], - "PublishedDate": "2017-02-07T15:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2016-5011", - "PkgName": "bsdutils", - "InstalledVersion": "2.27.1-6ubuntu3.7", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5011", - "Title": "util-linux: Extended partition loop in MBR partition table leads to DOS", - "Description": "The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.7, - "V3Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.9, - "V3Score": 4.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-5011.html", - "http://linux.oracle.com/errata/ELSA-2016-2605.html", - "http://rhn.redhat.com/errata/RHSA-2016-2605.html", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1024543", - "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021801", - "http://www.openwall.com/lists/oss-security/2016/07/11/2", - "http://www.securityfocus.com/bid/91683", - "http://www.securitytracker.com/id/1036272", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5011", - "https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=7164a1c3" - ], - "PublishedDate": "2017-04-11T15:59:00Z", - "LastModifiedDate": "2017-04-17T16:50:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2781", - "PkgName": "coreutils", - "InstalledVersion": "8.25-2ubuntu3~16.04", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2781", - "Title": "coreutils: Non-privileged session can escape to the parent session in chroot", - "Description": "chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", - "V2Score": 2.1, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 6.2, - "V3Score": 8.6 - } - }, - "References": [ - "http://seclists.org/oss-sec/2016/q1/452", - "http://www.openwall.com/lists/oss-security/2016/02/28/2", - "http://www.openwall.com/lists/oss-security/2016/02/28/3", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2781" - ], - "PublishedDate": "2017-02-07T15:59:00Z", - "LastModifiedDate": "2017-02-27T19:32:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8283", - "PkgName": "dpkg", - "InstalledVersion": "1.18.4ubuntu1.5", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8283", - "Description": "dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.", - "Severity": "LOW", - "CweIDs": [ - "CWE-22" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/04/20/2", - "http://www.securityfocus.com/bid/98064", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8283" - ], - "PublishedDate": "2017-04-26T05:59:00Z", - "LastModifiedDate": "2017-05-10T17:46:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5094", - "PkgName": "e2fslibs", - "InstalledVersion": "1.42.13-1ubuntu1", - "FixedVersion": "1.42.13-1ubuntu1.1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", - "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", - "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 6.4 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", - "https://seclists.org/bugtraq/2019/Sep/58", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", - "https://usn.ubuntu.com/4142-2/", - "https://usn.ubuntu.com/usn/usn-4142-1", - "https://usn.ubuntu.com/usn/usn-4142-2", - "https://www.debian.org/security/2019/dsa-4535" - ], - "PublishedDate": "2019-09-24T22:15:00Z", - "LastModifiedDate": "2019-09-28T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5188", - "PkgName": "e2fslibs", - "InstalledVersion": "1.42.13-1ubuntu1", - "FixedVersion": "1.42.13-1ubuntu1.2", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", - "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", - "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", - "https://usn.ubuntu.com/4249-1/", - "https://usn.ubuntu.com/usn/usn-4249-1" - ], - "PublishedDate": "2020-01-08T16:15:00Z", - "LastModifiedDate": "2020-01-28T06:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5094", - "PkgName": "e2fsprogs", - "InstalledVersion": "1.42.13-1ubuntu1", - "FixedVersion": "1.42.13-1ubuntu1.1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", - "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", - "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 6.4 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", - "https://seclists.org/bugtraq/2019/Sep/58", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", - "https://usn.ubuntu.com/4142-2/", - "https://usn.ubuntu.com/usn/usn-4142-1", - "https://usn.ubuntu.com/usn/usn-4142-2", - "https://www.debian.org/security/2019/dsa-4535" - ], - "PublishedDate": "2019-09-24T22:15:00Z", - "LastModifiedDate": "2019-09-28T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5188", - "PkgName": "e2fsprogs", - "InstalledVersion": "1.42.13-1ubuntu1", - "FixedVersion": "1.42.13-1ubuntu1.2", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", - "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", - "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", - "https://usn.ubuntu.com/4249-1/", - "https://usn.ubuntu.com/usn/usn-4249-1" - ], - "PublishedDate": "2020-01-08T16:15:00Z", - "LastModifiedDate": "2020-01-28T06:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13050", - "PkgName": "gnupg", - "InstalledVersion": "1.4.20-1ubuntu3.3", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13050", - "Title": "GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack which leads to persistent DoS", - "Description": "Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-297" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "https://access.redhat.com/articles/4264021", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13050", - "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f", - "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html", - "https://twitter.com/lambdafu/status/1147162583969009664" - ], - "PublishedDate": "2019-06-29T17:15:00Z", - "LastModifiedDate": "2019-07-09T20:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-14855", - "PkgName": "gnupg", - "InstalledVersion": "1.4.20-1ubuntu3.3", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14855", - "Description": "Web of Trust forgeries using collisions in SHA-1 signatures.", - "Severity": "LOW", - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14855", - "https://eprint.iacr.org/2020/014.pdf" + { + "created": "2019-07-23T15:22:34.054269174Z", + "created_by": "/bin/sh -c #(nop) CMD [\"/bin/bash\"]", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031", + "sha256:2558e637fbff95178cb4b43e0ca5f20a04ddeaf9673053bfa4dc10c72833d15a", + "sha256:aeda103e78c90b573700d64f6660efda378b59fe3e636ebfa28a0a105e2e2168", + "sha256:e79142719515e5304607fdd9adeb31db96b7acf00cabadac2678b056ed83bca6" ] }, - { - "VulnerabilityID": "CVE-2019-13050", - "PkgName": "gpgv", - "InstalledVersion": "1.4.20-1ubuntu3.3", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13050", - "Title": "GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack which leads to persistent DoS", - "Description": "Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-297" + "config": { + "Cmd": [ + "/bin/bash" ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "https://access.redhat.com/articles/4264021", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13050", - "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f", - "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html", - "https://twitter.com/lambdafu/status/1147162583969009664" + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ], - "PublishedDate": "2019-06-29T17:15:00Z", - "LastModifiedDate": "2019-07-09T20:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-14855", - "PkgName": "gpgv", - "InstalledVersion": "1.4.20-1ubuntu3.3", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14855", - "Description": "Web of Trust forgeries using collisions in SHA-1 signatures.", - "Severity": "LOW", - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14855", - "https://eprint.iacr.org/2020/014.pdf" - ] - }, - { - "VulnerabilityID": "CVE-2016-1585", - "PkgName": "libapparmor1", - "InstalledVersion": "2.10.95-0ubuntu2.11", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1585", - "Description": "In all versions of AppArmor mount rules are accidentally widened when compiled.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - } - }, - "References": [ - "https://bugs.launchpad.net/apparmor/+bug/1597017", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1585" - ], - "PublishedDate": "2019-04-22T16:29:00Z", - "LastModifiedDate": "2019-10-09T23:17:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2779", - "PkgName": "libblkid1", - "InstalledVersion": "2.27.1-6ubuntu3.7", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", - "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", - "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 6.2, - "V3Score": 8.6 - } - }, - "References": [ - "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", - "http://www.openwall.com/lists/oss-security/2016/02/27/1", - "http://www.openwall.com/lists/oss-security/2016/02/27/2", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" - ], - "PublishedDate": "2017-02-07T15:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2016-5011", - "PkgName": "libblkid1", - "InstalledVersion": "2.27.1-6ubuntu3.7", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5011", - "Title": "util-linux: Extended partition loop in MBR partition table leads to DOS", - "Description": "The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.7, - "V3Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.9, - "V3Score": 4.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-5011.html", - "http://linux.oracle.com/errata/ELSA-2016-2605.html", - "http://rhn.redhat.com/errata/RHSA-2016-2605.html", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1024543", - "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021801", - "http://www.openwall.com/lists/oss-security/2016/07/11/2", - "http://www.securityfocus.com/bid/91683", - "http://www.securitytracker.com/id/1036272", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5011", - "https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=7164a1c3" - ], - "PublishedDate": "2017-04-11T15:59:00Z", - "LastModifiedDate": "2017-04-17T16:50:00Z" - }, - { - "VulnerabilityID": "CVE-2017-18269", - "PkgName": "libc-bin", - "InstalledVersion": "2.23-0ubuntu11", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18269", - "Title": "glibc: memory corruption in memcpy-sse2-unaligned.S", - "Description": "An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 7.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18269", - "https://github.com/fingolfin/memmove-bug", - "https://security.netapp.com/advisory/ntap-20190329-0001/", - "https://security.netapp.com/advisory/ntap-20190401-0001/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22644", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=cd66c0e584c6d692bc8347b5e72723d02b8a8ada" - ], - "PublishedDate": "2018-05-18T16:29:00Z", - "LastModifiedDate": "2019-04-01T08:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-11236", - "PkgName": "libc-bin", - "InstalledVersion": "2.23-0ubuntu11", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-11236", - "Title": "glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow", - "Description": "stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-11236.html", - "http://linux.oracle.com/errata/ELSA-2018-3092.html", - "http://www.securityfocus.com/bid/104255", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3092", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11236", - "https://security.netapp.com/advisory/ntap-20190329-0001/", - "https://security.netapp.com/advisory/ntap-20190401-0001/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22786", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5460617d1567657621107d895ee2dd83bc1f88f2", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-05-18T16:29:00Z", - "LastModifiedDate": "2019-04-25T18:43:00Z" - }, - { - "VulnerabilityID": "CVE-2018-11237", - "PkgName": "libc-bin", - "InstalledVersion": "2.23-0ubuntu11", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-11237", - "Title": "glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper", - "Description": "An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-11237.html", - "http://linux.oracle.com/errata/ELSA-2018-3092.html", - "http://www.securityfocus.com/bid/104256", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3092", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11237", - "https://security.netapp.com/advisory/ntap-20190329-0001/", - "https://security.netapp.com/advisory/ntap-20190401-0001/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23196", - "https://www.exploit-db.com/exploits/44750/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-05-18T16:29:00Z", - "LastModifiedDate": "2019-04-25T18:44:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6485", - "PkgName": "libc-bin", - "InstalledVersion": "2.23-0ubuntu11", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6485", - "Title": "glibc: Integer overflow in posix_memalign in memalign functions", - "Description": "An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://bugs.debian.org/878159", - "http://linux.oracle.com/cve/CVE-2018-6485.html", - "http://linux.oracle.com/errata/ELSA-2018-3092.html", - "http://www.securityfocus.com/bid/102912", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3092", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6485", - "https://security.netapp.com/advisory/ntap-20190404-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22343", - "https://usn.ubuntu.com/4218-1/", - "https://usn.ubuntu.com/usn/usn-4218-1", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-02-01T14:29:00Z", - "LastModifiedDate": "2019-12-10T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2009-5155", - "PkgName": "libc-bin", - "InstalledVersion": "2.23-0ubuntu11", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2009-5155", - "Title": "glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result", - "Description": "In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.", - "Severity": "LOW", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5155", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=11053", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18986", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672", - "https://support.f5.com/csp/article/K64119434" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-03-25T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5180", - "PkgName": "libc-bin", - "InstalledVersion": "2.23-0ubuntu11", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5180", - "Title": "glibc: DNS resolver NULL pointer dereference with crafted record type", - "Description": "res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 1.2 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-5180.html", - "http://linux.oracle.com/errata/ELSA-2018-0805.html", - "http://www.securityfocus.com/bid/99324", - "http://www.ubuntu.com/usn/USN-3239-1", - "http://www.ubuntu.com/usn/USN-3239-2", - "https://access.redhat.com/errata/RHSA-2018:0805", - "https://bugzilla.redhat.com/show_bug.cgi?id=1249603", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5180", - "https://security.gentoo.org/glsa/201706-19", - "https://sourceware.org/bugzilla/attachment.cgi?id=8492", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18784", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=fc82b0a2dfe7dbd35671c10510a8da1043d746a5", - "https://sourceware.org/ml/libc-alpha/2017-02/msg00079.html", - "https://usn.ubuntu.com/usn/usn-3239-1", - "https://usn.ubuntu.com/usn/usn-3239-2" - ], - "PublishedDate": "2017-06-27T20:29:00Z", - "LastModifiedDate": "2018-04-12T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8985", - "PkgName": "libc-bin", - "InstalledVersion": "2.23-0ubuntu11", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8985", - "Title": "glibc: potential denial of service in pop_fail_stack()", - "Description": "The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.", - "Severity": "LOW", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/76916", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8985", - "https://security.gentoo.org/glsa/201908-06" - ], - "PublishedDate": "2017-03-20T16:59:00Z", - "LastModifiedDate": "2019-08-15T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10228", - "PkgName": "libc-bin", - "InstalledVersion": "2.23-0ubuntu11", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228", - "Title": "glibc: iconv program can hang when invoked with the -c option", - "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2017/03/01/10", - "http://www.securityfocus.com/bid/96525", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228", - "https://sourceware.org/bugzilla/show_bug.cgi?id=19519" - ], - "PublishedDate": "2017-03-02T01:59:00Z", - "LastModifiedDate": "2017-03-04T02:59:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10739", - "PkgName": "libc-bin", - "InstalledVersion": "2.23-0ubuntu11", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10739", - "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4.6, - "V3Score": 5.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-10739.html", - "http://linux.oracle.com/errata/ELSA-2019-3513.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html", - "http://www.securityfocus.com/bid/106672", - "https://access.redhat.com/errata/RHSA-2019:2118", - "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20018" - ], - "PublishedDate": "2019-01-21T19:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12132", - "PkgName": "libc-bin", - "InstalledVersion": "2.23-0ubuntu11", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12132", - "Title": "glibc: Fragmentation attacks possible when EDNS0 is enabled", - "Description": "The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.", - "Severity": "LOW", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", - "V3Score": 3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2017-12132.html", - "http://linux.oracle.com/errata/ELSA-2018-0805.html", - "http://www.securityfocus.com/bid/100598", - "https://access.redhat.com/errata/RHSA-2018:0805", - "https://arxiv.org/pdf/1205.4011.pdf", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12132", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21361" - ], - "PublishedDate": "2017-08-01T16:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12133", - "PkgName": "libc-bin", - "InstalledVersion": "2.23-0ubuntu11", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12133", - "Title": "glibc: Use-after-free read access in clntudp_call in sunrpc", - "Description": "Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path.", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 3.7 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12133", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SYZL6PAKI73XYRJYL5VLDGA4FFGWMB7A/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21115", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d42eed4a044e5e10dfb885cf9891c2518a72a491", - "https://www.securityfocus.com/bid/100679" - ], - "PublishedDate": "2017-09-07T13:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20796", - "PkgName": "libc-bin", - "InstalledVersion": "2.23-0ubuntu11", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20796", - "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", - "Severity": "LOW", - "CweIDs": [ - "CWE-674" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", - "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-11-05T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7309", - "PkgName": "libc-bin", - "InstalledVersion": "2.23-0ubuntu11", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7309", - "Title": "glibc: memcmp function incorrectly returns zero", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 2.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106835", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7309", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24155", - "https://sourceware.org/ml/libc-alpha/2019-02/msg00041.html", - "https://sourceware.org/ml/libc-alpha/2019-02/msg00063.html" - ], - "PublishedDate": "2019-02-03T02:29:00Z", - "LastModifiedDate": "2019-02-27T18:07:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9169", - "PkgName": "libc-bin", - "InstalledVersion": "2.23-0ubuntu11", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9169", - "Title": "glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24114", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9", - "https://support.f5.com/csp/article/K54823184" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-04-16T05:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9192", - "PkgName": "libc-bin", - "InstalledVersion": "2.23-0ubuntu11", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9192", - "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", - "Description": "** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.8 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" - ], - "PublishedDate": "2019-02-26T18:29:00Z", - "LastModifiedDate": "2019-11-05T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2017-18269", - "PkgName": "libc6", - "InstalledVersion": "2.23-0ubuntu11", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18269", - "Title": "glibc: memory corruption in memcpy-sse2-unaligned.S", - "Description": "An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 7.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18269", - "https://github.com/fingolfin/memmove-bug", - "https://security.netapp.com/advisory/ntap-20190329-0001/", - "https://security.netapp.com/advisory/ntap-20190401-0001/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22644", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=cd66c0e584c6d692bc8347b5e72723d02b8a8ada" - ], - "PublishedDate": "2018-05-18T16:29:00Z", - "LastModifiedDate": "2019-04-01T08:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-11236", - "PkgName": "libc6", - "InstalledVersion": "2.23-0ubuntu11", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-11236", - "Title": "glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow", - "Description": "stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-11236.html", - "http://linux.oracle.com/errata/ELSA-2018-3092.html", - "http://www.securityfocus.com/bid/104255", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3092", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11236", - "https://security.netapp.com/advisory/ntap-20190329-0001/", - "https://security.netapp.com/advisory/ntap-20190401-0001/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22786", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5460617d1567657621107d895ee2dd83bc1f88f2", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-05-18T16:29:00Z", - "LastModifiedDate": "2019-04-25T18:43:00Z" - }, - { - "VulnerabilityID": "CVE-2018-11237", - "PkgName": "libc6", - "InstalledVersion": "2.23-0ubuntu11", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-11237", - "Title": "glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper", - "Description": "An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-11237.html", - "http://linux.oracle.com/errata/ELSA-2018-3092.html", - "http://www.securityfocus.com/bid/104256", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3092", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11237", - "https://security.netapp.com/advisory/ntap-20190329-0001/", - "https://security.netapp.com/advisory/ntap-20190401-0001/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23196", - "https://www.exploit-db.com/exploits/44750/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-05-18T16:29:00Z", - "LastModifiedDate": "2019-04-25T18:44:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6485", - "PkgName": "libc6", - "InstalledVersion": "2.23-0ubuntu11", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6485", - "Title": "glibc: Integer overflow in posix_memalign in memalign functions", - "Description": "An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://bugs.debian.org/878159", - "http://linux.oracle.com/cve/CVE-2018-6485.html", - "http://linux.oracle.com/errata/ELSA-2018-3092.html", - "http://www.securityfocus.com/bid/102912", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3092", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6485", - "https://security.netapp.com/advisory/ntap-20190404-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22343", - "https://usn.ubuntu.com/4218-1/", - "https://usn.ubuntu.com/usn/usn-4218-1", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-02-01T14:29:00Z", - "LastModifiedDate": "2019-12-10T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2009-5155", - "PkgName": "libc6", - "InstalledVersion": "2.23-0ubuntu11", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2009-5155", - "Title": "glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result", - "Description": "In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.", - "Severity": "LOW", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5155", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=11053", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18986", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672", - "https://support.f5.com/csp/article/K64119434" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-03-25T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5180", - "PkgName": "libc6", - "InstalledVersion": "2.23-0ubuntu11", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5180", - "Title": "glibc: DNS resolver NULL pointer dereference with crafted record type", - "Description": "res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 1.2 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-5180.html", - "http://linux.oracle.com/errata/ELSA-2018-0805.html", - "http://www.securityfocus.com/bid/99324", - "http://www.ubuntu.com/usn/USN-3239-1", - "http://www.ubuntu.com/usn/USN-3239-2", - "https://access.redhat.com/errata/RHSA-2018:0805", - "https://bugzilla.redhat.com/show_bug.cgi?id=1249603", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5180", - "https://security.gentoo.org/glsa/201706-19", - "https://sourceware.org/bugzilla/attachment.cgi?id=8492", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18784", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=fc82b0a2dfe7dbd35671c10510a8da1043d746a5", - "https://sourceware.org/ml/libc-alpha/2017-02/msg00079.html", - "https://usn.ubuntu.com/usn/usn-3239-1", - "https://usn.ubuntu.com/usn/usn-3239-2" - ], - "PublishedDate": "2017-06-27T20:29:00Z", - "LastModifiedDate": "2018-04-12T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8985", - "PkgName": "libc6", - "InstalledVersion": "2.23-0ubuntu11", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8985", - "Title": "glibc: potential denial of service in pop_fail_stack()", - "Description": "The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.", - "Severity": "LOW", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/76916", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8985", - "https://security.gentoo.org/glsa/201908-06" - ], - "PublishedDate": "2017-03-20T16:59:00Z", - "LastModifiedDate": "2019-08-15T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10228", - "PkgName": "libc6", - "InstalledVersion": "2.23-0ubuntu11", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228", - "Title": "glibc: iconv program can hang when invoked with the -c option", - "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2017/03/01/10", - "http://www.securityfocus.com/bid/96525", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228", - "https://sourceware.org/bugzilla/show_bug.cgi?id=19519" - ], - "PublishedDate": "2017-03-02T01:59:00Z", - "LastModifiedDate": "2017-03-04T02:59:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10739", - "PkgName": "libc6", - "InstalledVersion": "2.23-0ubuntu11", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10739", - "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4.6, - "V3Score": 5.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-10739.html", - "http://linux.oracle.com/errata/ELSA-2019-3513.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html", - "http://www.securityfocus.com/bid/106672", - "https://access.redhat.com/errata/RHSA-2019:2118", - "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20018" - ], - "PublishedDate": "2019-01-21T19:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12132", - "PkgName": "libc6", - "InstalledVersion": "2.23-0ubuntu11", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12132", - "Title": "glibc: Fragmentation attacks possible when EDNS0 is enabled", - "Description": "The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.", - "Severity": "LOW", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", - "V3Score": 3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2017-12132.html", - "http://linux.oracle.com/errata/ELSA-2018-0805.html", - "http://www.securityfocus.com/bid/100598", - "https://access.redhat.com/errata/RHSA-2018:0805", - "https://arxiv.org/pdf/1205.4011.pdf", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12132", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21361" - ], - "PublishedDate": "2017-08-01T16:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12133", - "PkgName": "libc6", - "InstalledVersion": "2.23-0ubuntu11", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12133", - "Title": "glibc: Use-after-free read access in clntudp_call in sunrpc", - "Description": "Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path.", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 3.7 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12133", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SYZL6PAKI73XYRJYL5VLDGA4FFGWMB7A/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21115", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d42eed4a044e5e10dfb885cf9891c2518a72a491", - "https://www.securityfocus.com/bid/100679" - ], - "PublishedDate": "2017-09-07T13:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20796", - "PkgName": "libc6", - "InstalledVersion": "2.23-0ubuntu11", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20796", - "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", - "Severity": "LOW", - "CweIDs": [ - "CWE-674" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", - "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-11-05T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7309", - "PkgName": "libc6", - "InstalledVersion": "2.23-0ubuntu11", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7309", - "Title": "glibc: memcmp function incorrectly returns zero", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 2.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106835", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7309", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24155", - "https://sourceware.org/ml/libc-alpha/2019-02/msg00041.html", - "https://sourceware.org/ml/libc-alpha/2019-02/msg00063.html" - ], - "PublishedDate": "2019-02-03T02:29:00Z", - "LastModifiedDate": "2019-02-27T18:07:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9169", - "PkgName": "libc6", - "InstalledVersion": "2.23-0ubuntu11", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9169", - "Title": "glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24114", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9", - "https://support.f5.com/csp/article/K54823184" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-04-16T05:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9192", - "PkgName": "libc6", - "InstalledVersion": "2.23-0ubuntu11", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9192", - "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", - "Description": "** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.8 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" - ], - "PublishedDate": "2019-02-26T18:29:00Z", - "LastModifiedDate": "2019-11-05T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5094", - "PkgName": "libcomerr2", - "InstalledVersion": "1.42.13-1ubuntu1", - "FixedVersion": "1.42.13-1ubuntu1.1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", - "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", - "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 6.4 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", - "https://seclists.org/bugtraq/2019/Sep/58", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", - "https://usn.ubuntu.com/4142-2/", - "https://usn.ubuntu.com/usn/usn-4142-1", - "https://usn.ubuntu.com/usn/usn-4142-2", - "https://www.debian.org/security/2019/dsa-4535" - ], - "PublishedDate": "2019-09-24T22:15:00Z", - "LastModifiedDate": "2019-09-28T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5188", - "PkgName": "libcomerr2", - "InstalledVersion": "1.42.13-1ubuntu1", - "FixedVersion": "1.42.13-1ubuntu1.2", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", - "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", - "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", - "https://usn.ubuntu.com/4249-1/", - "https://usn.ubuntu.com/usn/usn-4249-1" - ], - "PublishedDate": "2020-01-08T16:15:00Z", - "LastModifiedDate": "2020-01-28T06:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4484", - "PkgName": "libcryptsetup4", - "InstalledVersion": "2:1.6.6-5ubuntu2.1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4484", - "Title": "dracut: Brute force attack on LUKS password decryption via initramfs", - "Description": "The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password.", - "Severity": "LOW", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 6.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 6.8 - } - }, - "References": [ - "http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html", - "http://www.openwall.com/lists/oss-security/2016/11/14/13", - "http://www.openwall.com/lists/oss-security/2016/11/15/1", - "http://www.openwall.com/lists/oss-security/2016/11/15/4", - "http://www.openwall.com/lists/oss-security/2016/11/16/6", - "http://www.securityfocus.com/bid/94315", - "https://access.redhat.com/articles/2786581", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4484", - "https://gitlab.com/cryptsetup/cryptsetup/commit/ef8a7d82d8d3716ae9b58179590f7908981fa0cb" - ], - "PublishedDate": "2017-01-23T21:59:00Z", - "LastModifiedDate": "2017-01-26T02:59:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2779", - "PkgName": "libfdisk1", - "InstalledVersion": "2.27.1-6ubuntu3.7", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", - "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", - "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 6.2, - "V3Score": 8.6 - } - }, - "References": [ - "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", - "http://www.openwall.com/lists/oss-security/2016/02/27/1", - "http://www.openwall.com/lists/oss-security/2016/02/27/2", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" - ], - "PublishedDate": "2017-02-07T15:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2016-5011", - "PkgName": "libfdisk1", - "InstalledVersion": "2.27.1-6ubuntu3.7", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5011", - "Title": "util-linux: Extended partition loop in MBR partition table leads to DOS", - "Description": "The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.7, - "V3Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.9, - "V3Score": 4.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-5011.html", - "http://linux.oracle.com/errata/ELSA-2016-2605.html", - "http://rhn.redhat.com/errata/RHSA-2016-2605.html", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1024543", - "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021801", - "http://www.openwall.com/lists/oss-security/2016/07/11/2", - "http://www.securityfocus.com/bid/91683", - "http://www.securitytracker.com/id/1036272", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5011", - "https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=7164a1c3" - ], - "PublishedDate": "2017-04-11T15:59:00Z", - "LastModifiedDate": "2017-04-17T16:50:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13627", - "PkgName": "libgcrypt20", - "InstalledVersion": "1.6.5-2ubuntu0.5", - "FixedVersion": "1.6.5-2ubuntu0.6", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13627", - "Title": "libgcrypt: ECDSA timing attack in the libgcrypt20 cryptographic library", - "Description": "It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-362" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", - "V3Score": 6.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00060.html", - "http://www.openwall.com/lists/oss-security/2019/10/02/2", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13627", - "https://dev.gnupg.org/T4683", - "https://github.com/gpg/libgcrypt/releases/tag/libgcrypt-1.8.5", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00024.html", - "https://minerva.crocs.fi.muni.cz/", - "https://security-tracker.debian.org/tracker/CVE-2019-13627", - "https://usn.ubuntu.com/usn/usn-4236-1", - "https://usn.ubuntu.com/usn/usn-4236-2", - "https://usn.ubuntu.com/usn/usn-4236-3" - ], - "PublishedDate": "2019-09-25T15:15:00Z", - "LastModifiedDate": "2019-10-03T00:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17543", - "PkgName": "liblz4-1", - "InstalledVersion": "0.0~r131-2ubuntu2", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17543", - "Title": "lz4: heap-based buffer overflow in LZ4_write32", - "Description": "LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states \"only a few specific / uncommon usages of the API are at risk.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-120" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00069.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00070.html", - "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15941", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17543", - "https://github.com/lz4/lz4/compare/v1.9.1...v1.9.2", - "https://github.com/lz4/lz4/issues/801", - "https://github.com/lz4/lz4/pull/756", - "https://github.com/lz4/lz4/pull/760", - "https://lists.apache.org/thread.html/25015588b770d67470b7ba7ea49a305d6735dd7f00eabe7d50ec1e17@%3Cissues.arrow.apache.org%3E", - "https://lists.apache.org/thread.html/793012683dc0fa6819b7c2560e6cf990811014c40c7d75412099c357@%3Cissues.arrow.apache.org%3E", - "https://lists.apache.org/thread.html/9ff0606d16be2ab6a81619e1c9e23c3e251756638e36272c8c8b7fa3@%3Cissues.arrow.apache.org%3E", - "https://lists.apache.org/thread.html/f0038c4fab2ee25aee849ebeff6b33b3aa89e07ccfb06b5c87b36316@%3Cissues.arrow.apache.org%3E", - "https://lists.apache.org/thread.html/f506bc371d4a068d5d84d7361293568f61167d3a1c3e91f0def2d7d3@%3Cdev.arrow.apache.org%3E" - ], - "PublishedDate": "2019-10-14T02:15:00Z", - "LastModifiedDate": "2019-10-24T15:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2779", - "PkgName": "libmount1", - "InstalledVersion": "2.27.1-6ubuntu3.7", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", - "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", - "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 6.2, - "V3Score": 8.6 - } - }, - "References": [ - "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", - "http://www.openwall.com/lists/oss-security/2016/02/27/1", - "http://www.openwall.com/lists/oss-security/2016/02/27/2", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" - ], - "PublishedDate": "2017-02-07T15:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2016-5011", - "PkgName": "libmount1", - "InstalledVersion": "2.27.1-6ubuntu3.7", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5011", - "Title": "util-linux: Extended partition loop in MBR partition table leads to DOS", - "Description": "The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.7, - "V3Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.9, - "V3Score": 4.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-5011.html", - "http://linux.oracle.com/errata/ELSA-2016-2605.html", - "http://rhn.redhat.com/errata/RHSA-2016-2605.html", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1024543", - "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021801", - "http://www.openwall.com/lists/oss-security/2016/07/11/2", - "http://www.securityfocus.com/bid/91683", - "http://www.securitytracker.com/id/1036272", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5011", - "https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=7164a1c3" - ], - "PublishedDate": "2017-04-11T15:59:00Z", - "LastModifiedDate": "2017-04-17T16:50:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10684", - "PkgName": "libncurses5", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10684", - "Title": "ncurses: Stack-based buffer overflow in fmt_entry function in dump_entry.c", - "Description": "In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", - "V3Score": 5.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464687", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10684", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-06-29T23:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10685", - "PkgName": "libncurses5", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10685", - "Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function", - "Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-134" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464692", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-06-29T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11112", - "PkgName": "libncurses5", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11112", - "Title": "ncurses: Illegal address access in append_acs function", - "Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464686", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11113", - "PkgName": "libncurses5", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11113", - "Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function", - "Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464691", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2019-05-06T15:00:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13728", - "PkgName": "libncurses5", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13728", - "Title": "ncurses: Infinite loop in the next_char function", - "Description": "There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484274", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13729", - "PkgName": "libncurses5", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13729", - "Title": "ncurses: Illegal address access in the _nc_save_str function", - "Description": "There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13729", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13730", - "PkgName": "libncurses5", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13730", - "Title": "ncurses: Illegal address access in the function _nc_read_entry_source()", - "Description": "There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484284", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13730", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13731", - "PkgName": "libncurses5", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13731", - "Title": "ncurses: Illegal address access in the function postprocess_termcap()", - "Description": "There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484285", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13731", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13732", - "PkgName": "libncurses5", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13732", - "Title": "ncurses: Illegal address access in the function dump_uses()", - "Description": "There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484287", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13732", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13733", - "PkgName": "libncurses5", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13733", - "Title": "ncurses: Illegal address access in the function fmt_entry", - "Description": "There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484290", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13733", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13734", - "PkgName": "libncurses5", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13734", - "Title": "ncurses: Illegal address access in the function _nc_safe_strcat", - "Description": "There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484291", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13734", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16879", - "PkgName": "libncurses5", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16879", - "Title": "ncurses: Stack-based buffer overflow in the _nc_write_entry function", - "Description": "Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.5 - } - }, - "References": [ - "http://invisible-island.net/ncurses/NEWS.html#t20171125", - "http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16879", - "https://security.gentoo.org/glsa/201804-13", - "https://tools.cisco.com/security/center/viewAlert.x?alertId=57695" - ], - "PublishedDate": "2017-11-22T22:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17594", - "PkgName": "libncurses5", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", - "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-26T15:35:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17595", - "PkgName": "libncurses5", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", - "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-23T19:26:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10684", - "PkgName": "libncursesw5", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10684", - "Title": "ncurses: Stack-based buffer overflow in fmt_entry function in dump_entry.c", - "Description": "In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", - "V3Score": 5.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464687", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10684", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-06-29T23:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10685", - "PkgName": "libncursesw5", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10685", - "Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function", - "Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-134" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464692", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-06-29T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11112", - "PkgName": "libncursesw5", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11112", - "Title": "ncurses: Illegal address access in append_acs function", - "Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464686", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11113", - "PkgName": "libncursesw5", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11113", - "Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function", - "Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464691", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2019-05-06T15:00:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13728", - "PkgName": "libncursesw5", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13728", - "Title": "ncurses: Infinite loop in the next_char function", - "Description": "There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484274", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13729", - "PkgName": "libncursesw5", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13729", - "Title": "ncurses: Illegal address access in the _nc_save_str function", - "Description": "There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13729", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13730", - "PkgName": "libncursesw5", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13730", - "Title": "ncurses: Illegal address access in the function _nc_read_entry_source()", - "Description": "There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484284", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13730", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13731", - "PkgName": "libncursesw5", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13731", - "Title": "ncurses: Illegal address access in the function postprocess_termcap()", - "Description": "There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484285", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13731", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13732", - "PkgName": "libncursesw5", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13732", - "Title": "ncurses: Illegal address access in the function dump_uses()", - "Description": "There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484287", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13732", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13733", - "PkgName": "libncursesw5", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13733", - "Title": "ncurses: Illegal address access in the function fmt_entry", - "Description": "There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484290", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13733", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13734", - "PkgName": "libncursesw5", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13734", - "Title": "ncurses: Illegal address access in the function _nc_safe_strcat", - "Description": "There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484291", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13734", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16879", - "PkgName": "libncursesw5", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16879", - "Title": "ncurses: Stack-based buffer overflow in the _nc_write_entry function", - "Description": "Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.5 - } - }, - "References": [ - "http://invisible-island.net/ncurses/NEWS.html#t20171125", - "http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16879", - "https://security.gentoo.org/glsa/201804-13", - "https://tools.cisco.com/security/center/viewAlert.x?alertId=57695" - ], - "PublishedDate": "2017-11-22T22:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17594", - "PkgName": "libncursesw5", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", - "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-26T15:35:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17595", - "PkgName": "libncursesw5", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", - "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-23T19:26:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11164", - "PkgName": "libpcre3", - "InstalledVersion": "2:8.38-3.1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11164", - "Title": "pcre: OP_KETRMAX feature in the match function in pcre_exec.c", - "Description": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.", - "Severity": "LOW", - "CweIDs": [ - "CWE-674" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 7.8, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2017/07/11/3", - "http://www.securityfocus.com/bid/99575", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164" - ], - "PublishedDate": "2017-07-11T03:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-6004", - "PkgName": "libpcre3", - "InstalledVersion": "2:8.38-3.1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6004", - "Title": "pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3)", - "Description": "The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/96295", - "http://www.securitytracker.com/id/1037850", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://bugs.exim.org/show_bug.cgi?id=2035", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6004", - "https://security.gentoo.org/glsa/201706-11", - "https://vcs.pcre.org/pcre/code/trunk/pcre_jit_compile.c?r1=1676\u0026r2=1680\u0026view=patch" - ], - "PublishedDate": "2017-02-16T11:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7186", - "PkgName": "libpcre3", - "InstalledVersion": "2:8.38-3.1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7186", - "Title": "pcre: Invalid Unicode property lookup (8.41/7, 10.24/2)", - "Description": "libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97030", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/", - "https://bugs.exim.org/show_bug.cgi?id=2052", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7186", - "https://security.gentoo.org/glsa/201710-09", - "https://security.gentoo.org/glsa/201710-25", - "https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649\u0026r2=1688\u0026sortby=date", - "https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490\u0026r2=1688\u0026sortby=date", - "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600\u0026r2=670\u0026sortby=date", - "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316\u0026r2=670\u0026sortby=date" - ], - "PublishedDate": "2017-03-20T00:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7244", - "PkgName": "libpcre3", - "InstalledVersion": "2:8.38-3.1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7244", - "Title": "pcre: invalid memory read in _pcre32_xclass (pcre_xclass.c)", - "Description": "The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97067", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7244", - "https://security.gentoo.org/glsa/201710-25" - ], - "PublishedDate": "2017-03-23T21:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7245", - "PkgName": "libpcre3", - "InstalledVersion": "2:8.38-3.1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7245", - "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", - "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97067", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7245", - "https://security.gentoo.org/glsa/201710-25" - ], - "PublishedDate": "2017-03-23T21:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7246", - "PkgName": "libpcre3", - "InstalledVersion": "2:8.38-3.1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7246", - "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", - "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97067", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7246", - "https://security.gentoo.org/glsa/201710-25" - ], - "PublishedDate": "2017-03-23T21:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2779", - "PkgName": "libsmartcols1", - "InstalledVersion": "2.27.1-6ubuntu3.7", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", - "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", - "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 6.2, - "V3Score": 8.6 - } - }, - "References": [ - "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", - "http://www.openwall.com/lists/oss-security/2016/02/27/1", - "http://www.openwall.com/lists/oss-security/2016/02/27/2", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" - ], - "PublishedDate": "2017-02-07T15:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2016-5011", - "PkgName": "libsmartcols1", - "InstalledVersion": "2.27.1-6ubuntu3.7", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5011", - "Title": "util-linux: Extended partition loop in MBR partition table leads to DOS", - "Description": "The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.7, - "V3Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.9, - "V3Score": 4.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-5011.html", - "http://linux.oracle.com/errata/ELSA-2016-2605.html", - "http://rhn.redhat.com/errata/RHSA-2016-2605.html", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1024543", - "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021801", - "http://www.openwall.com/lists/oss-security/2016/07/11/2", - "http://www.securityfocus.com/bid/91683", - "http://www.securitytracker.com/id/1036272", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5011", - "https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=7164a1c3" - ], - "PublishedDate": "2017-04-11T15:59:00Z", - "LastModifiedDate": "2017-04-17T16:50:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5094", - "PkgName": "libss2", - "InstalledVersion": "1.42.13-1ubuntu1", - "FixedVersion": "1.42.13-1ubuntu1.1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", - "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", - "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 6.4 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", - "https://seclists.org/bugtraq/2019/Sep/58", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", - "https://usn.ubuntu.com/4142-2/", - "https://usn.ubuntu.com/usn/usn-4142-1", - "https://usn.ubuntu.com/usn/usn-4142-2", - "https://www.debian.org/security/2019/dsa-4535" - ], - "PublishedDate": "2019-09-24T22:15:00Z", - "LastModifiedDate": "2019-09-28T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5188", - "PkgName": "libss2", - "InstalledVersion": "1.42.13-1ubuntu1", - "FixedVersion": "1.42.13-1ubuntu1.2", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", - "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", - "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", - "https://usn.ubuntu.com/4249-1/", - "https://usn.ubuntu.com/usn/usn-4249-1" - ], - "PublishedDate": "2020-01-08T16:15:00Z", - "LastModifiedDate": "2020-01-28T06:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20839", - "PkgName": "libsystemd0", - "InstalledVersion": "229-4ubuntu21.22", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20839", - "Title": "systemd: mishandling of the current keyboard mode check leading to passwords being disclosed in cleartext to attacker", - "Description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 6.4 - } - }, - "References": [ - "http://www.securityfocus.com/bid/108389", - "https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1803993", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20839", - "https://github.com/systemd/systemd/commit/9725f1a10f80f5e0ae7d9b60547458622aeb322f", - "https://github.com/systemd/systemd/pull/12378", - "https://github.com/systemd/systemd/pull/13109", - "https://security.netapp.com/advisory/ntap-20190530-0002/" - ], - "PublishedDate": "2019-05-17T04:29:00Z", - "LastModifiedDate": "2019-05-30T08:29:00Z" - }, - { - "VulnerabilityID": "CVE-2020-1712", - "PkgName": "libsystemd0", - "InstalledVersion": "229-4ubuntu21.22", - "FixedVersion": "229-4ubuntu21.27", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-1712", - "Title": "systemd: use-after-free when asynchronous polkit queries are performed", - "Description": "A heap use-after-free vulnerability was found in systemd, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.", - "Severity": "MEDIUM", - "CVSS": { - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2020-1712.html", - "http://linux.oracle.com/errata/ELSA-2020-0575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1712", - "https://usn.ubuntu.com/usn/usn-4269-1" - ] - }, - { - "VulnerabilityID": "CVE-2018-16888", - "PkgName": "libsystemd0", - "InstalledVersion": "229-4ubuntu21.22", - "FixedVersion": "229-4ubuntu21.27", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16888", - "Title": "systemd: kills privileged process if unprivileged PIDFile was tampered", - "Description": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20", - "CWE-732" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16888.html", - "http://linux.oracle.com/errata/ELSA-2019-2091.html", - "https://access.redhat.com/errata/RHSA-2019:2091", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16888", - "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74@%3Cuser.cassandra.apache.org%3E", - "https://security.netapp.com/advisory/ntap-20190307-0007/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2019-01-14T22:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-20386", - "PkgName": "libsystemd0", - "InstalledVersion": "229-4ubuntu21.22", - "FixedVersion": "229-4ubuntu21.27", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20386", - "Title": "systemd: a memory leak was discovered in button_open in login/logind-button.c when udev events are received", - "Description": "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 2.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20386", - "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad", - "https://security.netapp.com/advisory/ntap-20200210-0002/", - "https://usn.ubuntu.com/4269-1/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2020-01-21T06:15:00Z", - "LastModifiedDate": "2020-02-10T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10684", - "PkgName": "libtinfo5", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10684", - "Title": "ncurses: Stack-based buffer overflow in fmt_entry function in dump_entry.c", - "Description": "In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", - "V3Score": 5.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464687", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10684", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-06-29T23:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10685", - "PkgName": "libtinfo5", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10685", - "Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function", - "Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-134" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464692", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-06-29T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11112", - "PkgName": "libtinfo5", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11112", - "Title": "ncurses: Illegal address access in append_acs function", - "Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464686", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11113", - "PkgName": "libtinfo5", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11113", - "Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function", - "Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464691", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2019-05-06T15:00:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13728", - "PkgName": "libtinfo5", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13728", - "Title": "ncurses: Infinite loop in the next_char function", - "Description": "There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484274", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13729", - "PkgName": "libtinfo5", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13729", - "Title": "ncurses: Illegal address access in the _nc_save_str function", - "Description": "There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13729", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13730", - "PkgName": "libtinfo5", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13730", - "Title": "ncurses: Illegal address access in the function _nc_read_entry_source()", - "Description": "There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484284", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13730", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13731", - "PkgName": "libtinfo5", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13731", - "Title": "ncurses: Illegal address access in the function postprocess_termcap()", - "Description": "There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484285", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13731", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13732", - "PkgName": "libtinfo5", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13732", - "Title": "ncurses: Illegal address access in the function dump_uses()", - "Description": "There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484287", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13732", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13733", - "PkgName": "libtinfo5", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13733", - "Title": "ncurses: Illegal address access in the function fmt_entry", - "Description": "There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484290", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13733", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13734", - "PkgName": "libtinfo5", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13734", - "Title": "ncurses: Illegal address access in the function _nc_safe_strcat", - "Description": "There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484291", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13734", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16879", - "PkgName": "libtinfo5", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16879", - "Title": "ncurses: Stack-based buffer overflow in the _nc_write_entry function", - "Description": "Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.5 - } - }, - "References": [ - "http://invisible-island.net/ncurses/NEWS.html#t20171125", - "http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16879", - "https://security.gentoo.org/glsa/201804-13", - "https://tools.cisco.com/security/center/viewAlert.x?alertId=57695" - ], - "PublishedDate": "2017-11-22T22:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17594", - "PkgName": "libtinfo5", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", - "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-26T15:35:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17595", - "PkgName": "libtinfo5", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", - "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-23T19:26:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20839", - "PkgName": "libudev1", - "InstalledVersion": "229-4ubuntu21.22", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20839", - "Title": "systemd: mishandling of the current keyboard mode check leading to passwords being disclosed in cleartext to attacker", - "Description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 6.4 - } - }, - "References": [ - "http://www.securityfocus.com/bid/108389", - "https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1803993", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20839", - "https://github.com/systemd/systemd/commit/9725f1a10f80f5e0ae7d9b60547458622aeb322f", - "https://github.com/systemd/systemd/pull/12378", - "https://github.com/systemd/systemd/pull/13109", - "https://security.netapp.com/advisory/ntap-20190530-0002/" - ], - "PublishedDate": "2019-05-17T04:29:00Z", - "LastModifiedDate": "2019-05-30T08:29:00Z" - }, - { - "VulnerabilityID": "CVE-2020-1712", - "PkgName": "libudev1", - "InstalledVersion": "229-4ubuntu21.22", - "FixedVersion": "229-4ubuntu21.27", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-1712", - "Title": "systemd: use-after-free when asynchronous polkit queries are performed", - "Description": "A heap use-after-free vulnerability was found in systemd, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.", - "Severity": "MEDIUM", - "CVSS": { - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2020-1712.html", - "http://linux.oracle.com/errata/ELSA-2020-0575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1712", - "https://usn.ubuntu.com/usn/usn-4269-1" - ] - }, - { - "VulnerabilityID": "CVE-2018-16888", - "PkgName": "libudev1", - "InstalledVersion": "229-4ubuntu21.22", - "FixedVersion": "229-4ubuntu21.27", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16888", - "Title": "systemd: kills privileged process if unprivileged PIDFile was tampered", - "Description": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20", - "CWE-732" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16888.html", - "http://linux.oracle.com/errata/ELSA-2019-2091.html", - "https://access.redhat.com/errata/RHSA-2019:2091", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16888", - "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74@%3Cuser.cassandra.apache.org%3E", - "https://security.netapp.com/advisory/ntap-20190307-0007/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2019-01-14T22:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-20386", - "PkgName": "libudev1", - "InstalledVersion": "229-4ubuntu21.22", - "FixedVersion": "229-4ubuntu21.27", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20386", - "Title": "systemd: a memory leak was discovered in button_open in login/logind-button.c when udev events are received", - "Description": "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 2.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20386", - "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad", - "https://security.netapp.com/advisory/ntap-20200210-0002/", - "https://usn.ubuntu.com/4269-1/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2020-01-21T06:15:00Z", - "LastModifiedDate": "2020-02-10T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2779", - "PkgName": "libuuid1", - "InstalledVersion": "2.27.1-6ubuntu3.7", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", - "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", - "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 6.2, - "V3Score": 8.6 - } - }, - "References": [ - "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", - "http://www.openwall.com/lists/oss-security/2016/02/27/1", - "http://www.openwall.com/lists/oss-security/2016/02/27/2", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" - ], - "PublishedDate": "2017-02-07T15:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2016-5011", - "PkgName": "libuuid1", - "InstalledVersion": "2.27.1-6ubuntu3.7", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5011", - "Title": "util-linux: Extended partition loop in MBR partition table leads to DOS", - "Description": "The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.7, - "V3Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.9, - "V3Score": 4.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-5011.html", - "http://linux.oracle.com/errata/ELSA-2016-2605.html", - "http://rhn.redhat.com/errata/RHSA-2016-2605.html", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1024543", - "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021801", - "http://www.openwall.com/lists/oss-security/2016/07/11/2", - "http://www.securityfocus.com/bid/91683", - "http://www.securitytracker.com/id/1036272", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5011", - "https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=7164a1c3" - ], - "PublishedDate": "2017-04-11T15:59:00Z", - "LastModifiedDate": "2017-04-17T16:50:00Z" - }, - { - "VulnerabilityID": "CVE-2013-4235", - "PkgName": "login", - "InstalledVersion": "1:4.2-3.1ubuntu5.4", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4235", - "Title": "shadow-utils: TOCTOU race conditions by copying and removing directory trees", - "Description": "shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees", - "Severity": "LOW", - "CweIDs": [ - "CWE-367" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", - "V2Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 3.7, - "V3Score": 6.7 - } - }, - "References": [ - "https://access.redhat.com/security/cve/cve-2013-4235", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4235", - "https://security-tracker.debian.org/tracker/CVE-2013-4235" - ], - "PublishedDate": "2019-12-03T15:15:00Z", - "LastModifiedDate": "2019-12-13T15:30:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12424", - "PkgName": "login", - "InstalledVersion": "1:4.2-3.1ubuntu5.4", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12424", - "Title": "shadow-utils: Buffer overflow via newusers tool", - "Description": "In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 4.5 - } - }, - "References": [ - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756630", - "https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1266675", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12424", - "https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952", - "https://security.gentoo.org/glsa/201710-16" - ], - "PublishedDate": "2017-08-04T09:29:00Z", - "LastModifiedDate": "2017-10-17T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-7169", - "PkgName": "login", - "InstalledVersion": "1:4.2-3.1ubuntu5.4", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7169", - "Title": "shadow-utils: newgidmap allows unprivileged user to drop supplementary groups potentially allowing privilege escalation", - "Description": "An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used \"group blacklisting\" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.", - "Severity": "LOW", - "CweIDs": [ - "CWE-732" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.4 - } - }, - "References": [ - "https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7169", - "https://github.com/shadow-maint/shadow/pull/97", - "https://security.gentoo.org/glsa/201805-09" - ], - "PublishedDate": "2018-02-15T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2779", - "PkgName": "mount", - "InstalledVersion": "2.27.1-6ubuntu3.7", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", - "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", - "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 6.2, - "V3Score": 8.6 - } - }, - "References": [ - "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", - "http://www.openwall.com/lists/oss-security/2016/02/27/1", - "http://www.openwall.com/lists/oss-security/2016/02/27/2", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" - ], - "PublishedDate": "2017-02-07T15:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2016-5011", - "PkgName": "mount", - "InstalledVersion": "2.27.1-6ubuntu3.7", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5011", - "Title": "util-linux: Extended partition loop in MBR partition table leads to DOS", - "Description": "The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.7, - "V3Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.9, - "V3Score": 4.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-5011.html", - "http://linux.oracle.com/errata/ELSA-2016-2605.html", - "http://rhn.redhat.com/errata/RHSA-2016-2605.html", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1024543", - "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021801", - "http://www.openwall.com/lists/oss-security/2016/07/11/2", - "http://www.securityfocus.com/bid/91683", - "http://www.securitytracker.com/id/1036272", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5011", - "https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=7164a1c3" - ], - "PublishedDate": "2017-04-11T15:59:00Z", - "LastModifiedDate": "2017-04-17T16:50:00Z" - }, - { - "VulnerabilityID": "CVE-2017-18269", - "PkgName": "multiarch-support", - "InstalledVersion": "2.23-0ubuntu11", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18269", - "Title": "glibc: memory corruption in memcpy-sse2-unaligned.S", - "Description": "An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 7.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18269", - "https://github.com/fingolfin/memmove-bug", - "https://security.netapp.com/advisory/ntap-20190329-0001/", - "https://security.netapp.com/advisory/ntap-20190401-0001/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22644", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=cd66c0e584c6d692bc8347b5e72723d02b8a8ada" - ], - "PublishedDate": "2018-05-18T16:29:00Z", - "LastModifiedDate": "2019-04-01T08:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-11236", - "PkgName": "multiarch-support", - "InstalledVersion": "2.23-0ubuntu11", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-11236", - "Title": "glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow", - "Description": "stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-11236.html", - "http://linux.oracle.com/errata/ELSA-2018-3092.html", - "http://www.securityfocus.com/bid/104255", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3092", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11236", - "https://security.netapp.com/advisory/ntap-20190329-0001/", - "https://security.netapp.com/advisory/ntap-20190401-0001/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22786", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5460617d1567657621107d895ee2dd83bc1f88f2", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-05-18T16:29:00Z", - "LastModifiedDate": "2019-04-25T18:43:00Z" - }, - { - "VulnerabilityID": "CVE-2018-11237", - "PkgName": "multiarch-support", - "InstalledVersion": "2.23-0ubuntu11", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-11237", - "Title": "glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper", - "Description": "An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-11237.html", - "http://linux.oracle.com/errata/ELSA-2018-3092.html", - "http://www.securityfocus.com/bid/104256", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3092", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11237", - "https://security.netapp.com/advisory/ntap-20190329-0001/", - "https://security.netapp.com/advisory/ntap-20190401-0001/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23196", - "https://www.exploit-db.com/exploits/44750/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-05-18T16:29:00Z", - "LastModifiedDate": "2019-04-25T18:44:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6485", - "PkgName": "multiarch-support", - "InstalledVersion": "2.23-0ubuntu11", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6485", - "Title": "glibc: Integer overflow in posix_memalign in memalign functions", - "Description": "An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://bugs.debian.org/878159", - "http://linux.oracle.com/cve/CVE-2018-6485.html", - "http://linux.oracle.com/errata/ELSA-2018-3092.html", - "http://www.securityfocus.com/bid/102912", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3092", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6485", - "https://security.netapp.com/advisory/ntap-20190404-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22343", - "https://usn.ubuntu.com/4218-1/", - "https://usn.ubuntu.com/usn/usn-4218-1", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-02-01T14:29:00Z", - "LastModifiedDate": "2019-12-10T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2009-5155", - "PkgName": "multiarch-support", - "InstalledVersion": "2.23-0ubuntu11", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2009-5155", - "Title": "glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result", - "Description": "In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.", - "Severity": "LOW", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5155", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=11053", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18986", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672", - "https://support.f5.com/csp/article/K64119434" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-03-25T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5180", - "PkgName": "multiarch-support", - "InstalledVersion": "2.23-0ubuntu11", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5180", - "Title": "glibc: DNS resolver NULL pointer dereference with crafted record type", - "Description": "res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 1.2 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-5180.html", - "http://linux.oracle.com/errata/ELSA-2018-0805.html", - "http://www.securityfocus.com/bid/99324", - "http://www.ubuntu.com/usn/USN-3239-1", - "http://www.ubuntu.com/usn/USN-3239-2", - "https://access.redhat.com/errata/RHSA-2018:0805", - "https://bugzilla.redhat.com/show_bug.cgi?id=1249603", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5180", - "https://security.gentoo.org/glsa/201706-19", - "https://sourceware.org/bugzilla/attachment.cgi?id=8492", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18784", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=fc82b0a2dfe7dbd35671c10510a8da1043d746a5", - "https://sourceware.org/ml/libc-alpha/2017-02/msg00079.html", - "https://usn.ubuntu.com/usn/usn-3239-1", - "https://usn.ubuntu.com/usn/usn-3239-2" - ], - "PublishedDate": "2017-06-27T20:29:00Z", - "LastModifiedDate": "2018-04-12T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8985", - "PkgName": "multiarch-support", - "InstalledVersion": "2.23-0ubuntu11", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8985", - "Title": "glibc: potential denial of service in pop_fail_stack()", - "Description": "The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.", - "Severity": "LOW", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/76916", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8985", - "https://security.gentoo.org/glsa/201908-06" - ], - "PublishedDate": "2017-03-20T16:59:00Z", - "LastModifiedDate": "2019-08-15T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10228", - "PkgName": "multiarch-support", - "InstalledVersion": "2.23-0ubuntu11", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228", - "Title": "glibc: iconv program can hang when invoked with the -c option", - "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2017/03/01/10", - "http://www.securityfocus.com/bid/96525", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228", - "https://sourceware.org/bugzilla/show_bug.cgi?id=19519" - ], - "PublishedDate": "2017-03-02T01:59:00Z", - "LastModifiedDate": "2017-03-04T02:59:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10739", - "PkgName": "multiarch-support", - "InstalledVersion": "2.23-0ubuntu11", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10739", - "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4.6, - "V3Score": 5.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-10739.html", - "http://linux.oracle.com/errata/ELSA-2019-3513.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html", - "http://www.securityfocus.com/bid/106672", - "https://access.redhat.com/errata/RHSA-2019:2118", - "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20018" - ], - "PublishedDate": "2019-01-21T19:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12132", - "PkgName": "multiarch-support", - "InstalledVersion": "2.23-0ubuntu11", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12132", - "Title": "glibc: Fragmentation attacks possible when EDNS0 is enabled", - "Description": "The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.", - "Severity": "LOW", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", - "V3Score": 3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2017-12132.html", - "http://linux.oracle.com/errata/ELSA-2018-0805.html", - "http://www.securityfocus.com/bid/100598", - "https://access.redhat.com/errata/RHSA-2018:0805", - "https://arxiv.org/pdf/1205.4011.pdf", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12132", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21361" - ], - "PublishedDate": "2017-08-01T16:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12133", - "PkgName": "multiarch-support", - "InstalledVersion": "2.23-0ubuntu11", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12133", - "Title": "glibc: Use-after-free read access in clntudp_call in sunrpc", - "Description": "Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path.", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 3.7 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12133", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SYZL6PAKI73XYRJYL5VLDGA4FFGWMB7A/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21115", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d42eed4a044e5e10dfb885cf9891c2518a72a491", - "https://www.securityfocus.com/bid/100679" - ], - "PublishedDate": "2017-09-07T13:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20796", - "PkgName": "multiarch-support", - "InstalledVersion": "2.23-0ubuntu11", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20796", - "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", - "Severity": "LOW", - "CweIDs": [ - "CWE-674" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", - "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-11-05T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7309", - "PkgName": "multiarch-support", - "InstalledVersion": "2.23-0ubuntu11", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7309", - "Title": "glibc: memcmp function incorrectly returns zero", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 2.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106835", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7309", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24155", - "https://sourceware.org/ml/libc-alpha/2019-02/msg00041.html", - "https://sourceware.org/ml/libc-alpha/2019-02/msg00063.html" - ], - "PublishedDate": "2019-02-03T02:29:00Z", - "LastModifiedDate": "2019-02-27T18:07:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9169", - "PkgName": "multiarch-support", - "InstalledVersion": "2.23-0ubuntu11", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9169", - "Title": "glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24114", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9", - "https://support.f5.com/csp/article/K54823184" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-04-16T05:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9192", - "PkgName": "multiarch-support", - "InstalledVersion": "2.23-0ubuntu11", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9192", - "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", - "Description": "** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.8 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" - ], - "PublishedDate": "2019-02-26T18:29:00Z", - "LastModifiedDate": "2019-11-05T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10684", - "PkgName": "ncurses-base", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10684", - "Title": "ncurses: Stack-based buffer overflow in fmt_entry function in dump_entry.c", - "Description": "In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", - "V3Score": 5.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464687", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10684", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-06-29T23:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10685", - "PkgName": "ncurses-base", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10685", - "Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function", - "Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-134" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464692", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-06-29T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11112", - "PkgName": "ncurses-base", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11112", - "Title": "ncurses: Illegal address access in append_acs function", - "Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464686", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11113", - "PkgName": "ncurses-base", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11113", - "Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function", - "Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464691", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2019-05-06T15:00:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13728", - "PkgName": "ncurses-base", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13728", - "Title": "ncurses: Infinite loop in the next_char function", - "Description": "There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484274", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13729", - "PkgName": "ncurses-base", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13729", - "Title": "ncurses: Illegal address access in the _nc_save_str function", - "Description": "There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13729", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13730", - "PkgName": "ncurses-base", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13730", - "Title": "ncurses: Illegal address access in the function _nc_read_entry_source()", - "Description": "There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484284", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13730", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13731", - "PkgName": "ncurses-base", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13731", - "Title": "ncurses: Illegal address access in the function postprocess_termcap()", - "Description": "There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484285", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13731", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13732", - "PkgName": "ncurses-base", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13732", - "Title": "ncurses: Illegal address access in the function dump_uses()", - "Description": "There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484287", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13732", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13733", - "PkgName": "ncurses-base", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13733", - "Title": "ncurses: Illegal address access in the function fmt_entry", - "Description": "There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484290", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13733", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13734", - "PkgName": "ncurses-base", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13734", - "Title": "ncurses: Illegal address access in the function _nc_safe_strcat", - "Description": "There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484291", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13734", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16879", - "PkgName": "ncurses-base", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16879", - "Title": "ncurses: Stack-based buffer overflow in the _nc_write_entry function", - "Description": "Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.5 - } - }, - "References": [ - "http://invisible-island.net/ncurses/NEWS.html#t20171125", - "http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16879", - "https://security.gentoo.org/glsa/201804-13", - "https://tools.cisco.com/security/center/viewAlert.x?alertId=57695" - ], - "PublishedDate": "2017-11-22T22:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17594", - "PkgName": "ncurses-base", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", - "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-26T15:35:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17595", - "PkgName": "ncurses-base", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", - "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-23T19:26:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10684", - "PkgName": "ncurses-bin", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10684", - "Title": "ncurses: Stack-based buffer overflow in fmt_entry function in dump_entry.c", - "Description": "In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", - "V3Score": 5.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464687", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10684", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-06-29T23:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10685", - "PkgName": "ncurses-bin", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10685", - "Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function", - "Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-134" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464692", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-06-29T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11112", - "PkgName": "ncurses-bin", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11112", - "Title": "ncurses: Illegal address access in append_acs function", - "Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464686", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11113", - "PkgName": "ncurses-bin", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11113", - "Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function", - "Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464691", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2019-05-06T15:00:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13728", - "PkgName": "ncurses-bin", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13728", - "Title": "ncurses: Infinite loop in the next_char function", - "Description": "There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484274", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13729", - "PkgName": "ncurses-bin", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13729", - "Title": "ncurses: Illegal address access in the _nc_save_str function", - "Description": "There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13729", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13730", - "PkgName": "ncurses-bin", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13730", - "Title": "ncurses: Illegal address access in the function _nc_read_entry_source()", - "Description": "There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484284", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13730", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13731", - "PkgName": "ncurses-bin", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13731", - "Title": "ncurses: Illegal address access in the function postprocess_termcap()", - "Description": "There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484285", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13731", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13732", - "PkgName": "ncurses-bin", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13732", - "Title": "ncurses: Illegal address access in the function dump_uses()", - "Description": "There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484287", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13732", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13733", - "PkgName": "ncurses-bin", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13733", - "Title": "ncurses: Illegal address access in the function fmt_entry", - "Description": "There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484290", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13733", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13734", - "PkgName": "ncurses-bin", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13734", - "Title": "ncurses: Illegal address access in the function _nc_safe_strcat", - "Description": "There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484291", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13734", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16879", - "PkgName": "ncurses-bin", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16879", - "Title": "ncurses: Stack-based buffer overflow in the _nc_write_entry function", - "Description": "Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.5 - } - }, - "References": [ - "http://invisible-island.net/ncurses/NEWS.html#t20171125", - "http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16879", - "https://security.gentoo.org/glsa/201804-13", - "https://tools.cisco.com/security/center/viewAlert.x?alertId=57695" - ], - "PublishedDate": "2017-11-22T22:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17594", - "PkgName": "ncurses-bin", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", - "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-26T15:35:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17595", - "PkgName": "ncurses-bin", - "InstalledVersion": "6.0+20160213-1ubuntu1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", - "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-23T19:26:00Z" - }, - { - "VulnerabilityID": "CVE-2013-4235", - "PkgName": "passwd", - "InstalledVersion": "1:4.2-3.1ubuntu5.4", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4235", - "Title": "shadow-utils: TOCTOU race conditions by copying and removing directory trees", - "Description": "shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees", - "Severity": "LOW", - "CweIDs": [ - "CWE-367" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", - "V2Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 3.7, - "V3Score": 6.7 - } - }, - "References": [ - "https://access.redhat.com/security/cve/cve-2013-4235", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4235", - "https://security-tracker.debian.org/tracker/CVE-2013-4235" - ], - "PublishedDate": "2019-12-03T15:15:00Z", - "LastModifiedDate": "2019-12-13T15:30:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12424", - "PkgName": "passwd", - "InstalledVersion": "1:4.2-3.1ubuntu5.4", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12424", - "Title": "shadow-utils: Buffer overflow via newusers tool", - "Description": "In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 4.5 - } - }, - "References": [ - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756630", - "https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1266675", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12424", - "https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952", - "https://security.gentoo.org/glsa/201710-16" - ], - "PublishedDate": "2017-08-04T09:29:00Z", - "LastModifiedDate": "2017-10-17T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-7169", - "PkgName": "passwd", - "InstalledVersion": "1:4.2-3.1ubuntu5.4", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7169", - "Title": "shadow-utils: newgidmap allows unprivileged user to drop supplementary groups potentially allowing privilege escalation", - "Description": "An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used \"group blacklisting\" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.", - "Severity": "LOW", - "CweIDs": [ - "CWE-732" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.4 - } - }, - "References": [ - "https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7169", - "https://github.com/shadow-maint/shadow/pull/97", - "https://security.gentoo.org/glsa/201805-09" - ], - "PublishedDate": "2018-02-15T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20839", - "PkgName": "systemd", - "InstalledVersion": "229-4ubuntu21.22", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20839", - "Title": "systemd: mishandling of the current keyboard mode check leading to passwords being disclosed in cleartext to attacker", - "Description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 6.4 - } - }, - "References": [ - "http://www.securityfocus.com/bid/108389", - "https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1803993", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20839", - "https://github.com/systemd/systemd/commit/9725f1a10f80f5e0ae7d9b60547458622aeb322f", - "https://github.com/systemd/systemd/pull/12378", - "https://github.com/systemd/systemd/pull/13109", - "https://security.netapp.com/advisory/ntap-20190530-0002/" - ], - "PublishedDate": "2019-05-17T04:29:00Z", - "LastModifiedDate": "2019-05-30T08:29:00Z" - }, - { - "VulnerabilityID": "CVE-2020-1712", - "PkgName": "systemd", - "InstalledVersion": "229-4ubuntu21.22", - "FixedVersion": "229-4ubuntu21.27", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-1712", - "Title": "systemd: use-after-free when asynchronous polkit queries are performed", - "Description": "A heap use-after-free vulnerability was found in systemd, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.", - "Severity": "MEDIUM", - "CVSS": { - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2020-1712.html", - "http://linux.oracle.com/errata/ELSA-2020-0575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1712", - "https://usn.ubuntu.com/usn/usn-4269-1" - ] - }, - { - "VulnerabilityID": "CVE-2018-16888", - "PkgName": "systemd", - "InstalledVersion": "229-4ubuntu21.22", - "FixedVersion": "229-4ubuntu21.27", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16888", - "Title": "systemd: kills privileged process if unprivileged PIDFile was tampered", - "Description": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20", - "CWE-732" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16888.html", - "http://linux.oracle.com/errata/ELSA-2019-2091.html", - "https://access.redhat.com/errata/RHSA-2019:2091", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16888", - "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74@%3Cuser.cassandra.apache.org%3E", - "https://security.netapp.com/advisory/ntap-20190307-0007/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2019-01-14T22:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-20386", - "PkgName": "systemd", - "InstalledVersion": "229-4ubuntu21.22", - "FixedVersion": "229-4ubuntu21.27", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20386", - "Title": "systemd: a memory leak was discovered in button_open in login/logind-button.c when udev events are received", - "Description": "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 2.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20386", - "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad", - "https://security.netapp.com/advisory/ntap-20200210-0002/", - "https://usn.ubuntu.com/4269-1/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2020-01-21T06:15:00Z", - "LastModifiedDate": "2020-02-10T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20839", - "PkgName": "systemd-sysv", - "InstalledVersion": "229-4ubuntu21.22", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20839", - "Title": "systemd: mishandling of the current keyboard mode check leading to passwords being disclosed in cleartext to attacker", - "Description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 6.4 - } - }, - "References": [ - "http://www.securityfocus.com/bid/108389", - "https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1803993", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20839", - "https://github.com/systemd/systemd/commit/9725f1a10f80f5e0ae7d9b60547458622aeb322f", - "https://github.com/systemd/systemd/pull/12378", - "https://github.com/systemd/systemd/pull/13109", - "https://security.netapp.com/advisory/ntap-20190530-0002/" - ], - "PublishedDate": "2019-05-17T04:29:00Z", - "LastModifiedDate": "2019-05-30T08:29:00Z" - }, - { - "VulnerabilityID": "CVE-2020-1712", - "PkgName": "systemd-sysv", - "InstalledVersion": "229-4ubuntu21.22", - "FixedVersion": "229-4ubuntu21.27", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-1712", - "Title": "systemd: use-after-free when asynchronous polkit queries are performed", - "Description": "A heap use-after-free vulnerability was found in systemd, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.", - "Severity": "MEDIUM", - "CVSS": { - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2020-1712.html", - "http://linux.oracle.com/errata/ELSA-2020-0575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1712", - "https://usn.ubuntu.com/usn/usn-4269-1" - ] - }, - { - "VulnerabilityID": "CVE-2018-16888", - "PkgName": "systemd-sysv", - "InstalledVersion": "229-4ubuntu21.22", - "FixedVersion": "229-4ubuntu21.27", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16888", - "Title": "systemd: kills privileged process if unprivileged PIDFile was tampered", - "Description": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20", - "CWE-732" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16888.html", - "http://linux.oracle.com/errata/ELSA-2019-2091.html", - "https://access.redhat.com/errata/RHSA-2019:2091", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16888", - "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74@%3Cuser.cassandra.apache.org%3E", - "https://security.netapp.com/advisory/ntap-20190307-0007/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2019-01-14T22:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-20386", - "PkgName": "systemd-sysv", - "InstalledVersion": "229-4ubuntu21.22", - "FixedVersion": "229-4ubuntu21.27", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20386", - "Title": "systemd: a memory leak was discovered in button_open in login/logind-button.c when udev events are received", - "Description": "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 2.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20386", - "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad", - "https://security.netapp.com/advisory/ntap-20200210-0002/", - "https://usn.ubuntu.com/4269-1/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2020-01-21T06:15:00Z", - "LastModifiedDate": "2020-02-10T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20482", - "PkgName": "tar", - "InstalledVersion": "1.28-2.1ubuntu0.1", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20482", - "Title": "tar: Infinite read loop in sparse_dump_region function in sparse.c", - "Description": "GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42ccd1e2377945fd0414eca1a49294bff454", - "http://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html", - "http://www.securityfocus.com/bid/106354", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20482", - "https://lists.debian.org/debian-lts-announce/2018/12/msg00023.html", - "https://news.ycombinator.com/item?id=18745431", - "https://security.gentoo.org/glsa/201903-05", - "https://twitter.com/thatcks/status/1076166645708668928", - "https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug" - ], - "PublishedDate": "2018-12-26T18:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2779", - "PkgName": "util-linux", - "InstalledVersion": "2.27.1-6ubuntu3.7", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", - "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", - "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 6.2, - "V3Score": 8.6 - } - }, - "References": [ - "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", - "http://www.openwall.com/lists/oss-security/2016/02/27/1", - "http://www.openwall.com/lists/oss-security/2016/02/27/2", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" - ], - "PublishedDate": "2017-02-07T15:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2016-5011", - "PkgName": "util-linux", - "InstalledVersion": "2.27.1-6ubuntu3.7", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5011", - "Title": "util-linux: Extended partition loop in MBR partition table leads to DOS", - "Description": "The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.7, - "V3Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.9, - "V3Score": 4.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-5011.html", - "http://linux.oracle.com/errata/ELSA-2016-2605.html", - "http://rhn.redhat.com/errata/RHSA-2016-2605.html", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1024543", - "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021801", - "http://www.openwall.com/lists/oss-security/2016/07/11/2", - "http://www.securityfocus.com/bid/91683", - "http://www.securitytracker.com/id/1036272", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5011", - "https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=7164a1c3" - ], - "PublishedDate": "2017-04-11T15:59:00Z", - "LastModifiedDate": "2017-04-17T16:50:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9840", - "PkgName": "zlib1g", - "InstalledVersion": "1:1.2.8.dfsg-2ubuntu4.1", - "FixedVersion": "1:1.2.8.dfsg-2ubuntu4.3", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9840", - "Title": "zlib: Out-of-bounds pointer arithmetic in inftrees.c", - "Description": "inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.", - "Severity": "LOW", - "CweIDs": [ - "CWE-189" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V2Score": 4.3, - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html", - "http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html", - "http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html", - "http://www.openwall.com/lists/oss-security/2016/12/05/10", - "http://www.openwall.com/lists/oss-security/2016/12/05/21", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/95131", - "http://www.securitytracker.com/id/1039427", - "https://access.redhat.com/errata/RHSA-2017:1220", - "https://access.redhat.com/errata/RHSA-2017:1221", - "https://access.redhat.com/errata/RHSA-2017:1222", - "https://access.redhat.com/errata/RHSA-2017:2999", - "https://access.redhat.com/errata/RHSA-2017:3046", - "https://access.redhat.com/errata/RHSA-2017:3047", - "https://access.redhat.com/errata/RHSA-2017:3453", - "https://bugzilla.redhat.com/show_bug.cgi?id=1402345", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9840", - "https://docs.google.com/document/d/10i1KZS5so8xDqH2rplRa2xet0tyTvvJlLbQQmZIUIKE/edit#heading=h.t13tvnx4loq7", - "https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html", - "https://security.gentoo.org/glsa/201701-56", - "https://support.apple.com/HT208112", - "https://support.apple.com/HT208113", - "https://support.apple.com/HT208115", - "https://support.apple.com/HT208144", - "https://usn.ubuntu.com/usn/usn-4246-1", - "https://usn.ubuntu.com/usn/usn-4292-1", - "https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib", - "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf" - ], - "PublishedDate": "2017-05-23T04:29:00Z", - "LastModifiedDate": "2019-03-25T00:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9841", - "PkgName": "zlib1g", - "InstalledVersion": "1:1.2.8.dfsg-2ubuntu4.1", - "FixedVersion": "1:1.2.8.dfsg-2ubuntu4.3", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9841", - "Title": "zlib: Out-of-bounds pointer arithmetic in inffast.c", - "Description": "inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.", - "Severity": "LOW", - "CweIDs": [ - "CWE-189" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V2Score": 4.3, - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html", - "http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html", - "http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html", - "http://www.openwall.com/lists/oss-security/2016/12/05/21", - "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/95131", - "http://www.securitytracker.com/id/1039427", - "http://www.securitytracker.com/id/1039596", - "https://access.redhat.com/errata/RHSA-2017:1220", - "https://access.redhat.com/errata/RHSA-2017:1221", - "https://access.redhat.com/errata/RHSA-2017:1222", - "https://access.redhat.com/errata/RHSA-2017:2999", - "https://access.redhat.com/errata/RHSA-2017:3046", - "https://access.redhat.com/errata/RHSA-2017:3047", - "https://access.redhat.com/errata/RHSA-2017:3453", - "https://bugzilla.redhat.com/show_bug.cgi?id=1402346", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9841", - "https://docs.google.com/document/d/10i1KZS5so8xDqH2rplRa2xet0tyTvvJlLbQQmZIUIKE/edit#heading=h.t13tvnx4loq7", - "https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html", - "https://security.gentoo.org/glsa/201701-56", - "https://security.netapp.com/advisory/ntap-20171019-0001/", - "https://support.apple.com/HT208112", - "https://support.apple.com/HT208113", - "https://support.apple.com/HT208115", - "https://support.apple.com/HT208144", - "https://usn.ubuntu.com/usn/usn-4246-1", - "https://usn.ubuntu.com/usn/usn-4292-1", - "https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib", - "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf" - ], - "PublishedDate": "2017-05-23T04:29:00Z", - "LastModifiedDate": "2019-03-25T00:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9842", - "PkgName": "zlib1g", - "InstalledVersion": "1:1.2.8.dfsg-2ubuntu4.1", - "FixedVersion": "1:1.2.8.dfsg-2ubuntu4.3", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9842", - "Title": "zlib: Undefined left shift of negative number", - "Description": "The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.", - "Severity": "LOW", - "CweIDs": [ - "CWE-189" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V2Score": 4.3, - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html", - "http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html", - "http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html", - "http://www.openwall.com/lists/oss-security/2016/12/05/10", - "http://www.openwall.com/lists/oss-security/2016/12/05/21", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/95131", - "http://www.securitytracker.com/id/1039427", - "https://access.redhat.com/errata/RHSA-2017:1220", - "https://access.redhat.com/errata/RHSA-2017:1221", - "https://access.redhat.com/errata/RHSA-2017:1222", - "https://access.redhat.com/errata/RHSA-2017:2999", - "https://access.redhat.com/errata/RHSA-2017:3046", - "https://access.redhat.com/errata/RHSA-2017:3047", - "https://access.redhat.com/errata/RHSA-2017:3453", - "https://bugzilla.redhat.com/show_bug.cgi?id=1402348", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9842", - "https://docs.google.com/document/d/10i1KZS5so8xDqH2rplRa2xet0tyTvvJlLbQQmZIUIKE/edit#heading=h.t13tvnx4loq7", - "https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html", - "https://security.gentoo.org/glsa/201701-56", - "https://support.apple.com/HT208112", - "https://support.apple.com/HT208113", - "https://support.apple.com/HT208115", - "https://support.apple.com/HT208144", - "https://usn.ubuntu.com/usn/usn-4246-1", - "https://usn.ubuntu.com/usn/usn-4292-1", - "https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib", - "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf" - ], - "PublishedDate": "2017-05-23T04:29:00Z", - "LastModifiedDate": "2019-03-25T00:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9843", - "PkgName": "zlib1g", - "InstalledVersion": "1:1.2.8.dfsg-2ubuntu4.1", - "FixedVersion": "1:1.2.8.dfsg-2ubuntu4.3", - "Layer": { - "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9843", - "Title": "zlib: Big-endian out-of-bounds pointer", - "Description": "The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.", - "Severity": "LOW", - "CweIDs": [ - "CWE-189" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V2Score": 4.3, - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html", - "http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html", - "http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html", - "http://www.openwall.com/lists/oss-security/2016/12/05/21", - "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/95131", - "http://www.securitytracker.com/id/1039427", - "http://www.securitytracker.com/id/1041888", - "https://access.redhat.com/errata/RHSA-2017:1220", - "https://access.redhat.com/errata/RHSA-2017:1221", - "https://access.redhat.com/errata/RHSA-2017:1222", - "https://access.redhat.com/errata/RHSA-2017:2999", - "https://access.redhat.com/errata/RHSA-2017:3046", - "https://access.redhat.com/errata/RHSA-2017:3047", - "https://access.redhat.com/errata/RHSA-2017:3453", - "https://bugzilla.redhat.com/show_bug.cgi?id=1402351", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9843", - "https://docs.google.com/document/d/10i1KZS5so8xDqH2rplRa2xet0tyTvvJlLbQQmZIUIKE/edit#heading=h.t13tvnx4loq7", - "https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html", - "https://security.gentoo.org/glsa/201701-56", - "https://security.netapp.com/advisory/ntap-20181018-0002/", - "https://support.apple.com/HT208112", - "https://support.apple.com/HT208113", - "https://support.apple.com/HT208115", - "https://support.apple.com/HT208144", - "https://usn.ubuntu.com/usn/usn-4246-1", - "https://usn.ubuntu.com/usn/usn-4292-1", - "https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib", - "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf" - ], - "PublishedDate": "2017-05-23T04:29:00Z", - "LastModifiedDate": "2019-03-25T00:29:00Z" + "Image": "sha256:94a0c867edd7edc17a6d2736356509c9b6ce5ed6fc19544fe63dadd6ab576a40", + "ArgsEscaped": true } - ] - } -] \ No newline at end of file + } + }, + "Results": [ + { + "Target": "testdata/fixtures/images/ubuntu-1604.tar.gz (ubuntu 16.04)", + "Class": "os-pkgs", + "Type": "ubuntu", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2019-18276", + "PkgName": "bash", + "InstalledVersion": "4.3-14ubuntu1.4", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18276", + "Title": "bash: when effective UID is not equal to its real UID the saved UID is not dropped", + "Description": "An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support \"saved UID\" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use \"enable -f\" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.", + "Severity": "LOW", + "CweIDs": [ + "CWE-273" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V2Score": 7.2 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276", + "https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff", + "https://www.youtube.com/watch?v=-wGtxJ8opa8" + ], + "PublishedDate": "2019-11-28T01:15:00Z", + "LastModifiedDate": "2020-01-22T14:27:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2779", + "PkgName": "bsdutils", + "InstalledVersion": "2.27.1-6ubuntu3.7", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", + "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", + "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", + "Severity": "LOW", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "V2Score": 6.2, + "V3Score": 8.6 + } + }, + "References": [ + "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", + "http://www.openwall.com/lists/oss-security/2016/02/27/1", + "http://www.openwall.com/lists/oss-security/2016/02/27/2", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" + ], + "PublishedDate": "2017-02-07T15:59:00Z", + "LastModifiedDate": "2019-01-04T14:14:00Z" + }, + { + "VulnerabilityID": "CVE-2016-5011", + "PkgName": "bsdutils", + "InstalledVersion": "2.27.1-6ubuntu3.7", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5011", + "Title": "util-linux: Extended partition loop in MBR partition table leads to DOS", + "Description": "The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.7, + "V3Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.9, + "V3Score": 4.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-5011.html", + "http://linux.oracle.com/errata/ELSA-2016-2605.html", + "http://rhn.redhat.com/errata/RHSA-2016-2605.html", + "http://www-01.ibm.com/support/docview.wss?uid=isg3T1024543", + "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021801", + "http://www.openwall.com/lists/oss-security/2016/07/11/2", + "http://www.securityfocus.com/bid/91683", + "http://www.securitytracker.com/id/1036272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5011", + "https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=7164a1c3" + ], + "PublishedDate": "2017-04-11T15:59:00Z", + "LastModifiedDate": "2017-04-17T16:50:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2781", + "PkgName": "coreutils", + "InstalledVersion": "8.25-2ubuntu3~16.04", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2781", + "Title": "coreutils: Non-privileged session can escape to the parent session in chroot", + "Description": "chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", + "V2Score": 2.1, + "V3Score": 6.5 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "V2Score": 6.2, + "V3Score": 8.6 + } + }, + "References": [ + "http://seclists.org/oss-sec/2016/q1/452", + "http://www.openwall.com/lists/oss-security/2016/02/28/2", + "http://www.openwall.com/lists/oss-security/2016/02/28/3", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2781" + ], + "PublishedDate": "2017-02-07T15:59:00Z", + "LastModifiedDate": "2017-02-27T19:32:00Z" + }, + { + "VulnerabilityID": "CVE-2017-8283", + "PkgName": "dpkg", + "InstalledVersion": "1.18.4ubuntu1.5", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8283", + "Description": "dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.", + "Severity": "LOW", + "CweIDs": [ + "CWE-22" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2017/04/20/2", + "http://www.securityfocus.com/bid/98064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8283" + ], + "PublishedDate": "2017-04-26T05:59:00Z", + "LastModifiedDate": "2017-05-10T17:46:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5094", + "PkgName": "e2fslibs", + "InstalledVersion": "1.42.13-1ubuntu1", + "FixedVersion": "1.42.13-1ubuntu1.1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", + "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", + "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", + "https://seclists.org/bugtraq/2019/Sep/58", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", + "https://usn.ubuntu.com/4142-2/", + "https://usn.ubuntu.com/usn/usn-4142-1", + "https://usn.ubuntu.com/usn/usn-4142-2", + "https://www.debian.org/security/2019/dsa-4535" + ], + "PublishedDate": "2019-09-24T22:15:00Z", + "LastModifiedDate": "2019-09-28T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5188", + "PkgName": "e2fslibs", + "InstalledVersion": "1.42.13-1ubuntu1", + "FixedVersion": "1.42.13-1ubuntu1.2", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", + "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", + "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", + "https://usn.ubuntu.com/4249-1/", + "https://usn.ubuntu.com/usn/usn-4249-1" + ], + "PublishedDate": "2020-01-08T16:15:00Z", + "LastModifiedDate": "2020-01-28T06:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5094", + "PkgName": "e2fsprogs", + "InstalledVersion": "1.42.13-1ubuntu1", + "FixedVersion": "1.42.13-1ubuntu1.1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", + "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", + "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", + "https://seclists.org/bugtraq/2019/Sep/58", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", + "https://usn.ubuntu.com/4142-2/", + "https://usn.ubuntu.com/usn/usn-4142-1", + "https://usn.ubuntu.com/usn/usn-4142-2", + "https://www.debian.org/security/2019/dsa-4535" + ], + "PublishedDate": "2019-09-24T22:15:00Z", + "LastModifiedDate": "2019-09-28T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5188", + "PkgName": "e2fsprogs", + "InstalledVersion": "1.42.13-1ubuntu1", + "FixedVersion": "1.42.13-1ubuntu1.2", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", + "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", + "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", + "https://usn.ubuntu.com/4249-1/", + "https://usn.ubuntu.com/usn/usn-4249-1" + ], + "PublishedDate": "2020-01-08T16:15:00Z", + "LastModifiedDate": "2020-01-28T06:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-13050", + "PkgName": "gnupg", + "InstalledVersion": "1.4.20-1ubuntu3.3", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13050", + "Title": "GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack which leads to persistent DoS", + "Description": "Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-297" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/articles/4264021", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13050", + "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f", + "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html", + "https://twitter.com/lambdafu/status/1147162583969009664" + ], + "PublishedDate": "2019-06-29T17:15:00Z", + "LastModifiedDate": "2019-07-09T20:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-14855", + "PkgName": "gnupg", + "InstalledVersion": "1.4.20-1ubuntu3.3", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14855", + "Description": "Web of Trust forgeries using collisions in SHA-1 signatures.", + "Severity": "LOW", + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14855", + "https://eprint.iacr.org/2020/014.pdf" + ] + }, + { + "VulnerabilityID": "CVE-2019-13050", + "PkgName": "gpgv", + "InstalledVersion": "1.4.20-1ubuntu3.3", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13050", + "Title": "GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack which leads to persistent DoS", + "Description": "Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-297" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/articles/4264021", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13050", + "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f", + "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html", + "https://twitter.com/lambdafu/status/1147162583969009664" + ], + "PublishedDate": "2019-06-29T17:15:00Z", + "LastModifiedDate": "2019-07-09T20:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-14855", + "PkgName": "gpgv", + "InstalledVersion": "1.4.20-1ubuntu3.3", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14855", + "Description": "Web of Trust forgeries using collisions in SHA-1 signatures.", + "Severity": "LOW", + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14855", + "https://eprint.iacr.org/2020/014.pdf" + ] + }, + { + "VulnerabilityID": "CVE-2016-1585", + "PkgName": "libapparmor1", + "InstalledVersion": "2.10.95-0ubuntu2.11", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1585", + "Description": "In all versions of AppArmor mount rules are accidentally widened when compiled.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-254" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + } + }, + "References": [ + "https://bugs.launchpad.net/apparmor/+bug/1597017", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1585" + ], + "PublishedDate": "2019-04-22T16:29:00Z", + "LastModifiedDate": "2019-10-09T23:17:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2779", + "PkgName": "libblkid1", + "InstalledVersion": "2.27.1-6ubuntu3.7", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", + "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", + "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", + "Severity": "LOW", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "V2Score": 6.2, + "V3Score": 8.6 + } + }, + "References": [ + "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", + "http://www.openwall.com/lists/oss-security/2016/02/27/1", + "http://www.openwall.com/lists/oss-security/2016/02/27/2", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" + ], + "PublishedDate": "2017-02-07T15:59:00Z", + "LastModifiedDate": "2019-01-04T14:14:00Z" + }, + { + "VulnerabilityID": "CVE-2016-5011", + "PkgName": "libblkid1", + "InstalledVersion": "2.27.1-6ubuntu3.7", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5011", + "Title": "util-linux: Extended partition loop in MBR partition table leads to DOS", + "Description": "The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.7, + "V3Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.9, + "V3Score": 4.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-5011.html", + "http://linux.oracle.com/errata/ELSA-2016-2605.html", + "http://rhn.redhat.com/errata/RHSA-2016-2605.html", + "http://www-01.ibm.com/support/docview.wss?uid=isg3T1024543", + "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021801", + "http://www.openwall.com/lists/oss-security/2016/07/11/2", + "http://www.securityfocus.com/bid/91683", + "http://www.securitytracker.com/id/1036272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5011", + "https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=7164a1c3" + ], + "PublishedDate": "2017-04-11T15:59:00Z", + "LastModifiedDate": "2017-04-17T16:50:00Z" + }, + { + "VulnerabilityID": "CVE-2017-18269", + "PkgName": "libc-bin", + "InstalledVersion": "2.23-0ubuntu11", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18269", + "Title": "glibc: memory corruption in memcpy-sse2-unaligned.S", + "Description": "An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18269", + "https://github.com/fingolfin/memmove-bug", + "https://security.netapp.com/advisory/ntap-20190329-0001/", + "https://security.netapp.com/advisory/ntap-20190401-0001/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22644", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=cd66c0e584c6d692bc8347b5e72723d02b8a8ada" + ], + "PublishedDate": "2018-05-18T16:29:00Z", + "LastModifiedDate": "2019-04-01T08:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-11236", + "PkgName": "libc-bin", + "InstalledVersion": "2.23-0ubuntu11", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-11236", + "Title": "glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow", + "Description": "stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-11236.html", + "http://linux.oracle.com/errata/ELSA-2018-3092.html", + "http://www.securityfocus.com/bid/104255", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3092", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11236", + "https://security.netapp.com/advisory/ntap-20190329-0001/", + "https://security.netapp.com/advisory/ntap-20190401-0001/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22786", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5460617d1567657621107d895ee2dd83bc1f88f2", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-05-18T16:29:00Z", + "LastModifiedDate": "2019-04-25T18:43:00Z" + }, + { + "VulnerabilityID": "CVE-2018-11237", + "PkgName": "libc-bin", + "InstalledVersion": "2.23-0ubuntu11", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-11237", + "Title": "glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper", + "Description": "An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-11237.html", + "http://linux.oracle.com/errata/ELSA-2018-3092.html", + "http://www.securityfocus.com/bid/104256", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3092", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11237", + "https://security.netapp.com/advisory/ntap-20190329-0001/", + "https://security.netapp.com/advisory/ntap-20190401-0001/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23196", + "https://www.exploit-db.com/exploits/44750/", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-05-18T16:29:00Z", + "LastModifiedDate": "2019-04-25T18:44:00Z" + }, + { + "VulnerabilityID": "CVE-2018-6485", + "PkgName": "libc-bin", + "InstalledVersion": "2.23-0ubuntu11", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6485", + "Title": "glibc: Integer overflow in posix_memalign in memalign functions", + "Description": "An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://bugs.debian.org/878159", + "http://linux.oracle.com/cve/CVE-2018-6485.html", + "http://linux.oracle.com/errata/ELSA-2018-3092.html", + "http://www.securityfocus.com/bid/102912", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3092", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6485", + "https://security.netapp.com/advisory/ntap-20190404-0003/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22343", + "https://usn.ubuntu.com/4218-1/", + "https://usn.ubuntu.com/usn/usn-4218-1", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-02-01T14:29:00Z", + "LastModifiedDate": "2019-12-10T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2009-5155", + "PkgName": "libc-bin", + "InstalledVersion": "2.23-0ubuntu11", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2009-5155", + "Title": "glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result", + "Description": "In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.", + "Severity": "LOW", + "CweIDs": [ + "CWE-19" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5155", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=11053", + "https://sourceware.org/bugzilla/show_bug.cgi?id=18986", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672", + "https://support.f5.com/csp/article/K64119434" + ], + "PublishedDate": "2019-02-26T02:29:00Z", + "LastModifiedDate": "2019-03-25T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-5180", + "PkgName": "libc-bin", + "InstalledVersion": "2.23-0ubuntu11", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5180", + "Title": "glibc: DNS resolver NULL pointer dereference with crafted record type", + "Description": "res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", + "V2Score": 1.2 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2015-5180.html", + "http://linux.oracle.com/errata/ELSA-2018-0805.html", + "http://www.securityfocus.com/bid/99324", + "http://www.ubuntu.com/usn/USN-3239-1", + "http://www.ubuntu.com/usn/USN-3239-2", + "https://access.redhat.com/errata/RHSA-2018:0805", + "https://bugzilla.redhat.com/show_bug.cgi?id=1249603", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5180", + "https://security.gentoo.org/glsa/201706-19", + "https://sourceware.org/bugzilla/attachment.cgi?id=8492", + "https://sourceware.org/bugzilla/show_bug.cgi?id=18784", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=fc82b0a2dfe7dbd35671c10510a8da1043d746a5", + "https://sourceware.org/ml/libc-alpha/2017-02/msg00079.html", + "https://usn.ubuntu.com/usn/usn-3239-1", + "https://usn.ubuntu.com/usn/usn-3239-2" + ], + "PublishedDate": "2017-06-27T20:29:00Z", + "LastModifiedDate": "2018-04-12T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8985", + "PkgName": "libc-bin", + "InstalledVersion": "2.23-0ubuntu11", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8985", + "Title": "glibc: potential denial of service in pop_fail_stack()", + "Description": "The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.", + "Severity": "LOW", + "CweIDs": [ + "CWE-19" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 1.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2017/02/14/9", + "http://www.securityfocus.com/bid/76916", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8985", + "https://security.gentoo.org/glsa/201908-06" + ], + "PublishedDate": "2017-03-20T16:59:00Z", + "LastModifiedDate": "2019-08-15T18:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10228", + "PkgName": "libc-bin", + "InstalledVersion": "2.23-0ubuntu11", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228", + "Title": "glibc: iconv program can hang when invoked with the -c option", + "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2017/03/01/10", + "http://www.securityfocus.com/bid/96525", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228", + "https://sourceware.org/bugzilla/show_bug.cgi?id=19519" + ], + "PublishedDate": "2017-03-02T01:59:00Z", + "LastModifiedDate": "2017-03-04T02:59:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10739", + "PkgName": "libc-bin", + "InstalledVersion": "2.23-0ubuntu11", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10739", + "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 4.6, + "V3Score": 5.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-10739.html", + "http://linux.oracle.com/errata/ELSA-2019-3513.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html", + "http://www.securityfocus.com/bid/106672", + "https://access.redhat.com/errata/RHSA-2019:2118", + "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20018" + ], + "PublishedDate": "2019-01-21T19:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12132", + "PkgName": "libc-bin", + "InstalledVersion": "2.23-0ubuntu11", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12132", + "Title": "glibc: Fragmentation attacks possible when EDNS0 is enabled", + "Description": "The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.", + "Severity": "LOW", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", + "V3Score": 3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2017-12132.html", + "http://linux.oracle.com/errata/ELSA-2018-0805.html", + "http://www.securityfocus.com/bid/100598", + "https://access.redhat.com/errata/RHSA-2018:0805", + "https://arxiv.org/pdf/1205.4011.pdf", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12132", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21361" + ], + "PublishedDate": "2017-08-01T16:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12133", + "PkgName": "libc-bin", + "InstalledVersion": "2.23-0ubuntu11", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12133", + "Title": "glibc: Use-after-free read access in clntudp_call in sunrpc", + "Description": "Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path.", + "Severity": "LOW", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12133", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SYZL6PAKI73XYRJYL5VLDGA4FFGWMB7A/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21115", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d42eed4a044e5e10dfb885cf9891c2518a72a491", + "https://www.securityfocus.com/bid/100679" + ], + "PublishedDate": "2017-09-07T13:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20796", + "PkgName": "libc-bin", + "InstalledVersion": "2.23-0ubuntu11", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20796", + "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/107160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", + "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" + ], + "PublishedDate": "2019-02-26T02:29:00Z", + "LastModifiedDate": "2019-11-05T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7309", + "PkgName": "libc-bin", + "InstalledVersion": "2.23-0ubuntu11", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7309", + "Title": "glibc: memcmp function incorrectly returns zero", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 2.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106835", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7309", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24155", + "https://sourceware.org/ml/libc-alpha/2019-02/msg00041.html", + "https://sourceware.org/ml/libc-alpha/2019-02/msg00063.html" + ], + "PublishedDate": "2019-02-03T02:29:00Z", + "LastModifiedDate": "2019-02-27T18:07:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9169", + "PkgName": "libc-bin", + "InstalledVersion": "2.23-0ubuntu11", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9169", + "Title": "glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/107160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24114", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9", + "https://support.f5.com/csp/article/K54823184" + ], + "PublishedDate": "2019-02-26T02:29:00Z", + "LastModifiedDate": "2019-04-16T05:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9192", + "PkgName": "libc-bin", + "InstalledVersion": "2.23-0ubuntu11", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9192", + "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", + "Description": "** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 2.8 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" + ], + "PublishedDate": "2019-02-26T18:29:00Z", + "LastModifiedDate": "2019-11-05T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2017-18269", + "PkgName": "libc6", + "InstalledVersion": "2.23-0ubuntu11", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18269", + "Title": "glibc: memory corruption in memcpy-sse2-unaligned.S", + "Description": "An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18269", + "https://github.com/fingolfin/memmove-bug", + "https://security.netapp.com/advisory/ntap-20190329-0001/", + "https://security.netapp.com/advisory/ntap-20190401-0001/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22644", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=cd66c0e584c6d692bc8347b5e72723d02b8a8ada" + ], + "PublishedDate": "2018-05-18T16:29:00Z", + "LastModifiedDate": "2019-04-01T08:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-11236", + "PkgName": "libc6", + "InstalledVersion": "2.23-0ubuntu11", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-11236", + "Title": "glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow", + "Description": "stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-11236.html", + "http://linux.oracle.com/errata/ELSA-2018-3092.html", + "http://www.securityfocus.com/bid/104255", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3092", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11236", + "https://security.netapp.com/advisory/ntap-20190329-0001/", + "https://security.netapp.com/advisory/ntap-20190401-0001/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22786", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5460617d1567657621107d895ee2dd83bc1f88f2", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-05-18T16:29:00Z", + "LastModifiedDate": "2019-04-25T18:43:00Z" + }, + { + "VulnerabilityID": "CVE-2018-11237", + "PkgName": "libc6", + "InstalledVersion": "2.23-0ubuntu11", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-11237", + "Title": "glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper", + "Description": "An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-11237.html", + "http://linux.oracle.com/errata/ELSA-2018-3092.html", + "http://www.securityfocus.com/bid/104256", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3092", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11237", + "https://security.netapp.com/advisory/ntap-20190329-0001/", + "https://security.netapp.com/advisory/ntap-20190401-0001/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23196", + "https://www.exploit-db.com/exploits/44750/", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-05-18T16:29:00Z", + "LastModifiedDate": "2019-04-25T18:44:00Z" + }, + { + "VulnerabilityID": "CVE-2018-6485", + "PkgName": "libc6", + "InstalledVersion": "2.23-0ubuntu11", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6485", + "Title": "glibc: Integer overflow in posix_memalign in memalign functions", + "Description": "An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://bugs.debian.org/878159", + "http://linux.oracle.com/cve/CVE-2018-6485.html", + "http://linux.oracle.com/errata/ELSA-2018-3092.html", + "http://www.securityfocus.com/bid/102912", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3092", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6485", + "https://security.netapp.com/advisory/ntap-20190404-0003/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22343", + "https://usn.ubuntu.com/4218-1/", + "https://usn.ubuntu.com/usn/usn-4218-1", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-02-01T14:29:00Z", + "LastModifiedDate": "2019-12-10T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2009-5155", + "PkgName": "libc6", + "InstalledVersion": "2.23-0ubuntu11", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2009-5155", + "Title": "glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result", + "Description": "In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.", + "Severity": "LOW", + "CweIDs": [ + "CWE-19" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5155", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=11053", + "https://sourceware.org/bugzilla/show_bug.cgi?id=18986", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672", + "https://support.f5.com/csp/article/K64119434" + ], + "PublishedDate": "2019-02-26T02:29:00Z", + "LastModifiedDate": "2019-03-25T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-5180", + "PkgName": "libc6", + "InstalledVersion": "2.23-0ubuntu11", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5180", + "Title": "glibc: DNS resolver NULL pointer dereference with crafted record type", + "Description": "res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", + "V2Score": 1.2 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2015-5180.html", + "http://linux.oracle.com/errata/ELSA-2018-0805.html", + "http://www.securityfocus.com/bid/99324", + "http://www.ubuntu.com/usn/USN-3239-1", + "http://www.ubuntu.com/usn/USN-3239-2", + "https://access.redhat.com/errata/RHSA-2018:0805", + "https://bugzilla.redhat.com/show_bug.cgi?id=1249603", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5180", + "https://security.gentoo.org/glsa/201706-19", + "https://sourceware.org/bugzilla/attachment.cgi?id=8492", + "https://sourceware.org/bugzilla/show_bug.cgi?id=18784", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=fc82b0a2dfe7dbd35671c10510a8da1043d746a5", + "https://sourceware.org/ml/libc-alpha/2017-02/msg00079.html", + "https://usn.ubuntu.com/usn/usn-3239-1", + "https://usn.ubuntu.com/usn/usn-3239-2" + ], + "PublishedDate": "2017-06-27T20:29:00Z", + "LastModifiedDate": "2018-04-12T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8985", + "PkgName": "libc6", + "InstalledVersion": "2.23-0ubuntu11", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8985", + "Title": "glibc: potential denial of service in pop_fail_stack()", + "Description": "The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.", + "Severity": "LOW", + "CweIDs": [ + "CWE-19" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 1.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2017/02/14/9", + "http://www.securityfocus.com/bid/76916", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8985", + "https://security.gentoo.org/glsa/201908-06" + ], + "PublishedDate": "2017-03-20T16:59:00Z", + "LastModifiedDate": "2019-08-15T18:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10228", + "PkgName": "libc6", + "InstalledVersion": "2.23-0ubuntu11", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228", + "Title": "glibc: iconv program can hang when invoked with the -c option", + "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2017/03/01/10", + "http://www.securityfocus.com/bid/96525", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228", + "https://sourceware.org/bugzilla/show_bug.cgi?id=19519" + ], + "PublishedDate": "2017-03-02T01:59:00Z", + "LastModifiedDate": "2017-03-04T02:59:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10739", + "PkgName": "libc6", + "InstalledVersion": "2.23-0ubuntu11", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10739", + "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 4.6, + "V3Score": 5.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-10739.html", + "http://linux.oracle.com/errata/ELSA-2019-3513.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html", + "http://www.securityfocus.com/bid/106672", + "https://access.redhat.com/errata/RHSA-2019:2118", + "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20018" + ], + "PublishedDate": "2019-01-21T19:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12132", + "PkgName": "libc6", + "InstalledVersion": "2.23-0ubuntu11", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12132", + "Title": "glibc: Fragmentation attacks possible when EDNS0 is enabled", + "Description": "The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.", + "Severity": "LOW", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", + "V3Score": 3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2017-12132.html", + "http://linux.oracle.com/errata/ELSA-2018-0805.html", + "http://www.securityfocus.com/bid/100598", + "https://access.redhat.com/errata/RHSA-2018:0805", + "https://arxiv.org/pdf/1205.4011.pdf", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12132", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21361" + ], + "PublishedDate": "2017-08-01T16:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12133", + "PkgName": "libc6", + "InstalledVersion": "2.23-0ubuntu11", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12133", + "Title": "glibc: Use-after-free read access in clntudp_call in sunrpc", + "Description": "Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path.", + "Severity": "LOW", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12133", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SYZL6PAKI73XYRJYL5VLDGA4FFGWMB7A/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21115", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d42eed4a044e5e10dfb885cf9891c2518a72a491", + "https://www.securityfocus.com/bid/100679" + ], + "PublishedDate": "2017-09-07T13:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20796", + "PkgName": "libc6", + "InstalledVersion": "2.23-0ubuntu11", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20796", + "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/107160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", + "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" + ], + "PublishedDate": "2019-02-26T02:29:00Z", + "LastModifiedDate": "2019-11-05T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7309", + "PkgName": "libc6", + "InstalledVersion": "2.23-0ubuntu11", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7309", + "Title": "glibc: memcmp function incorrectly returns zero", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 2.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106835", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7309", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24155", + "https://sourceware.org/ml/libc-alpha/2019-02/msg00041.html", + "https://sourceware.org/ml/libc-alpha/2019-02/msg00063.html" + ], + "PublishedDate": "2019-02-03T02:29:00Z", + "LastModifiedDate": "2019-02-27T18:07:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9169", + "PkgName": "libc6", + "InstalledVersion": "2.23-0ubuntu11", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9169", + "Title": "glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/107160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24114", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9", + "https://support.f5.com/csp/article/K54823184" + ], + "PublishedDate": "2019-02-26T02:29:00Z", + "LastModifiedDate": "2019-04-16T05:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9192", + "PkgName": "libc6", + "InstalledVersion": "2.23-0ubuntu11", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9192", + "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", + "Description": "** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 2.8 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" + ], + "PublishedDate": "2019-02-26T18:29:00Z", + "LastModifiedDate": "2019-11-05T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5094", + "PkgName": "libcomerr2", + "InstalledVersion": "1.42.13-1ubuntu1", + "FixedVersion": "1.42.13-1ubuntu1.1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", + "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", + "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", + "https://seclists.org/bugtraq/2019/Sep/58", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", + "https://usn.ubuntu.com/4142-2/", + "https://usn.ubuntu.com/usn/usn-4142-1", + "https://usn.ubuntu.com/usn/usn-4142-2", + "https://www.debian.org/security/2019/dsa-4535" + ], + "PublishedDate": "2019-09-24T22:15:00Z", + "LastModifiedDate": "2019-09-28T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5188", + "PkgName": "libcomerr2", + "InstalledVersion": "1.42.13-1ubuntu1", + "FixedVersion": "1.42.13-1ubuntu1.2", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", + "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", + "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", + "https://usn.ubuntu.com/4249-1/", + "https://usn.ubuntu.com/usn/usn-4249-1" + ], + "PublishedDate": "2020-01-08T16:15:00Z", + "LastModifiedDate": "2020-01-28T06:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-4484", + "PkgName": "libcryptsetup4", + "InstalledVersion": "2:1.6.6-5ubuntu2.1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4484", + "Title": "dracut: Brute force attack on LUKS password decryption via initramfs", + "Description": "The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password.", + "Severity": "LOW", + "CweIDs": [ + "CWE-287" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 6.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 6.8 + } + }, + "References": [ + "http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html", + "http://www.openwall.com/lists/oss-security/2016/11/14/13", + "http://www.openwall.com/lists/oss-security/2016/11/15/1", + "http://www.openwall.com/lists/oss-security/2016/11/15/4", + "http://www.openwall.com/lists/oss-security/2016/11/16/6", + "http://www.securityfocus.com/bid/94315", + "https://access.redhat.com/articles/2786581", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4484", + "https://gitlab.com/cryptsetup/cryptsetup/commit/ef8a7d82d8d3716ae9b58179590f7908981fa0cb" + ], + "PublishedDate": "2017-01-23T21:59:00Z", + "LastModifiedDate": "2017-01-26T02:59:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2779", + "PkgName": "libfdisk1", + "InstalledVersion": "2.27.1-6ubuntu3.7", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", + "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", + "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", + "Severity": "LOW", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "V2Score": 6.2, + "V3Score": 8.6 + } + }, + "References": [ + "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", + "http://www.openwall.com/lists/oss-security/2016/02/27/1", + "http://www.openwall.com/lists/oss-security/2016/02/27/2", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" + ], + "PublishedDate": "2017-02-07T15:59:00Z", + "LastModifiedDate": "2019-01-04T14:14:00Z" + }, + { + "VulnerabilityID": "CVE-2016-5011", + "PkgName": "libfdisk1", + "InstalledVersion": "2.27.1-6ubuntu3.7", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5011", + "Title": "util-linux: Extended partition loop in MBR partition table leads to DOS", + "Description": "The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.7, + "V3Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.9, + "V3Score": 4.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-5011.html", + "http://linux.oracle.com/errata/ELSA-2016-2605.html", + "http://rhn.redhat.com/errata/RHSA-2016-2605.html", + "http://www-01.ibm.com/support/docview.wss?uid=isg3T1024543", + "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021801", + "http://www.openwall.com/lists/oss-security/2016/07/11/2", + "http://www.securityfocus.com/bid/91683", + "http://www.securitytracker.com/id/1036272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5011", + "https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=7164a1c3" + ], + "PublishedDate": "2017-04-11T15:59:00Z", + "LastModifiedDate": "2017-04-17T16:50:00Z" + }, + { + "VulnerabilityID": "CVE-2019-13627", + "PkgName": "libgcrypt20", + "InstalledVersion": "1.6.5-2ubuntu0.5", + "FixedVersion": "1.6.5-2ubuntu0.6", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13627", + "Title": "libgcrypt: ECDSA timing attack in the libgcrypt20 cryptographic library", + "Description": "It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-362" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "V3Score": 6.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00060.html", + "http://www.openwall.com/lists/oss-security/2019/10/02/2", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13627", + "https://dev.gnupg.org/T4683", + "https://github.com/gpg/libgcrypt/releases/tag/libgcrypt-1.8.5", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00024.html", + "https://minerva.crocs.fi.muni.cz/", + "https://security-tracker.debian.org/tracker/CVE-2019-13627", + "https://usn.ubuntu.com/usn/usn-4236-1", + "https://usn.ubuntu.com/usn/usn-4236-2", + "https://usn.ubuntu.com/usn/usn-4236-3" + ], + "PublishedDate": "2019-09-25T15:15:00Z", + "LastModifiedDate": "2019-10-03T00:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17543", + "PkgName": "liblz4-1", + "InstalledVersion": "0.0~r131-2ubuntu2", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17543", + "Title": "lz4: heap-based buffer overflow in LZ4_write32", + "Description": "LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states \"only a few specific / uncommon usages of the API are at risk.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-120" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00069.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00070.html", + "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15941", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17543", + "https://github.com/lz4/lz4/compare/v1.9.1...v1.9.2", + "https://github.com/lz4/lz4/issues/801", + "https://github.com/lz4/lz4/pull/756", + "https://github.com/lz4/lz4/pull/760", + "https://lists.apache.org/thread.html/25015588b770d67470b7ba7ea49a305d6735dd7f00eabe7d50ec1e17@%3Cissues.arrow.apache.org%3E", + "https://lists.apache.org/thread.html/793012683dc0fa6819b7c2560e6cf990811014c40c7d75412099c357@%3Cissues.arrow.apache.org%3E", + "https://lists.apache.org/thread.html/9ff0606d16be2ab6a81619e1c9e23c3e251756638e36272c8c8b7fa3@%3Cissues.arrow.apache.org%3E", + "https://lists.apache.org/thread.html/f0038c4fab2ee25aee849ebeff6b33b3aa89e07ccfb06b5c87b36316@%3Cissues.arrow.apache.org%3E", + "https://lists.apache.org/thread.html/f506bc371d4a068d5d84d7361293568f61167d3a1c3e91f0def2d7d3@%3Cdev.arrow.apache.org%3E" + ], + "PublishedDate": "2019-10-14T02:15:00Z", + "LastModifiedDate": "2019-10-24T15:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2779", + "PkgName": "libmount1", + "InstalledVersion": "2.27.1-6ubuntu3.7", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", + "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", + "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", + "Severity": "LOW", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "V2Score": 6.2, + "V3Score": 8.6 + } + }, + "References": [ + "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", + "http://www.openwall.com/lists/oss-security/2016/02/27/1", + "http://www.openwall.com/lists/oss-security/2016/02/27/2", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" + ], + "PublishedDate": "2017-02-07T15:59:00Z", + "LastModifiedDate": "2019-01-04T14:14:00Z" + }, + { + "VulnerabilityID": "CVE-2016-5011", + "PkgName": "libmount1", + "InstalledVersion": "2.27.1-6ubuntu3.7", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5011", + "Title": "util-linux: Extended partition loop in MBR partition table leads to DOS", + "Description": "The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.7, + "V3Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.9, + "V3Score": 4.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-5011.html", + "http://linux.oracle.com/errata/ELSA-2016-2605.html", + "http://rhn.redhat.com/errata/RHSA-2016-2605.html", + "http://www-01.ibm.com/support/docview.wss?uid=isg3T1024543", + "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021801", + "http://www.openwall.com/lists/oss-security/2016/07/11/2", + "http://www.securityfocus.com/bid/91683", + "http://www.securitytracker.com/id/1036272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5011", + "https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=7164a1c3" + ], + "PublishedDate": "2017-04-11T15:59:00Z", + "LastModifiedDate": "2017-04-17T16:50:00Z" + }, + { + "VulnerabilityID": "CVE-2017-10684", + "PkgName": "libncurses5", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10684", + "Title": "ncurses: Stack-based buffer overflow in fmt_entry function in dump_entry.c", + "Description": "In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", + "V3Score": 5.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464687", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10684", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-06-29T23:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-10685", + "PkgName": "libncurses5", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10685", + "Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function", + "Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-134" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464692", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-06-29T23:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11112", + "PkgName": "libncurses5", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11112", + "Title": "ncurses: Illegal address access in append_acs function", + "Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464686", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-07-08T17:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11113", + "PkgName": "libncurses5", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11113", + "Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function", + "Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464691", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-07-08T17:29:00Z", + "LastModifiedDate": "2019-05-06T15:00:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13728", + "PkgName": "libncurses5", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13728", + "Title": "ncurses: Infinite loop in the next_char function", + "Description": "There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484274", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13729", + "PkgName": "libncurses5", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13729", + "Title": "ncurses: Illegal address access in the _nc_save_str function", + "Description": "There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484276", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13729", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13730", + "PkgName": "libncurses5", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13730", + "Title": "ncurses: Illegal address access in the function _nc_read_entry_source()", + "Description": "There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484284", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13730", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13731", + "PkgName": "libncurses5", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13731", + "Title": "ncurses: Illegal address access in the function postprocess_termcap()", + "Description": "There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484285", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13731", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13732", + "PkgName": "libncurses5", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13732", + "Title": "ncurses: Illegal address access in the function dump_uses()", + "Description": "There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484287", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13732", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13733", + "PkgName": "libncurses5", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13733", + "Title": "ncurses: Illegal address access in the function fmt_entry", + "Description": "There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13733", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13734", + "PkgName": "libncurses5", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13734", + "Title": "ncurses: Illegal address access in the function _nc_safe_strcat", + "Description": "There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484291", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13734", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16879", + "PkgName": "libncurses5", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16879", + "Title": "ncurses: Stack-based buffer overflow in the _nc_write_entry function", + "Description": "Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 2.5 + } + }, + "References": [ + "http://invisible-island.net/ncurses/NEWS.html#t20171125", + "http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16879", + "https://security.gentoo.org/glsa/201804-13", + "https://tools.cisco.com/security/center/viewAlert.x?alertId=57695" + ], + "PublishedDate": "2017-11-22T22:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17594", + "PkgName": "libncurses5", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", + "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-26T15:35:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17595", + "PkgName": "libncurses5", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", + "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V2Score": 5.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 5.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-23T19:26:00Z" + }, + { + "VulnerabilityID": "CVE-2017-10684", + "PkgName": "libncursesw5", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10684", + "Title": "ncurses: Stack-based buffer overflow in fmt_entry function in dump_entry.c", + "Description": "In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", + "V3Score": 5.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464687", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10684", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-06-29T23:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-10685", + "PkgName": "libncursesw5", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10685", + "Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function", + "Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-134" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464692", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-06-29T23:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11112", + "PkgName": "libncursesw5", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11112", + "Title": "ncurses: Illegal address access in append_acs function", + "Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464686", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-07-08T17:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11113", + "PkgName": "libncursesw5", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11113", + "Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function", + "Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464691", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-07-08T17:29:00Z", + "LastModifiedDate": "2019-05-06T15:00:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13728", + "PkgName": "libncursesw5", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13728", + "Title": "ncurses: Infinite loop in the next_char function", + "Description": "There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484274", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13729", + "PkgName": "libncursesw5", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13729", + "Title": "ncurses: Illegal address access in the _nc_save_str function", + "Description": "There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484276", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13729", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13730", + "PkgName": "libncursesw5", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13730", + "Title": "ncurses: Illegal address access in the function _nc_read_entry_source()", + "Description": "There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484284", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13730", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13731", + "PkgName": "libncursesw5", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13731", + "Title": "ncurses: Illegal address access in the function postprocess_termcap()", + "Description": "There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484285", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13731", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13732", + "PkgName": "libncursesw5", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13732", + "Title": "ncurses: Illegal address access in the function dump_uses()", + "Description": "There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484287", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13732", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13733", + "PkgName": "libncursesw5", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13733", + "Title": "ncurses: Illegal address access in the function fmt_entry", + "Description": "There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13733", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13734", + "PkgName": "libncursesw5", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13734", + "Title": "ncurses: Illegal address access in the function _nc_safe_strcat", + "Description": "There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484291", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13734", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16879", + "PkgName": "libncursesw5", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16879", + "Title": "ncurses: Stack-based buffer overflow in the _nc_write_entry function", + "Description": "Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 2.5 + } + }, + "References": [ + "http://invisible-island.net/ncurses/NEWS.html#t20171125", + "http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16879", + "https://security.gentoo.org/glsa/201804-13", + "https://tools.cisco.com/security/center/viewAlert.x?alertId=57695" + ], + "PublishedDate": "2017-11-22T22:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17594", + "PkgName": "libncursesw5", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", + "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-26T15:35:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17595", + "PkgName": "libncursesw5", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", + "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V2Score": 5.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 5.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-23T19:26:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11164", + "PkgName": "libpcre3", + "InstalledVersion": "2:8.38-3.1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11164", + "Title": "pcre: OP_KETRMAX feature in the match function in pcre_exec.c", + "Description": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 7.8, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2017/07/11/3", + "http://www.securityfocus.com/bid/99575", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164" + ], + "PublishedDate": "2017-07-11T03:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-6004", + "PkgName": "libpcre3", + "InstalledVersion": "2:8.38-3.1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6004", + "Title": "pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3)", + "Description": "The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/96295", + "http://www.securitytracker.com/id/1037850", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://bugs.exim.org/show_bug.cgi?id=2035", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6004", + "https://security.gentoo.org/glsa/201706-11", + "https://vcs.pcre.org/pcre/code/trunk/pcre_jit_compile.c?r1=1676\u0026r2=1680\u0026view=patch" + ], + "PublishedDate": "2017-02-16T11:59:00Z", + "LastModifiedDate": "2018-08-17T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7186", + "PkgName": "libpcre3", + "InstalledVersion": "2:8.38-3.1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7186", + "Title": "pcre: Invalid Unicode property lookup (8.41/7, 10.24/2)", + "Description": "libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97030", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/", + "https://bugs.exim.org/show_bug.cgi?id=2052", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7186", + "https://security.gentoo.org/glsa/201710-09", + "https://security.gentoo.org/glsa/201710-25", + "https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649\u0026r2=1688\u0026sortby=date", + "https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490\u0026r2=1688\u0026sortby=date", + "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600\u0026r2=670\u0026sortby=date", + "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316\u0026r2=670\u0026sortby=date" + ], + "PublishedDate": "2017-03-20T00:59:00Z", + "LastModifiedDate": "2018-08-17T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7244", + "PkgName": "libpcre3", + "InstalledVersion": "2:8.38-3.1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7244", + "Title": "pcre: invalid memory read in _pcre32_xclass (pcre_xclass.c)", + "Description": "The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97067", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7244", + "https://security.gentoo.org/glsa/201710-25" + ], + "PublishedDate": "2017-03-23T21:59:00Z", + "LastModifiedDate": "2018-08-17T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7245", + "PkgName": "libpcre3", + "InstalledVersion": "2:8.38-3.1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7245", + "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", + "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97067", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7245", + "https://security.gentoo.org/glsa/201710-25" + ], + "PublishedDate": "2017-03-23T21:59:00Z", + "LastModifiedDate": "2018-08-17T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7246", + "PkgName": "libpcre3", + "InstalledVersion": "2:8.38-3.1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7246", + "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", + "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97067", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7246", + "https://security.gentoo.org/glsa/201710-25" + ], + "PublishedDate": "2017-03-23T21:59:00Z", + "LastModifiedDate": "2018-08-17T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2779", + "PkgName": "libsmartcols1", + "InstalledVersion": "2.27.1-6ubuntu3.7", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", + "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", + "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", + "Severity": "LOW", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "V2Score": 6.2, + "V3Score": 8.6 + } + }, + "References": [ + "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", + "http://www.openwall.com/lists/oss-security/2016/02/27/1", + "http://www.openwall.com/lists/oss-security/2016/02/27/2", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" + ], + "PublishedDate": "2017-02-07T15:59:00Z", + "LastModifiedDate": "2019-01-04T14:14:00Z" + }, + { + "VulnerabilityID": "CVE-2016-5011", + "PkgName": "libsmartcols1", + "InstalledVersion": "2.27.1-6ubuntu3.7", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5011", + "Title": "util-linux: Extended partition loop in MBR partition table leads to DOS", + "Description": "The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.7, + "V3Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.9, + "V3Score": 4.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-5011.html", + "http://linux.oracle.com/errata/ELSA-2016-2605.html", + "http://rhn.redhat.com/errata/RHSA-2016-2605.html", + "http://www-01.ibm.com/support/docview.wss?uid=isg3T1024543", + "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021801", + "http://www.openwall.com/lists/oss-security/2016/07/11/2", + "http://www.securityfocus.com/bid/91683", + "http://www.securitytracker.com/id/1036272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5011", + "https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=7164a1c3" + ], + "PublishedDate": "2017-04-11T15:59:00Z", + "LastModifiedDate": "2017-04-17T16:50:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5094", + "PkgName": "libss2", + "InstalledVersion": "1.42.13-1ubuntu1", + "FixedVersion": "1.42.13-1ubuntu1.1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", + "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", + "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", + "https://seclists.org/bugtraq/2019/Sep/58", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", + "https://usn.ubuntu.com/4142-2/", + "https://usn.ubuntu.com/usn/usn-4142-1", + "https://usn.ubuntu.com/usn/usn-4142-2", + "https://www.debian.org/security/2019/dsa-4535" + ], + "PublishedDate": "2019-09-24T22:15:00Z", + "LastModifiedDate": "2019-09-28T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5188", + "PkgName": "libss2", + "InstalledVersion": "1.42.13-1ubuntu1", + "FixedVersion": "1.42.13-1ubuntu1.2", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", + "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", + "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", + "https://usn.ubuntu.com/4249-1/", + "https://usn.ubuntu.com/usn/usn-4249-1" + ], + "PublishedDate": "2020-01-08T16:15:00Z", + "LastModifiedDate": "2020-01-28T06:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20839", + "PkgName": "libsystemd0", + "InstalledVersion": "229-4ubuntu21.22", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20839", + "Title": "systemd: mishandling of the current keyboard mode check leading to passwords being disclosed in cleartext to attacker", + "Description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-255" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "http://www.securityfocus.com/bid/108389", + "https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1803993", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20839", + "https://github.com/systemd/systemd/commit/9725f1a10f80f5e0ae7d9b60547458622aeb322f", + "https://github.com/systemd/systemd/pull/12378", + "https://github.com/systemd/systemd/pull/13109", + "https://security.netapp.com/advisory/ntap-20190530-0002/" + ], + "PublishedDate": "2019-05-17T04:29:00Z", + "LastModifiedDate": "2019-05-30T08:29:00Z" + }, + { + "VulnerabilityID": "CVE-2020-1712", + "PkgName": "libsystemd0", + "InstalledVersion": "229-4ubuntu21.22", + "FixedVersion": "229-4ubuntu21.27", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-1712", + "Title": "systemd: use-after-free when asynchronous polkit queries are performed", + "Description": "A heap use-after-free vulnerability was found in systemd, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.", + "Severity": "MEDIUM", + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2020-1712.html", + "http://linux.oracle.com/errata/ELSA-2020-0575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1712", + "https://usn.ubuntu.com/usn/usn-4269-1" + ] + }, + { + "VulnerabilityID": "CVE-2018-16888", + "PkgName": "libsystemd0", + "InstalledVersion": "229-4ubuntu21.22", + "FixedVersion": "229-4ubuntu21.27", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16888", + "Title": "systemd: kills privileged process if unprivileged PIDFile was tampered", + "Description": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20", + "CWE-732" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.4 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16888.html", + "http://linux.oracle.com/errata/ELSA-2019-2091.html", + "https://access.redhat.com/errata/RHSA-2019:2091", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16888", + "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74@%3Cuser.cassandra.apache.org%3E", + "https://security.netapp.com/advisory/ntap-20190307-0007/", + "https://usn.ubuntu.com/usn/usn-4269-1" + ], + "PublishedDate": "2019-01-14T22:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-20386", + "PkgName": "libsystemd0", + "InstalledVersion": "229-4ubuntu21.22", + "FixedVersion": "229-4ubuntu21.27", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20386", + "Title": "systemd: a memory leak was discovered in button_open in login/logind-button.c when udev events are received", + "Description": "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.", + "Severity": "LOW", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 2.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20386", + "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad", + "https://security.netapp.com/advisory/ntap-20200210-0002/", + "https://usn.ubuntu.com/4269-1/", + "https://usn.ubuntu.com/usn/usn-4269-1" + ], + "PublishedDate": "2020-01-21T06:15:00Z", + "LastModifiedDate": "2020-02-10T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2017-10684", + "PkgName": "libtinfo5", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10684", + "Title": "ncurses: Stack-based buffer overflow in fmt_entry function in dump_entry.c", + "Description": "In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", + "V3Score": 5.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464687", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10684", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-06-29T23:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-10685", + "PkgName": "libtinfo5", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10685", + "Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function", + "Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-134" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464692", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-06-29T23:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11112", + "PkgName": "libtinfo5", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11112", + "Title": "ncurses: Illegal address access in append_acs function", + "Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464686", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-07-08T17:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11113", + "PkgName": "libtinfo5", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11113", + "Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function", + "Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464691", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-07-08T17:29:00Z", + "LastModifiedDate": "2019-05-06T15:00:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13728", + "PkgName": "libtinfo5", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13728", + "Title": "ncurses: Infinite loop in the next_char function", + "Description": "There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484274", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13729", + "PkgName": "libtinfo5", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13729", + "Title": "ncurses: Illegal address access in the _nc_save_str function", + "Description": "There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484276", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13729", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13730", + "PkgName": "libtinfo5", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13730", + "Title": "ncurses: Illegal address access in the function _nc_read_entry_source()", + "Description": "There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484284", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13730", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13731", + "PkgName": "libtinfo5", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13731", + "Title": "ncurses: Illegal address access in the function postprocess_termcap()", + "Description": "There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484285", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13731", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13732", + "PkgName": "libtinfo5", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13732", + "Title": "ncurses: Illegal address access in the function dump_uses()", + "Description": "There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484287", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13732", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13733", + "PkgName": "libtinfo5", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13733", + "Title": "ncurses: Illegal address access in the function fmt_entry", + "Description": "There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13733", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13734", + "PkgName": "libtinfo5", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13734", + "Title": "ncurses: Illegal address access in the function _nc_safe_strcat", + "Description": "There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484291", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13734", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16879", + "PkgName": "libtinfo5", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16879", + "Title": "ncurses: Stack-based buffer overflow in the _nc_write_entry function", + "Description": "Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 2.5 + } + }, + "References": [ + "http://invisible-island.net/ncurses/NEWS.html#t20171125", + "http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16879", + "https://security.gentoo.org/glsa/201804-13", + "https://tools.cisco.com/security/center/viewAlert.x?alertId=57695" + ], + "PublishedDate": "2017-11-22T22:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17594", + "PkgName": "libtinfo5", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", + "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-26T15:35:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17595", + "PkgName": "libtinfo5", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", + "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V2Score": 5.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 5.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-23T19:26:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20839", + "PkgName": "libudev1", + "InstalledVersion": "229-4ubuntu21.22", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20839", + "Title": "systemd: mishandling of the current keyboard mode check leading to passwords being disclosed in cleartext to attacker", + "Description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-255" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "http://www.securityfocus.com/bid/108389", + "https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1803993", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20839", + "https://github.com/systemd/systemd/commit/9725f1a10f80f5e0ae7d9b60547458622aeb322f", + "https://github.com/systemd/systemd/pull/12378", + "https://github.com/systemd/systemd/pull/13109", + "https://security.netapp.com/advisory/ntap-20190530-0002/" + ], + "PublishedDate": "2019-05-17T04:29:00Z", + "LastModifiedDate": "2019-05-30T08:29:00Z" + }, + { + "VulnerabilityID": "CVE-2020-1712", + "PkgName": "libudev1", + "InstalledVersion": "229-4ubuntu21.22", + "FixedVersion": "229-4ubuntu21.27", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-1712", + "Title": "systemd: use-after-free when asynchronous polkit queries are performed", + "Description": "A heap use-after-free vulnerability was found in systemd, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.", + "Severity": "MEDIUM", + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2020-1712.html", + "http://linux.oracle.com/errata/ELSA-2020-0575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1712", + "https://usn.ubuntu.com/usn/usn-4269-1" + ] + }, + { + "VulnerabilityID": "CVE-2018-16888", + "PkgName": "libudev1", + "InstalledVersion": "229-4ubuntu21.22", + "FixedVersion": "229-4ubuntu21.27", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16888", + "Title": "systemd: kills privileged process if unprivileged PIDFile was tampered", + "Description": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20", + "CWE-732" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.4 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16888.html", + "http://linux.oracle.com/errata/ELSA-2019-2091.html", + "https://access.redhat.com/errata/RHSA-2019:2091", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16888", + "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74@%3Cuser.cassandra.apache.org%3E", + "https://security.netapp.com/advisory/ntap-20190307-0007/", + "https://usn.ubuntu.com/usn/usn-4269-1" + ], + "PublishedDate": "2019-01-14T22:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-20386", + "PkgName": "libudev1", + "InstalledVersion": "229-4ubuntu21.22", + "FixedVersion": "229-4ubuntu21.27", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20386", + "Title": "systemd: a memory leak was discovered in button_open in login/logind-button.c when udev events are received", + "Description": "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.", + "Severity": "LOW", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 2.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20386", + "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad", + "https://security.netapp.com/advisory/ntap-20200210-0002/", + "https://usn.ubuntu.com/4269-1/", + "https://usn.ubuntu.com/usn/usn-4269-1" + ], + "PublishedDate": "2020-01-21T06:15:00Z", + "LastModifiedDate": "2020-02-10T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2779", + "PkgName": "libuuid1", + "InstalledVersion": "2.27.1-6ubuntu3.7", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", + "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", + "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", + "Severity": "LOW", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "V2Score": 6.2, + "V3Score": 8.6 + } + }, + "References": [ + "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", + "http://www.openwall.com/lists/oss-security/2016/02/27/1", + "http://www.openwall.com/lists/oss-security/2016/02/27/2", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" + ], + "PublishedDate": "2017-02-07T15:59:00Z", + "LastModifiedDate": "2019-01-04T14:14:00Z" + }, + { + "VulnerabilityID": "CVE-2016-5011", + "PkgName": "libuuid1", + "InstalledVersion": "2.27.1-6ubuntu3.7", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5011", + "Title": "util-linux: Extended partition loop in MBR partition table leads to DOS", + "Description": "The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.7, + "V3Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.9, + "V3Score": 4.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-5011.html", + "http://linux.oracle.com/errata/ELSA-2016-2605.html", + "http://rhn.redhat.com/errata/RHSA-2016-2605.html", + "http://www-01.ibm.com/support/docview.wss?uid=isg3T1024543", + "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021801", + "http://www.openwall.com/lists/oss-security/2016/07/11/2", + "http://www.securityfocus.com/bid/91683", + "http://www.securitytracker.com/id/1036272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5011", + "https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=7164a1c3" + ], + "PublishedDate": "2017-04-11T15:59:00Z", + "LastModifiedDate": "2017-04-17T16:50:00Z" + }, + { + "VulnerabilityID": "CVE-2013-4235", + "PkgName": "login", + "InstalledVersion": "1:4.2-3.1ubuntu5.4", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4235", + "Title": "shadow-utils: TOCTOU race conditions by copying and removing directory trees", + "Description": "shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees", + "Severity": "LOW", + "CweIDs": [ + "CWE-367" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", + "V2Score": 3.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 3.7, + "V3Score": 6.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/cve-2013-4235", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4235", + "https://security-tracker.debian.org/tracker/CVE-2013-4235" + ], + "PublishedDate": "2019-12-03T15:15:00Z", + "LastModifiedDate": "2019-12-13T15:30:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12424", + "PkgName": "login", + "InstalledVersion": "1:4.2-3.1ubuntu5.4", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12424", + "Title": "shadow-utils: Buffer overflow via newusers tool", + "Description": "In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 4.5 + } + }, + "References": [ + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756630", + "https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1266675", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12424", + "https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952", + "https://security.gentoo.org/glsa/201710-16" + ], + "PublishedDate": "2017-08-04T09:29:00Z", + "LastModifiedDate": "2017-10-17T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-7169", + "PkgName": "login", + "InstalledVersion": "1:4.2-3.1ubuntu5.4", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7169", + "Title": "shadow-utils: newgidmap allows unprivileged user to drop supplementary groups potentially allowing privilege escalation", + "Description": "An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used \"group blacklisting\" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.", + "Severity": "LOW", + "CweIDs": [ + "CWE-732" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.4 + } + }, + "References": [ + "https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7169", + "https://github.com/shadow-maint/shadow/pull/97", + "https://security.gentoo.org/glsa/201805-09" + ], + "PublishedDate": "2018-02-15T20:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2779", + "PkgName": "mount", + "InstalledVersion": "2.27.1-6ubuntu3.7", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", + "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", + "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", + "Severity": "LOW", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "V2Score": 6.2, + "V3Score": 8.6 + } + }, + "References": [ + "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", + "http://www.openwall.com/lists/oss-security/2016/02/27/1", + "http://www.openwall.com/lists/oss-security/2016/02/27/2", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" + ], + "PublishedDate": "2017-02-07T15:59:00Z", + "LastModifiedDate": "2019-01-04T14:14:00Z" + }, + { + "VulnerabilityID": "CVE-2016-5011", + "PkgName": "mount", + "InstalledVersion": "2.27.1-6ubuntu3.7", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5011", + "Title": "util-linux: Extended partition loop in MBR partition table leads to DOS", + "Description": "The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.7, + "V3Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.9, + "V3Score": 4.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-5011.html", + "http://linux.oracle.com/errata/ELSA-2016-2605.html", + "http://rhn.redhat.com/errata/RHSA-2016-2605.html", + "http://www-01.ibm.com/support/docview.wss?uid=isg3T1024543", + "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021801", + "http://www.openwall.com/lists/oss-security/2016/07/11/2", + "http://www.securityfocus.com/bid/91683", + "http://www.securitytracker.com/id/1036272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5011", + "https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=7164a1c3" + ], + "PublishedDate": "2017-04-11T15:59:00Z", + "LastModifiedDate": "2017-04-17T16:50:00Z" + }, + { + "VulnerabilityID": "CVE-2017-18269", + "PkgName": "multiarch-support", + "InstalledVersion": "2.23-0ubuntu11", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18269", + "Title": "glibc: memory corruption in memcpy-sse2-unaligned.S", + "Description": "An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18269", + "https://github.com/fingolfin/memmove-bug", + "https://security.netapp.com/advisory/ntap-20190329-0001/", + "https://security.netapp.com/advisory/ntap-20190401-0001/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22644", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=cd66c0e584c6d692bc8347b5e72723d02b8a8ada" + ], + "PublishedDate": "2018-05-18T16:29:00Z", + "LastModifiedDate": "2019-04-01T08:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-11236", + "PkgName": "multiarch-support", + "InstalledVersion": "2.23-0ubuntu11", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-11236", + "Title": "glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow", + "Description": "stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-11236.html", + "http://linux.oracle.com/errata/ELSA-2018-3092.html", + "http://www.securityfocus.com/bid/104255", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3092", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11236", + "https://security.netapp.com/advisory/ntap-20190329-0001/", + "https://security.netapp.com/advisory/ntap-20190401-0001/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22786", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5460617d1567657621107d895ee2dd83bc1f88f2", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-05-18T16:29:00Z", + "LastModifiedDate": "2019-04-25T18:43:00Z" + }, + { + "VulnerabilityID": "CVE-2018-11237", + "PkgName": "multiarch-support", + "InstalledVersion": "2.23-0ubuntu11", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-11237", + "Title": "glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper", + "Description": "An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-11237.html", + "http://linux.oracle.com/errata/ELSA-2018-3092.html", + "http://www.securityfocus.com/bid/104256", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3092", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11237", + "https://security.netapp.com/advisory/ntap-20190329-0001/", + "https://security.netapp.com/advisory/ntap-20190401-0001/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23196", + "https://www.exploit-db.com/exploits/44750/", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-05-18T16:29:00Z", + "LastModifiedDate": "2019-04-25T18:44:00Z" + }, + { + "VulnerabilityID": "CVE-2018-6485", + "PkgName": "multiarch-support", + "InstalledVersion": "2.23-0ubuntu11", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6485", + "Title": "glibc: Integer overflow in posix_memalign in memalign functions", + "Description": "An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://bugs.debian.org/878159", + "http://linux.oracle.com/cve/CVE-2018-6485.html", + "http://linux.oracle.com/errata/ELSA-2018-3092.html", + "http://www.securityfocus.com/bid/102912", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3092", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6485", + "https://security.netapp.com/advisory/ntap-20190404-0003/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22343", + "https://usn.ubuntu.com/4218-1/", + "https://usn.ubuntu.com/usn/usn-4218-1", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-02-01T14:29:00Z", + "LastModifiedDate": "2019-12-10T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2009-5155", + "PkgName": "multiarch-support", + "InstalledVersion": "2.23-0ubuntu11", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2009-5155", + "Title": "glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result", + "Description": "In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.", + "Severity": "LOW", + "CweIDs": [ + "CWE-19" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5155", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=11053", + "https://sourceware.org/bugzilla/show_bug.cgi?id=18986", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672", + "https://support.f5.com/csp/article/K64119434" + ], + "PublishedDate": "2019-02-26T02:29:00Z", + "LastModifiedDate": "2019-03-25T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-5180", + "PkgName": "multiarch-support", + "InstalledVersion": "2.23-0ubuntu11", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5180", + "Title": "glibc: DNS resolver NULL pointer dereference with crafted record type", + "Description": "res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", + "V2Score": 1.2 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2015-5180.html", + "http://linux.oracle.com/errata/ELSA-2018-0805.html", + "http://www.securityfocus.com/bid/99324", + "http://www.ubuntu.com/usn/USN-3239-1", + "http://www.ubuntu.com/usn/USN-3239-2", + "https://access.redhat.com/errata/RHSA-2018:0805", + "https://bugzilla.redhat.com/show_bug.cgi?id=1249603", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5180", + "https://security.gentoo.org/glsa/201706-19", + "https://sourceware.org/bugzilla/attachment.cgi?id=8492", + "https://sourceware.org/bugzilla/show_bug.cgi?id=18784", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=fc82b0a2dfe7dbd35671c10510a8da1043d746a5", + "https://sourceware.org/ml/libc-alpha/2017-02/msg00079.html", + "https://usn.ubuntu.com/usn/usn-3239-1", + "https://usn.ubuntu.com/usn/usn-3239-2" + ], + "PublishedDate": "2017-06-27T20:29:00Z", + "LastModifiedDate": "2018-04-12T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8985", + "PkgName": "multiarch-support", + "InstalledVersion": "2.23-0ubuntu11", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8985", + "Title": "glibc: potential denial of service in pop_fail_stack()", + "Description": "The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.", + "Severity": "LOW", + "CweIDs": [ + "CWE-19" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 1.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2017/02/14/9", + "http://www.securityfocus.com/bid/76916", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8985", + "https://security.gentoo.org/glsa/201908-06" + ], + "PublishedDate": "2017-03-20T16:59:00Z", + "LastModifiedDate": "2019-08-15T18:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10228", + "PkgName": "multiarch-support", + "InstalledVersion": "2.23-0ubuntu11", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228", + "Title": "glibc: iconv program can hang when invoked with the -c option", + "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2017/03/01/10", + "http://www.securityfocus.com/bid/96525", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228", + "https://sourceware.org/bugzilla/show_bug.cgi?id=19519" + ], + "PublishedDate": "2017-03-02T01:59:00Z", + "LastModifiedDate": "2017-03-04T02:59:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10739", + "PkgName": "multiarch-support", + "InstalledVersion": "2.23-0ubuntu11", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10739", + "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 4.6, + "V3Score": 5.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-10739.html", + "http://linux.oracle.com/errata/ELSA-2019-3513.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html", + "http://www.securityfocus.com/bid/106672", + "https://access.redhat.com/errata/RHSA-2019:2118", + "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20018" + ], + "PublishedDate": "2019-01-21T19:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12132", + "PkgName": "multiarch-support", + "InstalledVersion": "2.23-0ubuntu11", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12132", + "Title": "glibc: Fragmentation attacks possible when EDNS0 is enabled", + "Description": "The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.", + "Severity": "LOW", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", + "V3Score": 3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2017-12132.html", + "http://linux.oracle.com/errata/ELSA-2018-0805.html", + "http://www.securityfocus.com/bid/100598", + "https://access.redhat.com/errata/RHSA-2018:0805", + "https://arxiv.org/pdf/1205.4011.pdf", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12132", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21361" + ], + "PublishedDate": "2017-08-01T16:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12133", + "PkgName": "multiarch-support", + "InstalledVersion": "2.23-0ubuntu11", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12133", + "Title": "glibc: Use-after-free read access in clntudp_call in sunrpc", + "Description": "Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path.", + "Severity": "LOW", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12133", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SYZL6PAKI73XYRJYL5VLDGA4FFGWMB7A/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=21115", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d42eed4a044e5e10dfb885cf9891c2518a72a491", + "https://www.securityfocus.com/bid/100679" + ], + "PublishedDate": "2017-09-07T13:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20796", + "PkgName": "multiarch-support", + "InstalledVersion": "2.23-0ubuntu11", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20796", + "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/107160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", + "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" + ], + "PublishedDate": "2019-02-26T02:29:00Z", + "LastModifiedDate": "2019-11-05T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7309", + "PkgName": "multiarch-support", + "InstalledVersion": "2.23-0ubuntu11", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7309", + "Title": "glibc: memcmp function incorrectly returns zero", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 2.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106835", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7309", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24155", + "https://sourceware.org/ml/libc-alpha/2019-02/msg00041.html", + "https://sourceware.org/ml/libc-alpha/2019-02/msg00063.html" + ], + "PublishedDate": "2019-02-03T02:29:00Z", + "LastModifiedDate": "2019-02-27T18:07:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9169", + "PkgName": "multiarch-support", + "InstalledVersion": "2.23-0ubuntu11", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9169", + "Title": "glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/107160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24114", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9", + "https://support.f5.com/csp/article/K54823184" + ], + "PublishedDate": "2019-02-26T02:29:00Z", + "LastModifiedDate": "2019-04-16T05:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9192", + "PkgName": "multiarch-support", + "InstalledVersion": "2.23-0ubuntu11", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9192", + "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", + "Description": "** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 2.8 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" + ], + "PublishedDate": "2019-02-26T18:29:00Z", + "LastModifiedDate": "2019-11-05T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2017-10684", + "PkgName": "ncurses-base", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10684", + "Title": "ncurses: Stack-based buffer overflow in fmt_entry function in dump_entry.c", + "Description": "In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", + "V3Score": 5.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464687", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10684", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-06-29T23:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-10685", + "PkgName": "ncurses-base", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10685", + "Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function", + "Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-134" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464692", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-06-29T23:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11112", + "PkgName": "ncurses-base", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11112", + "Title": "ncurses: Illegal address access in append_acs function", + "Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464686", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-07-08T17:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11113", + "PkgName": "ncurses-base", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11113", + "Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function", + "Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464691", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-07-08T17:29:00Z", + "LastModifiedDate": "2019-05-06T15:00:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13728", + "PkgName": "ncurses-base", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13728", + "Title": "ncurses: Infinite loop in the next_char function", + "Description": "There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484274", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13729", + "PkgName": "ncurses-base", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13729", + "Title": "ncurses: Illegal address access in the _nc_save_str function", + "Description": "There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484276", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13729", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13730", + "PkgName": "ncurses-base", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13730", + "Title": "ncurses: Illegal address access in the function _nc_read_entry_source()", + "Description": "There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484284", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13730", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13731", + "PkgName": "ncurses-base", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13731", + "Title": "ncurses: Illegal address access in the function postprocess_termcap()", + "Description": "There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484285", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13731", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13732", + "PkgName": "ncurses-base", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13732", + "Title": "ncurses: Illegal address access in the function dump_uses()", + "Description": "There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484287", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13732", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13733", + "PkgName": "ncurses-base", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13733", + "Title": "ncurses: Illegal address access in the function fmt_entry", + "Description": "There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13733", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13734", + "PkgName": "ncurses-base", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13734", + "Title": "ncurses: Illegal address access in the function _nc_safe_strcat", + "Description": "There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484291", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13734", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16879", + "PkgName": "ncurses-base", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16879", + "Title": "ncurses: Stack-based buffer overflow in the _nc_write_entry function", + "Description": "Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 2.5 + } + }, + "References": [ + "http://invisible-island.net/ncurses/NEWS.html#t20171125", + "http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16879", + "https://security.gentoo.org/glsa/201804-13", + "https://tools.cisco.com/security/center/viewAlert.x?alertId=57695" + ], + "PublishedDate": "2017-11-22T22:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17594", + "PkgName": "ncurses-base", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", + "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-26T15:35:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17595", + "PkgName": "ncurses-base", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", + "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V2Score": 5.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 5.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-23T19:26:00Z" + }, + { + "VulnerabilityID": "CVE-2017-10684", + "PkgName": "ncurses-bin", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10684", + "Title": "ncurses: Stack-based buffer overflow in fmt_entry function in dump_entry.c", + "Description": "In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", + "V3Score": 5.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464687", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10684", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-06-29T23:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-10685", + "PkgName": "ncurses-bin", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10685", + "Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function", + "Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-134" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464692", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-06-29T23:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11112", + "PkgName": "ncurses-bin", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11112", + "Title": "ncurses: Illegal address access in append_acs function", + "Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464686", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-07-08T17:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11113", + "PkgName": "ncurses-bin", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11113", + "Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function", + "Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464691", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-07-08T17:29:00Z", + "LastModifiedDate": "2019-05-06T15:00:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13728", + "PkgName": "ncurses-bin", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13728", + "Title": "ncurses: Infinite loop in the next_char function", + "Description": "There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484274", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13729", + "PkgName": "ncurses-bin", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13729", + "Title": "ncurses: Illegal address access in the _nc_save_str function", + "Description": "There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484276", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13729", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13730", + "PkgName": "ncurses-bin", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13730", + "Title": "ncurses: Illegal address access in the function _nc_read_entry_source()", + "Description": "There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484284", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13730", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13731", + "PkgName": "ncurses-bin", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13731", + "Title": "ncurses: Illegal address access in the function postprocess_termcap()", + "Description": "There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484285", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13731", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13732", + "PkgName": "ncurses-bin", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13732", + "Title": "ncurses: Illegal address access in the function dump_uses()", + "Description": "There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484287", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13732", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13733", + "PkgName": "ncurses-bin", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13733", + "Title": "ncurses: Illegal address access in the function fmt_entry", + "Description": "There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13733", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-13734", + "PkgName": "ncurses-bin", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13734", + "Title": "ncurses: Illegal address access in the function _nc_safe_strcat", + "Description": "There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1484291", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13734", + "https://security.gentoo.org/glsa/201804-13" + ], + "PublishedDate": "2017-08-29T06:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-16879", + "PkgName": "ncurses-bin", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16879", + "Title": "ncurses: Stack-based buffer overflow in the _nc_write_entry function", + "Description": "Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 2.5 + } + }, + "References": [ + "http://invisible-island.net/ncurses/NEWS.html#t20171125", + "http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16879", + "https://security.gentoo.org/glsa/201804-13", + "https://tools.cisco.com/security/center/viewAlert.x?alertId=57695" + ], + "PublishedDate": "2017-11-22T22:29:00Z", + "LastModifiedDate": "2018-10-21T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17594", + "PkgName": "ncurses-bin", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", + "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-26T15:35:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17595", + "PkgName": "ncurses-bin", + "InstalledVersion": "6.0+20160213-1ubuntu1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", + "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V2Score": 5.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 5.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-23T19:26:00Z" + }, + { + "VulnerabilityID": "CVE-2013-4235", + "PkgName": "passwd", + "InstalledVersion": "1:4.2-3.1ubuntu5.4", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4235", + "Title": "shadow-utils: TOCTOU race conditions by copying and removing directory trees", + "Description": "shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees", + "Severity": "LOW", + "CweIDs": [ + "CWE-367" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", + "V2Score": 3.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 3.7, + "V3Score": 6.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/cve-2013-4235", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4235", + "https://security-tracker.debian.org/tracker/CVE-2013-4235" + ], + "PublishedDate": "2019-12-03T15:15:00Z", + "LastModifiedDate": "2019-12-13T15:30:00Z" + }, + { + "VulnerabilityID": "CVE-2017-12424", + "PkgName": "passwd", + "InstalledVersion": "1:4.2-3.1ubuntu5.4", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12424", + "Title": "shadow-utils: Buffer overflow via newusers tool", + "Description": "In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 4.5 + } + }, + "References": [ + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756630", + "https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1266675", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12424", + "https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952", + "https://security.gentoo.org/glsa/201710-16" + ], + "PublishedDate": "2017-08-04T09:29:00Z", + "LastModifiedDate": "2017-10-17T01:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-7169", + "PkgName": "passwd", + "InstalledVersion": "1:4.2-3.1ubuntu5.4", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7169", + "Title": "shadow-utils: newgidmap allows unprivileged user to drop supplementary groups potentially allowing privilege escalation", + "Description": "An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used \"group blacklisting\" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.", + "Severity": "LOW", + "CweIDs": [ + "CWE-732" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.4 + } + }, + "References": [ + "https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7169", + "https://github.com/shadow-maint/shadow/pull/97", + "https://security.gentoo.org/glsa/201805-09" + ], + "PublishedDate": "2018-02-15T20:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20839", + "PkgName": "systemd", + "InstalledVersion": "229-4ubuntu21.22", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20839", + "Title": "systemd: mishandling of the current keyboard mode check leading to passwords being disclosed in cleartext to attacker", + "Description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-255" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "http://www.securityfocus.com/bid/108389", + "https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1803993", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20839", + "https://github.com/systemd/systemd/commit/9725f1a10f80f5e0ae7d9b60547458622aeb322f", + "https://github.com/systemd/systemd/pull/12378", + "https://github.com/systemd/systemd/pull/13109", + "https://security.netapp.com/advisory/ntap-20190530-0002/" + ], + "PublishedDate": "2019-05-17T04:29:00Z", + "LastModifiedDate": "2019-05-30T08:29:00Z" + }, + { + "VulnerabilityID": "CVE-2020-1712", + "PkgName": "systemd", + "InstalledVersion": "229-4ubuntu21.22", + "FixedVersion": "229-4ubuntu21.27", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-1712", + "Title": "systemd: use-after-free when asynchronous polkit queries are performed", + "Description": "A heap use-after-free vulnerability was found in systemd, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.", + "Severity": "MEDIUM", + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2020-1712.html", + "http://linux.oracle.com/errata/ELSA-2020-0575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1712", + "https://usn.ubuntu.com/usn/usn-4269-1" + ] + }, + { + "VulnerabilityID": "CVE-2018-16888", + "PkgName": "systemd", + "InstalledVersion": "229-4ubuntu21.22", + "FixedVersion": "229-4ubuntu21.27", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16888", + "Title": "systemd: kills privileged process if unprivileged PIDFile was tampered", + "Description": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20", + "CWE-732" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.4 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16888.html", + "http://linux.oracle.com/errata/ELSA-2019-2091.html", + "https://access.redhat.com/errata/RHSA-2019:2091", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16888", + "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74@%3Cuser.cassandra.apache.org%3E", + "https://security.netapp.com/advisory/ntap-20190307-0007/", + "https://usn.ubuntu.com/usn/usn-4269-1" + ], + "PublishedDate": "2019-01-14T22:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-20386", + "PkgName": "systemd", + "InstalledVersion": "229-4ubuntu21.22", + "FixedVersion": "229-4ubuntu21.27", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20386", + "Title": "systemd: a memory leak was discovered in button_open in login/logind-button.c when udev events are received", + "Description": "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.", + "Severity": "LOW", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 2.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20386", + "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad", + "https://security.netapp.com/advisory/ntap-20200210-0002/", + "https://usn.ubuntu.com/4269-1/", + "https://usn.ubuntu.com/usn/usn-4269-1" + ], + "PublishedDate": "2020-01-21T06:15:00Z", + "LastModifiedDate": "2020-02-10T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20839", + "PkgName": "systemd-sysv", + "InstalledVersion": "229-4ubuntu21.22", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20839", + "Title": "systemd: mishandling of the current keyboard mode check leading to passwords being disclosed in cleartext to attacker", + "Description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-255" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "http://www.securityfocus.com/bid/108389", + "https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1803993", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20839", + "https://github.com/systemd/systemd/commit/9725f1a10f80f5e0ae7d9b60547458622aeb322f", + "https://github.com/systemd/systemd/pull/12378", + "https://github.com/systemd/systemd/pull/13109", + "https://security.netapp.com/advisory/ntap-20190530-0002/" + ], + "PublishedDate": "2019-05-17T04:29:00Z", + "LastModifiedDate": "2019-05-30T08:29:00Z" + }, + { + "VulnerabilityID": "CVE-2020-1712", + "PkgName": "systemd-sysv", + "InstalledVersion": "229-4ubuntu21.22", + "FixedVersion": "229-4ubuntu21.27", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-1712", + "Title": "systemd: use-after-free when asynchronous polkit queries are performed", + "Description": "A heap use-after-free vulnerability was found in systemd, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.", + "Severity": "MEDIUM", + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2020-1712.html", + "http://linux.oracle.com/errata/ELSA-2020-0575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1712", + "https://usn.ubuntu.com/usn/usn-4269-1" + ] + }, + { + "VulnerabilityID": "CVE-2018-16888", + "PkgName": "systemd-sysv", + "InstalledVersion": "229-4ubuntu21.22", + "FixedVersion": "229-4ubuntu21.27", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16888", + "Title": "systemd: kills privileged process if unprivileged PIDFile was tampered", + "Description": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20", + "CWE-732" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.4 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-16888.html", + "http://linux.oracle.com/errata/ELSA-2019-2091.html", + "https://access.redhat.com/errata/RHSA-2019:2091", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16888", + "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74@%3Cuser.cassandra.apache.org%3E", + "https://security.netapp.com/advisory/ntap-20190307-0007/", + "https://usn.ubuntu.com/usn/usn-4269-1" + ], + "PublishedDate": "2019-01-14T22:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-20386", + "PkgName": "systemd-sysv", + "InstalledVersion": "229-4ubuntu21.22", + "FixedVersion": "229-4ubuntu21.27", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20386", + "Title": "systemd: a memory leak was discovered in button_open in login/logind-button.c when udev events are received", + "Description": "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.", + "Severity": "LOW", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 2.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20386", + "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad", + "https://security.netapp.com/advisory/ntap-20200210-0002/", + "https://usn.ubuntu.com/4269-1/", + "https://usn.ubuntu.com/usn/usn-4269-1" + ], + "PublishedDate": "2020-01-21T06:15:00Z", + "LastModifiedDate": "2020-02-10T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20482", + "PkgName": "tar", + "InstalledVersion": "1.28-2.1ubuntu0.1", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20482", + "Title": "tar: Infinite read loop in sparse_dump_region function in sparse.c", + "Description": "GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).", + "Severity": "LOW", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42ccd1e2377945fd0414eca1a49294bff454", + "http://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html", + "http://www.securityfocus.com/bid/106354", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20482", + "https://lists.debian.org/debian-lts-announce/2018/12/msg00023.html", + "https://news.ycombinator.com/item?id=18745431", + "https://security.gentoo.org/glsa/201903-05", + "https://twitter.com/thatcks/status/1076166645708668928", + "https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug" + ], + "PublishedDate": "2018-12-26T18:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2779", + "PkgName": "util-linux", + "InstalledVersion": "2.27.1-6ubuntu3.7", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", + "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", + "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", + "Severity": "LOW", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "V2Score": 6.2, + "V3Score": 8.6 + } + }, + "References": [ + "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", + "http://www.openwall.com/lists/oss-security/2016/02/27/1", + "http://www.openwall.com/lists/oss-security/2016/02/27/2", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" + ], + "PublishedDate": "2017-02-07T15:59:00Z", + "LastModifiedDate": "2019-01-04T14:14:00Z" + }, + { + "VulnerabilityID": "CVE-2016-5011", + "PkgName": "util-linux", + "InstalledVersion": "2.27.1-6ubuntu3.7", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5011", + "Title": "util-linux: Extended partition loop in MBR partition table leads to DOS", + "Description": "The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.7, + "V3Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.9, + "V3Score": 4.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-5011.html", + "http://linux.oracle.com/errata/ELSA-2016-2605.html", + "http://rhn.redhat.com/errata/RHSA-2016-2605.html", + "http://www-01.ibm.com/support/docview.wss?uid=isg3T1024543", + "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021801", + "http://www.openwall.com/lists/oss-security/2016/07/11/2", + "http://www.securityfocus.com/bid/91683", + "http://www.securitytracker.com/id/1036272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5011", + "https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=7164a1c3" + ], + "PublishedDate": "2017-04-11T15:59:00Z", + "LastModifiedDate": "2017-04-17T16:50:00Z" + }, + { + "VulnerabilityID": "CVE-2016-9840", + "PkgName": "zlib1g", + "InstalledVersion": "1:1.2.8.dfsg-2ubuntu4.1", + "FixedVersion": "1:1.2.8.dfsg-2ubuntu4.3", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9840", + "Title": "zlib: Out-of-bounds pointer arithmetic in inftrees.c", + "Description": "inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.", + "Severity": "LOW", + "CweIDs": [ + "CWE-189" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V2Score": 4.3, + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html", + "http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html", + "http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html", + "http://www.openwall.com/lists/oss-security/2016/12/05/10", + "http://www.openwall.com/lists/oss-security/2016/12/05/21", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/95131", + "http://www.securitytracker.com/id/1039427", + "https://access.redhat.com/errata/RHSA-2017:1220", + "https://access.redhat.com/errata/RHSA-2017:1221", + "https://access.redhat.com/errata/RHSA-2017:1222", + "https://access.redhat.com/errata/RHSA-2017:2999", + "https://access.redhat.com/errata/RHSA-2017:3046", + "https://access.redhat.com/errata/RHSA-2017:3047", + "https://access.redhat.com/errata/RHSA-2017:3453", + "https://bugzilla.redhat.com/show_bug.cgi?id=1402345", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9840", + "https://docs.google.com/document/d/10i1KZS5so8xDqH2rplRa2xet0tyTvvJlLbQQmZIUIKE/edit#heading=h.t13tvnx4loq7", + "https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html", + "https://security.gentoo.org/glsa/201701-56", + "https://support.apple.com/HT208112", + "https://support.apple.com/HT208113", + "https://support.apple.com/HT208115", + "https://support.apple.com/HT208144", + "https://usn.ubuntu.com/usn/usn-4246-1", + "https://usn.ubuntu.com/usn/usn-4292-1", + "https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib", + "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf" + ], + "PublishedDate": "2017-05-23T04:29:00Z", + "LastModifiedDate": "2019-03-25T00:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-9841", + "PkgName": "zlib1g", + "InstalledVersion": "1:1.2.8.dfsg-2ubuntu4.1", + "FixedVersion": "1:1.2.8.dfsg-2ubuntu4.3", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9841", + "Title": "zlib: Out-of-bounds pointer arithmetic in inffast.c", + "Description": "inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.", + "Severity": "LOW", + "CweIDs": [ + "CWE-189" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V2Score": 4.3, + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html", + "http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html", + "http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html", + "http://www.openwall.com/lists/oss-security/2016/12/05/21", + "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/95131", + "http://www.securitytracker.com/id/1039427", + "http://www.securitytracker.com/id/1039596", + "https://access.redhat.com/errata/RHSA-2017:1220", + "https://access.redhat.com/errata/RHSA-2017:1221", + "https://access.redhat.com/errata/RHSA-2017:1222", + "https://access.redhat.com/errata/RHSA-2017:2999", + "https://access.redhat.com/errata/RHSA-2017:3046", + "https://access.redhat.com/errata/RHSA-2017:3047", + "https://access.redhat.com/errata/RHSA-2017:3453", + "https://bugzilla.redhat.com/show_bug.cgi?id=1402346", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9841", + "https://docs.google.com/document/d/10i1KZS5so8xDqH2rplRa2xet0tyTvvJlLbQQmZIUIKE/edit#heading=h.t13tvnx4loq7", + "https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html", + "https://security.gentoo.org/glsa/201701-56", + "https://security.netapp.com/advisory/ntap-20171019-0001/", + "https://support.apple.com/HT208112", + "https://support.apple.com/HT208113", + "https://support.apple.com/HT208115", + "https://support.apple.com/HT208144", + "https://usn.ubuntu.com/usn/usn-4246-1", + "https://usn.ubuntu.com/usn/usn-4292-1", + "https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib", + "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf" + ], + "PublishedDate": "2017-05-23T04:29:00Z", + "LastModifiedDate": "2019-03-25T00:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-9842", + "PkgName": "zlib1g", + "InstalledVersion": "1:1.2.8.dfsg-2ubuntu4.1", + "FixedVersion": "1:1.2.8.dfsg-2ubuntu4.3", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9842", + "Title": "zlib: Undefined left shift of negative number", + "Description": "The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.", + "Severity": "LOW", + "CweIDs": [ + "CWE-189" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V2Score": 4.3, + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html", + "http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html", + "http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html", + "http://www.openwall.com/lists/oss-security/2016/12/05/10", + "http://www.openwall.com/lists/oss-security/2016/12/05/21", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/95131", + "http://www.securitytracker.com/id/1039427", + "https://access.redhat.com/errata/RHSA-2017:1220", + "https://access.redhat.com/errata/RHSA-2017:1221", + "https://access.redhat.com/errata/RHSA-2017:1222", + "https://access.redhat.com/errata/RHSA-2017:2999", + "https://access.redhat.com/errata/RHSA-2017:3046", + "https://access.redhat.com/errata/RHSA-2017:3047", + "https://access.redhat.com/errata/RHSA-2017:3453", + "https://bugzilla.redhat.com/show_bug.cgi?id=1402348", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9842", + "https://docs.google.com/document/d/10i1KZS5so8xDqH2rplRa2xet0tyTvvJlLbQQmZIUIKE/edit#heading=h.t13tvnx4loq7", + "https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html", + "https://security.gentoo.org/glsa/201701-56", + "https://support.apple.com/HT208112", + "https://support.apple.com/HT208113", + "https://support.apple.com/HT208115", + "https://support.apple.com/HT208144", + "https://usn.ubuntu.com/usn/usn-4246-1", + "https://usn.ubuntu.com/usn/usn-4292-1", + "https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib", + "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf" + ], + "PublishedDate": "2017-05-23T04:29:00Z", + "LastModifiedDate": "2019-03-25T00:29:00Z" + }, + { + "VulnerabilityID": "CVE-2016-9843", + "PkgName": "zlib1g", + "InstalledVersion": "1:1.2.8.dfsg-2ubuntu4.1", + "FixedVersion": "1:1.2.8.dfsg-2ubuntu4.3", + "Layer": { + "DiffID": "sha256:f749b9b0fb213e9897417a985aaa9753d41bff474e1d0c0d1d266c4512eaf031" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9843", + "Title": "zlib: Big-endian out-of-bounds pointer", + "Description": "The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.", + "Severity": "LOW", + "CweIDs": [ + "CWE-189" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V2Score": 4.3, + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html", + "http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html", + "http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html", + "http://www.openwall.com/lists/oss-security/2016/12/05/21", + "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "http://www.securityfocus.com/bid/95131", + "http://www.securitytracker.com/id/1039427", + "http://www.securitytracker.com/id/1041888", + "https://access.redhat.com/errata/RHSA-2017:1220", + "https://access.redhat.com/errata/RHSA-2017:1221", + "https://access.redhat.com/errata/RHSA-2017:1222", + "https://access.redhat.com/errata/RHSA-2017:2999", + "https://access.redhat.com/errata/RHSA-2017:3046", + "https://access.redhat.com/errata/RHSA-2017:3047", + "https://access.redhat.com/errata/RHSA-2017:3453", + "https://bugzilla.redhat.com/show_bug.cgi?id=1402351", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9843", + "https://docs.google.com/document/d/10i1KZS5so8xDqH2rplRa2xet0tyTvvJlLbQQmZIUIKE/edit#heading=h.t13tvnx4loq7", + "https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html", + "https://security.gentoo.org/glsa/201701-56", + "https://security.netapp.com/advisory/ntap-20181018-0002/", + "https://support.apple.com/HT208112", + "https://support.apple.com/HT208113", + "https://support.apple.com/HT208115", + "https://support.apple.com/HT208144", + "https://usn.ubuntu.com/usn/usn-4246-1", + "https://usn.ubuntu.com/usn/usn-4292-1", + "https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib", + "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf" + ], + "PublishedDate": "2017-05-23T04:29:00Z", + "LastModifiedDate": "2019-03-25T00:29:00Z" + } + ] + } + ] +} \ No newline at end of file diff --git a/integration/testdata/ubuntu-1804-ignore-unfixed.json.golden b/integration/testdata/ubuntu-1804-ignore-unfixed.json.golden index 7f11fc55b5..ce3a7cea99 100644 --- a/integration/testdata/ubuntu-1804-ignore-unfixed.json.golden +++ b/integration/testdata/ubuntu-1804-ignore-unfixed.json.golden @@ -1,831 +1,898 @@ -[ - { - "Target": "testdata/fixtures/images/ubuntu-1804.tar.gz (ubuntu 18.04)", - "Class": "os-pkgs", - "Type": "ubuntu", - "Vulnerabilities": [ - { - "VulnerabilityID": "CVE-2019-5094", - "PkgName": "e2fsprogs", - "InstalledVersion": "1.44.1-1ubuntu1.1", - "FixedVersion": "1.44.1-1ubuntu1.2", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" +{ + "SchemaVersion": 2, + "ArtifactName": "testdata/fixtures/images/ubuntu-1804.tar.gz", + "ArtifactType": "container_image", + "Metadata": { + "OS": { + "Family": "ubuntu", + "Name": "18.04" + }, + "ImageID": "sha256:a2a15febcdf362f6115e801d37b5e60d6faaeedcb9896155e5fe9d754025be12", + "DiffIDs": [ + "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f", + "sha256:f7eae43028b334123c3a1d778f7bdf9783bbe651c8b15371df0120fd13ec35c5", + "sha256:7beb13bce073c21c9ee608acb13c7e851845245dc76ce81b418fdf580c45076b", + "sha256:122be11ab4a29e554786b4a1ec4764dd55656b59d6228a0a3de78eaf5c1f226c" + ], + "ImageConfig": { + "architecture": "amd64", + "container": "41b694b9b42f9c5ef7fb40c24272927a727a6d6cb8120bb3eae5849ceb9bee77", + "created": "2019-08-15T07:28:14.830150536Z", + "docker_version": "18.06.1-ce", + "history": [ + { + "created": "2019-08-15T07:28:12.433344678Z", + "created_by": "/bin/sh -c #(nop) ADD file:c477cb0e95c56b51e0b7353f3805165393689902b82a41bbe77dbef4b31667e1 in / " }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", - "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", - "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 6.4 - } + { + "created": "2019-08-15T07:28:13.20852008Z", + "created_by": "/bin/sh -c [ -z \"$(apt-get indextargets)\" ]" }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", - "https://seclists.org/bugtraq/2019/Sep/58", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", - "https://usn.ubuntu.com/4142-2/", - "https://usn.ubuntu.com/usn/usn-4142-1", - "https://usn.ubuntu.com/usn/usn-4142-2", - "https://www.debian.org/security/2019/dsa-4535" - ], - "PublishedDate": "2019-09-24T22:15:00Z", - "LastModifiedDate": "2019-09-28T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5188", - "PkgName": "e2fsprogs", - "InstalledVersion": "1.44.1-1ubuntu1.1", - "FixedVersion": "1.44.1-1ubuntu1.3", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + { + "created": "2019-08-15T07:28:13.964607567Z", + "created_by": "/bin/sh -c set -xe \t\t\u0026\u0026 echo '#!/bin/sh' \u003e /usr/sbin/policy-rc.d \t\u0026\u0026 echo 'exit 101' \u003e\u003e /usr/sbin/policy-rc.d \t\u0026\u0026 chmod +x /usr/sbin/policy-rc.d \t\t\u0026\u0026 dpkg-divert --local --rename --add /sbin/initctl \t\u0026\u0026 cp -a /usr/sbin/policy-rc.d /sbin/initctl \t\u0026\u0026 sed -i 's/^exit.*/exit 0/' /sbin/initctl \t\t\u0026\u0026 echo 'force-unsafe-io' \u003e /etc/dpkg/dpkg.cfg.d/docker-apt-speedup \t\t\u0026\u0026 echo 'DPkg::Post-Invoke { \"rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true\"; };' \u003e /etc/apt/apt.conf.d/docker-clean \t\u0026\u0026 echo 'APT::Update::Post-Invoke { \"rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true\"; };' \u003e\u003e /etc/apt/apt.conf.d/docker-clean \t\u0026\u0026 echo 'Dir::Cache::pkgcache \"\"; Dir::Cache::srcpkgcache \"\";' \u003e\u003e /etc/apt/apt.conf.d/docker-clean \t\t\u0026\u0026 echo 'Acquire::Languages \"none\";' \u003e /etc/apt/apt.conf.d/docker-no-languages \t\t\u0026\u0026 echo 'Acquire::GzipIndexes \"true\"; Acquire::CompressionTypes::Order:: \"gz\";' \u003e /etc/apt/apt.conf.d/docker-gzip-indexes \t\t\u0026\u0026 echo 'Apt::AutoRemove::SuggestsImportant \"false\";' \u003e /etc/apt/apt.conf.d/docker-autoremove-suggests" }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", - "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", - "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", - "V3Score": 7.5 - } + { + "created": "2019-08-15T07:28:14.64282638Z", + "created_by": "/bin/sh -c mkdir -p /run/systemd \u0026\u0026 echo 'docker' \u003e /run/systemd/container" }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", - "https://usn.ubuntu.com/4249-1/", - "https://usn.ubuntu.com/usn/usn-4249-1" - ], - "PublishedDate": "2020-01-08T16:15:00Z", - "LastModifiedDate": "2020-01-28T06:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5094", - "PkgName": "libcom-err2", - "InstalledVersion": "1.44.1-1ubuntu1.1", - "FixedVersion": "1.44.1-1ubuntu1.2", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", - "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", - "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 6.4 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", - "https://seclists.org/bugtraq/2019/Sep/58", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", - "https://usn.ubuntu.com/4142-2/", - "https://usn.ubuntu.com/usn/usn-4142-1", - "https://usn.ubuntu.com/usn/usn-4142-2", - "https://www.debian.org/security/2019/dsa-4535" - ], - "PublishedDate": "2019-09-24T22:15:00Z", - "LastModifiedDate": "2019-09-28T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5188", - "PkgName": "libcom-err2", - "InstalledVersion": "1.44.1-1ubuntu1.1", - "FixedVersion": "1.44.1-1ubuntu1.3", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", - "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", - "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", - "https://usn.ubuntu.com/4249-1/", - "https://usn.ubuntu.com/usn/usn-4249-1" - ], - "PublishedDate": "2020-01-08T16:15:00Z", - "LastModifiedDate": "2020-01-28T06:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5094", - "PkgName": "libext2fs2", - "InstalledVersion": "1.44.1-1ubuntu1.1", - "FixedVersion": "1.44.1-1ubuntu1.2", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", - "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", - "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 6.4 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", - "https://seclists.org/bugtraq/2019/Sep/58", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", - "https://usn.ubuntu.com/4142-2/", - "https://usn.ubuntu.com/usn/usn-4142-1", - "https://usn.ubuntu.com/usn/usn-4142-2", - "https://www.debian.org/security/2019/dsa-4535" - ], - "PublishedDate": "2019-09-24T22:15:00Z", - "LastModifiedDate": "2019-09-28T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5188", - "PkgName": "libext2fs2", - "InstalledVersion": "1.44.1-1ubuntu1.1", - "FixedVersion": "1.44.1-1ubuntu1.3", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", - "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", - "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", - "https://usn.ubuntu.com/4249-1/", - "https://usn.ubuntu.com/usn/usn-4249-1" - ], - "PublishedDate": "2020-01-08T16:15:00Z", - "LastModifiedDate": "2020-01-28T06:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13627", - "PkgName": "libgcrypt20", - "InstalledVersion": "1.8.1-4ubuntu1.1", - "FixedVersion": "1.8.1-4ubuntu1.2", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13627", - "Title": "libgcrypt: ECDSA timing attack in the libgcrypt20 cryptographic library", - "Description": "It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-362" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", - "V3Score": 6.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00060.html", - "http://www.openwall.com/lists/oss-security/2019/10/02/2", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13627", - "https://dev.gnupg.org/T4683", - "https://github.com/gpg/libgcrypt/releases/tag/libgcrypt-1.8.5", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00024.html", - "https://minerva.crocs.fi.muni.cz/", - "https://security-tracker.debian.org/tracker/CVE-2019-13627", - "https://usn.ubuntu.com/usn/usn-4236-1", - "https://usn.ubuntu.com/usn/usn-4236-2", - "https://usn.ubuntu.com/usn/usn-4236-3" - ], - "PublishedDate": "2019-09-25T15:15:00Z", - "LastModifiedDate": "2019-10-03T00:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-12290", - "PkgName": "libidn2-0", - "InstalledVersion": "2.0.4-1.1build2", - "FixedVersion": "2.0.4-1.1ubuntu0.2", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12290", - "Description": "GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V2Score": 5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12290", - "https://gitlab.com/libidn/libidn2/commit/241e8f486134793cb0f4a5b0e5817a97883401f5", - "https://gitlab.com/libidn/libidn2/commit/614117ef6e4c60e1950d742e3edf0a0ef8d389de", - "https://gitlab.com/libidn/libidn2/merge_requests/71", - "https://usn.ubuntu.com/4168-1/", - "https://usn.ubuntu.com/usn/usn-4168-1" - ], - "PublishedDate": "2019-10-22T16:15:00Z", - "LastModifiedDate": "2019-10-29T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-18224", - "PkgName": "libidn2-0", - "InstalledVersion": "2.0.4-1.1build2", - "FixedVersion": "2.0.4-1.1ubuntu0.2", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18224", - "Title": "libidn2: heap-based buffer overflow in idn2_to_ascii_4i in lib/lookup.c", - "Description": "idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.6 - } - }, - "References": [ - "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12420", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18224", - "https://github.com/libidn/libidn2/commit/e4d1558aa2c1c04a05066ee8600f37603890ba8c", - "https://github.com/libidn/libidn2/compare/libidn2-2.1.0...libidn2-2.1.1", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDQVQ2XPV5BTZUFINT7AFJSKNNBVURNJ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MINU5RKDFE6TKAFY5DRFN3WSFDS4DYVS/", - "https://usn.ubuntu.com/4168-1/", - "https://usn.ubuntu.com/usn/usn-4168-1" - ], - "PublishedDate": "2019-10-21T17:15:00Z", - "LastModifiedDate": "2019-10-29T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5094", - "PkgName": "libss2", - "InstalledVersion": "1.44.1-1ubuntu1.1", - "FixedVersion": "1.44.1-1ubuntu1.2", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", - "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", - "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 6.4 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", - "https://seclists.org/bugtraq/2019/Sep/58", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", - "https://usn.ubuntu.com/4142-2/", - "https://usn.ubuntu.com/usn/usn-4142-1", - "https://usn.ubuntu.com/usn/usn-4142-2", - "https://www.debian.org/security/2019/dsa-4535" - ], - "PublishedDate": "2019-09-24T22:15:00Z", - "LastModifiedDate": "2019-09-28T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5188", - "PkgName": "libss2", - "InstalledVersion": "1.44.1-1ubuntu1.1", - "FixedVersion": "1.44.1-1ubuntu1.3", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", - "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", - "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", - "https://usn.ubuntu.com/4249-1/", - "https://usn.ubuntu.com/usn/usn-4249-1" - ], - "PublishedDate": "2020-01-08T16:15:00Z", - "LastModifiedDate": "2020-01-28T06:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-15718", - "PkgName": "libsystemd0", - "InstalledVersion": "237-3ubuntu10.25", - "FixedVersion": "237-3ubuntu10.28", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-15718", - "Title": "systemd: systemd-resolved allows unprivileged users to configure DNS", - "Description": "In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-284" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 2.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-15718.html", - "http://linux.oracle.com/errata/ELSA-2019-3592.html", - "http://www.openwall.com/lists/oss-security/2019/09/03/1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1746057", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15718", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRE5IS24XTF5WNZGH2L7GSQJKARBOEGL/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIKGKXZ5OEGOEYURHLJHEMFYNLEGAW5B/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2WNHRJW4XI6H5YMDG4BUFGPAXWUMUVG/", - "https://usn.ubuntu.com/usn/usn-4120-1" - ], - "PublishedDate": "2019-09-04T12:15:00Z", - "LastModifiedDate": "2019-09-19T04:15:00Z" - }, - { - "VulnerabilityID": "CVE-2020-1712", - "PkgName": "libsystemd0", - "InstalledVersion": "237-3ubuntu10.25", - "FixedVersion": "237-3ubuntu10.38", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-1712", - "Title": "systemd: use-after-free when asynchronous polkit queries are performed", - "Description": "A heap use-after-free vulnerability was found in systemd, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.", - "Severity": "MEDIUM", - "CVSS": { - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2020-1712.html", - "http://linux.oracle.com/errata/ELSA-2020-0575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1712", - "https://usn.ubuntu.com/usn/usn-4269-1" + { + "created": "2019-08-15T07:28:14.830150536Z", + "created_by": "/bin/sh -c #(nop) CMD [\"/bin/bash\"]", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f", + "sha256:f7eae43028b334123c3a1d778f7bdf9783bbe651c8b15371df0120fd13ec35c5", + "sha256:7beb13bce073c21c9ee608acb13c7e851845245dc76ce81b418fdf580c45076b", + "sha256:122be11ab4a29e554786b4a1ec4764dd55656b59d6228a0a3de78eaf5c1f226c" ] }, - { - "VulnerabilityID": "CVE-2019-20386", - "PkgName": "libsystemd0", - "InstalledVersion": "237-3ubuntu10.25", - "FixedVersion": "237-3ubuntu10.38", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20386", - "Title": "systemd: a memory leak was discovered in button_open in login/logind-button.c when udev events are received", - "Description": "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" + "config": { + "Cmd": [ + "/bin/bash" ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 2.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20386", - "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad", - "https://security.netapp.com/advisory/ntap-20200210-0002/", - "https://usn.ubuntu.com/4269-1/", - "https://usn.ubuntu.com/usn/usn-4269-1" + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ], - "PublishedDate": "2020-01-21T06:15:00Z", - "LastModifiedDate": "2020-02-10T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3843", - "PkgName": "libsystemd0", - "InstalledVersion": "237-3ubuntu10.25", - "FixedVersion": "237-3ubuntu10.38", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3843", - "Title": "systemd: services with DynamicUser can create SUID/SGID binaries", - "Description": "It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 4.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/108116", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3843", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3843", - "https://github.com/systemd/systemd-stable/pull/54 (backport for v241-stable)", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5JXQAKSTMABZ46EVCRMW62DHWYHTTFES/", - "https://security.netapp.com/advisory/ntap-20190619-0002/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2019-04-26T21:29:00Z", - "LastModifiedDate": "2019-06-19T10:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3844", - "PkgName": "libsystemd0", - "InstalledVersion": "237-3ubuntu10.25", - "FixedVersion": "237-3ubuntu10.38", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3844", - "Title": "systemd: services with DynamicUser can get new privileges and create SGID binaries", - "Description": "It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 4.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/108096", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3844", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3844", - "https://security.netapp.com/advisory/ntap-20190619-0002/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2019-04-26T21:29:00Z", - "LastModifiedDate": "2019-06-19T10:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-15718", - "PkgName": "libudev1", - "InstalledVersion": "237-3ubuntu10.25", - "FixedVersion": "237-3ubuntu10.28", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-15718", - "Title": "systemd: systemd-resolved allows unprivileged users to configure DNS", - "Description": "In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-284" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 2.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-15718.html", - "http://linux.oracle.com/errata/ELSA-2019-3592.html", - "http://www.openwall.com/lists/oss-security/2019/09/03/1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1746057", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15718", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRE5IS24XTF5WNZGH2L7GSQJKARBOEGL/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIKGKXZ5OEGOEYURHLJHEMFYNLEGAW5B/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2WNHRJW4XI6H5YMDG4BUFGPAXWUMUVG/", - "https://usn.ubuntu.com/usn/usn-4120-1" - ], - "PublishedDate": "2019-09-04T12:15:00Z", - "LastModifiedDate": "2019-09-19T04:15:00Z" - }, - { - "VulnerabilityID": "CVE-2020-1712", - "PkgName": "libudev1", - "InstalledVersion": "237-3ubuntu10.25", - "FixedVersion": "237-3ubuntu10.38", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-1712", - "Title": "systemd: use-after-free when asynchronous polkit queries are performed", - "Description": "A heap use-after-free vulnerability was found in systemd, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.", - "Severity": "MEDIUM", - "CVSS": { - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2020-1712.html", - "http://linux.oracle.com/errata/ELSA-2020-0575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1712", - "https://usn.ubuntu.com/usn/usn-4269-1" - ] - }, - { - "VulnerabilityID": "CVE-2019-20386", - "PkgName": "libudev1", - "InstalledVersion": "237-3ubuntu10.25", - "FixedVersion": "237-3ubuntu10.38", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20386", - "Title": "systemd: a memory leak was discovered in button_open in login/logind-button.c when udev events are received", - "Description": "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 2.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20386", - "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad", - "https://security.netapp.com/advisory/ntap-20200210-0002/", - "https://usn.ubuntu.com/4269-1/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2020-01-21T06:15:00Z", - "LastModifiedDate": "2020-02-10T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3843", - "PkgName": "libudev1", - "InstalledVersion": "237-3ubuntu10.25", - "FixedVersion": "237-3ubuntu10.38", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3843", - "Title": "systemd: services with DynamicUser can create SUID/SGID binaries", - "Description": "It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 4.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/108116", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3843", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3843", - "https://github.com/systemd/systemd-stable/pull/54 (backport for v241-stable)", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5JXQAKSTMABZ46EVCRMW62DHWYHTTFES/", - "https://security.netapp.com/advisory/ntap-20190619-0002/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2019-04-26T21:29:00Z", - "LastModifiedDate": "2019-06-19T10:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3844", - "PkgName": "libudev1", - "InstalledVersion": "237-3ubuntu10.25", - "FixedVersion": "237-3ubuntu10.38", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3844", - "Title": "systemd: services with DynamicUser can get new privileges and create SGID binaries", - "Description": "It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 4.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/108096", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3844", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3844", - "https://security.netapp.com/advisory/ntap-20190619-0002/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2019-04-26T21:29:00Z", - "LastModifiedDate": "2019-06-19T10:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11922", - "PkgName": "libzstd1", - "InstalledVersion": "1.3.3+dfsg-2ubuntu1", - "FixedVersion": "1.3.3+dfsg-2ubuntu1.1", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11922", - "Description": "A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-362" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00008.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00062.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11922", - "https://github.com/facebook/zstd/commit/3e5cdf1b6a85843e991d7d10f6a2567c15580da0", - "https://github.com/facebook/zstd/pull/1404/commits/3e5cdf1b6a85843e991d7d10f6a2567c15580da0", - "https://usn.ubuntu.com/usn/usn-4108-1", - "https://www.facebook.com/security/advisories/cve-2019-11922" - ], - "PublishedDate": "2019-07-25T21:15:00Z", - "LastModifiedDate": "2019-08-12T21:15:00Z" + "Image": "sha256:bcbe079849fdbb50b3eb04798547e046bdbc82020b8b780d767cf29f7e60b396", + "ArgsEscaped": true } - ] - } -] \ No newline at end of file + } + }, + "Results": [ + { + "Target": "testdata/fixtures/images/ubuntu-1804.tar.gz (ubuntu 18.04)", + "Class": "os-pkgs", + "Type": "ubuntu", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2019-5094", + "PkgName": "e2fsprogs", + "InstalledVersion": "1.44.1-1ubuntu1.1", + "FixedVersion": "1.44.1-1ubuntu1.2", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", + "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", + "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", + "https://seclists.org/bugtraq/2019/Sep/58", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", + "https://usn.ubuntu.com/4142-2/", + "https://usn.ubuntu.com/usn/usn-4142-1", + "https://usn.ubuntu.com/usn/usn-4142-2", + "https://www.debian.org/security/2019/dsa-4535" + ], + "PublishedDate": "2019-09-24T22:15:00Z", + "LastModifiedDate": "2019-09-28T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5188", + "PkgName": "e2fsprogs", + "InstalledVersion": "1.44.1-1ubuntu1.1", + "FixedVersion": "1.44.1-1ubuntu1.3", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", + "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", + "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", + "https://usn.ubuntu.com/4249-1/", + "https://usn.ubuntu.com/usn/usn-4249-1" + ], + "PublishedDate": "2020-01-08T16:15:00Z", + "LastModifiedDate": "2020-01-28T06:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5094", + "PkgName": "libcom-err2", + "InstalledVersion": "1.44.1-1ubuntu1.1", + "FixedVersion": "1.44.1-1ubuntu1.2", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", + "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", + "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", + "https://seclists.org/bugtraq/2019/Sep/58", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", + "https://usn.ubuntu.com/4142-2/", + "https://usn.ubuntu.com/usn/usn-4142-1", + "https://usn.ubuntu.com/usn/usn-4142-2", + "https://www.debian.org/security/2019/dsa-4535" + ], + "PublishedDate": "2019-09-24T22:15:00Z", + "LastModifiedDate": "2019-09-28T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5188", + "PkgName": "libcom-err2", + "InstalledVersion": "1.44.1-1ubuntu1.1", + "FixedVersion": "1.44.1-1ubuntu1.3", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", + "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", + "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", + "https://usn.ubuntu.com/4249-1/", + "https://usn.ubuntu.com/usn/usn-4249-1" + ], + "PublishedDate": "2020-01-08T16:15:00Z", + "LastModifiedDate": "2020-01-28T06:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5094", + "PkgName": "libext2fs2", + "InstalledVersion": "1.44.1-1ubuntu1.1", + "FixedVersion": "1.44.1-1ubuntu1.2", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", + "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", + "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", + "https://seclists.org/bugtraq/2019/Sep/58", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", + "https://usn.ubuntu.com/4142-2/", + "https://usn.ubuntu.com/usn/usn-4142-1", + "https://usn.ubuntu.com/usn/usn-4142-2", + "https://www.debian.org/security/2019/dsa-4535" + ], + "PublishedDate": "2019-09-24T22:15:00Z", + "LastModifiedDate": "2019-09-28T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5188", + "PkgName": "libext2fs2", + "InstalledVersion": "1.44.1-1ubuntu1.1", + "FixedVersion": "1.44.1-1ubuntu1.3", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", + "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", + "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", + "https://usn.ubuntu.com/4249-1/", + "https://usn.ubuntu.com/usn/usn-4249-1" + ], + "PublishedDate": "2020-01-08T16:15:00Z", + "LastModifiedDate": "2020-01-28T06:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-13627", + "PkgName": "libgcrypt20", + "InstalledVersion": "1.8.1-4ubuntu1.1", + "FixedVersion": "1.8.1-4ubuntu1.2", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13627", + "Title": "libgcrypt: ECDSA timing attack in the libgcrypt20 cryptographic library", + "Description": "It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-362" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "V3Score": 6.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00060.html", + "http://www.openwall.com/lists/oss-security/2019/10/02/2", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13627", + "https://dev.gnupg.org/T4683", + "https://github.com/gpg/libgcrypt/releases/tag/libgcrypt-1.8.5", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00024.html", + "https://minerva.crocs.fi.muni.cz/", + "https://security-tracker.debian.org/tracker/CVE-2019-13627", + "https://usn.ubuntu.com/usn/usn-4236-1", + "https://usn.ubuntu.com/usn/usn-4236-2", + "https://usn.ubuntu.com/usn/usn-4236-3" + ], + "PublishedDate": "2019-09-25T15:15:00Z", + "LastModifiedDate": "2019-10-03T00:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-12290", + "PkgName": "libidn2-0", + "InstalledVersion": "2.0.4-1.1build2", + "FixedVersion": "2.0.4-1.1ubuntu0.2", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12290", + "Description": "GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V2Score": 5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12290", + "https://gitlab.com/libidn/libidn2/commit/241e8f486134793cb0f4a5b0e5817a97883401f5", + "https://gitlab.com/libidn/libidn2/commit/614117ef6e4c60e1950d742e3edf0a0ef8d389de", + "https://gitlab.com/libidn/libidn2/merge_requests/71", + "https://usn.ubuntu.com/4168-1/", + "https://usn.ubuntu.com/usn/usn-4168-1" + ], + "PublishedDate": "2019-10-22T16:15:00Z", + "LastModifiedDate": "2019-10-29T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-18224", + "PkgName": "libidn2-0", + "InstalledVersion": "2.0.4-1.1build2", + "FixedVersion": "2.0.4-1.1ubuntu0.2", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18224", + "Title": "libidn2: heap-based buffer overflow in idn2_to_ascii_4i in lib/lookup.c", + "Description": "idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.6 + } + }, + "References": [ + "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18224", + "https://github.com/libidn/libidn2/commit/e4d1558aa2c1c04a05066ee8600f37603890ba8c", + "https://github.com/libidn/libidn2/compare/libidn2-2.1.0...libidn2-2.1.1", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDQVQ2XPV5BTZUFINT7AFJSKNNBVURNJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MINU5RKDFE6TKAFY5DRFN3WSFDS4DYVS/", + "https://usn.ubuntu.com/4168-1/", + "https://usn.ubuntu.com/usn/usn-4168-1" + ], + "PublishedDate": "2019-10-21T17:15:00Z", + "LastModifiedDate": "2019-10-29T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5094", + "PkgName": "libss2", + "InstalledVersion": "1.44.1-1ubuntu1.1", + "FixedVersion": "1.44.1-1ubuntu1.2", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", + "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", + "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", + "https://seclists.org/bugtraq/2019/Sep/58", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", + "https://usn.ubuntu.com/4142-2/", + "https://usn.ubuntu.com/usn/usn-4142-1", + "https://usn.ubuntu.com/usn/usn-4142-2", + "https://www.debian.org/security/2019/dsa-4535" + ], + "PublishedDate": "2019-09-24T22:15:00Z", + "LastModifiedDate": "2019-09-28T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5188", + "PkgName": "libss2", + "InstalledVersion": "1.44.1-1ubuntu1.1", + "FixedVersion": "1.44.1-1ubuntu1.3", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", + "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", + "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", + "https://usn.ubuntu.com/4249-1/", + "https://usn.ubuntu.com/usn/usn-4249-1" + ], + "PublishedDate": "2020-01-08T16:15:00Z", + "LastModifiedDate": "2020-01-28T06:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-15718", + "PkgName": "libsystemd0", + "InstalledVersion": "237-3ubuntu10.25", + "FixedVersion": "237-3ubuntu10.28", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-15718", + "Title": "systemd: systemd-resolved allows unprivileged users to configure DNS", + "Description": "In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-284" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 2.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-15718.html", + "http://linux.oracle.com/errata/ELSA-2019-3592.html", + "http://www.openwall.com/lists/oss-security/2019/09/03/1", + "https://bugzilla.redhat.com/show_bug.cgi?id=1746057", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15718", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRE5IS24XTF5WNZGH2L7GSQJKARBOEGL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIKGKXZ5OEGOEYURHLJHEMFYNLEGAW5B/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2WNHRJW4XI6H5YMDG4BUFGPAXWUMUVG/", + "https://usn.ubuntu.com/usn/usn-4120-1" + ], + "PublishedDate": "2019-09-04T12:15:00Z", + "LastModifiedDate": "2019-09-19T04:15:00Z" + }, + { + "VulnerabilityID": "CVE-2020-1712", + "PkgName": "libsystemd0", + "InstalledVersion": "237-3ubuntu10.25", + "FixedVersion": "237-3ubuntu10.38", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-1712", + "Title": "systemd: use-after-free when asynchronous polkit queries are performed", + "Description": "A heap use-after-free vulnerability was found in systemd, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.", + "Severity": "MEDIUM", + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2020-1712.html", + "http://linux.oracle.com/errata/ELSA-2020-0575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1712", + "https://usn.ubuntu.com/usn/usn-4269-1" + ] + }, + { + "VulnerabilityID": "CVE-2019-20386", + "PkgName": "libsystemd0", + "InstalledVersion": "237-3ubuntu10.25", + "FixedVersion": "237-3ubuntu10.38", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20386", + "Title": "systemd: a memory leak was discovered in button_open in login/logind-button.c when udev events are received", + "Description": "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.", + "Severity": "LOW", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 2.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20386", + "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad", + "https://security.netapp.com/advisory/ntap-20200210-0002/", + "https://usn.ubuntu.com/4269-1/", + "https://usn.ubuntu.com/usn/usn-4269-1" + ], + "PublishedDate": "2020-01-21T06:15:00Z", + "LastModifiedDate": "2020-02-10T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3843", + "PkgName": "libsystemd0", + "InstalledVersion": "237-3ubuntu10.25", + "FixedVersion": "237-3ubuntu10.38", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3843", + "Title": "systemd: services with DynamicUser can create SUID/SGID binaries", + "Description": "It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.", + "Severity": "LOW", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 4.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/108116", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3843", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3843", + "https://github.com/systemd/systemd-stable/pull/54 (backport for v241-stable)", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5JXQAKSTMABZ46EVCRMW62DHWYHTTFES/", + "https://security.netapp.com/advisory/ntap-20190619-0002/", + "https://usn.ubuntu.com/usn/usn-4269-1" + ], + "PublishedDate": "2019-04-26T21:29:00Z", + "LastModifiedDate": "2019-06-19T10:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3844", + "PkgName": "libsystemd0", + "InstalledVersion": "237-3ubuntu10.25", + "FixedVersion": "237-3ubuntu10.38", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3844", + "Title": "systemd: services with DynamicUser can get new privileges and create SGID binaries", + "Description": "It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.", + "Severity": "LOW", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 4.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/108096", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3844", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3844", + "https://security.netapp.com/advisory/ntap-20190619-0002/", + "https://usn.ubuntu.com/usn/usn-4269-1" + ], + "PublishedDate": "2019-04-26T21:29:00Z", + "LastModifiedDate": "2019-06-19T10:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-15718", + "PkgName": "libudev1", + "InstalledVersion": "237-3ubuntu10.25", + "FixedVersion": "237-3ubuntu10.28", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-15718", + "Title": "systemd: systemd-resolved allows unprivileged users to configure DNS", + "Description": "In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-284" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 2.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-15718.html", + "http://linux.oracle.com/errata/ELSA-2019-3592.html", + "http://www.openwall.com/lists/oss-security/2019/09/03/1", + "https://bugzilla.redhat.com/show_bug.cgi?id=1746057", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15718", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRE5IS24XTF5WNZGH2L7GSQJKARBOEGL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIKGKXZ5OEGOEYURHLJHEMFYNLEGAW5B/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2WNHRJW4XI6H5YMDG4BUFGPAXWUMUVG/", + "https://usn.ubuntu.com/usn/usn-4120-1" + ], + "PublishedDate": "2019-09-04T12:15:00Z", + "LastModifiedDate": "2019-09-19T04:15:00Z" + }, + { + "VulnerabilityID": "CVE-2020-1712", + "PkgName": "libudev1", + "InstalledVersion": "237-3ubuntu10.25", + "FixedVersion": "237-3ubuntu10.38", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-1712", + "Title": "systemd: use-after-free when asynchronous polkit queries are performed", + "Description": "A heap use-after-free vulnerability was found in systemd, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.", + "Severity": "MEDIUM", + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2020-1712.html", + "http://linux.oracle.com/errata/ELSA-2020-0575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1712", + "https://usn.ubuntu.com/usn/usn-4269-1" + ] + }, + { + "VulnerabilityID": "CVE-2019-20386", + "PkgName": "libudev1", + "InstalledVersion": "237-3ubuntu10.25", + "FixedVersion": "237-3ubuntu10.38", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20386", + "Title": "systemd: a memory leak was discovered in button_open in login/logind-button.c when udev events are received", + "Description": "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.", + "Severity": "LOW", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 2.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20386", + "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad", + "https://security.netapp.com/advisory/ntap-20200210-0002/", + "https://usn.ubuntu.com/4269-1/", + "https://usn.ubuntu.com/usn/usn-4269-1" + ], + "PublishedDate": "2020-01-21T06:15:00Z", + "LastModifiedDate": "2020-02-10T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3843", + "PkgName": "libudev1", + "InstalledVersion": "237-3ubuntu10.25", + "FixedVersion": "237-3ubuntu10.38", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3843", + "Title": "systemd: services with DynamicUser can create SUID/SGID binaries", + "Description": "It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.", + "Severity": "LOW", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 4.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/108116", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3843", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3843", + "https://github.com/systemd/systemd-stable/pull/54 (backport for v241-stable)", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5JXQAKSTMABZ46EVCRMW62DHWYHTTFES/", + "https://security.netapp.com/advisory/ntap-20190619-0002/", + "https://usn.ubuntu.com/usn/usn-4269-1" + ], + "PublishedDate": "2019-04-26T21:29:00Z", + "LastModifiedDate": "2019-06-19T10:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3844", + "PkgName": "libudev1", + "InstalledVersion": "237-3ubuntu10.25", + "FixedVersion": "237-3ubuntu10.38", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3844", + "Title": "systemd: services with DynamicUser can get new privileges and create SGID binaries", + "Description": "It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.", + "Severity": "LOW", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 4.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/108096", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3844", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3844", + "https://security.netapp.com/advisory/ntap-20190619-0002/", + "https://usn.ubuntu.com/usn/usn-4269-1" + ], + "PublishedDate": "2019-04-26T21:29:00Z", + "LastModifiedDate": "2019-06-19T10:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11922", + "PkgName": "libzstd1", + "InstalledVersion": "1.3.3+dfsg-2ubuntu1", + "FixedVersion": "1.3.3+dfsg-2ubuntu1.1", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11922", + "Description": "A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-362" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.1 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00008.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00062.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11922", + "https://github.com/facebook/zstd/commit/3e5cdf1b6a85843e991d7d10f6a2567c15580da0", + "https://github.com/facebook/zstd/pull/1404/commits/3e5cdf1b6a85843e991d7d10f6a2567c15580da0", + "https://usn.ubuntu.com/usn/usn-4108-1", + "https://www.facebook.com/security/advisories/cve-2019-11922" + ], + "PublishedDate": "2019-07-25T21:15:00Z", + "LastModifiedDate": "2019-08-12T21:15:00Z" + } + ] + } + ] +} \ No newline at end of file diff --git a/integration/testdata/ubuntu-1804.json.golden b/integration/testdata/ubuntu-1804.json.golden index ef9f1b0cea..d9071f430c 100644 --- a/integration/testdata/ubuntu-1804.json.golden +++ b/integration/testdata/ubuntu-1804.json.golden @@ -1,3121 +1,3188 @@ -[ - { - "Target": "testdata/fixtures/images/ubuntu-1804.tar.gz (ubuntu 18.04)", - "Class": "os-pkgs", - "Type": "ubuntu", - "Vulnerabilities": [ - { - "VulnerabilityID": "CVE-2019-18276", - "PkgName": "bash", - "InstalledVersion": "4.4.18-2ubuntu1.2", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" +{ + "SchemaVersion": 2, + "ArtifactName": "testdata/fixtures/images/ubuntu-1804.tar.gz", + "ArtifactType": "container_image", + "Metadata": { + "OS": { + "Family": "ubuntu", + "Name": "18.04" + }, + "ImageID": "sha256:a2a15febcdf362f6115e801d37b5e60d6faaeedcb9896155e5fe9d754025be12", + "DiffIDs": [ + "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f", + "sha256:f7eae43028b334123c3a1d778f7bdf9783bbe651c8b15371df0120fd13ec35c5", + "sha256:7beb13bce073c21c9ee608acb13c7e851845245dc76ce81b418fdf580c45076b", + "sha256:122be11ab4a29e554786b4a1ec4764dd55656b59d6228a0a3de78eaf5c1f226c" + ], + "ImageConfig": { + "architecture": "amd64", + "container": "41b694b9b42f9c5ef7fb40c24272927a727a6d6cb8120bb3eae5849ceb9bee77", + "created": "2019-08-15T07:28:14.830150536Z", + "docker_version": "18.06.1-ce", + "history": [ + { + "created": "2019-08-15T07:28:12.433344678Z", + "created_by": "/bin/sh -c #(nop) ADD file:c477cb0e95c56b51e0b7353f3805165393689902b82a41bbe77dbef4b31667e1 in / " }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18276", - "Title": "bash: when effective UID is not equal to its real UID the saved UID is not dropped", - "Description": "An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support \"saved UID\" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use \"enable -f\" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.", - "Severity": "LOW", - "CweIDs": [ - "CWE-273" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V2Score": 7.2 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } + { + "created": "2019-08-15T07:28:13.20852008Z", + "created_by": "/bin/sh -c [ -z \"$(apt-get indextargets)\" ]" }, - "References": [ - "http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276", - "https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff", - "https://www.youtube.com/watch?v=-wGtxJ8opa8" - ], - "PublishedDate": "2019-11-28T01:15:00Z", - "LastModifiedDate": "2020-01-22T14:27:00Z" - }, - { - "VulnerabilityID": "CVE-2018-7738", - "PkgName": "bsdutils", - "InstalledVersion": "2.31.1-0.4ubuntu3.3", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + { + "created": "2019-08-15T07:28:13.964607567Z", + "created_by": "/bin/sh -c set -xe \t\t\u0026\u0026 echo '#!/bin/sh' \u003e /usr/sbin/policy-rc.d \t\u0026\u0026 echo 'exit 101' \u003e\u003e /usr/sbin/policy-rc.d \t\u0026\u0026 chmod +x /usr/sbin/policy-rc.d \t\t\u0026\u0026 dpkg-divert --local --rename --add /sbin/initctl \t\u0026\u0026 cp -a /usr/sbin/policy-rc.d /sbin/initctl \t\u0026\u0026 sed -i 's/^exit.*/exit 0/' /sbin/initctl \t\t\u0026\u0026 echo 'force-unsafe-io' \u003e /etc/dpkg/dpkg.cfg.d/docker-apt-speedup \t\t\u0026\u0026 echo 'DPkg::Post-Invoke { \"rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true\"; };' \u003e /etc/apt/apt.conf.d/docker-clean \t\u0026\u0026 echo 'APT::Update::Post-Invoke { \"rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true\"; };' \u003e\u003e /etc/apt/apt.conf.d/docker-clean \t\u0026\u0026 echo 'Dir::Cache::pkgcache \"\"; Dir::Cache::srcpkgcache \"\";' \u003e\u003e /etc/apt/apt.conf.d/docker-clean \t\t\u0026\u0026 echo 'Acquire::Languages \"none\";' \u003e /etc/apt/apt.conf.d/docker-no-languages \t\t\u0026\u0026 echo 'Acquire::GzipIndexes \"true\"; Acquire::CompressionTypes::Order:: \"gz\";' \u003e /etc/apt/apt.conf.d/docker-gzip-indexes \t\t\u0026\u0026 echo 'Apt::AutoRemove::SuggestsImportant \"false\";' \u003e /etc/apt/apt.conf.d/docker-autoremove-suggests" }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7738", - "Title": "util-linux: Shell command injection in unescaped bash-completed mount point names", - "Description": "In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 6.7 - } + { + "created": "2019-08-15T07:28:14.64282638Z", + "created_by": "/bin/sh -c mkdir -p /run/systemd \u0026\u0026 echo 'docker' \u003e /run/systemd/container" }, - "References": [ - "http://www.securityfocus.com/bid/103367", - "https://bugs.debian.org/892179", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7738", - "https://github.com/karelzak/util-linux/commit/75f03badd7ed9f1dd951863d75e756883d3acc55", - "https://github.com/karelzak/util-linux/issues/539", - "https://www.debian.org/security/2018/dsa-4134" - ], - "PublishedDate": "2018-03-07T02:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2781", - "PkgName": "coreutils", - "InstalledVersion": "8.28-1ubuntu1", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2781", - "Title": "coreutils: Non-privileged session can escape to the parent session in chroot", - "Description": "chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", - "V2Score": 2.1, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 6.2, - "V3Score": 8.6 - } - }, - "References": [ - "http://seclists.org/oss-sec/2016/q1/452", - "http://www.openwall.com/lists/oss-security/2016/02/28/2", - "http://www.openwall.com/lists/oss-security/2016/02/28/3", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2781" - ], - "PublishedDate": "2017-02-07T15:59:00Z", - "LastModifiedDate": "2017-02-27T19:32:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8283", - "PkgName": "dpkg", - "InstalledVersion": "1.19.0.5ubuntu2.1", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8283", - "Description": "dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.", - "Severity": "LOW", - "CweIDs": [ - "CWE-22" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/04/20/2", - "http://www.securityfocus.com/bid/98064", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8283" - ], - "PublishedDate": "2017-04-26T05:59:00Z", - "LastModifiedDate": "2017-05-10T17:46:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5094", - "PkgName": "e2fsprogs", - "InstalledVersion": "1.44.1-1ubuntu1.1", - "FixedVersion": "1.44.1-1ubuntu1.2", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", - "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", - "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 6.4 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", - "https://seclists.org/bugtraq/2019/Sep/58", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", - "https://usn.ubuntu.com/4142-2/", - "https://usn.ubuntu.com/usn/usn-4142-1", - "https://usn.ubuntu.com/usn/usn-4142-2", - "https://www.debian.org/security/2019/dsa-4535" - ], - "PublishedDate": "2019-09-24T22:15:00Z", - "LastModifiedDate": "2019-09-28T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5188", - "PkgName": "e2fsprogs", - "InstalledVersion": "1.44.1-1ubuntu1.1", - "FixedVersion": "1.44.1-1ubuntu1.3", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", - "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", - "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", - "https://usn.ubuntu.com/4249-1/", - "https://usn.ubuntu.com/usn/usn-4249-1" - ], - "PublishedDate": "2020-01-08T16:15:00Z", - "LastModifiedDate": "2020-01-28T06:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-7738", - "PkgName": "fdisk", - "InstalledVersion": "2.31.1-0.4ubuntu3.3", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7738", - "Title": "util-linux: Shell command injection in unescaped bash-completed mount point names", - "Description": "In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 6.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/103367", - "https://bugs.debian.org/892179", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7738", - "https://github.com/karelzak/util-linux/commit/75f03badd7ed9f1dd951863d75e756883d3acc55", - "https://github.com/karelzak/util-linux/issues/539", - "https://www.debian.org/security/2018/dsa-4134" - ], - "PublishedDate": "2018-03-07T02:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13050", - "PkgName": "gpgv", - "InstalledVersion": "2.2.4-1ubuntu1.2", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13050", - "Title": "GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack which leads to persistent DoS", - "Description": "Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-297" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "https://access.redhat.com/articles/4264021", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13050", - "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f", - "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html", - "https://twitter.com/lambdafu/status/1147162583969009664" - ], - "PublishedDate": "2019-06-29T17:15:00Z", - "LastModifiedDate": "2019-07-09T20:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-14855", - "PkgName": "gpgv", - "InstalledVersion": "2.2.4-1ubuntu1.2", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14855", - "Description": "Web of Trust forgeries using collisions in SHA-1 signatures.", - "Severity": "LOW", - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14855", - "https://eprint.iacr.org/2020/014.pdf" + { + "created": "2019-08-15T07:28:14.830150536Z", + "created_by": "/bin/sh -c #(nop) CMD [\"/bin/bash\"]", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f", + "sha256:f7eae43028b334123c3a1d778f7bdf9783bbe651c8b15371df0120fd13ec35c5", + "sha256:7beb13bce073c21c9ee608acb13c7e851845245dc76ce81b418fdf580c45076b", + "sha256:122be11ab4a29e554786b4a1ec4764dd55656b59d6228a0a3de78eaf5c1f226c" ] }, - { - "VulnerabilityID": "CVE-2018-7738", - "PkgName": "libblkid1", - "InstalledVersion": "2.31.1-0.4ubuntu3.3", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7738", - "Title": "util-linux: Shell command injection in unescaped bash-completed mount point names", - "Description": "In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 6.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/103367", - "https://bugs.debian.org/892179", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7738", - "https://github.com/karelzak/util-linux/commit/75f03badd7ed9f1dd951863d75e756883d3acc55", - "https://github.com/karelzak/util-linux/issues/539", - "https://www.debian.org/security/2018/dsa-4134" + "config": { + "Cmd": [ + "/bin/bash" ], - "PublishedDate": "2018-03-07T02:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-11236", - "PkgName": "libc-bin", - "InstalledVersion": "2.27-3ubuntu1", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-11236", - "Title": "glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow", - "Description": "stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-11236.html", - "http://linux.oracle.com/errata/ELSA-2018-3092.html", - "http://www.securityfocus.com/bid/104255", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3092", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11236", - "https://security.netapp.com/advisory/ntap-20190329-0001/", - "https://security.netapp.com/advisory/ntap-20190401-0001/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22786", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5460617d1567657621107d895ee2dd83bc1f88f2", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-05-18T16:29:00Z", - "LastModifiedDate": "2019-04-25T18:43:00Z" - }, - { - "VulnerabilityID": "CVE-2018-11237", - "PkgName": "libc-bin", - "InstalledVersion": "2.27-3ubuntu1", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-11237", - "Title": "glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper", - "Description": "An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-11237.html", - "http://linux.oracle.com/errata/ELSA-2018-3092.html", - "http://www.securityfocus.com/bid/104256", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3092", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11237", - "https://security.netapp.com/advisory/ntap-20190329-0001/", - "https://security.netapp.com/advisory/ntap-20190401-0001/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23196", - "https://www.exploit-db.com/exploits/44750/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-05-18T16:29:00Z", - "LastModifiedDate": "2019-04-25T18:44:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19591", - "PkgName": "libc-bin", - "InstalledVersion": "2.27-3ubuntu1", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19591", - "Title": "glibc: file descriptor leak in if_nametoindex() in sysdeps/unix/sysv/linux/if_index.c", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106037", - "http://www.securitytracker.com/id/1042174", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19591", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BO7WHN52GFMC5F2I2232GFIPSSXWFV7G/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M52KE4YR3GNMHQUOS3DKAGZD5TQ5D5UH/", - "https://security.gentoo.org/glsa/201903-09", - "https://security.netapp.com/advisory/ntap-20190321-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23927", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=NEWS;hb=HEAD", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d527c860f5a3f0ed687bd03f0cb464612dc23408" - ], - "PublishedDate": "2018-12-04T16:29:00Z", - "LastModifiedDate": "2019-03-21T20:29:00Z" - }, - { - "VulnerabilityID": "CVE-2009-5155", - "PkgName": "libc-bin", - "InstalledVersion": "2.27-3ubuntu1", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2009-5155", - "Title": "glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result", - "Description": "In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.", - "Severity": "LOW", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5155", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=11053", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18986", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672", - "https://support.f5.com/csp/article/K64119434" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-03-25T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8985", - "PkgName": "libc-bin", - "InstalledVersion": "2.27-3ubuntu1", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8985", - "Title": "glibc: potential denial of service in pop_fail_stack()", - "Description": "The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.", - "Severity": "LOW", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/76916", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8985", - "https://security.gentoo.org/glsa/201908-06" - ], - "PublishedDate": "2017-03-20T16:59:00Z", - "LastModifiedDate": "2019-08-15T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10228", - "PkgName": "libc-bin", - "InstalledVersion": "2.27-3ubuntu1", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228", - "Title": "glibc: iconv program can hang when invoked with the -c option", - "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2017/03/01/10", - "http://www.securityfocus.com/bid/96525", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228", - "https://sourceware.org/bugzilla/show_bug.cgi?id=19519" - ], - "PublishedDate": "2017-03-02T01:59:00Z", - "LastModifiedDate": "2017-03-04T02:59:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10739", - "PkgName": "libc-bin", - "InstalledVersion": "2.27-3ubuntu1", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10739", - "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4.6, - "V3Score": 5.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-10739.html", - "http://linux.oracle.com/errata/ELSA-2019-3513.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html", - "http://www.securityfocus.com/bid/106672", - "https://access.redhat.com/errata/RHSA-2019:2118", - "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20018" - ], - "PublishedDate": "2019-01-21T19:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20796", - "PkgName": "libc-bin", - "InstalledVersion": "2.27-3ubuntu1", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20796", - "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", - "Severity": "LOW", - "CweIDs": [ - "CWE-674" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", - "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-11-05T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7309", - "PkgName": "libc-bin", - "InstalledVersion": "2.27-3ubuntu1", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7309", - "Title": "glibc: memcmp function incorrectly returns zero", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 2.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106835", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7309", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24155", - "https://sourceware.org/ml/libc-alpha/2019-02/msg00041.html", - "https://sourceware.org/ml/libc-alpha/2019-02/msg00063.html" - ], - "PublishedDate": "2019-02-03T02:29:00Z", - "LastModifiedDate": "2019-02-27T18:07:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9169", - "PkgName": "libc-bin", - "InstalledVersion": "2.27-3ubuntu1", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9169", - "Title": "glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24114", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9", - "https://support.f5.com/csp/article/K54823184" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-04-16T05:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9192", - "PkgName": "libc-bin", - "InstalledVersion": "2.27-3ubuntu1", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9192", - "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", - "Description": "** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.8 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" - ], - "PublishedDate": "2019-02-26T18:29:00Z", - "LastModifiedDate": "2019-11-05T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-11236", - "PkgName": "libc6", - "InstalledVersion": "2.27-3ubuntu1", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-11236", - "Title": "glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow", - "Description": "stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-11236.html", - "http://linux.oracle.com/errata/ELSA-2018-3092.html", - "http://www.securityfocus.com/bid/104255", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3092", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11236", - "https://security.netapp.com/advisory/ntap-20190329-0001/", - "https://security.netapp.com/advisory/ntap-20190401-0001/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22786", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5460617d1567657621107d895ee2dd83bc1f88f2", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-05-18T16:29:00Z", - "LastModifiedDate": "2019-04-25T18:43:00Z" - }, - { - "VulnerabilityID": "CVE-2018-11237", - "PkgName": "libc6", - "InstalledVersion": "2.27-3ubuntu1", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-11237", - "Title": "glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper", - "Description": "An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-11237.html", - "http://linux.oracle.com/errata/ELSA-2018-3092.html", - "http://www.securityfocus.com/bid/104256", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3092", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11237", - "https://security.netapp.com/advisory/ntap-20190329-0001/", - "https://security.netapp.com/advisory/ntap-20190401-0001/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23196", - "https://www.exploit-db.com/exploits/44750/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-05-18T16:29:00Z", - "LastModifiedDate": "2019-04-25T18:44:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19591", - "PkgName": "libc6", - "InstalledVersion": "2.27-3ubuntu1", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19591", - "Title": "glibc: file descriptor leak in if_nametoindex() in sysdeps/unix/sysv/linux/if_index.c", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106037", - "http://www.securitytracker.com/id/1042174", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19591", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BO7WHN52GFMC5F2I2232GFIPSSXWFV7G/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M52KE4YR3GNMHQUOS3DKAGZD5TQ5D5UH/", - "https://security.gentoo.org/glsa/201903-09", - "https://security.netapp.com/advisory/ntap-20190321-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23927", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=NEWS;hb=HEAD", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d527c860f5a3f0ed687bd03f0cb464612dc23408" - ], - "PublishedDate": "2018-12-04T16:29:00Z", - "LastModifiedDate": "2019-03-21T20:29:00Z" - }, - { - "VulnerabilityID": "CVE-2009-5155", - "PkgName": "libc6", - "InstalledVersion": "2.27-3ubuntu1", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2009-5155", - "Title": "glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result", - "Description": "In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.", - "Severity": "LOW", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5155", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=11053", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18986", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672", - "https://support.f5.com/csp/article/K64119434" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-03-25T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8985", - "PkgName": "libc6", - "InstalledVersion": "2.27-3ubuntu1", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8985", - "Title": "glibc: potential denial of service in pop_fail_stack()", - "Description": "The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.", - "Severity": "LOW", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/76916", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8985", - "https://security.gentoo.org/glsa/201908-06" - ], - "PublishedDate": "2017-03-20T16:59:00Z", - "LastModifiedDate": "2019-08-15T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10228", - "PkgName": "libc6", - "InstalledVersion": "2.27-3ubuntu1", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228", - "Title": "glibc: iconv program can hang when invoked with the -c option", - "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2017/03/01/10", - "http://www.securityfocus.com/bid/96525", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228", - "https://sourceware.org/bugzilla/show_bug.cgi?id=19519" - ], - "PublishedDate": "2017-03-02T01:59:00Z", - "LastModifiedDate": "2017-03-04T02:59:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10739", - "PkgName": "libc6", - "InstalledVersion": "2.27-3ubuntu1", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10739", - "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4.6, - "V3Score": 5.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-10739.html", - "http://linux.oracle.com/errata/ELSA-2019-3513.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html", - "http://www.securityfocus.com/bid/106672", - "https://access.redhat.com/errata/RHSA-2019:2118", - "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20018" - ], - "PublishedDate": "2019-01-21T19:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20796", - "PkgName": "libc6", - "InstalledVersion": "2.27-3ubuntu1", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20796", - "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", - "Severity": "LOW", - "CweIDs": [ - "CWE-674" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", - "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-11-05T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7309", - "PkgName": "libc6", - "InstalledVersion": "2.27-3ubuntu1", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7309", - "Title": "glibc: memcmp function incorrectly returns zero", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 2.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106835", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7309", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24155", - "https://sourceware.org/ml/libc-alpha/2019-02/msg00041.html", - "https://sourceware.org/ml/libc-alpha/2019-02/msg00063.html" - ], - "PublishedDate": "2019-02-03T02:29:00Z", - "LastModifiedDate": "2019-02-27T18:07:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9169", - "PkgName": "libc6", - "InstalledVersion": "2.27-3ubuntu1", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9169", - "Title": "glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24114", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9", - "https://support.f5.com/csp/article/K54823184" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-04-16T05:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9192", - "PkgName": "libc6", - "InstalledVersion": "2.27-3ubuntu1", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9192", - "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", - "Description": "** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.8 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" - ], - "PublishedDate": "2019-02-26T18:29:00Z", - "LastModifiedDate": "2019-11-05T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5094", - "PkgName": "libcom-err2", - "InstalledVersion": "1.44.1-1ubuntu1.1", - "FixedVersion": "1.44.1-1ubuntu1.2", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", - "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", - "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 6.4 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", - "https://seclists.org/bugtraq/2019/Sep/58", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", - "https://usn.ubuntu.com/4142-2/", - "https://usn.ubuntu.com/usn/usn-4142-1", - "https://usn.ubuntu.com/usn/usn-4142-2", - "https://www.debian.org/security/2019/dsa-4535" - ], - "PublishedDate": "2019-09-24T22:15:00Z", - "LastModifiedDate": "2019-09-28T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5188", - "PkgName": "libcom-err2", - "InstalledVersion": "1.44.1-1ubuntu1.1", - "FixedVersion": "1.44.1-1ubuntu1.3", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", - "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", - "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", - "https://usn.ubuntu.com/4249-1/", - "https://usn.ubuntu.com/usn/usn-4249-1" - ], - "PublishedDate": "2020-01-08T16:15:00Z", - "LastModifiedDate": "2020-01-28T06:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5094", - "PkgName": "libext2fs2", - "InstalledVersion": "1.44.1-1ubuntu1.1", - "FixedVersion": "1.44.1-1ubuntu1.2", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", - "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", - "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 6.4 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", - "https://seclists.org/bugtraq/2019/Sep/58", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", - "https://usn.ubuntu.com/4142-2/", - "https://usn.ubuntu.com/usn/usn-4142-1", - "https://usn.ubuntu.com/usn/usn-4142-2", - "https://www.debian.org/security/2019/dsa-4535" - ], - "PublishedDate": "2019-09-24T22:15:00Z", - "LastModifiedDate": "2019-09-28T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5188", - "PkgName": "libext2fs2", - "InstalledVersion": "1.44.1-1ubuntu1.1", - "FixedVersion": "1.44.1-1ubuntu1.3", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", - "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", - "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", - "https://usn.ubuntu.com/4249-1/", - "https://usn.ubuntu.com/usn/usn-4249-1" - ], - "PublishedDate": "2020-01-08T16:15:00Z", - "LastModifiedDate": "2020-01-28T06:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-7738", - "PkgName": "libfdisk1", - "InstalledVersion": "2.31.1-0.4ubuntu3.3", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7738", - "Title": "util-linux: Shell command injection in unescaped bash-completed mount point names", - "Description": "In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 6.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/103367", - "https://bugs.debian.org/892179", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7738", - "https://github.com/karelzak/util-linux/commit/75f03badd7ed9f1dd951863d75e756883d3acc55", - "https://github.com/karelzak/util-linux/issues/539", - "https://www.debian.org/security/2018/dsa-4134" - ], - "PublishedDate": "2018-03-07T02:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13627", - "PkgName": "libgcrypt20", - "InstalledVersion": "1.8.1-4ubuntu1.1", - "FixedVersion": "1.8.1-4ubuntu1.2", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13627", - "Title": "libgcrypt: ECDSA timing attack in the libgcrypt20 cryptographic library", - "Description": "It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-362" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", - "V3Score": 6.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00060.html", - "http://www.openwall.com/lists/oss-security/2019/10/02/2", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13627", - "https://dev.gnupg.org/T4683", - "https://github.com/gpg/libgcrypt/releases/tag/libgcrypt-1.8.5", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00024.html", - "https://minerva.crocs.fi.muni.cz/", - "https://security-tracker.debian.org/tracker/CVE-2019-13627", - "https://usn.ubuntu.com/usn/usn-4236-1", - "https://usn.ubuntu.com/usn/usn-4236-2", - "https://usn.ubuntu.com/usn/usn-4236-3" - ], - "PublishedDate": "2019-09-25T15:15:00Z", - "LastModifiedDate": "2019-10-03T00:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-12904", - "PkgName": "libgcrypt20", - "InstalledVersion": "1.8.1-4ubuntu1.1", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12904", - "Title": "Libgcrypt: physical addresses being available to other processes leads to a flush-and-reload side-channel attack", - "Description": "In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.)", - "Severity": "LOW", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00049.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12904", - "https://dev.gnupg.org/T4541", - "https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020", - "https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762", - "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html" - ], - "PublishedDate": "2019-06-20T00:15:00Z", - "LastModifiedDate": "2019-07-23T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16868", - "PkgName": "libgnutls30", - "InstalledVersion": "3.5.18-1ubuntu1.1", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16868", - "Title": "gnutls: Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification and padding oracle verification", - "Description": "A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.", - "Severity": "LOW", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N", - "V2Score": 3.3, - "V3Score": 5.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", - "V3Score": 4.7 - } - }, - "References": [ - "http://cat.eyalro.net/", - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00068.html", - "http://www.securityfocus.com/bid/106080", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16868", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16868" - ], - "PublishedDate": "2018-12-03T14:29:00Z", - "LastModifiedDate": "2019-05-30T14:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16869", - "PkgName": "libhogweed4", - "InstalledVersion": "3.4-1", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16869", - "Title": "nettle: Leaky data conversion exposing a manager oracle", - "Description": "A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.", - "Severity": "LOW", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N", - "V2Score": 3.3, - "V3Score": 5.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", - "V3Score": 4.7 - } - }, - "References": [ - "http://cat.eyalro.net/", - "http://www.securityfocus.com/bid/106092", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16869", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16869", - "https://lists.debian.org/debian-lts/2019/03/msg00021.html", - "https://lists.lysator.liu.se/pipermail/nettle-bugs/2018/007363.html" - ], - "PublishedDate": "2018-12-03T14:29:00Z", - "LastModifiedDate": "2019-10-09T23:36:00Z" - }, - { - "VulnerabilityID": "CVE-2019-12290", - "PkgName": "libidn2-0", - "InstalledVersion": "2.0.4-1.1build2", - "FixedVersion": "2.0.4-1.1ubuntu0.2", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12290", - "Description": "GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V2Score": 5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12290", - "https://gitlab.com/libidn/libidn2/commit/241e8f486134793cb0f4a5b0e5817a97883401f5", - "https://gitlab.com/libidn/libidn2/commit/614117ef6e4c60e1950d742e3edf0a0ef8d389de", - "https://gitlab.com/libidn/libidn2/merge_requests/71", - "https://usn.ubuntu.com/4168-1/", - "https://usn.ubuntu.com/usn/usn-4168-1" - ], - "PublishedDate": "2019-10-22T16:15:00Z", - "LastModifiedDate": "2019-10-29T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-18224", - "PkgName": "libidn2-0", - "InstalledVersion": "2.0.4-1.1build2", - "FixedVersion": "2.0.4-1.1ubuntu0.2", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18224", - "Title": "libidn2: heap-based buffer overflow in idn2_to_ascii_4i in lib/lookup.c", - "Description": "idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.6 - } - }, - "References": [ - "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12420", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18224", - "https://github.com/libidn/libidn2/commit/e4d1558aa2c1c04a05066ee8600f37603890ba8c", - "https://github.com/libidn/libidn2/compare/libidn2-2.1.0...libidn2-2.1.1", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDQVQ2XPV5BTZUFINT7AFJSKNNBVURNJ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MINU5RKDFE6TKAFY5DRFN3WSFDS4DYVS/", - "https://usn.ubuntu.com/4168-1/", - "https://usn.ubuntu.com/usn/usn-4168-1" - ], - "PublishedDate": "2019-10-21T17:15:00Z", - "LastModifiedDate": "2019-10-29T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17543", - "PkgName": "liblz4-1", - "InstalledVersion": "0.0~r131-2ubuntu3", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17543", - "Title": "lz4: heap-based buffer overflow in LZ4_write32", - "Description": "LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states \"only a few specific / uncommon usages of the API are at risk.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-120" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00069.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00070.html", - "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15941", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17543", - "https://github.com/lz4/lz4/compare/v1.9.1...v1.9.2", - "https://github.com/lz4/lz4/issues/801", - "https://github.com/lz4/lz4/pull/756", - "https://github.com/lz4/lz4/pull/760", - "https://lists.apache.org/thread.html/25015588b770d67470b7ba7ea49a305d6735dd7f00eabe7d50ec1e17@%3Cissues.arrow.apache.org%3E", - "https://lists.apache.org/thread.html/793012683dc0fa6819b7c2560e6cf990811014c40c7d75412099c357@%3Cissues.arrow.apache.org%3E", - "https://lists.apache.org/thread.html/9ff0606d16be2ab6a81619e1c9e23c3e251756638e36272c8c8b7fa3@%3Cissues.arrow.apache.org%3E", - "https://lists.apache.org/thread.html/f0038c4fab2ee25aee849ebeff6b33b3aa89e07ccfb06b5c87b36316@%3Cissues.arrow.apache.org%3E", - "https://lists.apache.org/thread.html/f506bc371d4a068d5d84d7361293568f61167d3a1c3e91f0def2d7d3@%3Cdev.arrow.apache.org%3E" - ], - "PublishedDate": "2019-10-14T02:15:00Z", - "LastModifiedDate": "2019-10-24T15:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-7738", - "PkgName": "libmount1", - "InstalledVersion": "2.31.1-0.4ubuntu3.3", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7738", - "Title": "util-linux: Shell command injection in unescaped bash-completed mount point names", - "Description": "In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 6.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/103367", - "https://bugs.debian.org/892179", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7738", - "https://github.com/karelzak/util-linux/commit/75f03badd7ed9f1dd951863d75e756883d3acc55", - "https://github.com/karelzak/util-linux/issues/539", - "https://www.debian.org/security/2018/dsa-4134" - ], - "PublishedDate": "2018-03-07T02:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17594", - "PkgName": "libncurses5", - "InstalledVersion": "6.1-1ubuntu1.18.04", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", - "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-26T15:35:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17595", - "PkgName": "libncurses5", - "InstalledVersion": "6.1-1ubuntu1.18.04", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", - "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-23T19:26:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17594", - "PkgName": "libncursesw5", - "InstalledVersion": "6.1-1ubuntu1.18.04", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", - "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-26T15:35:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17595", - "PkgName": "libncursesw5", - "InstalledVersion": "6.1-1ubuntu1.18.04", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", - "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-23T19:26:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16869", - "PkgName": "libnettle6", - "InstalledVersion": "3.4-1", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16869", - "Title": "nettle: Leaky data conversion exposing a manager oracle", - "Description": "A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.", - "Severity": "LOW", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N", - "V2Score": 3.3, - "V3Score": 5.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", - "V3Score": 4.7 - } - }, - "References": [ - "http://cat.eyalro.net/", - "http://www.securityfocus.com/bid/106092", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16869", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16869", - "https://lists.debian.org/debian-lts/2019/03/msg00021.html", - "https://lists.lysator.liu.se/pipermail/nettle-bugs/2018/007363.html" - ], - "PublishedDate": "2018-12-03T14:29:00Z", - "LastModifiedDate": "2019-10-09T23:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11164", - "PkgName": "libpcre3", - "InstalledVersion": "2:8.39-9", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11164", - "Title": "pcre: OP_KETRMAX feature in the match function in pcre_exec.c", - "Description": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.", - "Severity": "LOW", - "CweIDs": [ - "CWE-674" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 7.8, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2017/07/11/3", - "http://www.securityfocus.com/bid/99575", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164" - ], - "PublishedDate": "2017-07-11T03:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7245", - "PkgName": "libpcre3", - "InstalledVersion": "2:8.39-9", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7245", - "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", - "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97067", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7245", - "https://security.gentoo.org/glsa/201710-25" - ], - "PublishedDate": "2017-03-23T21:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7246", - "PkgName": "libpcre3", - "InstalledVersion": "2:8.39-9", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7246", - "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", - "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97067", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7246", - "https://security.gentoo.org/glsa/201710-25" - ], - "PublishedDate": "2017-03-23T21:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-7738", - "PkgName": "libsmartcols1", - "InstalledVersion": "2.31.1-0.4ubuntu3.3", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7738", - "Title": "util-linux: Shell command injection in unescaped bash-completed mount point names", - "Description": "In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 6.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/103367", - "https://bugs.debian.org/892179", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7738", - "https://github.com/karelzak/util-linux/commit/75f03badd7ed9f1dd951863d75e756883d3acc55", - "https://github.com/karelzak/util-linux/issues/539", - "https://www.debian.org/security/2018/dsa-4134" - ], - "PublishedDate": "2018-03-07T02:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5094", - "PkgName": "libss2", - "InstalledVersion": "1.44.1-1ubuntu1.1", - "FixedVersion": "1.44.1-1ubuntu1.2", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", - "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", - "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 6.4 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", - "https://seclists.org/bugtraq/2019/Sep/58", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", - "https://usn.ubuntu.com/4142-2/", - "https://usn.ubuntu.com/usn/usn-4142-1", - "https://usn.ubuntu.com/usn/usn-4142-2", - "https://www.debian.org/security/2019/dsa-4535" - ], - "PublishedDate": "2019-09-24T22:15:00Z", - "LastModifiedDate": "2019-09-28T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5188", - "PkgName": "libss2", - "InstalledVersion": "1.44.1-1ubuntu1.1", - "FixedVersion": "1.44.1-1ubuntu1.3", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", - "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", - "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", - "https://usn.ubuntu.com/4249-1/", - "https://usn.ubuntu.com/usn/usn-4249-1" - ], - "PublishedDate": "2020-01-08T16:15:00Z", - "LastModifiedDate": "2020-01-28T06:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20839", - "PkgName": "libsystemd0", - "InstalledVersion": "237-3ubuntu10.25", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20839", - "Title": "systemd: mishandling of the current keyboard mode check leading to passwords being disclosed in cleartext to attacker", - "Description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 6.4 - } - }, - "References": [ - "http://www.securityfocus.com/bid/108389", - "https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1803993", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20839", - "https://github.com/systemd/systemd/commit/9725f1a10f80f5e0ae7d9b60547458622aeb322f", - "https://github.com/systemd/systemd/pull/12378", - "https://github.com/systemd/systemd/pull/13109", - "https://security.netapp.com/advisory/ntap-20190530-0002/" - ], - "PublishedDate": "2019-05-17T04:29:00Z", - "LastModifiedDate": "2019-05-30T08:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-15718", - "PkgName": "libsystemd0", - "InstalledVersion": "237-3ubuntu10.25", - "FixedVersion": "237-3ubuntu10.28", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-15718", - "Title": "systemd: systemd-resolved allows unprivileged users to configure DNS", - "Description": "In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-284" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 2.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-15718.html", - "http://linux.oracle.com/errata/ELSA-2019-3592.html", - "http://www.openwall.com/lists/oss-security/2019/09/03/1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1746057", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15718", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRE5IS24XTF5WNZGH2L7GSQJKARBOEGL/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIKGKXZ5OEGOEYURHLJHEMFYNLEGAW5B/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2WNHRJW4XI6H5YMDG4BUFGPAXWUMUVG/", - "https://usn.ubuntu.com/usn/usn-4120-1" - ], - "PublishedDate": "2019-09-04T12:15:00Z", - "LastModifiedDate": "2019-09-19T04:15:00Z" - }, - { - "VulnerabilityID": "CVE-2020-1712", - "PkgName": "libsystemd0", - "InstalledVersion": "237-3ubuntu10.25", - "FixedVersion": "237-3ubuntu10.38", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-1712", - "Title": "systemd: use-after-free when asynchronous polkit queries are performed", - "Description": "A heap use-after-free vulnerability was found in systemd, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.", - "Severity": "MEDIUM", - "CVSS": { - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2020-1712.html", - "http://linux.oracle.com/errata/ELSA-2020-0575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1712", - "https://usn.ubuntu.com/usn/usn-4269-1" - ] - }, - { - "VulnerabilityID": "CVE-2019-20386", - "PkgName": "libsystemd0", - "InstalledVersion": "237-3ubuntu10.25", - "FixedVersion": "237-3ubuntu10.38", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20386", - "Title": "systemd: a memory leak was discovered in button_open in login/logind-button.c when udev events are received", - "Description": "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 2.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20386", - "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad", - "https://security.netapp.com/advisory/ntap-20200210-0002/", - "https://usn.ubuntu.com/4269-1/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2020-01-21T06:15:00Z", - "LastModifiedDate": "2020-02-10T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3843", - "PkgName": "libsystemd0", - "InstalledVersion": "237-3ubuntu10.25", - "FixedVersion": "237-3ubuntu10.38", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3843", - "Title": "systemd: services with DynamicUser can create SUID/SGID binaries", - "Description": "It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 4.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/108116", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3843", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3843", - "https://github.com/systemd/systemd-stable/pull/54 (backport for v241-stable)", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5JXQAKSTMABZ46EVCRMW62DHWYHTTFES/", - "https://security.netapp.com/advisory/ntap-20190619-0002/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2019-04-26T21:29:00Z", - "LastModifiedDate": "2019-06-19T10:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3844", - "PkgName": "libsystemd0", - "InstalledVersion": "237-3ubuntu10.25", - "FixedVersion": "237-3ubuntu10.38", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3844", - "Title": "systemd: services with DynamicUser can get new privileges and create SGID binaries", - "Description": "It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 4.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/108096", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3844", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3844", - "https://security.netapp.com/advisory/ntap-20190619-0002/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2019-04-26T21:29:00Z", - "LastModifiedDate": "2019-06-19T10:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1000654", - "PkgName": "libtasn1-6", - "InstalledVersion": "4.13-2", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000654", - "Title": "libtasn1: Infinite loop in _asn1_expand_object_id(ptree) leads to memory exhaustion", - "Description": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 7.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html", - "http://www.securityfocus.com/bid/105151", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000654", - "https://gitlab.com/gnutls/libtasn1/issues/4" - ], - "PublishedDate": "2018-08-20T19:31:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17594", - "PkgName": "libtinfo5", - "InstalledVersion": "6.1-1ubuntu1.18.04", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", - "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-26T15:35:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17595", - "PkgName": "libtinfo5", - "InstalledVersion": "6.1-1ubuntu1.18.04", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", - "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-23T19:26:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20839", - "PkgName": "libudev1", - "InstalledVersion": "237-3ubuntu10.25", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20839", - "Title": "systemd: mishandling of the current keyboard mode check leading to passwords being disclosed in cleartext to attacker", - "Description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 6.4 - } - }, - "References": [ - "http://www.securityfocus.com/bid/108389", - "https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1803993", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20839", - "https://github.com/systemd/systemd/commit/9725f1a10f80f5e0ae7d9b60547458622aeb322f", - "https://github.com/systemd/systemd/pull/12378", - "https://github.com/systemd/systemd/pull/13109", - "https://security.netapp.com/advisory/ntap-20190530-0002/" - ], - "PublishedDate": "2019-05-17T04:29:00Z", - "LastModifiedDate": "2019-05-30T08:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-15718", - "PkgName": "libudev1", - "InstalledVersion": "237-3ubuntu10.25", - "FixedVersion": "237-3ubuntu10.28", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-15718", - "Title": "systemd: systemd-resolved allows unprivileged users to configure DNS", - "Description": "In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-284" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 2.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-15718.html", - "http://linux.oracle.com/errata/ELSA-2019-3592.html", - "http://www.openwall.com/lists/oss-security/2019/09/03/1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1746057", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15718", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRE5IS24XTF5WNZGH2L7GSQJKARBOEGL/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIKGKXZ5OEGOEYURHLJHEMFYNLEGAW5B/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2WNHRJW4XI6H5YMDG4BUFGPAXWUMUVG/", - "https://usn.ubuntu.com/usn/usn-4120-1" - ], - "PublishedDate": "2019-09-04T12:15:00Z", - "LastModifiedDate": "2019-09-19T04:15:00Z" - }, - { - "VulnerabilityID": "CVE-2020-1712", - "PkgName": "libudev1", - "InstalledVersion": "237-3ubuntu10.25", - "FixedVersion": "237-3ubuntu10.38", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-1712", - "Title": "systemd: use-after-free when asynchronous polkit queries are performed", - "Description": "A heap use-after-free vulnerability was found in systemd, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.", - "Severity": "MEDIUM", - "CVSS": { - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2020-1712.html", - "http://linux.oracle.com/errata/ELSA-2020-0575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1712", - "https://usn.ubuntu.com/usn/usn-4269-1" - ] - }, - { - "VulnerabilityID": "CVE-2019-20386", - "PkgName": "libudev1", - "InstalledVersion": "237-3ubuntu10.25", - "FixedVersion": "237-3ubuntu10.38", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20386", - "Title": "systemd: a memory leak was discovered in button_open in login/logind-button.c when udev events are received", - "Description": "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 2.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20386", - "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad", - "https://security.netapp.com/advisory/ntap-20200210-0002/", - "https://usn.ubuntu.com/4269-1/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2020-01-21T06:15:00Z", - "LastModifiedDate": "2020-02-10T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3843", - "PkgName": "libudev1", - "InstalledVersion": "237-3ubuntu10.25", - "FixedVersion": "237-3ubuntu10.38", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3843", - "Title": "systemd: services with DynamicUser can create SUID/SGID binaries", - "Description": "It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 4.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/108116", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3843", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3843", - "https://github.com/systemd/systemd-stable/pull/54 (backport for v241-stable)", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5JXQAKSTMABZ46EVCRMW62DHWYHTTFES/", - "https://security.netapp.com/advisory/ntap-20190619-0002/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2019-04-26T21:29:00Z", - "LastModifiedDate": "2019-06-19T10:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3844", - "PkgName": "libudev1", - "InstalledVersion": "237-3ubuntu10.25", - "FixedVersion": "237-3ubuntu10.38", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3844", - "Title": "systemd: services with DynamicUser can get new privileges and create SGID binaries", - "Description": "It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 4.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/108096", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3844", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3844", - "https://security.netapp.com/advisory/ntap-20190619-0002/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2019-04-26T21:29:00Z", - "LastModifiedDate": "2019-06-19T10:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-7738", - "PkgName": "libuuid1", - "InstalledVersion": "2.31.1-0.4ubuntu3.3", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7738", - "Title": "util-linux: Shell command injection in unescaped bash-completed mount point names", - "Description": "In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 6.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/103367", - "https://bugs.debian.org/892179", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7738", - "https://github.com/karelzak/util-linux/commit/75f03badd7ed9f1dd951863d75e756883d3acc55", - "https://github.com/karelzak/util-linux/issues/539", - "https://www.debian.org/security/2018/dsa-4134" - ], - "PublishedDate": "2018-03-07T02:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11922", - "PkgName": "libzstd1", - "InstalledVersion": "1.3.3+dfsg-2ubuntu1", - "FixedVersion": "1.3.3+dfsg-2ubuntu1.1", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11922", - "Description": "A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-362" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00008.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00062.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11922", - "https://github.com/facebook/zstd/commit/3e5cdf1b6a85843e991d7d10f6a2567c15580da0", - "https://github.com/facebook/zstd/pull/1404/commits/3e5cdf1b6a85843e991d7d10f6a2567c15580da0", - "https://usn.ubuntu.com/usn/usn-4108-1", - "https://www.facebook.com/security/advisories/cve-2019-11922" - ], - "PublishedDate": "2019-07-25T21:15:00Z", - "LastModifiedDate": "2019-08-12T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2013-4235", - "PkgName": "login", - "InstalledVersion": "1:4.5-1ubuntu2", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4235", - "Title": "shadow-utils: TOCTOU race conditions by copying and removing directory trees", - "Description": "shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees", - "Severity": "LOW", - "CweIDs": [ - "CWE-367" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", - "V2Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 3.7, - "V3Score": 6.7 - } - }, - "References": [ - "https://access.redhat.com/security/cve/cve-2013-4235", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4235", - "https://security-tracker.debian.org/tracker/CVE-2013-4235" - ], - "PublishedDate": "2019-12-03T15:15:00Z", - "LastModifiedDate": "2019-12-13T15:30:00Z" - }, - { - "VulnerabilityID": "CVE-2018-7169", - "PkgName": "login", - "InstalledVersion": "1:4.5-1ubuntu2", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7169", - "Title": "shadow-utils: newgidmap allows unprivileged user to drop supplementary groups potentially allowing privilege escalation", - "Description": "An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used \"group blacklisting\" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.", - "Severity": "LOW", - "CweIDs": [ - "CWE-732" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.4 - } - }, - "References": [ - "https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7169", - "https://github.com/shadow-maint/shadow/pull/97", - "https://security.gentoo.org/glsa/201805-09" - ], - "PublishedDate": "2018-02-15T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-7738", - "PkgName": "mount", - "InstalledVersion": "2.31.1-0.4ubuntu3.3", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7738", - "Title": "util-linux: Shell command injection in unescaped bash-completed mount point names", - "Description": "In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 6.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/103367", - "https://bugs.debian.org/892179", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7738", - "https://github.com/karelzak/util-linux/commit/75f03badd7ed9f1dd951863d75e756883d3acc55", - "https://github.com/karelzak/util-linux/issues/539", - "https://www.debian.org/security/2018/dsa-4134" - ], - "PublishedDate": "2018-03-07T02:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17594", - "PkgName": "ncurses-base", - "InstalledVersion": "6.1-1ubuntu1.18.04", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", - "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-26T15:35:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17595", - "PkgName": "ncurses-base", - "InstalledVersion": "6.1-1ubuntu1.18.04", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", - "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-23T19:26:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17594", - "PkgName": "ncurses-bin", - "InstalledVersion": "6.1-1ubuntu1.18.04", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", - "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-26T15:35:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17595", - "PkgName": "ncurses-bin", - "InstalledVersion": "6.1-1ubuntu1.18.04", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", - "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-23T19:26:00Z" - }, - { - "VulnerabilityID": "CVE-2013-4235", - "PkgName": "passwd", - "InstalledVersion": "1:4.5-1ubuntu2", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4235", - "Title": "shadow-utils: TOCTOU race conditions by copying and removing directory trees", - "Description": "shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees", - "Severity": "LOW", - "CweIDs": [ - "CWE-367" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", - "V2Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 3.7, - "V3Score": 6.7 - } - }, - "References": [ - "https://access.redhat.com/security/cve/cve-2013-4235", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4235", - "https://security-tracker.debian.org/tracker/CVE-2013-4235" - ], - "PublishedDate": "2019-12-03T15:15:00Z", - "LastModifiedDate": "2019-12-13T15:30:00Z" - }, - { - "VulnerabilityID": "CVE-2018-7169", - "PkgName": "passwd", - "InstalledVersion": "1:4.5-1ubuntu2", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7169", - "Title": "shadow-utils: newgidmap allows unprivileged user to drop supplementary groups potentially allowing privilege escalation", - "Description": "An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used \"group blacklisting\" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.", - "Severity": "LOW", - "CweIDs": [ - "CWE-732" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.4 - } - }, - "References": [ - "https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7169", - "https://github.com/shadow-maint/shadow/pull/97", - "https://security.gentoo.org/glsa/201805-09" - ], - "PublishedDate": "2018-02-15T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20482", - "PkgName": "tar", - "InstalledVersion": "1.29b-2ubuntu0.1", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20482", - "Title": "tar: Infinite read loop in sparse_dump_region function in sparse.c", - "Description": "GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42ccd1e2377945fd0414eca1a49294bff454", - "http://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html", - "http://www.securityfocus.com/bid/106354", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20482", - "https://lists.debian.org/debian-lts-announce/2018/12/msg00023.html", - "https://news.ycombinator.com/item?id=18745431", - "https://security.gentoo.org/glsa/201903-05", - "https://twitter.com/thatcks/status/1076166645708668928", - "https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug" - ], - "PublishedDate": "2018-12-26T18:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-7738", - "PkgName": "util-linux", - "InstalledVersion": "2.31.1-0.4ubuntu3.3", - "Layer": { - "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" - }, - "SeveritySource": "ubuntu", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7738", - "Title": "util-linux: Shell command injection in unescaped bash-completed mount point names", - "Description": "In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 6.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/103367", - "https://bugs.debian.org/892179", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7738", - "https://github.com/karelzak/util-linux/commit/75f03badd7ed9f1dd951863d75e756883d3acc55", - "https://github.com/karelzak/util-linux/issues/539", - "https://www.debian.org/security/2018/dsa-4134" - ], - "PublishedDate": "2018-03-07T02:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" + "Image": "sha256:bcbe079849fdbb50b3eb04798547e046bdbc82020b8b780d767cf29f7e60b396", + "ArgsEscaped": true } - ] - } -] \ No newline at end of file + } + }, + "Results": [ + { + "Target": "testdata/fixtures/images/ubuntu-1804.tar.gz (ubuntu 18.04)", + "Class": "os-pkgs", + "Type": "ubuntu", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2019-18276", + "PkgName": "bash", + "InstalledVersion": "4.4.18-2ubuntu1.2", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18276", + "Title": "bash: when effective UID is not equal to its real UID the saved UID is not dropped", + "Description": "An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support \"saved UID\" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use \"enable -f\" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.", + "Severity": "LOW", + "CweIDs": [ + "CWE-273" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V2Score": 7.2 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276", + "https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff", + "https://www.youtube.com/watch?v=-wGtxJ8opa8" + ], + "PublishedDate": "2019-11-28T01:15:00Z", + "LastModifiedDate": "2020-01-22T14:27:00Z" + }, + { + "VulnerabilityID": "CVE-2018-7738", + "PkgName": "bsdutils", + "InstalledVersion": "2.31.1-0.4ubuntu3.3", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7738", + "Title": "util-linux: Shell command injection in unescaped bash-completed mount point names", + "Description": "In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.", + "Severity": "LOW", + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 6.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/103367", + "https://bugs.debian.org/892179", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7738", + "https://github.com/karelzak/util-linux/commit/75f03badd7ed9f1dd951863d75e756883d3acc55", + "https://github.com/karelzak/util-linux/issues/539", + "https://www.debian.org/security/2018/dsa-4134" + ], + "PublishedDate": "2018-03-07T02:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2016-2781", + "PkgName": "coreutils", + "InstalledVersion": "8.28-1ubuntu1", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2781", + "Title": "coreutils: Non-privileged session can escape to the parent session in chroot", + "Description": "chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", + "V2Score": 2.1, + "V3Score": 6.5 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "V2Score": 6.2, + "V3Score": 8.6 + } + }, + "References": [ + "http://seclists.org/oss-sec/2016/q1/452", + "http://www.openwall.com/lists/oss-security/2016/02/28/2", + "http://www.openwall.com/lists/oss-security/2016/02/28/3", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2781" + ], + "PublishedDate": "2017-02-07T15:59:00Z", + "LastModifiedDate": "2017-02-27T19:32:00Z" + }, + { + "VulnerabilityID": "CVE-2017-8283", + "PkgName": "dpkg", + "InstalledVersion": "1.19.0.5ubuntu2.1", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8283", + "Description": "dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.", + "Severity": "LOW", + "CweIDs": [ + "CWE-22" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2017/04/20/2", + "http://www.securityfocus.com/bid/98064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8283" + ], + "PublishedDate": "2017-04-26T05:59:00Z", + "LastModifiedDate": "2017-05-10T17:46:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5094", + "PkgName": "e2fsprogs", + "InstalledVersion": "1.44.1-1ubuntu1.1", + "FixedVersion": "1.44.1-1ubuntu1.2", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", + "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", + "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", + "https://seclists.org/bugtraq/2019/Sep/58", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", + "https://usn.ubuntu.com/4142-2/", + "https://usn.ubuntu.com/usn/usn-4142-1", + "https://usn.ubuntu.com/usn/usn-4142-2", + "https://www.debian.org/security/2019/dsa-4535" + ], + "PublishedDate": "2019-09-24T22:15:00Z", + "LastModifiedDate": "2019-09-28T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5188", + "PkgName": "e2fsprogs", + "InstalledVersion": "1.44.1-1ubuntu1.1", + "FixedVersion": "1.44.1-1ubuntu1.3", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", + "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", + "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", + "https://usn.ubuntu.com/4249-1/", + "https://usn.ubuntu.com/usn/usn-4249-1" + ], + "PublishedDate": "2020-01-08T16:15:00Z", + "LastModifiedDate": "2020-01-28T06:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-7738", + "PkgName": "fdisk", + "InstalledVersion": "2.31.1-0.4ubuntu3.3", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7738", + "Title": "util-linux: Shell command injection in unescaped bash-completed mount point names", + "Description": "In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.", + "Severity": "LOW", + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 6.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/103367", + "https://bugs.debian.org/892179", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7738", + "https://github.com/karelzak/util-linux/commit/75f03badd7ed9f1dd951863d75e756883d3acc55", + "https://github.com/karelzak/util-linux/issues/539", + "https://www.debian.org/security/2018/dsa-4134" + ], + "PublishedDate": "2018-03-07T02:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-13050", + "PkgName": "gpgv", + "InstalledVersion": "2.2.4-1ubuntu1.2", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13050", + "Title": "GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack which leads to persistent DoS", + "Description": "Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-297" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/articles/4264021", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13050", + "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f", + "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html", + "https://twitter.com/lambdafu/status/1147162583969009664" + ], + "PublishedDate": "2019-06-29T17:15:00Z", + "LastModifiedDate": "2019-07-09T20:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-14855", + "PkgName": "gpgv", + "InstalledVersion": "2.2.4-1ubuntu1.2", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14855", + "Description": "Web of Trust forgeries using collisions in SHA-1 signatures.", + "Severity": "LOW", + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14855", + "https://eprint.iacr.org/2020/014.pdf" + ] + }, + { + "VulnerabilityID": "CVE-2018-7738", + "PkgName": "libblkid1", + "InstalledVersion": "2.31.1-0.4ubuntu3.3", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7738", + "Title": "util-linux: Shell command injection in unescaped bash-completed mount point names", + "Description": "In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.", + "Severity": "LOW", + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 6.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/103367", + "https://bugs.debian.org/892179", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7738", + "https://github.com/karelzak/util-linux/commit/75f03badd7ed9f1dd951863d75e756883d3acc55", + "https://github.com/karelzak/util-linux/issues/539", + "https://www.debian.org/security/2018/dsa-4134" + ], + "PublishedDate": "2018-03-07T02:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-11236", + "PkgName": "libc-bin", + "InstalledVersion": "2.27-3ubuntu1", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-11236", + "Title": "glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow", + "Description": "stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-11236.html", + "http://linux.oracle.com/errata/ELSA-2018-3092.html", + "http://www.securityfocus.com/bid/104255", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3092", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11236", + "https://security.netapp.com/advisory/ntap-20190329-0001/", + "https://security.netapp.com/advisory/ntap-20190401-0001/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22786", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5460617d1567657621107d895ee2dd83bc1f88f2", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-05-18T16:29:00Z", + "LastModifiedDate": "2019-04-25T18:43:00Z" + }, + { + "VulnerabilityID": "CVE-2018-11237", + "PkgName": "libc-bin", + "InstalledVersion": "2.27-3ubuntu1", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-11237", + "Title": "glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper", + "Description": "An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-11237.html", + "http://linux.oracle.com/errata/ELSA-2018-3092.html", + "http://www.securityfocus.com/bid/104256", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3092", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11237", + "https://security.netapp.com/advisory/ntap-20190329-0001/", + "https://security.netapp.com/advisory/ntap-20190401-0001/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23196", + "https://www.exploit-db.com/exploits/44750/", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-05-18T16:29:00Z", + "LastModifiedDate": "2019-04-25T18:44:00Z" + }, + { + "VulnerabilityID": "CVE-2018-19591", + "PkgName": "libc-bin", + "InstalledVersion": "2.27-3ubuntu1", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19591", + "Title": "glibc: file descriptor leak in if_nametoindex() in sysdeps/unix/sysv/linux/if_index.c", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106037", + "http://www.securitytracker.com/id/1042174", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19591", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BO7WHN52GFMC5F2I2232GFIPSSXWFV7G/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M52KE4YR3GNMHQUOS3DKAGZD5TQ5D5UH/", + "https://security.gentoo.org/glsa/201903-09", + "https://security.netapp.com/advisory/ntap-20190321-0003/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23927", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=NEWS;hb=HEAD", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d527c860f5a3f0ed687bd03f0cb464612dc23408" + ], + "PublishedDate": "2018-12-04T16:29:00Z", + "LastModifiedDate": "2019-03-21T20:29:00Z" + }, + { + "VulnerabilityID": "CVE-2009-5155", + "PkgName": "libc-bin", + "InstalledVersion": "2.27-3ubuntu1", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2009-5155", + "Title": "glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result", + "Description": "In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.", + "Severity": "LOW", + "CweIDs": [ + "CWE-19" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5155", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=11053", + "https://sourceware.org/bugzilla/show_bug.cgi?id=18986", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672", + "https://support.f5.com/csp/article/K64119434" + ], + "PublishedDate": "2019-02-26T02:29:00Z", + "LastModifiedDate": "2019-03-25T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8985", + "PkgName": "libc-bin", + "InstalledVersion": "2.27-3ubuntu1", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8985", + "Title": "glibc: potential denial of service in pop_fail_stack()", + "Description": "The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.", + "Severity": "LOW", + "CweIDs": [ + "CWE-19" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 1.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2017/02/14/9", + "http://www.securityfocus.com/bid/76916", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8985", + "https://security.gentoo.org/glsa/201908-06" + ], + "PublishedDate": "2017-03-20T16:59:00Z", + "LastModifiedDate": "2019-08-15T18:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10228", + "PkgName": "libc-bin", + "InstalledVersion": "2.27-3ubuntu1", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228", + "Title": "glibc: iconv program can hang when invoked with the -c option", + "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2017/03/01/10", + "http://www.securityfocus.com/bid/96525", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228", + "https://sourceware.org/bugzilla/show_bug.cgi?id=19519" + ], + "PublishedDate": "2017-03-02T01:59:00Z", + "LastModifiedDate": "2017-03-04T02:59:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10739", + "PkgName": "libc-bin", + "InstalledVersion": "2.27-3ubuntu1", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10739", + "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 4.6, + "V3Score": 5.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-10739.html", + "http://linux.oracle.com/errata/ELSA-2019-3513.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html", + "http://www.securityfocus.com/bid/106672", + "https://access.redhat.com/errata/RHSA-2019:2118", + "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20018" + ], + "PublishedDate": "2019-01-21T19:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20796", + "PkgName": "libc-bin", + "InstalledVersion": "2.27-3ubuntu1", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20796", + "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/107160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", + "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" + ], + "PublishedDate": "2019-02-26T02:29:00Z", + "LastModifiedDate": "2019-11-05T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7309", + "PkgName": "libc-bin", + "InstalledVersion": "2.27-3ubuntu1", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7309", + "Title": "glibc: memcmp function incorrectly returns zero", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 2.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106835", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7309", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24155", + "https://sourceware.org/ml/libc-alpha/2019-02/msg00041.html", + "https://sourceware.org/ml/libc-alpha/2019-02/msg00063.html" + ], + "PublishedDate": "2019-02-03T02:29:00Z", + "LastModifiedDate": "2019-02-27T18:07:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9169", + "PkgName": "libc-bin", + "InstalledVersion": "2.27-3ubuntu1", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9169", + "Title": "glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/107160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24114", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9", + "https://support.f5.com/csp/article/K54823184" + ], + "PublishedDate": "2019-02-26T02:29:00Z", + "LastModifiedDate": "2019-04-16T05:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9192", + "PkgName": "libc-bin", + "InstalledVersion": "2.27-3ubuntu1", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9192", + "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", + "Description": "** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 2.8 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" + ], + "PublishedDate": "2019-02-26T18:29:00Z", + "LastModifiedDate": "2019-11-05T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-11236", + "PkgName": "libc6", + "InstalledVersion": "2.27-3ubuntu1", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-11236", + "Title": "glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow", + "Description": "stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-11236.html", + "http://linux.oracle.com/errata/ELSA-2018-3092.html", + "http://www.securityfocus.com/bid/104255", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3092", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11236", + "https://security.netapp.com/advisory/ntap-20190329-0001/", + "https://security.netapp.com/advisory/ntap-20190401-0001/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22786", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5460617d1567657621107d895ee2dd83bc1f88f2", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-05-18T16:29:00Z", + "LastModifiedDate": "2019-04-25T18:43:00Z" + }, + { + "VulnerabilityID": "CVE-2018-11237", + "PkgName": "libc6", + "InstalledVersion": "2.27-3ubuntu1", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-11237", + "Title": "glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper", + "Description": "An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2018-11237.html", + "http://linux.oracle.com/errata/ELSA-2018-3092.html", + "http://www.securityfocus.com/bid/104256", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3092", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11237", + "https://security.netapp.com/advisory/ntap-20190329-0001/", + "https://security.netapp.com/advisory/ntap-20190401-0001/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23196", + "https://www.exploit-db.com/exploits/44750/", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ], + "PublishedDate": "2018-05-18T16:29:00Z", + "LastModifiedDate": "2019-04-25T18:44:00Z" + }, + { + "VulnerabilityID": "CVE-2018-19591", + "PkgName": "libc6", + "InstalledVersion": "2.27-3ubuntu1", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19591", + "Title": "glibc: file descriptor leak in if_nametoindex() in sysdeps/unix/sysv/linux/if_index.c", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106037", + "http://www.securitytracker.com/id/1042174", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19591", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BO7WHN52GFMC5F2I2232GFIPSSXWFV7G/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M52KE4YR3GNMHQUOS3DKAGZD5TQ5D5UH/", + "https://security.gentoo.org/glsa/201903-09", + "https://security.netapp.com/advisory/ntap-20190321-0003/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23927", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=NEWS;hb=HEAD", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d527c860f5a3f0ed687bd03f0cb464612dc23408" + ], + "PublishedDate": "2018-12-04T16:29:00Z", + "LastModifiedDate": "2019-03-21T20:29:00Z" + }, + { + "VulnerabilityID": "CVE-2009-5155", + "PkgName": "libc6", + "InstalledVersion": "2.27-3ubuntu1", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2009-5155", + "Title": "glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result", + "Description": "In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.", + "Severity": "LOW", + "CweIDs": [ + "CWE-19" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5155", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=11053", + "https://sourceware.org/bugzilla/show_bug.cgi?id=18986", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672", + "https://support.f5.com/csp/article/K64119434" + ], + "PublishedDate": "2019-02-26T02:29:00Z", + "LastModifiedDate": "2019-03-25T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2015-8985", + "PkgName": "libc6", + "InstalledVersion": "2.27-3ubuntu1", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8985", + "Title": "glibc: potential denial of service in pop_fail_stack()", + "Description": "The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.", + "Severity": "LOW", + "CweIDs": [ + "CWE-19" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 1.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2017/02/14/9", + "http://www.securityfocus.com/bid/76916", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8985", + "https://security.gentoo.org/glsa/201908-06" + ], + "PublishedDate": "2017-03-20T16:59:00Z", + "LastModifiedDate": "2019-08-15T18:15:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10228", + "PkgName": "libc6", + "InstalledVersion": "2.27-3ubuntu1", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228", + "Title": "glibc: iconv program can hang when invoked with the -c option", + "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2017/03/01/10", + "http://www.securityfocus.com/bid/96525", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228", + "https://sourceware.org/bugzilla/show_bug.cgi?id=19519" + ], + "PublishedDate": "2017-03-02T01:59:00Z", + "LastModifiedDate": "2017-03-04T02:59:00Z" + }, + { + "VulnerabilityID": "CVE-2016-10739", + "PkgName": "libc6", + "InstalledVersion": "2.27-3ubuntu1", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10739", + "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 4.6, + "V3Score": 5.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2016-10739.html", + "http://linux.oracle.com/errata/ELSA-2019-3513.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html", + "http://www.securityfocus.com/bid/106672", + "https://access.redhat.com/errata/RHSA-2019:2118", + "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739", + "https://sourceware.org/bugzilla/show_bug.cgi?id=20018" + ], + "PublishedDate": "2019-01-21T19:29:00Z", + "LastModifiedDate": "2019-08-06T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20796", + "PkgName": "libc6", + "InstalledVersion": "2.27-3ubuntu1", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20796", + "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/107160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", + "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" + ], + "PublishedDate": "2019-02-26T02:29:00Z", + "LastModifiedDate": "2019-11-05T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-7309", + "PkgName": "libc6", + "InstalledVersion": "2.27-3ubuntu1", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7309", + "Title": "glibc: memcmp function incorrectly returns zero", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 2.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106835", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7309", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24155", + "https://sourceware.org/ml/libc-alpha/2019-02/msg00041.html", + "https://sourceware.org/ml/libc-alpha/2019-02/msg00063.html" + ], + "PublishedDate": "2019-02-03T02:29:00Z", + "LastModifiedDate": "2019-02-27T18:07:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9169", + "PkgName": "libc6", + "InstalledVersion": "2.27-3ubuntu1", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9169", + "Title": "glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/107160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24114", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9", + "https://support.f5.com/csp/article/K54823184" + ], + "PublishedDate": "2019-02-26T02:29:00Z", + "LastModifiedDate": "2019-04-16T05:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-9192", + "PkgName": "libc6", + "InstalledVersion": "2.27-3ubuntu1", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9192", + "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", + "Description": "** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 2.8 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS" + ], + "PublishedDate": "2019-02-26T18:29:00Z", + "LastModifiedDate": "2019-11-05T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5094", + "PkgName": "libcom-err2", + "InstalledVersion": "1.44.1-1ubuntu1.1", + "FixedVersion": "1.44.1-1ubuntu1.2", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", + "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", + "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", + "https://seclists.org/bugtraq/2019/Sep/58", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", + "https://usn.ubuntu.com/4142-2/", + "https://usn.ubuntu.com/usn/usn-4142-1", + "https://usn.ubuntu.com/usn/usn-4142-2", + "https://www.debian.org/security/2019/dsa-4535" + ], + "PublishedDate": "2019-09-24T22:15:00Z", + "LastModifiedDate": "2019-09-28T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5188", + "PkgName": "libcom-err2", + "InstalledVersion": "1.44.1-1ubuntu1.1", + "FixedVersion": "1.44.1-1ubuntu1.3", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", + "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", + "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", + "https://usn.ubuntu.com/4249-1/", + "https://usn.ubuntu.com/usn/usn-4249-1" + ], + "PublishedDate": "2020-01-08T16:15:00Z", + "LastModifiedDate": "2020-01-28T06:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5094", + "PkgName": "libext2fs2", + "InstalledVersion": "1.44.1-1ubuntu1.1", + "FixedVersion": "1.44.1-1ubuntu1.2", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", + "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", + "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", + "https://seclists.org/bugtraq/2019/Sep/58", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", + "https://usn.ubuntu.com/4142-2/", + "https://usn.ubuntu.com/usn/usn-4142-1", + "https://usn.ubuntu.com/usn/usn-4142-2", + "https://www.debian.org/security/2019/dsa-4535" + ], + "PublishedDate": "2019-09-24T22:15:00Z", + "LastModifiedDate": "2019-09-28T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5188", + "PkgName": "libext2fs2", + "InstalledVersion": "1.44.1-1ubuntu1.1", + "FixedVersion": "1.44.1-1ubuntu1.3", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", + "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", + "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", + "https://usn.ubuntu.com/4249-1/", + "https://usn.ubuntu.com/usn/usn-4249-1" + ], + "PublishedDate": "2020-01-08T16:15:00Z", + "LastModifiedDate": "2020-01-28T06:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-7738", + "PkgName": "libfdisk1", + "InstalledVersion": "2.31.1-0.4ubuntu3.3", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7738", + "Title": "util-linux: Shell command injection in unescaped bash-completed mount point names", + "Description": "In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.", + "Severity": "LOW", + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 6.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/103367", + "https://bugs.debian.org/892179", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7738", + "https://github.com/karelzak/util-linux/commit/75f03badd7ed9f1dd951863d75e756883d3acc55", + "https://github.com/karelzak/util-linux/issues/539", + "https://www.debian.org/security/2018/dsa-4134" + ], + "PublishedDate": "2018-03-07T02:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-13627", + "PkgName": "libgcrypt20", + "InstalledVersion": "1.8.1-4ubuntu1.1", + "FixedVersion": "1.8.1-4ubuntu1.2", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13627", + "Title": "libgcrypt: ECDSA timing attack in the libgcrypt20 cryptographic library", + "Description": "It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-362" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "V3Score": 6.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00060.html", + "http://www.openwall.com/lists/oss-security/2019/10/02/2", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13627", + "https://dev.gnupg.org/T4683", + "https://github.com/gpg/libgcrypt/releases/tag/libgcrypt-1.8.5", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00024.html", + "https://minerva.crocs.fi.muni.cz/", + "https://security-tracker.debian.org/tracker/CVE-2019-13627", + "https://usn.ubuntu.com/usn/usn-4236-1", + "https://usn.ubuntu.com/usn/usn-4236-2", + "https://usn.ubuntu.com/usn/usn-4236-3" + ], + "PublishedDate": "2019-09-25T15:15:00Z", + "LastModifiedDate": "2019-10-03T00:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-12904", + "PkgName": "libgcrypt20", + "InstalledVersion": "1.8.1-4ubuntu1.1", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12904", + "Title": "Libgcrypt: physical addresses being available to other processes leads to a flush-and-reload side-channel attack", + "Description": "In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.)", + "Severity": "LOW", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00049.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12904", + "https://dev.gnupg.org/T4541", + "https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020", + "https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762", + "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html" + ], + "PublishedDate": "2019-06-20T00:15:00Z", + "LastModifiedDate": "2019-07-23T18:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16868", + "PkgName": "libgnutls30", + "InstalledVersion": "3.5.18-1ubuntu1.1", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16868", + "Title": "gnutls: Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification and padding oracle verification", + "Description": "A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.", + "Severity": "LOW", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N", + "V2Score": 3.3, + "V3Score": 5.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "http://cat.eyalro.net/", + "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00068.html", + "http://www.securityfocus.com/bid/106080", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16868", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16868" + ], + "PublishedDate": "2018-12-03T14:29:00Z", + "LastModifiedDate": "2019-05-30T14:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16869", + "PkgName": "libhogweed4", + "InstalledVersion": "3.4-1", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16869", + "Title": "nettle: Leaky data conversion exposing a manager oracle", + "Description": "A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.", + "Severity": "LOW", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N", + "V2Score": 3.3, + "V3Score": 5.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "http://cat.eyalro.net/", + "http://www.securityfocus.com/bid/106092", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16869", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16869", + "https://lists.debian.org/debian-lts/2019/03/msg00021.html", + "https://lists.lysator.liu.se/pipermail/nettle-bugs/2018/007363.html" + ], + "PublishedDate": "2018-12-03T14:29:00Z", + "LastModifiedDate": "2019-10-09T23:36:00Z" + }, + { + "VulnerabilityID": "CVE-2019-12290", + "PkgName": "libidn2-0", + "InstalledVersion": "2.0.4-1.1build2", + "FixedVersion": "2.0.4-1.1ubuntu0.2", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12290", + "Description": "GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V2Score": 5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12290", + "https://gitlab.com/libidn/libidn2/commit/241e8f486134793cb0f4a5b0e5817a97883401f5", + "https://gitlab.com/libidn/libidn2/commit/614117ef6e4c60e1950d742e3edf0a0ef8d389de", + "https://gitlab.com/libidn/libidn2/merge_requests/71", + "https://usn.ubuntu.com/4168-1/", + "https://usn.ubuntu.com/usn/usn-4168-1" + ], + "PublishedDate": "2019-10-22T16:15:00Z", + "LastModifiedDate": "2019-10-29T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-18224", + "PkgName": "libidn2-0", + "InstalledVersion": "2.0.4-1.1build2", + "FixedVersion": "2.0.4-1.1ubuntu0.2", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18224", + "Title": "libidn2: heap-based buffer overflow in idn2_to_ascii_4i in lib/lookup.c", + "Description": "idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.6 + } + }, + "References": [ + "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18224", + "https://github.com/libidn/libidn2/commit/e4d1558aa2c1c04a05066ee8600f37603890ba8c", + "https://github.com/libidn/libidn2/compare/libidn2-2.1.0...libidn2-2.1.1", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDQVQ2XPV5BTZUFINT7AFJSKNNBVURNJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MINU5RKDFE6TKAFY5DRFN3WSFDS4DYVS/", + "https://usn.ubuntu.com/4168-1/", + "https://usn.ubuntu.com/usn/usn-4168-1" + ], + "PublishedDate": "2019-10-21T17:15:00Z", + "LastModifiedDate": "2019-10-29T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17543", + "PkgName": "liblz4-1", + "InstalledVersion": "0.0~r131-2ubuntu3", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17543", + "Title": "lz4: heap-based buffer overflow in LZ4_write32", + "Description": "LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states \"only a few specific / uncommon usages of the API are at risk.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-120" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V2Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00069.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00070.html", + "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15941", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17543", + "https://github.com/lz4/lz4/compare/v1.9.1...v1.9.2", + "https://github.com/lz4/lz4/issues/801", + "https://github.com/lz4/lz4/pull/756", + "https://github.com/lz4/lz4/pull/760", + "https://lists.apache.org/thread.html/25015588b770d67470b7ba7ea49a305d6735dd7f00eabe7d50ec1e17@%3Cissues.arrow.apache.org%3E", + "https://lists.apache.org/thread.html/793012683dc0fa6819b7c2560e6cf990811014c40c7d75412099c357@%3Cissues.arrow.apache.org%3E", + "https://lists.apache.org/thread.html/9ff0606d16be2ab6a81619e1c9e23c3e251756638e36272c8c8b7fa3@%3Cissues.arrow.apache.org%3E", + "https://lists.apache.org/thread.html/f0038c4fab2ee25aee849ebeff6b33b3aa89e07ccfb06b5c87b36316@%3Cissues.arrow.apache.org%3E", + "https://lists.apache.org/thread.html/f506bc371d4a068d5d84d7361293568f61167d3a1c3e91f0def2d7d3@%3Cdev.arrow.apache.org%3E" + ], + "PublishedDate": "2019-10-14T02:15:00Z", + "LastModifiedDate": "2019-10-24T15:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-7738", + "PkgName": "libmount1", + "InstalledVersion": "2.31.1-0.4ubuntu3.3", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7738", + "Title": "util-linux: Shell command injection in unescaped bash-completed mount point names", + "Description": "In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.", + "Severity": "LOW", + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 6.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/103367", + "https://bugs.debian.org/892179", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7738", + "https://github.com/karelzak/util-linux/commit/75f03badd7ed9f1dd951863d75e756883d3acc55", + "https://github.com/karelzak/util-linux/issues/539", + "https://www.debian.org/security/2018/dsa-4134" + ], + "PublishedDate": "2018-03-07T02:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17594", + "PkgName": "libncurses5", + "InstalledVersion": "6.1-1ubuntu1.18.04", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", + "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-26T15:35:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17595", + "PkgName": "libncurses5", + "InstalledVersion": "6.1-1ubuntu1.18.04", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", + "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V2Score": 5.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 5.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-23T19:26:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17594", + "PkgName": "libncursesw5", + "InstalledVersion": "6.1-1ubuntu1.18.04", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", + "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-26T15:35:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17595", + "PkgName": "libncursesw5", + "InstalledVersion": "6.1-1ubuntu1.18.04", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", + "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V2Score": 5.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 5.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-23T19:26:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16869", + "PkgName": "libnettle6", + "InstalledVersion": "3.4-1", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16869", + "Title": "nettle: Leaky data conversion exposing a manager oracle", + "Description": "A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.", + "Severity": "LOW", + "CweIDs": [ + "CWE-310" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N", + "V2Score": 3.3, + "V3Score": 5.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "http://cat.eyalro.net/", + "http://www.securityfocus.com/bid/106092", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16869", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16869", + "https://lists.debian.org/debian-lts/2019/03/msg00021.html", + "https://lists.lysator.liu.se/pipermail/nettle-bugs/2018/007363.html" + ], + "PublishedDate": "2018-12-03T14:29:00Z", + "LastModifiedDate": "2019-10-09T23:36:00Z" + }, + { + "VulnerabilityID": "CVE-2017-11164", + "PkgName": "libpcre3", + "InstalledVersion": "2:8.39-9", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11164", + "Title": "pcre: OP_KETRMAX feature in the match function in pcre_exec.c", + "Description": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 7.8, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://openwall.com/lists/oss-security/2017/07/11/3", + "http://www.securityfocus.com/bid/99575", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164" + ], + "PublishedDate": "2017-07-11T03:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7245", + "PkgName": "libpcre3", + "InstalledVersion": "2:8.39-9", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7245", + "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", + "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97067", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7245", + "https://security.gentoo.org/glsa/201710-25" + ], + "PublishedDate": "2017-03-23T21:59:00Z", + "LastModifiedDate": "2018-08-17T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2017-7246", + "PkgName": "libpcre3", + "InstalledVersion": "2:8.39-9", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7246", + "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", + "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/97067", + "https://access.redhat.com/errata/RHSA-2018:2486", + "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7246", + "https://security.gentoo.org/glsa/201710-25" + ], + "PublishedDate": "2017-03-23T21:59:00Z", + "LastModifiedDate": "2018-08-17T10:29:00Z" + }, + { + "VulnerabilityID": "CVE-2018-7738", + "PkgName": "libsmartcols1", + "InstalledVersion": "2.31.1-0.4ubuntu3.3", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7738", + "Title": "util-linux: Shell command injection in unescaped bash-completed mount point names", + "Description": "In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.", + "Severity": "LOW", + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 6.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/103367", + "https://bugs.debian.org/892179", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7738", + "https://github.com/karelzak/util-linux/commit/75f03badd7ed9f1dd951863d75e756883d3acc55", + "https://github.com/karelzak/util-linux/issues/539", + "https://www.debian.org/security/2018/dsa-4134" + ], + "PublishedDate": "2018-03-07T02:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5094", + "PkgName": "libss2", + "InstalledVersion": "1.44.1-1ubuntu1.1", + "FixedVersion": "1.44.1-1ubuntu1.2", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", + "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", + "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", + "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", + "https://seclists.org/bugtraq/2019/Sep/58", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", + "https://usn.ubuntu.com/4142-2/", + "https://usn.ubuntu.com/usn/usn-4142-1", + "https://usn.ubuntu.com/usn/usn-4142-2", + "https://www.debian.org/security/2019/dsa-4535" + ], + "PublishedDate": "2019-09-24T22:15:00Z", + "LastModifiedDate": "2019-09-28T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-5188", + "PkgName": "libss2", + "InstalledVersion": "1.44.1-1ubuntu1.1", + "FixedVersion": "1.44.1-1ubuntu1.3", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", + "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", + "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", + "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", + "https://usn.ubuntu.com/4249-1/", + "https://usn.ubuntu.com/usn/usn-4249-1" + ], + "PublishedDate": "2020-01-08T16:15:00Z", + "LastModifiedDate": "2020-01-28T06:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20839", + "PkgName": "libsystemd0", + "InstalledVersion": "237-3ubuntu10.25", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20839", + "Title": "systemd: mishandling of the current keyboard mode check leading to passwords being disclosed in cleartext to attacker", + "Description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-255" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "http://www.securityfocus.com/bid/108389", + "https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1803993", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20839", + "https://github.com/systemd/systemd/commit/9725f1a10f80f5e0ae7d9b60547458622aeb322f", + "https://github.com/systemd/systemd/pull/12378", + "https://github.com/systemd/systemd/pull/13109", + "https://security.netapp.com/advisory/ntap-20190530-0002/" + ], + "PublishedDate": "2019-05-17T04:29:00Z", + "LastModifiedDate": "2019-05-30T08:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-15718", + "PkgName": "libsystemd0", + "InstalledVersion": "237-3ubuntu10.25", + "FixedVersion": "237-3ubuntu10.28", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-15718", + "Title": "systemd: systemd-resolved allows unprivileged users to configure DNS", + "Description": "In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-284" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 2.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-15718.html", + "http://linux.oracle.com/errata/ELSA-2019-3592.html", + "http://www.openwall.com/lists/oss-security/2019/09/03/1", + "https://bugzilla.redhat.com/show_bug.cgi?id=1746057", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15718", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRE5IS24XTF5WNZGH2L7GSQJKARBOEGL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIKGKXZ5OEGOEYURHLJHEMFYNLEGAW5B/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2WNHRJW4XI6H5YMDG4BUFGPAXWUMUVG/", + "https://usn.ubuntu.com/usn/usn-4120-1" + ], + "PublishedDate": "2019-09-04T12:15:00Z", + "LastModifiedDate": "2019-09-19T04:15:00Z" + }, + { + "VulnerabilityID": "CVE-2020-1712", + "PkgName": "libsystemd0", + "InstalledVersion": "237-3ubuntu10.25", + "FixedVersion": "237-3ubuntu10.38", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-1712", + "Title": "systemd: use-after-free when asynchronous polkit queries are performed", + "Description": "A heap use-after-free vulnerability was found in systemd, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.", + "Severity": "MEDIUM", + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2020-1712.html", + "http://linux.oracle.com/errata/ELSA-2020-0575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1712", + "https://usn.ubuntu.com/usn/usn-4269-1" + ] + }, + { + "VulnerabilityID": "CVE-2019-20386", + "PkgName": "libsystemd0", + "InstalledVersion": "237-3ubuntu10.25", + "FixedVersion": "237-3ubuntu10.38", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20386", + "Title": "systemd: a memory leak was discovered in button_open in login/logind-button.c when udev events are received", + "Description": "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.", + "Severity": "LOW", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 2.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20386", + "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad", + "https://security.netapp.com/advisory/ntap-20200210-0002/", + "https://usn.ubuntu.com/4269-1/", + "https://usn.ubuntu.com/usn/usn-4269-1" + ], + "PublishedDate": "2020-01-21T06:15:00Z", + "LastModifiedDate": "2020-02-10T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3843", + "PkgName": "libsystemd0", + "InstalledVersion": "237-3ubuntu10.25", + "FixedVersion": "237-3ubuntu10.38", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3843", + "Title": "systemd: services with DynamicUser can create SUID/SGID binaries", + "Description": "It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.", + "Severity": "LOW", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 4.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/108116", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3843", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3843", + "https://github.com/systemd/systemd-stable/pull/54 (backport for v241-stable)", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5JXQAKSTMABZ46EVCRMW62DHWYHTTFES/", + "https://security.netapp.com/advisory/ntap-20190619-0002/", + "https://usn.ubuntu.com/usn/usn-4269-1" + ], + "PublishedDate": "2019-04-26T21:29:00Z", + "LastModifiedDate": "2019-06-19T10:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3844", + "PkgName": "libsystemd0", + "InstalledVersion": "237-3ubuntu10.25", + "FixedVersion": "237-3ubuntu10.38", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3844", + "Title": "systemd: services with DynamicUser can get new privileges and create SGID binaries", + "Description": "It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.", + "Severity": "LOW", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 4.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/108096", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3844", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3844", + "https://security.netapp.com/advisory/ntap-20190619-0002/", + "https://usn.ubuntu.com/usn/usn-4269-1" + ], + "PublishedDate": "2019-04-26T21:29:00Z", + "LastModifiedDate": "2019-06-19T10:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-1000654", + "PkgName": "libtasn1-6", + "InstalledVersion": "4.13-2", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000654", + "Title": "libtasn1: Infinite loop in _asn1_expand_object_id(ptree) leads to memory exhaustion", + "Description": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", + "Severity": "LOW", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 7.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html", + "http://www.securityfocus.com/bid/105151", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000654", + "https://gitlab.com/gnutls/libtasn1/issues/4" + ], + "PublishedDate": "2018-08-20T19:31:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17594", + "PkgName": "libtinfo5", + "InstalledVersion": "6.1-1ubuntu1.18.04", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", + "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-26T15:35:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17595", + "PkgName": "libtinfo5", + "InstalledVersion": "6.1-1ubuntu1.18.04", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", + "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V2Score": 5.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 5.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-23T19:26:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20839", + "PkgName": "libudev1", + "InstalledVersion": "237-3ubuntu10.25", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20839", + "Title": "systemd: mishandling of the current keyboard mode check leading to passwords being disclosed in cleartext to attacker", + "Description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-255" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "http://www.securityfocus.com/bid/108389", + "https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1803993", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20839", + "https://github.com/systemd/systemd/commit/9725f1a10f80f5e0ae7d9b60547458622aeb322f", + "https://github.com/systemd/systemd/pull/12378", + "https://github.com/systemd/systemd/pull/13109", + "https://security.netapp.com/advisory/ntap-20190530-0002/" + ], + "PublishedDate": "2019-05-17T04:29:00Z", + "LastModifiedDate": "2019-05-30T08:29:00Z" + }, + { + "VulnerabilityID": "CVE-2019-15718", + "PkgName": "libudev1", + "InstalledVersion": "237-3ubuntu10.25", + "FixedVersion": "237-3ubuntu10.28", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-15718", + "Title": "systemd: systemd-resolved allows unprivileged users to configure DNS", + "Description": "In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-284" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 2.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2019-15718.html", + "http://linux.oracle.com/errata/ELSA-2019-3592.html", + "http://www.openwall.com/lists/oss-security/2019/09/03/1", + "https://bugzilla.redhat.com/show_bug.cgi?id=1746057", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15718", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRE5IS24XTF5WNZGH2L7GSQJKARBOEGL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIKGKXZ5OEGOEYURHLJHEMFYNLEGAW5B/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2WNHRJW4XI6H5YMDG4BUFGPAXWUMUVG/", + "https://usn.ubuntu.com/usn/usn-4120-1" + ], + "PublishedDate": "2019-09-04T12:15:00Z", + "LastModifiedDate": "2019-09-19T04:15:00Z" + }, + { + "VulnerabilityID": "CVE-2020-1712", + "PkgName": "libudev1", + "InstalledVersion": "237-3ubuntu10.25", + "FixedVersion": "237-3ubuntu10.38", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-1712", + "Title": "systemd: use-after-free when asynchronous polkit queries are performed", + "Description": "A heap use-after-free vulnerability was found in systemd, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.", + "Severity": "MEDIUM", + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://linux.oracle.com/cve/CVE-2020-1712.html", + "http://linux.oracle.com/errata/ELSA-2020-0575.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1712", + "https://usn.ubuntu.com/usn/usn-4269-1" + ] + }, + { + "VulnerabilityID": "CVE-2019-20386", + "PkgName": "libudev1", + "InstalledVersion": "237-3ubuntu10.25", + "FixedVersion": "237-3ubuntu10.38", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20386", + "Title": "systemd: a memory leak was discovered in button_open in login/logind-button.c when udev events are received", + "Description": "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.", + "Severity": "LOW", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 2.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20386", + "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad", + "https://security.netapp.com/advisory/ntap-20200210-0002/", + "https://usn.ubuntu.com/4269-1/", + "https://usn.ubuntu.com/usn/usn-4269-1" + ], + "PublishedDate": "2020-01-21T06:15:00Z", + "LastModifiedDate": "2020-02-10T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3843", + "PkgName": "libudev1", + "InstalledVersion": "237-3ubuntu10.25", + "FixedVersion": "237-3ubuntu10.38", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3843", + "Title": "systemd: services with DynamicUser can create SUID/SGID binaries", + "Description": "It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.", + "Severity": "LOW", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 4.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/108116", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3843", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3843", + "https://github.com/systemd/systemd-stable/pull/54 (backport for v241-stable)", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5JXQAKSTMABZ46EVCRMW62DHWYHTTFES/", + "https://security.netapp.com/advisory/ntap-20190619-0002/", + "https://usn.ubuntu.com/usn/usn-4269-1" + ], + "PublishedDate": "2019-04-26T21:29:00Z", + "LastModifiedDate": "2019-06-19T10:15:00Z" + }, + { + "VulnerabilityID": "CVE-2019-3844", + "PkgName": "libudev1", + "InstalledVersion": "237-3ubuntu10.25", + "FixedVersion": "237-3ubuntu10.38", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3844", + "Title": "systemd: services with DynamicUser can get new privileges and create SGID binaries", + "Description": "It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.", + "Severity": "LOW", + "CweIDs": [ + "CWE-264" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 4.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/108096", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3844", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3844", + "https://security.netapp.com/advisory/ntap-20190619-0002/", + "https://usn.ubuntu.com/usn/usn-4269-1" + ], + "PublishedDate": "2019-04-26T21:29:00Z", + "LastModifiedDate": "2019-06-19T10:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-7738", + "PkgName": "libuuid1", + "InstalledVersion": "2.31.1-0.4ubuntu3.3", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7738", + "Title": "util-linux: Shell command injection in unescaped bash-completed mount point names", + "Description": "In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.", + "Severity": "LOW", + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 6.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/103367", + "https://bugs.debian.org/892179", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7738", + "https://github.com/karelzak/util-linux/commit/75f03badd7ed9f1dd951863d75e756883d3acc55", + "https://github.com/karelzak/util-linux/issues/539", + "https://www.debian.org/security/2018/dsa-4134" + ], + "PublishedDate": "2018-03-07T02:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-11922", + "PkgName": "libzstd1", + "InstalledVersion": "1.3.3+dfsg-2ubuntu1", + "FixedVersion": "1.3.3+dfsg-2ubuntu1.1", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11922", + "Description": "A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-362" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.1 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00008.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00062.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11922", + "https://github.com/facebook/zstd/commit/3e5cdf1b6a85843e991d7d10f6a2567c15580da0", + "https://github.com/facebook/zstd/pull/1404/commits/3e5cdf1b6a85843e991d7d10f6a2567c15580da0", + "https://usn.ubuntu.com/usn/usn-4108-1", + "https://www.facebook.com/security/advisories/cve-2019-11922" + ], + "PublishedDate": "2019-07-25T21:15:00Z", + "LastModifiedDate": "2019-08-12T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2013-4235", + "PkgName": "login", + "InstalledVersion": "1:4.5-1ubuntu2", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4235", + "Title": "shadow-utils: TOCTOU race conditions by copying and removing directory trees", + "Description": "shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees", + "Severity": "LOW", + "CweIDs": [ + "CWE-367" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", + "V2Score": 3.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 3.7, + "V3Score": 6.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/cve-2013-4235", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4235", + "https://security-tracker.debian.org/tracker/CVE-2013-4235" + ], + "PublishedDate": "2019-12-03T15:15:00Z", + "LastModifiedDate": "2019-12-13T15:30:00Z" + }, + { + "VulnerabilityID": "CVE-2018-7169", + "PkgName": "login", + "InstalledVersion": "1:4.5-1ubuntu2", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7169", + "Title": "shadow-utils: newgidmap allows unprivileged user to drop supplementary groups potentially allowing privilege escalation", + "Description": "An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used \"group blacklisting\" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.", + "Severity": "LOW", + "CweIDs": [ + "CWE-732" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.4 + } + }, + "References": [ + "https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7169", + "https://github.com/shadow-maint/shadow/pull/97", + "https://security.gentoo.org/glsa/201805-09" + ], + "PublishedDate": "2018-02-15T20:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-7738", + "PkgName": "mount", + "InstalledVersion": "2.31.1-0.4ubuntu3.3", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7738", + "Title": "util-linux: Shell command injection in unescaped bash-completed mount point names", + "Description": "In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.", + "Severity": "LOW", + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 6.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/103367", + "https://bugs.debian.org/892179", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7738", + "https://github.com/karelzak/util-linux/commit/75f03badd7ed9f1dd951863d75e756883d3acc55", + "https://github.com/karelzak/util-linux/issues/539", + "https://www.debian.org/security/2018/dsa-4134" + ], + "PublishedDate": "2018-03-07T02:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17594", + "PkgName": "ncurses-base", + "InstalledVersion": "6.1-1ubuntu1.18.04", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", + "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-26T15:35:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17595", + "PkgName": "ncurses-base", + "InstalledVersion": "6.1-1ubuntu1.18.04", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", + "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V2Score": 5.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 5.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-23T19:26:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17594", + "PkgName": "ncurses-bin", + "InstalledVersion": "6.1-1ubuntu1.18.04", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", + "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-26T15:35:00Z" + }, + { + "VulnerabilityID": "CVE-2019-17595", + "PkgName": "ncurses-bin", + "InstalledVersion": "6.1-1ubuntu1.18.04", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", + "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", + "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V2Score": 5.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 5.4 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" + ], + "PublishedDate": "2019-10-14T21:15:00Z", + "LastModifiedDate": "2019-12-23T19:26:00Z" + }, + { + "VulnerabilityID": "CVE-2013-4235", + "PkgName": "passwd", + "InstalledVersion": "1:4.5-1ubuntu2", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4235", + "Title": "shadow-utils: TOCTOU race conditions by copying and removing directory trees", + "Description": "shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees", + "Severity": "LOW", + "CweIDs": [ + "CWE-367" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", + "V2Score": 3.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 3.7, + "V3Score": 6.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/cve-2013-4235", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4235", + "https://security-tracker.debian.org/tracker/CVE-2013-4235" + ], + "PublishedDate": "2019-12-03T15:15:00Z", + "LastModifiedDate": "2019-12-13T15:30:00Z" + }, + { + "VulnerabilityID": "CVE-2018-7169", + "PkgName": "passwd", + "InstalledVersion": "1:4.5-1ubuntu2", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7169", + "Title": "shadow-utils: newgidmap allows unprivileged user to drop supplementary groups potentially allowing privilege escalation", + "Description": "An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used \"group blacklisting\" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.", + "Severity": "LOW", + "CweIDs": [ + "CWE-732" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.4 + } + }, + "References": [ + "https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7169", + "https://github.com/shadow-maint/shadow/pull/97", + "https://security.gentoo.org/glsa/201805-09" + ], + "PublishedDate": "2018-02-15T20:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-20482", + "PkgName": "tar", + "InstalledVersion": "1.29b-2ubuntu0.1", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20482", + "Title": "tar: Infinite read loop in sparse_dump_region function in sparse.c", + "Description": "GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).", + "Severity": "LOW", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42ccd1e2377945fd0414eca1a49294bff454", + "http://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html", + "http://www.securityfocus.com/bid/106354", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20482", + "https://lists.debian.org/debian-lts-announce/2018/12/msg00023.html", + "https://news.ycombinator.com/item?id=18745431", + "https://security.gentoo.org/glsa/201903-05", + "https://twitter.com/thatcks/status/1076166645708668928", + "https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug" + ], + "PublishedDate": "2018-12-26T18:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + }, + { + "VulnerabilityID": "CVE-2018-7738", + "PkgName": "util-linux", + "InstalledVersion": "2.31.1-0.4ubuntu3.3", + "Layer": { + "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7738", + "Title": "util-linux: Shell command injection in unescaped bash-completed mount point names", + "Description": "In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.", + "Severity": "LOW", + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 6.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/103367", + "https://bugs.debian.org/892179", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7738", + "https://github.com/karelzak/util-linux/commit/75f03badd7ed9f1dd951863d75e756883d3acc55", + "https://github.com/karelzak/util-linux/issues/539", + "https://www.debian.org/security/2018/dsa-4134" + ], + "PublishedDate": "2018-03-07T02:29:00Z", + "LastModifiedDate": "2019-10-03T00:03:00Z" + } + ] + } + ] +} \ No newline at end of file diff --git a/pkg/report/json.go b/pkg/report/json.go index b0ff014081..7b25ba1e94 100644 --- a/pkg/report/json.go +++ b/pkg/report/json.go @@ -4,11 +4,8 @@ import ( "encoding/json" "fmt" "io" - "os" "golang.org/x/xerrors" - - "github.com/aquasecurity/trivy/pkg/log" ) // JSONWriter implements result Writer @@ -18,15 +15,7 @@ type JSONWriter struct { // Write writes the results in JSON format func (jw JSONWriter) Write(report Report) error { - var v interface{} = report - if os.Getenv("TRIVY_NEW_JSON_SCHEMA") == "" { - // After migrating to the new JSON schema, TRIVY_NEW_JSON_SCHEMA will be removed. - log.Logger.Warnf("DEPRECATED: the current JSON schema is deprecated, check %s for more information.", - "https://github.com/aquasecurity/trivy/discussions/1050") - v = report.Results - } - - output, err := json.MarshalIndent(v, "", " ") + output, err := json.MarshalIndent(report, "", " ") if err != nil { return xerrors.Errorf("failed to marshal json: %w", err) } diff --git a/pkg/report/json_test.go b/pkg/report/json_test.go index 493c8c09ec..bedd6d86e2 100644 --- a/pkg/report/json_test.go +++ b/pkg/report/json_test.go @@ -16,7 +16,7 @@ func TestReportWriter_JSON(t *testing.T) { testCases := []struct { name string detectedVulns []types.DetectedVulnerability - expectedJSON report.Results + want report.Report }{ { name: "happy path", @@ -34,20 +34,24 @@ func TestReportWriter_JSON(t *testing.T) { }, }, }, - expectedJSON: report.Results{ - report.Result{ - Target: "foojson", - Vulnerabilities: []types.DetectedVulnerability{ - { - VulnerabilityID: "CVE-2020-0001", - PkgName: "foo", - InstalledVersion: "1.2.3", - FixedVersion: "3.4.5", - PrimaryURL: "https://avd.aquasec.com/nvd/cve-2020-0001", - Vulnerability: dbTypes.Vulnerability{ - Title: "foobar", - Description: "baz", - Severity: "HIGH", + want: report.Report{ + SchemaVersion: 2, + ArtifactName: "alpine:3.14", + Results: report.Results{ + report.Result{ + Target: "foojson", + Vulnerabilities: []types.DetectedVulnerability{ + { + VulnerabilityID: "CVE-2020-0001", + PkgName: "foo", + InstalledVersion: "1.2.3", + FixedVersion: "3.4.5", + PrimaryURL: "https://avd.aquasec.com/nvd/cve-2020-0001", + Vulnerability: dbTypes.Vulnerability{ + Title: "foobar", + Description: "baz", + Severity: "HIGH", + }, }, }, }, @@ -63,6 +67,8 @@ func TestReportWriter_JSON(t *testing.T) { jw.Output = &jsonWritten inputResults := report.Report{ + SchemaVersion: 2, + ArtifactName: "alpine:3.14", Results: report.Results{ { Target: "foojson", @@ -77,11 +83,11 @@ func TestReportWriter_JSON(t *testing.T) { }) assert.NoError(t, err) - writtenResults := report.Results{} - err = json.Unmarshal([]byte(jsonWritten.String()), &writtenResults) - assert.NoError(t, err, "invalid json written", tc.name) + var got report.Report + err = json.Unmarshal(jsonWritten.Bytes(), &got) + assert.NoError(t, err, "invalid json written") - assert.Equal(t, tc.expectedJSON, writtenResults, tc.name) + assert.Equal(t, tc.want, got, tc.name) }) } } diff --git a/pkg/rpc/convert.go b/pkg/rpc/convert.go index 64395c0494..e40cf09087 100644 --- a/pkg/rpc/convert.go +++ b/pkg/rpc/convert.go @@ -372,6 +372,7 @@ func ConvertToRPCOS(fos *ftypes.OS) *common.OS { return &common.OS{ Family: fos.Family, Name: fos.Name, + Eosl: fos.Eosl, } } @@ -476,14 +477,7 @@ func ConvertToMissingBlobsRequest(imageID string, layerIDs []string) *cache.Miss } // ConvertToRPCScanResponse converts report.Result to ScanResponse -func ConvertToRPCScanResponse(results report.Results, os *ftypes.OS) *scanner.ScanResponse { - rpcOS := &common.OS{} - if os != nil { - rpcOS.Family = os.Family - rpcOS.Name = os.Name - rpcOS.Eosl = os.Eosl - } - +func ConvertToRPCScanResponse(results report.Results, fos *ftypes.OS) *scanner.ScanResponse { var rpcResults []*scanner.Result for _, result := range results { rpcResults = append(rpcResults, &scanner.Result{ @@ -497,7 +491,7 @@ func ConvertToRPCScanResponse(results report.Results, os *ftypes.OS) *scanner.Sc } return &scanner.ScanResponse{ - Os: rpcOS, + Os: ConvertToRPCOS(fos), Results: rpcResults, } }